id=3 only for one USER

Anon

hi there,

i got a this thing with id's
other Users are allowed to enter my database (SQL - PHP) each with their own UserID and password.

cookies can be hacked
so i thing the most save way is to use the option: REMOTE_USER in combination with that particular id.

however, it is possible to chance the id nummer and voila ...there you have the content of id"whatever"

someone help me..

thanks in advance

Helena

Anon

Hi Helena,

You could use a table in your database for user authentication. This table should contain an id number, username and password. You should include a simple header file into your PHP pages. So when a page is requested the user will get an Username and Password window which is the same like the one you see when you're entering a password protected directory. Then the script will check if the user with the password is in the database. If not, the script prints an error message. If the user is in the database he or she will see the requested page without anything like an id, password or username variable. (So: not index.php?user=helena&password=bla, but just index.php)

If you give me your e-mailadres I will e-mail the script to you. (I'm from The Netherlands, so I can speak Dutch if you want).