de ja vu? =)
i won't go over how to connect to your database again, but lets assume you have your connection script in a php file named connect.php
here's how i would do it.
PHP Code:
<?
include("connect.php");
// query db for a row that matches the user/pass entered
$result=mysql_query("select * from users where user='$user' and pass='$pass'");
// find the number of results found with that query
$num=mysql_numrows($result);
// send to failed.php if 0 results have been found
if($num < 1){
header("location: failed.php");
} else {
header("location: main.php");
}?>
now this is where sessions would come in handy. what would prevent someone from going directly to main.php ?
so what you can do is just start a session so the user and pass are remembered.
then at the top of each page.. just use code similar to above.
PHP Code:
<?
session_start();
session_register(user,pass);
include("connect.php");
// query db for a row that matches the user/pass entered
$result=mysql_query("select * from users where user='$user' and pass='$pass'");
// find the number of results found with that query
$num=mysql_numrows($result);
// send to failed.php if 0 results have been found
if($num < 1){
header("location: failed.php");
}
// the difference is that there is no else statement .. you can safeily put the authorized only content below here because if the authentication fails, the user will be sent to failed.php
?>