I think what you are looking for isn't a JavaScript popup, but a "WWW-Authenticate" HTTP header, which is the standard broswer popup for login and password. You can do that with this PHP code at the ABSOLUTE top of every PHP page you want to secure:
header('WWW-Authenticate: Basic realm="my realm"');
header('HTTP/1.0 401 Unauthorized');
After getting that, the browser will resend its credentials, or popup a login window. The user fills in username and password, and you can authenticate with these parameters:
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
Typically, people store a SHA1 hash of the password in a text file, or a database somewhere. You then want to make the hash with the password from the user, check it against the original, and then either resend the unauthorized headers, or let them continute. Check out the 'MHash' functions for more info about this:
http://www.php.net/manual/en/ref.mhash.php
That info should help you get your head around it... but I STRONGLY suggest you get to the bookstore and pick up a book on writing secure PHP apps. There are a lot of subtle issues which are always missed by newbies... much to the delight and amusement of us hackers ;)
--
Brian 'Bex' Huff
[EMAIL PROTECTED]
Phone: 952-903-2023
Fax: 952-829-5424
I must say that I'm new at this php world. There are some web sites that when you enter a page, a pop-up windows appears requesting a login and password.How can I make a form in php (login page) that searches for the login and password of the page that is requested? I really don't know where the file containing the login or password is stored, but I suppose theres is a rule where to be hold up. Thank you, Rui Monteiro
-- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
