Authentication Script...

FourthChapter

Hi All!

I am a newbie to PHP and i trying to create an authentication script for my website. I have a login screen that has 3 fields, "username", "password" and "domain" this is called "login.php"

The data from here is posted to a file called "verify.php" which needs to check the username and password. If you type domain "members" i wish it to load up the page "/members/index.php" if i type the domain "administrator" i wish it to goto "/admin/index.php" etc... but only if a my sql database says they have permission.

My SQL database will be set up with the following fields:

Username

Password //preferably encrypted
Domain //members, admin etc
IP Address //last login
Date //last login

If the username or password is incorrect, i wish it to display "error.php"

Can any one help me by writing an example script for this? I know it is alot to ask for!
Thanks Very Much in Advance

Matt

br__ken

goin freehand, bear with the parse errors n such- this is just a general sketch

<?
// login.php

if(isset($_POST)):
	// form posted -> check values against db
	$error="";
	mysql_connect("host","user","pass") or die(mysql_error());
	mysql_select_db("db") or die(mysql_error());
	$r=mysql_query("SELECT * FROM users WHERE username='" . $_POST['userName'] . "' LIMIT 1") or die(mysql_error());
	if($r)
	{
		// row found:
		$results=mysql_fetch_array($r);
		if(md5($_POST['userPassword'])==$results['password'] && $_POST['userDomain']==$results['domain'])
		{
			// password matches & domain matches -> login successfull
			// redirect or set cookie, session, whatever successfull login stuff goes here
		}else
			// no match -> add error
			$error.="<li>Password and/or Domain didn't match!";
	}else
		// query failed -> no username found
		$error.="<li>Username not found. Please register";

if($error)
{
	echo "Errors found!<br><ul>$error</ul>";
	echo "<br><font size=3>Redirecting back.";
	echo "<meta http-equiv=Refresh content=\"2;URL=" . $GLOBALS['PHP_SELF'] . "\">";
}

// no _post, so print form
else:
?>
<form action="<?=$GLOBALS['PHP_SELF']?>" method="post">
User:
<input type=text name=userName><br>
Password:
<input type=password name=userPassword><br>
Domain:
<select name="userDomain">
	<option value="members" selected>Members
	<option value="admin">Admin
</select><br>
<input type="submit" value=" Login ">
</form>
<?
// endif from _post
endif;
?>

this is a basic check, it assumes the following:

example db row:

user="rob"
password=(md5'd password here)
domain="members"

to get more into it you can get the domain as members,admin then run a check like stristr(",",$results['domain']) and explode it and check against each array element.. but i didntw ant to confuse you 🙂

any problems just reply ill try to explain it