Hey all, I'm building a website that will pull data from mysql db. No problem there. I've got a page to create users and store their info in a user table on another db. What I want to be able to do is have a user log in and then only have access to view information that his profile allows.
I'm not quite sure how to do this however so I'm looking for advise to point me in the right direction. I suspect, that once validated via the login page, I need to store the users permissions in a session variable and then before each page loads, check to see if the page's permission requierments match the user requirements stored in the session's variable. Is this correct? Are there any security risks with this as this sight may one day be internet accessable. If this isn't the correct approach, what is? Thanks, Jeff -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
