SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Zealot
    Join Date
    Dec 1999
    Location
    Highlands Ranch, CO
    Posts
    193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am currently reconstructing a content management system. I want users to log in, then be taken to an administration page with a link to 'submit a article'.

    I want this hyperlink to pass the $password, $username, and $authorname to the page that contains a form.

    Is there anyway to do this so that the variables don't appear in the URL?

    Thanks again,

    Chad

  2. #2
    Grumpy Mole Man Skunk's Avatar
    Join Date
    Jan 2001
    Location
    Lawrence, Kansas
    Posts
    2,066
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The best way would be to use PHP 4 sessions. Check out this excellent tutorial:

    http://www.zend.com/zend/tut/session.php

  3. #3
    SitePoint Zealot
    Join Date
    Dec 1999
    Location
    Highlands Ranch, CO
    Posts
    193
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Skunk,

    Thanks for the reply. I checked out the tutorial, and it is a bit over my head at this point (I just started PHP and MySQL this week).

    So this leads me to my next question...

    I know that I can pass the variables that I need in a form (ie. I'll make a form with several hidden variables and have a 'click here to submit article' form button).

    Using this method, I can pass my variables to every page - so long as I use form 'submit' on every page.

    Are there any 'major' problems with doing this?

    Thanks,

    Chad

  4. #4
    Grumpy Mole Man Skunk's Avatar
    Join Date
    Jan 2001
    Location
    Lawrence, Kansas
    Posts
    2,066
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That's not a bad solution, but the biggest problem is that you can still 'see' the password by viewing the source of the HTML page. Still, as long as you make this security risk clear (so people don't leave their PCs unattended while logged in) it shouldn't be a problem.

    Another alternative is to use cookies. These are much easier to use than sessions and will store a username/password in a cookie meaning you can access them from any page. REad this:

    http://www.php.net/manual/en/function.setcookie.php


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •