First you need a form along the lines of
<form name="login" action="verify.php">
<p>Login Id <input type="text" name="userid"></p>
<p>Password <input type="password" name="lpassword"></p>
<p><input type="submit" name="submit" value="Login"> <input type="reset" name="clear" value="Oops!"></p>
</form>
then you need to connect to your DB and verify, like this
<?
$dberror="";
$link=mysql_connect(""server name","username","password");
if (!$link)
die("Couldn't connect to MySQL");
mysql_select_db("Auth") or die ("Couldn't open Database");
$sql="SELECT * FROM ids WHERE username = '$userid' AND password = PASSWORD('$lpassword')";
$result=mysql_query($sql);
if (mysql_num_rows($result) == 1)
{
//initiate a session
session_start();
// register the user's ID
session_register("SESSION_UID");
list($id, $userid, $lpassword, $level) = mysql_fetch_row($result);
$SESSION_UID = $id;
//redirect to main page
header("Location:congrats.php?level=$level&user=$userid");
mysql_free_result ($result);
// close connection
mysql_close($connection);
}
else
{
mysql_free_result($result);
// redirect to error page
header("Location:failed.php?error=4");
exit;
}
?>
All you need then is a db called Auth (or whatever change above script) and then put in the following fields to work with this script
ID
USERNAME
PASSWORD
LEVEL
(names in lowercase for my script)
Then on each page you want authorising put the following code
<?
session_start();
if (!session_is_registered("SESSION_UID"))
{
header("Location:/auth/error.php?ec=1");
exit;
}
if($level>=5|| $level == "")
{
header("Location:/auth/error.php?ec=3");
exit;
}
?>
Create an error page to report failure.
If the login is succesful the rest of the page will execute.
This is not a super strong authorisation but it will point you in the right direction.
Neil
