Hey Brian,
how about something like this, just change the session info to cookies
if you want?
<?
session_start();
## get db connection
Require_once('../conf/Systemconfig.inc.php');
## Disable DOS Attacks
if ($_SERVER['HTTP_USER_AGENT'] == "" || $_SERVER['HTTP_USER_AGENT'] ==
"-") {
die();
}
// If no Post Dont Process Page
If ([EMAIL PROTECTED]){
@header("HTTP/1.0 404 Not Found");
$error = 1;
// Error No Post
die();
}
## Process Login
## Run security Checks
if (!get_magic_quotes_gpc()) {
$User = addslashes($_POST['Username']);
$Password = addslashes($_POST['Password']);
} else {
$User = $_POST['Username'];
$Password = $_POST['Password'];
}
$Result = mysql_query("SELECT * From `site_users` WHERE Username='$User'
AND Password='$Password' AND Visible='1'");
if($GetRes=mysql_fetch_array($Result));
{
## Create Session vars and redirect
$_SESSION['AuthUser'] = TRUE;
$_SESSION['AuthName'] = $User;
$_SESSION['AdminID'] = $GetRes['UserID'];
$_SESSION['FirstName'] = $GetRes['FirstName'];
}
else {
$_SESSION['FAILURE'] = TRUE;
}
## Redirect to Main page
@header('Location: index.php');
exit();
?>
hth
On Mon, 2004-07-19 at 21:01, Brian Krausz wrote:
> [snip]
> a. do not reply off-list unless asked, your question may not receive the
> attention it needs
> [/snip]
> Sorry, I got the email before the board post so I assumed you were only
> replying off-list.
>
> [snip]
> 2. You do know basic PHP, correct? Create a page that accepts a username
> and password. Have the un and pw checked against the db. If it is good,
> set a cookie and check for the cookie with each page, if not redirect to
> the proper location.
> [/snip]
> My 2 main concern are security and user-friendlyness. I would like
> anyone (regardless of cookies being allowed or not) to be able to use my
> service, but I would still like it to be secure.
>
> But I guess I'll try making my own script...worth a shot.
