Hi.

I've come to the decision I'm horrible with php/mysql together...

I'm trying to get a "WWW-Authenticate" dialog to check the entered username and password against those stored in a mysql database. The Authenticate dialog works properly and such, but i'm having a hell of a time trying to get mysql and this dialog to work together (if they even will?)

PHP Code:

<?php
if ($_SERVER['PHP_AUTH_USER'] != "user" || $_SERVER['PHP_AUTH_PW'] != "password")
{
    header('WWW-Authenticate: Basic realm="Restricted Area"');
    header('HTTP/1.0 401 Unauthorized');
    
    echo "You must log in to access this page.";
    
    exit;
}
?> 

//page content will load here if entered user and password is correct

Obviously, "user" needs to be checked against "user" in the database, and "password" needs to be checked against the "password" for the corresponding "user" in the database.


Thanks!!
~Jake

PHP Code:

<?php

$res = mysql_query("SELECT * FROM table WHERE user='" . $_SERVER['PHP_AUTH_USER'] . "' AND pass='". $_SERVER['PHP_AUTH_PW'] . "'");

if(mysql_num_rows($res) < 1)
{
    header('WWW-Authenticate: Basic realm="Restricted Area"');
    header('HTTP/1.0 401 Unauthorized');
    echo "You must log in to access this page.";
    exit; 
}

Of course, adding slashes to the user and password to prevent SQL injection and whatnot.