Ok, im pretty new to PHP, but what i need is the folloing - any help will be greatly appreciated:

1.) users log in with their username and password on a page
2.) If they are not logged in they cannot access the page
3.) They stay logged in untill they click logout.

I have heard about something alled $_session or something, but i really ould like help on this

Also - would i need a database? And if so how can i set one up?

Thanx alot!

Adam

There are a couple different ways to do this, and yes you can use session variables ($_SESSION[]) as part of it.

Basically the person enters their username and password and you can have it to check to see if the username exists with the same password in a table in a database, if it does, you authenticate them by setting a session variable. Then your pages can check the value of the variable and if it isn't what it should when they are logged in, then you can kick 'em out.

If you are only going to have one or two usernames you could hard code it in. Another alternative would be to use a flat file with the usernames and passwords in it.

Then when they want to log out, you check delete that session variable.

so, if i make a database in access and upload it...?

also - what will the code be? I am totaly new - ur help is brill - thanx! And yes, i would prefer everyone to ahve a different username and password

I also ask the same question as you then someone point me to http://freshmeat.net/projects/adminpro/ to find the answer, hope this could help you too.

I posted a really simple authentication script with sessions and cookies on another forum a while ago. This doesn't use a database but its not the best way for login scripts, its hardcoded in so its best for one or two people.
login.php
<?php
if($action=="login") { // If the url is set to login.php?action=login
$user = $_POST['user']; // Get entered username
$pass = $_POST['pass']; // Get entered pass
if(($user == "user1" && $pass == "pass1") || ($user == "user2" && $pass == "pass2")) { // Checking to see if they match, || means or, && means and. You can have more usernames and passwords.
$pw = md5($pass); // Encrypt the password
setcookie ("auth",$user-$pw,time()+1957240,"/"); // Create the cookie, storing the username and encrypted pass.
session_register("auth"); // Set a session in case cookies are disabled
header(Location:frontpage.php); // Redirect to frontpage.php
}

else // If its anything else (Doesn't match)
{
header(Location:failed.php); // Redirect to failed.php
}
}

else {
// Show form
?>
<form action="<?php echo $_SERVER["PHP_SELF"]; ?>?action=login" method="post">
<p>Username:
<input type="text" name="user">
</p>
<p>Password:
<input type="password" name="pass">
<input type="submit" value="Login" name="Submit">
</p>
</form>
<?php
}
?>

Put this on the top of all the pages you want protected. Must be on the very top.
<?php
$cookie = $_COOKIE['auth'];
session_start(); // You need this to read session variables

if (empty($cookie) || !isset($cookie)) // if the cookie is empty or not set
{
// Read the session
if (empty($_SESSION['auth']) || !isset($_SESSION['auth'])) // the session is empty or not set
{
header("Location: login.php"); // Redirect to login.php
exit; // Stop any further coding
}
?>

Logout script
<?php
setcookie ("auth",$user-$pw,time()-1957240,"/"); // Setting a cookie with the same name but setting it so it expires 1957240 seconds before the current time which means its already destroyed
session_destroy(); // Destroy the session
echo "You are logged out"; // Print the message
?>

Its really messy i know, I didn't bother indenting it. Sorry ^^0

If you want to use a database, its just as easy. Just create a table with fields for the usernames and passwords and change login.php to
if($action=="login") { // If the url is set to ?action=login
$user = $_POST['user']; // Get entered username
$pass = $_POST['pass']; // Get entered pass

$q = "SELECT * from table WHERE username='$user' AND password='$pass' "; // Select rows in the table where the $user and $pass are in the username and password fields
$r = mysql_query($q) or die
("Could not execute query : $q." . mysql_error());
if(mysql_num_rows($r) = 1) { // If there's one and only one row which has that username and pass
$pw = md5($pass); // Encrypt the password
setcookie ("auth",$user-$pw,time()+1957240,"/"); // Create the cookie, storing the username and encrypted pass. Just in case you want to retrieve it later on.
session_register("auth"); // Set a session in case cookies are disabled
header(Location:frontpage.php); // Redirect to frontpage.php
}

Again, sorry for the messiness.

Cheers - all of you! Thats a really big help! Just one las question, where do i put PHP code? is it in the Head, body, above teh head? Thanx in advanced - and thanx to u 3

If you download AdminPro from http://freshmeat.net/projects/adminpro/
You will have a readme.html to help you how to install.

Good luck

I suggest getting phpBB for begginers user authentication script. You can expand their authentication ability to cover other pages, and it is extremely secure. Then you can either use the forum, or simply delete all unrelated files and do not link to the forum at all.

Also, it sounds like you are pretty new to php in general. In case you didnt know, php is a server side language, so when the user tries to access the page the server calculates everything and then outputs the correct html code. Thats why when you look at the source code for any page you do not see <?php ?> tags, because the server already took care of that. So you can put the tags anywhere, but I recomend at the very top unless you are using an output buffer.

This code you are trying to do is not for begginers, and how you said you simply want those three things (user logs in, not allowed to access pages, and logs out at his/her whim) is a big deal, and doing that from scratch could take some time. I recomend at least doing the w3schools tutorial of php before you try anything like this.

Another way to do this in php is by using HTTP AUTHENTICATION (http://ca3.php.net/manual/en/features.http-auth.php)
Logging out on the other hand requires a little more work to it. Personally, I'd use a session method, or synthetic session methods but this is another option available to you.

Ok, im gonna use e-Raisers coding, but in the login.php - do i link my "login" page to that, or not? does it come with a form? If not, how do i link them. Do i have to put the HTML under the code? Thanks

Adam