I think it would be better to use Apache facility of authentication through Mysq l "Michael T. Peterson" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > To protect certain web pages on my site, I am using the following code > inserted at the very beginning (top) of the page: > > <?php > include_once( 'init.php'); > if( isset( $HTTP_SESSION_VARS['session_id'] ) == FALSE || > isset( $HTTP_SESSION_VARS['username'] ) == FALSE ){ > header( 'Location: '.MEMBER_LOGIN_PAGE ); > } > ?> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> > <html> > ... Dreamweaver template code here... > </html> > > Is this a recommended way of doing this? > > Next, to initialize the session, a login page posts the username - password > information to a PHP script, check_login.php. The login info is checked > against a database and, if all is kosher, a new session is created and the > user is dispatched to the site's home page. Here's the relevant code: > > <?php > include_once( 'init.php'); > ... > $username = trim($HTTP_POST_VARS['username']); > $password = trim($HTTP_POST_VARS['password']); > > ... if username and password check out, initialize a session... > > $HTTP_SESSION_VARS['username'] = $username; > $HTTP_SESSION_VARS['session_id'] = crypt( $password ); > > header( 'Location: '.SITE_HOME_PAGE ); > ... > ?> > > Does this make sense? Am I missing something? Any review, advice, etc., > would be much appreciated. > > Cheers, > > Michael
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
