On Thu, 18 Dec 2003 10:43:14 -0500, you wrote: >I'm trying to develop a secure web based application and my only tools are >php, mysql, and a SSL connection. > >Does anyone know of any good references for this kind of development? > >What I really need to do is to make sure that given users only gain access >to the parts of the application they are given rights to. I'm not sure if I >need to pass their user information along from page to page or if I should >set a cookie or whatever else would be appropriate.
Read up about sessions. Essentially, a session is a random token which is sent to the client (normally as a cookie), and is associated with a collection of data server-side. You can safely store sensitive data (userids, privilege levels, etc) in the session because they never leave the server. http://www.php.net/manual/en/ref.session.php >I also want people to >be bounced back to the login page if they enter a direct URL to part of the >application without logging in first, and I also want people to be able to >log out. include() a file at the top of every page that checks for the existence of a valid session. If no session is present, use header("Location:") to bounce the user back to the login page and exit(). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
