login.php:
Code: Select all
<?php
$auth_p="test";
$auth_u="test";
$ref=$_SERVER['HTTP_REFERER'];
$msg="";
if (isset($_POST['username']) && isset($_POST['password'])){
session_start();
session_register('auth_username','auth_password');
$_SESSION['auth_username']=$_POST['username'];
$_SESSION['auth_password']=$_POST['password'];
}
if (isset($_SESSION['auth_username']) && isset($_SESSION['auth_password'])){
if ($_SESSION['auth_username']==$auth_u && $_SESSION['auth_password']==$auth_p){ //just for now. will eventually loop through DB
if(preg_match("domain.com\/",$ref)){
header('Location: $ref');
} else {
header('Location: http://domain.com/index.php');
}
} else {
$msg="<br /><span style='color:red'>Bad username or password</span>";
}
}
?>auth.php:
Code: Select all
if (!isset($_SESSION['auth_username']) || !isset($_SESSION['auth_password'])){
header('Location: login.php');
} else {
$username=$_SESSION['auth_username'];
}