<div>
Use sessions.<br />
<br />
<a href="http://www.php.net/manual/en/ref.session.php" rel="ugc">http://www.php.net/manual/en/ref.session.php</a><br />
<br />
<a href="http://www.zend.com/zend/tut/authentication.php?article=authentication&kind=t&id=771&open=1&anc=0&view=1" rel="ugc">http://www.zend.com/zend/tut/authentication.php?article=authentication&kind=t&id=771&open=1&anc=0&view=1</a>
</div>


Use sessions.

http://www.php.net/manual/en/ref.session.php [http://www.php.net/manual/en/ref.session.php]

http://www.zend.com/zend/tut/authentication.php?article=authentication&kind=t&id=771&open=1&anc=0&view=1 [http://www.zend.com/zend/tut/authentication.php?article=authentication&kind=t&id=771&open=1&anc=0&view=1]

<div>
Thanks to both of you.<br />
<br />
I went with TeRReF's solution.
</div>


Thanks to both of you.

I went with TeRReF's solution.

<div>
<div class="content wysiwyg-content">
Hi All,<br />
<br />
I'm building a small site using PHP5, MySQL, and Apache. <br />
<br />
What I'm wondering is this:<br />
<br />
Say for example a user logs in and I set my various session variables to store their user name and encrypted password.<br />
<br />
I then redirect them to their account page. This page and its arguments assume this form:<br />
<br />
my-account.php5?id=123<br />
<br />
where 'id' = the user's account ID.<br />
<br />
What is the best way to prevent the logged in user from manually changing the URL to &quot;id=124&quot;, &quot;id=125&quot;, etc. and then gaining access to another user's account?<br />
<br />
My solution would be to include a file at the top of EVERY page that needs user authentication and check the session against the id URL argument, either by including a list of valid ID's in another session variable, or by opening up the database and doing a check.<br />
<br />
Theoretically this would work, but is there a &quot;better&quot; or more elegant way to achieve this?<br />
<br />
Thanks.
</div>
</div>


Hi All,

I'm building a small site using PHP5, MySQL, and Apache. 

What I'm wondering is this:

Say for example a user logs in and I set my various session variables to store their user name and encrypted password.

I then redirect them to their account page. This page and its arguments assume this form:

my-account.php5?id=123

where 'id' = the user's account ID.

What is the best way to prevent the logged in user from manually changing the URL to "id=124", "id=125", etc. and then gaining access to another user's account?

My solution would be to include a file at the top of EVERY page that needs user authentication and check the session against the id URL argument, either by including a list of valid ID's in another session variable, or by opening up the database and doing a check.

Theoretically this would work, but is there a "better" or more elegant way to achieve this?

Thanks.

PHP5 - Best way to authenticate users on a small scale site.

PHP is a widely-used server-side scripting language especially suited for web development, powering tens of millions of sites from Facebook to personal WordPress blogs. PHP is often paired with the MySQL relational database, but includes support for most other mainstream databases. By utilizing different Server APIs, PHP can work on many different web servers as a server-side scripting language.