PHP, MySql user authentication

magic123

Hi,

I have a little Problem with authentication.

My MySQL-Database:
admins:
admin1 passwd1
admin2 passwd2
admin3 passwd3

I have some pages where the admins can update webcontent.
The user(ex. admin1) should open the admin_auth.php and enter his username and passwd.
Now he should access the admin.php to modify the webcontent. With every change the username will be stored in the database. So i know who changed the webcontent.

But he should not be allowed to access the admin.php without a correct authentication on admin_auth.php

Can somebody help me out ?

thx Georg

kennethl

You could get admin_auth.php to set a cookie containing the admin's username so that admin.php will be able to check for the existence of a cookie to give them access to the page and store their username later (or exit if the cookie is not set).

Or you could set up admin_auth.php as code to be included by admin.php (or other scripts) that will use HTTP 401 headers to prompt for username/password combination, which will then be available to the script as $PHP_AUTH_USER and $PHP_AUTH_PW.
I think this would be the neater and more secure option.