form help needed

I have this form

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Login</title>
</head>
<body>
<?php

if ($user == editor && $pass == lee261){
echo "success<br><a href="images.html">Reload</a>";
}

else
echo "Wrong info. Try again <br>

<form action="login.php" method="post">
<p>User Name:<br />
<input name="username" type="text" id="user"><br />
Password:<br />
<input name="password" type="text" id="password"><br />
<input type="submit" name="Submit" value="Login">
</p>
</form>";
?>
</body>
</html>


It does not have to be very secure, or need a database, will it work? I want the form to go to the images webpage after login.

You need an extra script to handle the SESSION login ...

Your script called "images.html" now needs to be called "images.php".

The first script ... this one I am calling: "index.php" ...

<?php

// get login error message if it exists
if(isset($_GET['mess'])){
$mess=$_GET['mess'];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Login</title>
</head>
<body>
<?=$mess?><br>

<form action="login.php" method="post">
<p>User Name:<br />
<input name="username" type="text" id="user"><br />
Password:<br />
<input name="password" type="text" id="password"><br />
<input type="submit" name="Submit" value="Login">
</p>
</form>

</body>
</html>



The script called "login.php":

<?php
session_start();

// get form variables
$pass = $_POST['password'];
$user = $_POST['username'];

if ($user == "editor" && $pass == "lee261"){
$_SESSION['xuser']="XYZ123";
// success, so go to the next page.
header ("location: images.php");
}
else{
$mess="<h2>Sorry, we cannot find that member ...</h2>";
header ("location: index.php?mess=$mess");
}

?>



And the very top of your script called: "images.php"

<?php
session_start();
if(isset($_SESSION['xuser'])){
// they are already logged in.
}
else{
// they are NOT logged in, so kick them out.
header ("location: index.php");
}

//The rest of your script here ...

?>

This does not prevent someone from directly accessing images.html

instead of
echo "success<br><a href="images.html">Reload</a>";

you can use Meta refresh (http://en.wikipedia.org/wiki/Meta_refresh)

or redirecting (http://www.plus2net.com/php_tutorial/php_redirect.php) from the login.php itself

If it is only simple password protection that you need, you can use the directory password protection (http://www.thesitewizard.com/apache/password-protect-directory.shtml)

Thanks to the first poster, but really I know nothing about php and soon got lost in that, what is a session?

All I need is a pop up username and password thing to release a page of images, that will not be picked up by search engines, unfortunately their host is Windows, not apache so I cant use the httaccess thingy.

Someone said I could use http authentication, I do not know ho to do that, but I have asked the host if they will allow it with a windows server.

If anyone can help me or write me an adaptable script that I could do this I would be most grateful, I only want one username and password. It would take me ages to try and learn php and I do not have the time to do that.

Look for an ASP page login.

http://www.google.com/search?q=asp+page+login+script

That is the best solution for a Windows-Based Server.

I have looked for an ASP script but they all seem to require databases, and I have no idea on them. I thinkthat the http authentication is the best way, the asp scripts I am finding seem also to be old and outdated and no good, or are too difficult to configure. I only want a simple easy script and no one has made a free one available it seems. But I will keep looking.