When the password is invalid or valid, the login error page displays with the protected page directly underneath.
<?php
$auth = false; // Assume user is not authenticated
if (isset($id))
{
$HTTP_AUTH_USER = $HTTP_COOKIE_VARS["id"];
$HTTP_AUTH_PW = $HTTP_COOKIE_VARS["pass"];
}
if (isset($PHP_AUTH_USER) && isset($PHP_AUTH_PW)) {
// Connect to MySQL
mysql_connect( 'localhost', 'name', 'pw' )
or die ( 'Unable to connect to server.' );
// Select database on MySQL server
mysql_select_db( 'db' )
or die ( 'Unable to select database.' );
// Formulate the query
$sql = "SELECT * FROM users WHERE
username = '$PHP_AUTH_USER' AND
password = '$PHP_AUTH_PW'";
// Execute the query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ( $num != 0 ) {
// A matching row was found - the user is authenticated.
$auth = true;
}
}
if ($auth != true) {
include ('http://crosse5.com/members/invalidlogin.php');
exit;
} else {
setcookie("id",$PHP_AUTH_USER,mktime(0,0,0,0,0,2020),"/",".crosse5.com",0);
setcookie("pass",$PHP_AUTH_PW,mktime(0,0,0,0,0,2020),"/",".crosse5.com",0);
}
?>
