Hay people. This is my code below ...
<?php require"config.php"; // IS THERE A USERNAME AND PASSWORD? if (!$siteUserName || !$sitePassword) { // NO INFO FOUND! header("Location: /undercover.php?startWeb=error_401&sid=$siteSession"); end; } else { //CHECK IF USER AND PASS MATCH. $siteMdPassword = md5("$sitePassword"); $sql = "SELECT * FROM members WHERE mUserName='$siteUserName' AND mPassWord='$siteMdPassword'"; $sql_result = mysql_query($sql, $connection) or die ("Could not get Query"); $row = mysql_fetch_array($sql_result); $num = mysql_num_rows($sql_result); $mActive = $row["mActive"]; if ($num == 1 AND $mActive == "Y") { // PROCESS LOGIN & RETURN! $logoncheck=$logoncode; $siteUserId = $row["mUserId"]; $siteAccessLevel = $row["mAccessLevel"]; session_name('crushme'); session_register('siteUserId','siteUserName','logoncheck','siteAccessLevel'); $proxy_ip=$HTTP_X_FORWARDED_FOR; $proxy_dns=gethostbyaddr($proxy_ip); header("Location: /undercover.php?startWeb=mainpage&sid=$siteSession"); exit; } else { // USER NOT LOGED IN. header("Location: /undercover.php?startWeb=error_401&sid=$siteSession"); exit; } } // END ?> I have been using this for ages, but would like to know if there is a better way to process a login ... Is HTTP auth better than HTML? / Mark