Welcome, tm1274!
(Your handle reminds me of my old buddy, THX1138 ... )

1) Create a simple database (MySQL in this example):

create database users;

use users;

create table data (

id int(11) auto_increment primary key,

user varchar(10),

pass varchar(10),

area varchar(32)

);

2) Populate the table with usernames (10-char max), passwords (10-char max) and which of the 3 areas that user may log into (I am using the name of the area's subdirectory)(32-char max).

3) Write your PHP code so that when the login form is submitted, it checks user name and password against your database, and redirects the successfully logged in user to the area to which they are allowed.

For example, grabbing and redirecting:

<?php

$doDbConnect=mysql_connect("users","admin","adminpass") or die ("No DB connect: ".mysql_error());

$thisUser=$_POST['username'];

$thisPass=$_POST['password'];

$validateUser=mysql_query("select * from data where user='$thisUser' && pass='$thisPass'");

if (mysql_num_rows($validateUser)<1) {

echo "Bad user name or password.";

}

else {

while($row=mysql_fetch_array($validateUser)) {

$okArea=$row["area"];

$areaForUser="/".$okArea."/index.html";

header("Location: $areaForUser");

exit;

}

mysql_free_result($validateUser);

mysql_close($doDbConnect);

?>

Your login form needs two fields: username and password.

This could get a lot more complicated depending on the level of security you need, including the use of sessions and cookies and revalidating the user's permissions with each request, etc.etc.

Hope that gets you on the road! See the MySQL and PHP user manuals on their respective sites.

Would this type of script keep unwanted individuals away from the protected page as well?

Not in its current form.

You would want at the very least something like:

1) When the user is validated, set a temporary (while the browser is open) cookie with their level of access (okArea) included.
2) At the top of every page in the restricted areas put a script to check the existence of and the contents of the cookie.
3) If there's no cookie or the okArea in the cookie does not match the path of the request, send them back to the login page or to some other location outside of the sensitive areas.

I would also suggest encrypting the password and checking to see whether the encrypted version of the submitted password matches the encrypted password stored in the database.

Are you sure those who assigned you this task are aware of its complexity for someone who is new to scripting?

<edit>
Here's a quick example of encrypting the passwords:

Note: Change the length of the pass field in the db to 32 characters, instead of 10.

insert into data values (

NULL,'bob',MD5('bobspass')

)

Then, reading the encrypted password:

<?php

...

$thisPass=md5($_POST['password']);

...

?>

</edit>

I dont think they really know how complex this is. I have researched the internet for 3 solid days trying to find any script I could possible use to make this work to no avail. I do the html pages and image work for the site and would like to one day understand enough about scripting to do more. At this point I had created 3 .htaccess protected directories that pointed to a .htgroups file and have a drop down selection box that when an area is selected it will open the standard popup box. The problem is that we do not want "dealers" seeing the category for "distributors" and questioning its purpose and the same with the third category.

we do not want "dealers" seeing the category for "distributors"

Then I would even go one step further and avoid using dedicated directories for the various areas. Instead I would use appropriately named include files to populate the pages according to the logged in user's needs.

Where: stuff_for_dealers.inc, stuff_for_distribs.inc

$thisInclude="stuff_for_".$okArea.".inc";

include $thisInclude;

Actually, that may provide a more simple solution if the security isn't reallyreally key. If there's no login, there's no $okArea, so there's no page content. If there is a login, then there's an $okArea and the page will receive some content.

The security issue at this point become one of using and checking for valid cookies. It's still not perfect security, because cookies can be tweaked, but it's pretty simple.

To increase the security value of the cookies, also include session information and check for a valid, active session to authorize a page's display.

<edit>
I understand that this is not enough info/code for you to do it right away. I'm hoping you will take these terms and tidbits and scour the user manuals for the pieces. It really does you no good if you just copy-and-paste a bunch of code, because you won't be able to repair it or make it better or do it again elsewhere if you do not have at least a casual understanding of what is happening. Check the PHP manual for cookies and sessions. It's not that heavy. :)
</edit>

I am not sure if I understand the $okArea portion. Can you tell me anything else as to what it does or how it works. Also, I created a database and used the code in a php page, but when I execute the script, I get this error "Parse error: parse error, unexpected $ in /home/america1/public_html/login2.php on line 18" Line 18 is the last line of the code which is (?>), Any ideas if I did something wrong?

If your looking for something that will allow you very fine control over your site check out this PHP/MySQL ACL solution:

[phpgacl.sourceforge.net...]

It's free, open source and allows you to control access fairly easily. It has a little bit of a learning curve, but it comes with good documentation. You'd probably have to redevelop some portions of your site to integrate it, but from the looks of it, your going to be doing that anyway.

$okArea

is the name of the variable I used in the example(s) to store the value of the "area" database field for the logged in user.

In PHP, variable names are preceded by the dollar sign.

The error you posted indicates that there is an extra dollar sign on Line 18 of your script (or earlier, if the dollar sign is being interpreted as an "extra" and acting on it is being postponed as long as possible within your script, or if you haven't defined the variable by assigning it a valid value from the db, or if you have enclosed it within quotes/apostrophes in an inappropriate instance).

If you post your script, we'll take a look at it, but I stand by my earlier assertion that at least a casual understanding of the code will do well for you.