Wish I could point you to a good tutorial, but instead I'll try and give you the gist of it, based on my experience.
A great way to do what you want to do is to combine MySQL user lookups with .htaccess security. This prevents anyone from accessing the pages you don't want them to, and cuts down on coding time in that you don't need to create login scripts. You just need some simple code in a header that verifies $HTTP_SERVER_VARS['PHP_AUTH_USER'] and $HTTP_SERVER_VARS['PHP_AUTH_PASS'] against the entries in the database, and shoots back an error if they weren't found. The other thing you'll need is a program that automatically generates a .htpasswd file from the entries in your database.. that's as simple as: <?php $db = mysql_connect('localhost','user','pass'); mysql_select_db('users'); $sql = "SELECT username,password FROM users ORDER BY username"; $result = mysql_query($sql); $fp = fopen('/path/to/folder/below/document/root/.htpasswd','w'); while ($data =mysql_fetch_array($result)) { fputs($fp, $data['username'].':'.crypt($data['password'])."\n"); } fclose($fp); mysql_free_result($result); mysql_close($db); ?> And, of course, you need to put in the folders you want to protect, the .htaccess file: AuthType Basic AuthName "Protected Directory" AuthUserFile /path/to/folder/below/document/root/.htpasswd AuthGroupFile /dev/null Require valid-user This is untested code, and should work fine, but it may have something silly like a syntax or parameters error or something I overlooked. Hope this helps. Mike Eheler Software Developer - Web Division SearchBC.com René Fournier wrote: >I'm looking for a good (simple) tutorial on user authentication. I want to >create a login system that's secure, but I don't need all the features that >PHPBuilder's "A Complete, Secure User Login System" scripts provide. (I >don't need the the user to be able to register or confirm his account, >change his email or password, etc.) Basically, I can/will set the usernames >and passwords myself via MySQL. All I want the login system to do is >securely check against the db and then create a session. > >That's the other problem. I'm a little confused about this cookie >creation/session stuff. Am I correct in assuming that the way it works is >that I should wrap every bit of PHP code around a isUserAuthenticated() >function? > >I suppose what I need is a general tutorial on authentication, assuming the >user of cookies, PHP4 and MySql. Any ideas?? (Thanks.) > >...Rene > >--- >Rene Fournier >[EMAIL PROTECTED] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]