I want to protect some content in my site with a password and I am thinking in using this php script
Do you think is a good way to go?
Do you know something better for this task or a way to improve ( if needed) thin one ?
The code to load the content from the database is :
<?php
error_reporting(0);
include("config.php");
if (!isset($_REQUEST["p"])) {
echo 'document.write("<div id=\"protected_'.intval($_REQUEST["id"]).'\">");';
echo 'document.write("<form onsubmit=\'return LoadContent(\"'.intval($_REQUEST["id"]).'\",\"protected_'.intval($_REQUEST["id"]).'\",document.getElementById(\"pass_'.intval($_REQUEST["id"]).'\").value); return false;\'\"><input type=\'password\' size=\'30\' placeholder=\'Content is protected! Enter password.\' id=\"pass_'.intval($_REQUEST["id"]).'\"></form>");';
echo 'document.write("</div>");';
} else {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE `id`='".intval($_REQUEST["id"])."' AND password='".mysql_real_escape_string($_REQUEST["p"])."'";
$sql_result = mysql_query ($sql, $connection ) or die ('request "Could not execute SQL query" '.$sql);
if (mysql_num_rows($sql_result)==1) {
$row = mysql_fetch_assoc($sql_result);
echo $row["content"];
} else {
echo 'Wrong password';
}
}
?>