john010117

But if you're on a shared server (like me), other users can potentially hijack an active session (since most shared servers have a common session_save directory).

Maybe if it's not in the ACP, you can download a mod for it.

Yes, people generally say that sessions are more secure than cookies. This piece of code that I've posted is what I generally use on making sure that the form came from my website.

Aren't you supposed to have an "if/else" statement on the last line of code that you've posted? "==" are generally in if/else statements...

Have this: $page = $_SERVER['PHP_SELF']; $_SESSION['page_check'] = $page; on login.php and on the process page, have something like this: <?php session_start(); if($_SESSION['page_check'] == "login.php") { unset($_SESSION['page_check']); // Proceed } else { unset($_SESSION['page_check']); // Fail - Display an error message } ?>

...or make the error document larger. You never know with browsers and their limits...

However, if you want somebody to completely make the code for you, please post your request in the freelancers area.

First of all, list all the fields you have for the table (as well as their types). I need to know what you're table structure is first.

As stated in the PHP manual, it's not very reliable.

If you wish for someone to rescript it for you, please post that in the freelance area. But for now, just use the code that you have, and start to read on sessions.

What do you mean by asking "is it searchable"?

Either use a .htaccess file (using mod_rewrite) or use frames (not recommended)

LOL I guess I'm used to using Windows 2k....

This is a good tut.

What exactly do you mean by that?

chmod().

This has nothing to do with HTML. If you need specific HTML help, post here. Otherwise. please post in the correct category.

The layout's pretty good. But I noticed that the top right navbar was replaced by a link to the main page here. You might want to fix that. Also, maybe for a future project, add some options for the user to choose from to customize their forms.

I'll check those out. Thanks.

Yeah, you really need to check everything that the user inputs, and escape them if necessary.

Set the Type to TIMESTAMP, and Attributes to ON UPDATE CURRENT_TIMESTAMP.

http://us2.php.net/manual/en/function.create-function.php Look at example 722.

Um, I think time would be fine...

Let's say you wanted to log a user out after 10 minutes. Create a new function named whatever you want, and a new column in the table named something like last_activity and set the type to timestamp. In the function, use strtotime to check when the user was last active, and if that was more than 10 minutes ago, unset the session for that user. Put the function in a file, and include/require that for every secure page.

If that's the case, then yes, it'll be wise to put that inside of that function.