First, make your pages you want protected include a .inc that does the following:
PHP Code:
if (!isset($_SERVER['PHP_AUTH_USER'])) {
$page = $PHP_SELF;
header("Location: /login.php?URL=".$page);
exit();
}
Then have the page login.php do this:
PHP Code:
if (!isset($_SERVER['PHP_AUTH_USER'])) {
authenticate();
}
else {
$sock = -open your db connection-
$sql = "SELECT id
FROM users_table
WHERE username='".$_SERVER['PHP_AUTH_USER']."'
AND password=PASSWORD('".$_SERVER['PHP_AUTH_PW']."')";
$res = mysql_query($sql,$sock);
if(mysql_numrows($res)hahahaha0) {
authenticate();
}
else {
header("Location: ".$URL);
exit();
}
}
function authenticate() {
header("WWW-Authenticate: Basic realm=\"Member's Area\"");
header("HTTP/1.0 401 Unauthorized");
header("Location: [url]http://whatever.com/error.page[/url]");
exit;
}
What this will do, i any page they try and access thats protected, if they arent logged in it will popup the auth box. If they login properly, they will be redirected back to the page they were trying to access.
If they get it wrong few times, they will be redirected to your error page.
Fast, easy, no frames or modules needed.
Also allows you room for customization, for example when they do login successfully, you could update user_last_login in the database, or things like that....
Enjoy
