I'm trying to write a script to validate users from a database. I'm not sure what i need to do in order for this to work. Also i need to know how to add a session check at the beginning of each of the pages i want protected by the password.
here's what i've got so far.
<?php
//check user script
session_start(); //start session
require_once 'db.php';
//convert to simple variables
$IN_number = $_POST['IN_number'];
$pasword = $_POST['password'];
if ((!$IN_number) || (!password)) {
echo "Please enter all of the information required.";
include 'login.html';
exit();
}
//conver password to md5
$password = md5($password);
//echo if the user info validates the database;
$sql = mysql_query("SELECT * FROM brothers WHERE IN_number= '$IN_number' AND password='$password'");
$login_check = mysql_num_rows($sql);
if($login_check > 0) {
while ($row AS $key => $val ) {
$$key = stripslashes ($val);
}
//Register The session variables
session_register('first_name');
$_SESSION['first_name'] = $first_name;
session_register('last_name');
$_SESSION['last_name');
header("Location: brothers.html");
} else {
echo "You have entered an invalid username or password.";
include 'login.html';
}
?>
I also have to add to this the functionality of it checking the user status to allow them into certain areas. I.E. i have active brothers, alumni, faculty, and some other.
