Without using .htaccess or $PHP_AUTH_USER, how can I keep and entire site from being accessed by anyone other than the un/pw listed in my database? Anybody know a good way? Currently I have to pass the username and password through the URL (encrypted of course) and then run a DB check baed on the variables of the un/pw - the bad thing, is that it stores the URL in the address bar so future users can just click the URL with the un/pw variables and log right in! Without passing the user info through the URL, how can I check my DB for the info they entered on the first page?
Thanks so much!
Seth
