Check.php
<?php
require ('SSLCheck.php');
$validUser = false;
if (isset ($_SERVER['PHP_AUTH_USER']) && isset ($_SERVER['PHP_AUTH_PW']))
{
/* search the passwords table in the 'database' database for the username/password combination: */
@ $db = new mysqli ('localhost', 'username', 'password', 'database');
if (mysqli_connect_errno())
{
echo
"<h3 style='color:red; text-align:center;'>
Database connection error: ".mysqli_connect_error ()."<br>Please try again later.
</h3>";
exit;
}
$username = addslashes ($_SERVER['PHP_AUTH_USER']);
$password = addslashes ($_SERVER['PHP_AUTH_PW']);
$query = "select count(*) from passwords
where username = '".$username."' and
password = SHA1('".$password."')";
$result = $db->query($query);
if (!$result)
{
echo
"<div style='color:red; text-align:center;'>
<h3>Error running query to check password.</h3>
<p>
error number = $db->errno <br>
error message = $db->error
</p>
</div>";
exit;
}
$row = $result->fetch_row();
$count = $row[0];
$result->close();
$db->close();
if ($count > 0)
$validUser = true;
}
/* if the username/password combination is not found in the database, force the browser to use Basic HTTP
authentication to display or redisplay the authentication dialog box; include the content that will be displayed
if the user cancels the dialog box or tries it too many times: */
if (!$validUser)
{
header ('HTTP/1.0 401 Unauthorized');
header ('WWW-Authenticate: Basic realm="mjyOnline.com Private Area"');
$queryString = "?url=".$_SERVER["PHP_SELF"];
echo
"<h3 style='color:red; text-align:center;'>
To access this page, you must first register and select a Username and Password.
</h3>
<p style='text-align:center;'>
<button type='button' onclick='location.href=\"Register.php".$queryString."\"'>Register Now</button>
</p>";
exit;
}
?>