First of all, once you know that a user is logged in, there's no reason to be passing his/her password around. The user should enter the password at login, and that should be the last time your PHP script cares about the password.
The solution to what you want to do is called Sessions. It's a broad topic, and a little tricky to grasp at first, so I'll just point you to the documentation. To get a better understanding of it, though, I recommend you Google a few sessions tutorials.
Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!
1 post • Page 1 of 1