Hi, I have a PHP login scripts that takes the "username" and "password" and stores it in a session.
Once verified as a valid user against a mySQL database, the user is redirected to a members area ( "/secure_area" ), using: http://username:[EMAIL PROTECTED]/secure_area/ This is so that .htaccess (which is in "/secure_area" won't pop up its own "login/password" box). However, i am having a couple of problems, first, once the user is redirected to the /secure_area folder, EVERY link on that page (and onwards) is prefixed with http://username:[EMAIL PROTECTED]...... for everyone to see !!! and thus the password has been exposed. How can I stop it displaying the username and password ? And also, is this a secure way of logging in? (it is the only way I can figure out how to do it, so that PHP logs u in and passes username and password to .htaccess quietly). Many Thanks for any help! Shams -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
