Just a quick comment. It's recommended to use $_SESSION instead of
$HTTP_SESSION_VARS, $_POST instead of $HTTP_POST_VARS, etc. Look at
the docs about superglobals for more.
On Wed, 14 Jul 2004 16:18:14 -0700, Michael T. Peterson
<[EMAIL PROTECTED]> wrote:
> To protect certain web pages on my site, I am using the following code
> inserted at the very beginning (top) of the page:
>
> <?php
> include_once( 'init.php');
> if( isset( $HTTP_SESSION_VARS['session_id'] ) == FALSE ||
> isset( $HTTP_SESSION_VARS['username'] ) == FALSE ){
> header( 'Location: '.MEMBER_LOGIN_PAGE );
> }
> ?>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <html>
> ... Dreamweaver template code here...
> </html>
>
> Is this a recommended way of doing this?
>
> Next, to initialize the session, a login page posts the username - password
> information to a PHP script, check_login.php. The login info is checked
> against a database and, if all is kosher, a new session is created and the
> user is dispatched to the site's home page. Here's the relevant code:
>
> <?php
> include_once( 'init.php');
> ...
> $username = trim($HTTP_POST_VARS['username']);
> $password = trim($HTTP_POST_VARS['password']);
>
> ... if username and password check out, initialize a session...
>
> $HTTP_SESSION_VARS['username'] = $username;
> $HTTP_SESSION_VARS['session_id'] = crypt( $password );
>
> header( 'Location: '.SITE_HOME_PAGE );
> ...
> ?>
>
> Does this make sense? Am I missing something? Any review, advice, etc.,
> would be much appreciated.
>
> Cheers,
>
> Michael
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
> !DSPAM:40f5bd3942909266016200!
>
>
--
DB_DataObject_FormBuilder - The database at your fingertips
http://pear.php.net/package/DB_DataObject_FormBuilder
paperCrane --Justin Patrin--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
