<?
if(!isset($POST["name"])&&!isset($POST["password"]))
{
//Visitor needs to enter a name and password
?>
<h1>Please Log In</h1>
This page is secret.
<form method = post action = "secretdb.php">
<table border = 1>
<tr>
<th> Username </th>
<td> <input type = text name = name> </td>
</tr>
<tr>
<th> Password </th>
<td> <input type = password name = password> </td>
</tr>
<tr>
<td colspan =2 align = center>
<input type = submit value = "Log In">
</td>
</tr>
</form>
<?
}
else
{
// connect to mysql
$mysql = mysql_connect( "localhost", "richie" );
if(!$mysql)
{
echo 'Cannot connect to database.';
exit;
}
// select the appropriate database
$mysql = mysql_select_db( "auth" );
if(!$mysql)
{
echo 'Cannot select database.';
exit;
}
// query the database to see if there is a record which matches
$query = " select count(*)
FROM auth
WHERE auth.name = " .$_POST["name"]. " AND auth.pass = " .$_POST["password"];
$result = mysql_query( $query );
if(!$result)
{
echo 'Cannot run query.';
exit;
}
$count = mysql_result( $result, 0, 0 );
if ( $count > 0 )
{
// visitor's name and password combination are correct
echo 'Here it is!';
echo 'I bet you are glad you you can see this secret page.';
}
else
{
// visitor's name and password combination are not correct
echo 'Go Away!';
echo 'You are not authorized to view this resource.';
}
}
?>
