'logging in' usually means that you identify yourself to the server with a username and password and it either sets a $SESSION variable (this is similar to $GET or $POST if that makes any sense to you) or it stores a cookie so that when you access the following page after you log in, the script there can check the $SESSION var or $_COOKIE vars to make sure a user is logged in.
For complex projects with hundreds or thousands or millions of users, you generally need a database to keep track of all the usernames and passwords. In the case where it's only you and your brother, you could do a login form like this:
<?
// array of users and passwords
$userPasswords = array('me' => 'MYPASSWORD', 'myBrother' => 'MYBROTHERSPASSWORD');
// function to check a username and password
function checkLogin($user, $pass) {
global $userPasswords;
if (isset($userPasswords[$user])) {
$storedPassword = $userPasswords[$user];
if (strcmp($storedPassword, $pass) == 0) {
return true;
} else {
// wrong password
return false;
}
} else {
// user not defined! return false
return false;
}
}
// login form handler
if (isset($_POST['submit'])) {
// user hit submit! check login
if (checkLogin($_POST['username'], $_POST['password'])) {
// SUCCESS...set session variable and redirect to secret page
session_start();
$_SESSION['loggedIn'] = true;
$_SESSION['username'] = $_POST['username'];
header('location: secretPage.php');
} else {
die('invalid login!');
}
}
?>
<html>
<body>
<form method="post">
<input type="text" name="username">
<input type="password" name="password">
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>
then secretPage.php could contain something like this:
<?
session_start();
if ($_SESSION['loggedIn'] !== true) {
die('you must be logged in to view this page');
}
// secretPage code follows...
?>
