I found a decent looking tutorial on how to create a log in script. It can be found by googling: login script php. It'll probably be the first hit.

Basically you check on your inner pages if the user has a cookie set that he has logged in. If cookie is not found, redirect the user to login page.

[edited by: dreamcatcher at 1:13 pm (utc) on July 16, 2008]
[edit reason] No site drops, thanks. [/edit]

I had seen that before ad found too confusing ......
But i will look at it again in detail.
Here is my code for login. Can we work with this and make changes so nothing changes?!?!?!

Sorry n Thank you

<?php

$host = "localhost";
$user = "";
$pass = "";
$dbname = "";

$connection = mysql_connect("localhost", "root", "") or die("Cannot connect to MySQL server: " . mysql_error());
$db_selected = mysql_select_db('hhh', $connection);

session_start();
$username = $_POST['username'];
$password = ($_POST['password']);

$query = "select * from users where username = '$username' and password = '$password'";

$result = mysql_query($query);

if (mysql_num_rows($result) != 1) {
$error = "Bad Login";
include "login.html";

} else {
$_SESSION['username'] = "$username";
header("location:main.html");
}

?>

Well, i am not sure but i feel that there should be something on all the inner(member pages) to check if that page was achieved by logging in or not.
What if someone once logs in and then stores the page address and then goes in directly?
How to prevent that.
The code in the 'About'(the one referred) there is a cookie die time. Once the use logs and keeps the page open, it should not expire is one of the requirement. But if he closes the window, of-course he will have to login again.....!

The whole site is working without these security features. But its not good. As I am new to php n learning by googling, it makes it more difficult to do things like above.

Please help me.
Thanks in advance

Leaving security issues for another thread...

A slightly modified version of the example code you posted should be included on every page that requires authentication.

require('myAuthCode.php');

You would remove the header redirect on success and instead allow code execuction to continue as normal and display the requested page.

Also make sure you set a session cookie/variable for both username and password in the original login script. These will both need to be available to other pages.

You would remove the header redirect on success and instead allow code execuction to continue as normal and display the requested page.

Also make sure you set a session cookie/variable for both username and password in the original login script. These will both need to be available to other pages.
====================================================================

Shruti:
Please can you make me understand this part a little more?
I am in the process of learning PHP so might not get you. You are professionals and i am a new student. Please guide me more......!

Thanks in advance n sorry for inconvenience.