There are issues with using a form based login, and sometimes it is more convenient to use http authentication.

The main problem with using a form to log someone in, is that you need a way to know whether someone is logged in on an arbitrary request. There are various methods to solve this problem: you can create session ids that time out, or you can set a cookie that shows the person as logged in.

If you utilize http authentication you can let the webserver handle keeping track of who is logged in or not. The setup for this method varies from server to server.

If you are on an Apache server, you will need to create several files, .htaccess, .htpasswd, and .htgroup. Your .htaccess file will specify that your script requires a password to access. Your .htpasswd and .htgroup files contain information about your users. This tutorial should be enough to get you started.

BTW, if you use this approach, you can get the username is stored as an environment variable ($ENV{REMOTE_USER}).

Good luck with whatever approach you decide to take.

TGI says moo