Add this to ever page you want secure..
Put this on the top of the page.
<?php
ini_set("session.cache_limiter","");
session_start();
?>
Put this at the beginning of the body above all your HTML you want to secure.
require("Login.php");
Now make a page called "Login.php"
<?PHP
if (isset($_GET["mode"])){
if ($_GET["mode"] == "logout"){
//session_destroy();
unset($_SESSION["ADMIN"]);
}
}
//***********************************************************
//Login script
//***********************************************************
if (empty($_SESSION["ADMIN"])){
if (isset($_POST["USERNAME"]) && isset($_POST["PASSWORD"])){
$username = $_POST["USERNAME"];
$password = $_POST["PASSWORD"];
$sql = "SELECT ACCESS_LEVEL, USERGROUP FROM USERS WHERE USERNAME = '$username' AND PASSWORD = '$password'";
$result = mysql_query($sql, $db);
$fieldvalue = mysql_fetch_row($result);
if(!empty($fieldvalue)){
$_SESSION['ADMIN']=$fieldvalue[0];
$_SESSION['GROUP']=$fieldvalue[1];
}else{
echo "Username or Password is wrong!";
}
}
if (empty($_SESSION['ADMIN'])){
echo "<FORM name='form1' method='POST' action='index.php'>\n
<CENTER>Username:<BR>
<input type=text name=USERNAME><BR>\n
Password<BR>
<input type=password name=PASSWORD><BR>\n
<INPUT type=submit value=Submit></CENTER>\n
</FORM>\n
</BODY>\n
</HTML>";
exit();
}
}
//***********************************************************
?>
Some of this stuff you wont need but I didn't feel like editting it all out.. Not hard to understand..
