Hi. There are several ways to authenticate users: cookie, session, database, or some combination of these. Each method has some plus or minus to it, but maybe for starters a cookie authentication might be helpful. For every page that you want to protect, just include the script below as the first thing in the page.
If you would rather use sessions, there are some examples
here. When your skills improve, you might consider using a combination of methods along with SSL, depending on whether you are looking for more security. The below example offers a basic authentication, and there is a logout script too, both of which you should put to the test.
PHP Code:
<?php
// basic cookie authentication
@ini_set("magic_quotes_sybase","0");
$testaccess = 0;
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['entrance'])) {
$username = $_POST['username'];
$password = $_POST['password'];
if (!get_magic_quotes_gpc()) {
$username = addslashes($username);
$password = addslashes($password);
}
$query = mysql_query("SELECT 1 FROM users WHERE login='$username' and password='$password'");
if (mysql_num_rows($query) == 1) {
$testaccess = 1;
$cookieinfo = $username.":".$password.":".rand();
$cookievals = base64_encode($cookieinfo);
setcookie("classmates", $cookievals, time()+3600);
}
else {
header("Location: http://www.domain.com/login.html");
exit;
}
}
elseif (isset($_COOKIE['classmates'])) {
$classmates = $_COOKIE['classmates'];
$cookievals = base64_decode($classmates);
$cookievals = explode(":", $cookievals);
$username = addslashes(stripslashes($cookievals[0]));
$password = addslashes(stripslashes($cookievals[1]));
$query = mysql_query("SELECT 1 FROM users WHERE login='$username' and password='$password'");
if(mysql_num_rows($query) == 1) {
$testaccess = 1;
}
else {
header("Location: http://www.domain.com/login.html");
exit;
}
}
if ($testaccess == 0) {
header("Location: http://www.domain.com/login.html");
exit;
}
// protected page content here
?>
PHP Code:
<?php
// basic cookie logout
setcookie("classmates", "", time()-3600);
header("Location: http://www.domain.com/logout.html");
exit;
?>
Remember to remove any "word" wrapping from the above code.