Please check the following script. When you think something should be done different i'd like to hear from you.
<BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">quote:</font><HR>
<?
// copyright 2000, Dennis van der Vliet
// Version 0.0
// this script (login.php) is just login script
// NOTICE
// this script is release under the standard GPL license
// please mail (zappit01@hotmail.com) me when you add/use or have comment on
// this script
// ----used variables----
// $usrName, $usrPassWord, $usrCookieTime, $usrCookie
// ----history----
// + no history yet
// ----to do----
// insert the correct error messages

// name: logged
// comment: this checks or a user is logged in or not
function logged () {
global $usrCookie;

if (isset($usrCookie)) {
// if the cookie is set
return true;
} else {
// if not
return false;
}
}
// END of logged

// name: auth
// comment: this function logs the user in (using login), and checks or the
// userlevel is ok
function auth($level, $usrName, $usrPassWord) {
global $usrCookie, $usrName, $usrPassWord;
require ("config/config.php");

// if a cookie is set, directly check or the level is ok
if (isset($usrCookie)) {
// connect to server
$dbConn = mysql_connect($setMyHost, $setMyUser, $setMyPassWord);

// select database at the server
mysql_select_db($setMyDataBase, $dbConn);

// create and execute query
$sql = "SELECT name, level, passWord FROM session WHERE session='$usrCookie'";

$query = mysql_query ($sql, $dbConn);

// create array of result
$array = mysql_fetch_array ($query);

// check or the level is ok
if ($level >= $array["level"]) {
$usrName = $array["name"];
$usrPassWord = $array["passWord"];
return true;
} else {
return false;

}
// if the users sends the $usrName and $usrPassWord
} else if (isset($usrName) AND isset($usrPassWord)){
// login the user
return login($usrName, $usrPassWord, $level);
} else {

// if none of the above applies
return false;
}
}
// END of auth
// name: login
// comment: This function checks passwords, and sets cookies
function login($usrName, $usrPassWord, $level) {
global $usrName, $usrPassWord;
require ("config/config.php");
// connect to server
$dbConn = mysql_connect($setMyHost, $setMyUser, $setMyPassWord);

// select database at the server
mysql_select_db($setMyDataBase, $dbConn);

// md5 password
$usrPassWord = md5($usrPassWord);

// create and execute query
$sql = "SELECT userLevel, allowCookies FROM users WHERE name='$usrName' AND passWord='$usrPassWord'";

$query = mysql_query ("$sql", $dbConn);

// how many rows are in the result?
$rows = mysql_num_rows($query);
//if one it's ok

if ($rows == 1) {
$array = mysql_fetch_array($query);
// if the user allows cookies, set on
if ($array["allowCookies"] == "y") {

// create session id
$session = md5(uniqid(rand()));

// make cookie with the session id in it
setcookie($setCookieName, $session, time()+$setCookieTime);

// get userlevel
$usrLevel = $array["userLevel"];

// get time
$time = time();
// get expire time
$expireTime = $time + $setCookieTime;

// connect to server
$dbConn = mysql_connect($setMyHost, $setMyUser, $setMyPassWord);

// select database at the server
mysql_select_db($setMyDataBase, $dbConn);

// create and execute query
$sql = "INSERT INTO session (session, name, level, loginTime, expireTime, passWord) VALUES ('$session', '$usrName', $usrLevel, $time, $expireTime, '$usrPassWord')";

$query = mysql_query ($sql, $dbConn);

$sql = "UPDATE users SET lastLogin = $time WHERE name='$usrName'";

$query = mysql_query ($sql, $dbConn);

// check or the level is ok
if ($level >= $usrLevel) {
$usrName = $usrName;
$usrPassWord = $usrPassWord;
return true;
} else {
return false;
}
} else {
// if the user doesn't allow cookies, just login for this time
require ("config/config.php");

// connect to server
$dbConn = mysql_connect($setMyHost, $setMyUser, $setMyPassWord);

// select database at the server
mysql_select_db($setMyDataBase, $dbConn);

$time = time();
// create and execute query
$sql = "UPDATE users SET lastLogin = $time WHERE name='$usrName'";

$query = mysql_query ($sql, $dbConn);

// get userlevel
$usrLevel = $array["userLevel"];

// check or level is ok
if ($level >= $usrLevel) {
$usrName = $usrName;
$usrPassWord = $usrPassWord;
return true;
} else {
return false; }
}
} else {
// if the password is wrong
return false;
}
}
// END of login

require ("config/config.php");

$usrCookie =$HTTP_COOKIE_VARS[$setCookieName];

?>
[/quote]