Hi All,
I'm trying to setup an authentication process and
sessions to protect some of my pages for valid users
only. The following are what I had in mind:
login.php--
<?php
if ( isset ( $username ) && isset ( $password ) {
mysql_connect ( "localhost", "user", "pass" );
mysql_select_db ( $db );
$result = mysql_num_rows( mysql_query ( "select
username from $table where username = '$username' and
password = '$password'" ) );
if ( $result == 1 ) {
$authenticated = "yes";
session_register ( "authenticated" );
echo "You have login";
echo "<a href=\"protected_page.php\">Protected
Page</a>"
} else {
header ( "location: http://server/login_page.php\n\n";
);
}
?>
protected_page.php
<?php
session_start();
if ( $authenticated == "yes" ) {
echo "You can view this page";
} else {
header ( "location: http://server/login_page.php\n\n";
);
}
Can anyone give me any suggestions or recommendations?
Is there any security concerns? Also, the session
files are in a directory that is not world readable.
Thanks in advance,
Harry
__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
