Secure or may be over
Posted: Wed Feb 21, 2007 2:53 pm
Hi guys,
I am wondering how to cope with a security issue. I have a log in form. When a user logs in they are redirected to a logged.php file(All browsing activity is then than done only in this file). It has a function which checks the username and the password previously entered in the log in form. Do you think this is a good solution for a security logic?
Here the question comes. I have a .conf file which is different according a user's status. If they are logged in it is one else another. I have a constant in it called $IS_LOGGED = 1; and my very question is whether it is a good idea to check it within each query whether a table in the database has a value in the user's id is_logged(column) equal to 1.
I am wondering how to cope with a security issue. I have a log in form. When a user logs in they are redirected to a logged.php file(All browsing activity is then than done only in this file). It has a function which checks the username and the password previously entered in the log in form. Do you think this is a good solution for a security logic?
Here the question comes. I have a .conf file which is different according a user's status. If they are logged in it is one else another. I have a constant in it called $IS_LOGGED = 1; and my very question is whether it is a good idea to check it within each query whether a table in the database has a value in the user's id is_logged(column) equal to 1.
Sorry, I was not very clear. I will try to explain it better:The constant is different for each .conf file. I have a table with users and by checking the constant with its supposed value in the database is what I want to do. If something is not clear please ask.