Hi Karina,

A lot will depend on how secure it needs to be. If its not top security you could just have a db with username, pwd (stored encrypted) and perhaps redirect url in it.

When they login with user and pwd, encrypt the pwd then query the db for a match on user and encrypted pwd, if there is a match then the login is successful and redirect them to the url in the database.

Every page they subsequently visit you should also check to make sure they are authenticated.

You can probably find some old posts round here doing similar things - try the site search at top of page or go and search google for login scripts and you'll get a load back.

Cheers

Thanks for the thoughts. My problem is that I am creating a guest log-in to a commercial product. Actually, I have done the guest access script and I was right, it is dead simple and works fine and gets me to the intial guest access page. Interestingly, though, if I plug in my actual username and password into the script, I'm not allowed in because I haven't supplied authenticating credentials. This I would like to figure out how to get around in case my customer decides he wants to create a generic user with more rights rather than just a guest.

Actually, what I actually want is a plain old DOS batch file equivalent. I have researched this more and I didn't even need a script. But now I probably do. What I need is a two step process. The first step logs the person in via a url, the second step sends them to the second url that they need to be logged in to view.

The >can< got to a page that says
1. Click here
2. at the next page, click your browser's back button then
3. Click here

What I want to do is automate this entire process into a single "click here"

golly. what a morning this has been.

thanx in advance

It can all be done via the login script.

How we do it is a login form. When they fill in their user/pass and click submit it goes to the authentication script. That script checks all of the fields (we have a few more) and then if they are valid then it will load all of the data into a session. The same script then redirects them to the first page of the members section.

This is a php solution but the methodology is the same. We load their permissions, limits, account information and others into the session and then the availibility of features is based on what is stored there.

The url you refer to "logs the person in via a url". That page could then just set a cookie and then redirect them to the appropriate place. Then you could check the cookie to see if they are logged in or not.

and Welcome to WebmasterWorld.

Thank you for your help. I was actually able to accomplish what I needed to do using a framed page and then a META refresh. I'm very happy to have found this resource, though. It's made for some great reading.