Use session variables.
I have one script that tests the login credentials at the beginning and
then sets some session variables. I run my SQL query and then assign
the result to $sql_result and then test like so:
if (mysql_num_rows($sql_result)==0){
//if we got no rows not a valid user
$_SESSION["cms_is_valid_user"]="No";
}
else {
//if we got back a record then it is a valid user
$_SESSION["cms_is_valid_user"]="Yes";
}
Now at the top of each page I test this session variable:
if ($_SESSION["cms_is_valid_user"]=="No"){
header("Location: "."login.php");
}
Regards
Russ
On Wed, 2005-09-21 at 01:03 -0400, Paul M Foster wrote:
> I'm analyzing a site that we're taking over from someone else. Heavy use
> of PHP and MySQL. Many of the pages allow people at the company to add,
> delete and change items in the MySQL tables. When someone logs in to get
> to this section of the site, PHP queries the MySQL tables to determine
> if this person has the appropriate privileges, and shows them the page
> they've requested.
>
> But here's the thing: at the top of every page, PHP queries the MySQL
> tables _again_ to determine if the user (passed in session variables)
> has the appropriate privileges, etc. Isn't there a simpler, less costly
> (computer time) way to do this? Seems like there ought to be some way to
> pass a session variable (or something) along and query that in each
> page, without having to go back and check the tables for privileges each
> time you load a page.
>
> Any ideas?
>
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:08:52 EDT