Here is a little snippet that may assist you if you are using a MySQL database to store your users information.
<?php
$auth = false; // Assume user is not authenticated
if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {
// Connect to MySQL
mysql_connect( 'localhost', 'someusername', 'somepassword' )
or die ( 'Unable to connect to server.' );
// Select database on MySQL server
mysql_select_db( 'wowcorp' )
or die ( 'Unable to select database.' );
// Formulate the query
$sql = "SELECT * FROM users WHERE
username = '$PHP_AUTH_USER' AND
password = '$PHP_AUTH_PW'";
// Execute the query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ( $num != 0 ) {
// A matching row was found - the user is authenticated.
$auth = true;
}
}
if ( ! $auth ) {
header( 'WWW-Authenticate: Basic realm="Private"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;
} else {
# AUTHORIZED CONTENT START
function mainBody() {
?>
Put HTML that the user should see if they have successfully logged in.
<?
}
function commonhtml() {
$result_commonhtml = mysql_query("SELECT * FROM database ORDER BY id");
?>
Put any HTML here that you frequently show on every page.
<?
}
switch ($goto)
{
case "anotherpage":
commonhtml();
break;
default:
mainBody();
}
# AUTHORIZED CONTENT END
}
?>
