I too should note an interest. I have since tried to go about doing things a different way, but originally (and what I'd still like to do) is this:
I checked to see if the $PHP_AUTH_USER and $PHP_AUTH_PW variables were set, if not then I sent the authentication piece in the Header.
The user typed their username and password and then I checked those variables against a user table in MySQL.
Provided that they were in the database and that they didn't spell anything wrong, I sent a MODIFY query to MySQL to update they 'status' row to 1, for "Logged In."
So long as that worked, the web page was then displayed with their administrative functions according to their Group ID (also assigned in the database/table).
There was also a log out button which then sent a MODIFY query to update their status to 0, for "Logged Out." This was the problem, because no matter what I did here, if they just hit "Back" or Reloaded 2 times, it would update their status back to Logged In.
I tried putting a status checker in at the top of the code which checked if their status was 1 or 0, but that didn't work either. Because if they hadn't logged in yet, it would echo an error message, and then I couldn't send the AUTH header piece. But if they had logged in previously, AND logged out, they could still get hit the "Back button" it would check their status and Still not send the header.
There's a couple of more things I may be able to try (I think), if I have an opportunity today, I will try, and let you guys know. I would also like to have further status checks, like date/timestamps versus each other, or maybe even md5 hashes based off of Tim Perdue's code (he just doesn't use PHP_AUTH) Or maybe I'll just give in and use Sessions. =\ But if anyone else already has something working in place!!? that would be pretty great. 🙂
./brm
