Hi, I had a question on user authentication/member accounts.
I have built a MySQL database with users and passwords, and I wrote this
<head><title>LOGIN IN PROGRESS</title></head>

mysql_connect(HOST, USER, PASS);

<body bgcolor = "white">
<h2>PLEASE LOG IN</h2>

<form method=post action="<?echo $PHP_SELF?>">
<table cellpadding=2 cellspacing=0 border=0>
<td>Username:</td><td><input type="text" name="User" size=10></td><tr>
<td>Password:</td><td><input type="password" name="Pass" size=10></td><tr>
<td>&nbsp;</td><td><input type="submit" name="submit" value="Log In"></td>
if ($submit) {
$result=mysql_query("select * from Users where User='$User'") or die
("cant do it");
while ($row=mysql_fetch_array($result)) {
if ($row["Pass"]==$Pass) {
printf("Successfully Logged In!<a href=\"about.php\">Click Here</a>");


So this will work it regonizes a real user vs. a fake on I do. But I don't
understand whats to stop someone from directly linking to a protected
page? For example why couldn't someone just go directly to

Does this make sense? Should I have the login form in one file and the php
script in another? Do I need to check the http header somehow to see if
they have logged in?

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to