When the user logs off, the (encrypted) password in the user-db is moved to a temproary field, when he tries to enter the restricted page again and if he types the correct password, it will be moved back to the password field again. Just require the function.
php3 in all the restricted pages, and call the check_auth(); function like it's done in login.php3. To create the user-table, you can use the syntax: CREATE TABLE users (username Char(20), encrpass CHAR(100), tmppass CHAR(100)); Use this to insert a test-user: (aB14QxrLULc36 is the encrypted form of 'testpass') INSERT INTO users (username, encrpass, tmppass) VALUES ('testuser', 'aB14QxrLULc36', '');