I am trying to develop a simple user authentication routine.
I started with something I got from a book called "PHP in Easy Steps."
It works like this:
- create a table in a database with basic user information: name,
login, password
- create a simple html form which loads "authenticate.p hp" when the
submit button is pushed.
- autheticate.php checks the login against the database, and loads the
next file, if the user is authenticated.
I have all that working. The problem, if you haven't guessed, is that
somebody can bypass the entire thing, if that person the the file(s)
that are loaded after the authetication. i.e.
So how do I fix this? Cookies? Can I check if the user is authenticated
in each subsequent file that might be loaded?
I started with something I got from a book called "PHP in Easy Steps."
It works like this:
- create a table in a database with basic user information: name,
login, password
- create a simple html form which loads "authenticate.p hp" when the
submit button is pushed.
- autheticate.php checks the login against the database, and loads the
next file, if the user is authenticated.
I have all that working. The problem, if you haven't guessed, is that
somebody can bypass the entire thing, if that person the the file(s)
that are loaded after the authetication. i.e.
So how do I fix this? Cookies? Can I check if the user is authenticated
in each subsequent file that might be loaded?
Comment