Sessions, Cookies or both?

I am almost finished with a script and currently all users are using a preset user and pass. Currently I am using sessions but I want guests to be able to come to the site without using a user and pass for the general public pages.

What is the best recommendation?

The software is for campground and B and B reservations.

Save yourself some hassle and build an abstract class that every page inherits. Build your security into the abstract that way every page automatically checks security UNLESS the inheriting class overrides. This will save you from accidentally letting people get into pages here and there because you forgot to apply to the security.

Cookies - stored in your system permenently .

session - stord the value global once close the browser session value expired

I agree with b1randon: it is better to do this in a more structured way then just 'hopping' between cookies and session variables.

b1randon: can you also suggest an approach towards a solution?

Ronald :cool:

Hey b1randon,

That sounds good. Can you give me an example or throw a tutorial to me so that I can read up on it?

The more PHP I write the more I realize that I don't know very much :)

Thanks in advance.



--treasure hunting - a sure way of going broke--

Hey b1randon,

That sounds good. Can you give me an example or throw a tutorial to me so that I can read up on it?

The more PHP I write the more I realize that I don't know very much :)

Thanks in advance.



--treasure hunting - a sure way of going broke--

Just make a "page" object that automatically runs a method which checks security. Then make an object like "welcomePage" that extends "page". If you want everyone to have access just overload the method with a stub that doesn't do anything. I don't have a tutorial for ya man. Sorry. I learned the approach in Java and just applied it to PHP. Anyone else have one?

Just make a "page" object that automatically runs a method which checks security. Then make an object like "welcomePage" that extends "page". If you want everyone to have access just overload the method with a stub that doesn't do anything. I don't have a tutorial for ya man. Sorry. I learned the approach in Java and just applied it to PHP. Anyone else have one?

Hey b1randon, is it possible that you throw me an example. I understand the concept of what your saying but don't have a clue the process for implementation.

Hey b1randon, is it possible that you throw me an example. I understand the concept of what your saying but don't have a clue the process for implementation.

Oh gosh.. ok.. I don't have access to PHP right now and writing this kind of thing is rather lengthy so excuse the mistakes and brevity but here's the basics:

base class:
[PHP]
class Page {
var $content = "";
function write() {
echo $this->content;
}

function security(){
var $auth = check here();
if (!auth)
die("unauthorized");
}

//this guy here is the constructor
function Page(){
//these functions will be run when you instantiate the class
$this->security();
//if security didn't die it'll write
$this->write();
}
}
[/PHP]
here's a given page unsecured:
[PHP]
class WelcomePage extends Page {
var $content = "Welcome!";
function security() {
//Overloaded so everyone gets in!
}
}
[/PHP]
here's a secure one:
[PHP]
class SecurePage extends Page {
var $content = "Welcome to the secured page!";
//security was checked b/c parent security method was run
}
[/PHP]
Again, no access to PHP so I know that needs to be cleaned up and implemented and stuff, but that should illustrate the concept for ya.

Thanks I will give it a try.

I wouldn't mind seeing a complete example if you guys piece one together. I'm thinking about learning PHP.

How very wise, AricC! DHTML, JavaScript and PHP make a great combo!

Ronald :cool: