Hey... I plan on including this script at the top of all of my protected pages:
<?php
//Get session information
session_start();
$user = $_SESSION['user'];
$pass = $_SESSION['pass'];
$dbHost = "localhost";
$dbUser = "";
$dbPass = "";
$dbDatabase = "";
$db = mysql_connect("$dbHost", "$dbUser", "$dbPass");
if (!$db) {
die('Error Connecting To Database: ' . mysql_error());
}
//Select Database
mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");
//Check User Info
$result=mysql_query("select * from users where username='$user' AND password='$pass'",
$db);
$rowCheck = mysql_num_rows($result);
if($rowCheck > 0){
while($row = mysql_fetch_array($result)){
//User and Password are good.... do nothing!
}
}
else {
//Bad User and Pass get them outa here!
$Error = "Session did not verify!";
include 'index.html';
}
?>
Unfortunatly this will include the index.html (my log-on screen) and it will include my content... is their anyway to end the script when it discovers that the sessionis not verified? I thought about doing a header and sending them back to the main page... but I have <? echo "$Error" ?> set above my log on box, so that people know why they are being sent to the log on screen?
... Am i making sense?
