what about registering a var called loggedin with the session and then
testing on each script to see if it's set to 1 or something ?
then base the access on that ? that's what i use and then register uid with
the session as well so you can use it througout your site ...
ok you've got me worried now, are there any problems with security doing it
that way ????
Steve
"Christian Dechery" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have pages that uses session for security that looks something like
this:
>
> <?php
> session_start();
>
> if( !isset($uid) )
> {
> include("include/auth.inc.php");
> auth_user();
> }
>
> more code...
> ?>
>
> so $uid tells me if the user is logged on or not...
>
> but what if somebody calls the script directly from the address bar like
> this: http://server/script.php?uid=10
>
> wouldn't this be a security problem?
> ____________________________
> Christian Dechery (lemming)
> http://www.tanamesa.com.br
> Gaita-L Owner / Web Developer
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
