Jump to content

login to be passed between pages

defeated

By defeated
in PHP Coding Help

 Share

Recommended Posts

defeated Regular Member

defeated

Posted
Posted

I have a login script which is working beautifully.  It is for an in-house CMS so it loads a list of users from a mySql db and adds them to a select input in a form and then they just have to put in their password.

That then creates an id which is passed using the GET method...... not a good idea.  Now all anybody has to do to bypass the login is type in 

..../CMS.php?ID=username

in the url. Doh!!!

Any suggestions of a better way of passing the login info?  Each user sees only info applicable to them on subsequent pages based on their login and info in the db pertaining just to them.

Hope that makes sense.

Ian.

Link to comment
Share on other sites
defeated Regular Member

defeated

Posted
  • Author
Posted

The login form action is POST. this is processed by a file called security.php which checks input against a table in mySQL which authenticates users and passwords. It then autodirects to the next page .. CMS.php passing on a variable that can be used in another mySql table to get content specific to a particular user. I don't think I can use post between Security.php and CMS.php because there is no form between the two. Am I being thick?

Link to comment
Share on other sites
defeated Regular Member

defeated

Posted
  • Author
Posted

is $_SESSION complicated?  I am at the limit of my abilities with what I'm doing.  I don't mind expanding my abilities but it has to be within reach of someone with little grasp of what they are doing. To put it in context.... I've been working on this site since September!  Granted I knew ABSOLUTELY nothing when I started but progress is slow. Don't want to get bogged down following an approach to this that I will get stuck in since I am already stuck with formmail with attachments and being stuck in two places at once would be nearly enough to make me give up! Nearly.

Link to comment
Share on other sites
micah1701 Member

micah1701

Posted
Posted

at the top of the page put

 

<? session_start() ?>

 

then where it puts the value into the url change it to:

 

$_SESSION['variable_name'] = "value that was going into the Url";

 

 

on the next page, don't forget to put session_start() again at the top

 

then, where your current code says:

$var = $_GET['variable_name'];

change to

$var = $_SESSION['variable_name'];

Link to comment
Share on other sites
priti Newbie

priti

Posted
Posted

It works like a charm!  Just one more question....

Do you have to end sessions or are they timed or what?

Don't think it's important.... just want to make sure it isn't.

 

I would say kindly destroy your session don't depend on timeouts if a user has logged in for 10 min work and he leave off the PC and another got a chance tolook in his account easily..... becos your will give user a sesible amount of time to work on your system hence once you think user will be done with work on logout button call session_destroy or unset your $_SESSION.

 

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.