On Sunday 11 July 2004 03:47, Harlequin wrote: > I have a quick question regarding the above. currently I have a form that > posts to another page. However, rather than wait until they get to that > page to verify their login are there conventions that are recognised for > this process currently...? > > For example, my code for the form's header is: > > echo "<form action='login_verified.php' method='post' name='Login Form' > title='Login Form'>"; > > How can I ensure that only once a user has been verified that they can see > the page in my form's action field...?
At the most basic level a login system would work something like this: 1) User submits login credentials 2) A login script checks credentials, if OK, send user a token (via session/cookie). In your backend, associate that token with that user and note that they're logged in. 3) At the start of all your protected pages, you need to check for the token and whether it's valid. I'm surprised that you're asking this because I thought that you had your login system all sussed out! -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * ------------------------------------------ Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general ------------------------------------------ /* And miles to go before I sleep. -- Robert Frost */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
