I once made myselve this class to manage my login pages
[code]<?
class database_connection{
var $query_id;
var $link;
function connect($location, $username, $password, $database){
$this->link = mysql_connect($location, $username, $password) or die ("Could not Connect: ".mysql_error());
mysql_select_db($database) or die ('Could not select database: '.mysql_error());
Return true;
}
function query($query){
$this->query_id = mysql_query($query) or die ('Query failed: '.mysql_error());
Return true;
}
function output(){
$array = mysql_fetch_array($this->query_id, MYSQL_ASSOC);
Return $array;
}
function closelink(){
if(!empty($this->query_id)){
if(is_resource($this->query_id)){
mysql_free_result($this->query_id);
}
}
mysql_close($this->link);
}
}
class loginmanager{
function verify(){
if(empty($_SESSION['ingelogd']) || $_SESSION['ingelogd'] != true){
$this->makeloginscreen();
}
}
function verify_ERR401(){
if(empty($_SESSION['ingelogd']) || $_SESSION['ingelogd'] != true){
header('HTTP/1.0 401 Unauthorized');
die("HTTP/1.0 401 Unauthorized");
}
}
function makeloginscreen(){
$con = new database_connection();
$con->connect("location", "user", "password", "database");
if(isset($_POST['login']) && $_POST['login'] == "yes"){
if(isset($_POST['username']) && $_POST['username'] != ""){
$con->query("SELECT * FROM `login` WHERE `username` = '".$_POST['username']."'");
$num = count($con->query_id);
if($num <= 1){
if($num >= 1){
if(isset($_POST['password']) && $_POST['password'] != ""){
$USER = $con->output();
if(md5($_POST['password']) == $USER['password']){ //Succesvol ingelogd
$_SESSION['ingelogd'] = true;
$_SESSION['userid'] = $USER['id'];
$_SESSION['username'] = $USER['username'];
header("Location: index.php");
}else{ //Onsuccesvol ingelogd
$_SESSION['ingelogd'] = false;
header("Location: index.php");
}
}
}else{
$_SESSION['ingelogd'] = false;
header("Location: index.php");
}
}else{
die("ERROR, contact the webmaster with your login username about this");
}
}
$con->closelink();
}elseif(isset($_SESSION['ingelogd']) && $_SESSION['ingelogd'] == true){
header("Location: index.php");
}else{
echo "<form action=\"#\" method=\"post\">\n";
echo "\t<table>\n";
echo "\t\t<tr>\n\t\t\t<td>Username:</td>\n\t\t\t<td><input type=\"text\" name=\"username\"></input></td>\n\t\t</tr>\n";
echo "\t\t<tr>\n\t\t\t<td>Password:</td>\n\t\t\t<td><input type=\"password\" name=\"password\"></input></td>\n\t\t</tr>\n";
echo "\t\t<input type=\"hidden\" name=\"login\" value=\"yes\">\n";
echo "\t\t<tr>\n\t\t\t<td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"submit\"></td>\n\t\t</tr>\n";
echo "\t</table>\n</form>";
}
die();
}
}
?>[/code]
It also uses a database class I made to make easy database connections.
You can modify or just read the code and learn
BTW: To use, just include the page these classes are in and call the function verify() to see if the user is logged in, if he/she is she will she the page that is made under the verify() call else he/she will see the login form, and with verify_401(), they will see a black page with a 401 Unauthorized header sent to the browser.
EDIT: Reindented the code