Here's the way I do it . I started using a cookie, but switched to session 
as I wanted the authentication to expire when the user closed the browser. 
The UserLogin function is in User_login.php. FetchUsrData checks  the names 
and password against the database and returns either 1 (true) or 0 (failure).

function UsrLogin( $first_name, $last_name, $pass )
{
   /***********************************
   Seek username and Password in subscriber table
   If found, set cookie AllNS & redisplay page,
   with swtiches to show bidding section.
   If not display "Sorry couldn't find you ..."  and return
   ************************************/

    global $cMsgNotFound, $member_id  ;
    $nFetchResult = FetchUsrData( $first_name, $last_name, $pass, $member_id );
         if( $nFetchResult == 1  )
         {
                 //setcookie ("AllNS", $member_id, time()+3600,'/' );
                 session_start();
                 session_register( "member_id" );
                 $ReaderOK = 1;
         }
         else
         {
                 $ReaderOK = 0;
         }
         return $ReaderOK;
}

Each page then has the following code at its head:

<? session_start();
if( !session_is_registered( "member_id" ) )
{
         header("Location: user_logon.php\n");
}
?>
  At the VERY TOP, with NOT A SPACE before it. Obviously if there's no 
session with member_id, the user is directed to the login page, user_logon.php.

This scheme was used because the client wanted a custom login page. Rasmus 
Lerdorf wrote up a scheme that uses Apache's built in authentication 
dialog, although still authenticating against a database. Can't remember if 
it's in the webmonkey or devshed archives.

Hope this helps,

Miles Thompson

At 05:10 PM 4/30/01 -0600, James McLaughlin wrote:
>Hello,
>
>I am attempting to build a series of pages that are only visible to people
>logged in through the auth script I wrote using a MySQL db to hold the auth
>users.
>
>login.php--Login script that takes username and password from user.
>myhome.php--If username and password check out myhome.php displays
>information that is authed by thier account.
>other.php-- *concept* if username and password still check out then this
>page will display blah blah and blah3.
>
>I can login just fine and myhome.php displays correctly.  But when I go to
>look at other.php it kicks me back to the login.php screen asking for my
>username and password again.
>
>In the other.php page what and how do I ask the database if someone is still
>logged in or not logged in so that the authorized information will show?
>
>
>
>Any help would be appreciated
>
>Thanks
>
>Kat
>
>
>--
>PHP Database Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to