[RESOLVED] Problem with basic password authentication script

Xeon

I'm working on a basic password authentication script for an admin page (soon to be many, but for my purposes now, just one).

Here are the tw parts of the script:

 session_start();
 session_register("password");
 $HTTP_SESSION_VARS["password"]=$password;

 if(isset($_SESSION["password"]) && $_SESSION["password"]=="thepassword"){
  echo "good pswd - yay!!!";
 }elseif(isset($_SESSION["password"]) && $_SESSION["password"]!="thepassword"){
  echo "bad pswd";
 }else{
  echo "<form method=\"post\" action=\"/admin/\">
       Password:
       <input type=\"password\" name=\"password\" size=\"20\">
       <br />
       <input type=\"submit\" value=\"Login\">
      </form>";
 }

The problem: Every time I use a password, whether the correct one or the incorrect one, I get the password form rather than one of the other two messages. What am I doing wrong?

frt

Use

$HTTP_SESSION_VARS["password"] = $_POST["password"];

instead of

$HTTP_SESSION_VARS["password"] = $password;

You can use $password only if you have

register_globals = On

in your php.ini

Xeon

Thanks! It's working fine now.