Keep a list of allowed reporters and their passwords in a database table Authentication. Define and populate the table beforehand manually using the phpMyAdmin interface to MySQL (or a command line interface if you like.) You can assume the reporter name is to be the primary key for the table. The authentication information should have nothing to do with your UCID or MySQL passwords and name. The table looks as follows with the appropriate data types for the columns. The contents are NOT encrypted.
Authentication (for incident reports)
The PHP script should test the reporter name and password submitted from the form using a simple PHP or-die construction that queries the database for a matching reporter and password. An SQL select command can be used but the returned data should not be accessed. Just look up in the IT202 manual or on the online PHP manual how to tell if a select returned any rows. If the select is defined appropriately, that will tell you if the reporter name and password were valid. The password should not be encrypted by the browser, the script or in the database.
PHP: When testing strings for equality in PHP, do not use = where you should use == (a pair of equal signs). The PHP symbol = is for assignment statements; it is not used to compare strings; use the == equality operator for string comparison.
SQL: When testing strings for equality in SQL, use = symbol, not the == used in PHP