Here's how I do it..... User table in mysql
UserID, username, password, admin, read, write 1001, John, *#&(@&(@, 0, 1, 0 1002, betty, KD)&#(&S, 1, 1, 1 Create a login form. Get their username and password, Run a query to pull the record where username and password match If the username is in the table and the password is correct then $_SESSION['userid'] = UserID (pulled from db query) $_SESSION['admin'] = admin $_SESSION['read'] = read $_SESSION['write'] = write Then create a function to check permissions based on the session variable. For instance if a page has a form for editing information, before loading the form check to see if the Current $_SESSION['write'] variable is set to '1', if so load the form, if not then don't. May not be the best way of doing things but it works well for me. Jeff McKeon IT Manager Telaurus Communications LLC [EMAIL PROTECTED] (973) 889-8990 ex 209 ***The information contained in this communication is confidential. It is intended only for the sole use of the recipient named above and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication, or any of its contents or attachments, is expressly prohibited. If you have received this communication in error, please re-send it to the sender and delete the original message, and any copy of it, from your computer system. Thank You.*** > -----Original Message----- > From: ajay [mailto:[EMAIL PROTECTED] > Sent: Friday, January 30, 2004 12:56 AM > To: [EMAIL PROTECTED] > Subject: Re: [PHP] session management > > > hi! > > well i do have a MySQL database. The scenario is this, i dont > want to use cookies or do any URL rewriting. i'm looking for > something that mirrors J2EE's Session object that contains > information about the user, their security level(user/admin > etc) and this information can then be verified before each > request. There would ofcourse be an expiry on the object. Is > there a prewritten framework/class to handle this? > > thanks > > regards > > -- > ajay > --------------- > Who Dares Wins > > ------------------------------------------------- > This mail sent through IMP: www-mail.usyd.edu.au > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
