troubleshooting Question

PHP5 - Best way to authenticate users on a small scale site.

Avatar of knuckle05
knuckle05 asked on
PHP
3 Comments1 Solution256 ViewsLast Modified:
Hi All,

I'm building a small site using PHP5, MySQL, and Apache.

What I'm wondering is this:

Say for example a user logs in and I set my various session variables to store their user name and encrypted password.

I then redirect them to their account page. This page and its arguments assume this form:

my-account.php5?id=123

where 'id' = the user's account ID.

What is the best way to prevent the logged in user from manually changing the URL to "id=124", "id=125", etc. and then gaining access to another user's account?

My solution would be to include a file at the top of EVERY page that needs user authentication and check the session against the id URL argument, either by including a list of valid ID's in another session variable, or by opening up the database and doing a check.

Theoretically this would work, but is there a "better" or more elegant way to achieve this?

Thanks.
ASKER CERTIFIED SOLUTION
TeRReF

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros