Login Problems

1. // Connect to server and select databse.
2.  mysql_connect("$host", "$username", "$password")or die("cannot connect");
3.  mysql_select_db("$db_name")or die("cannot select DB");
4.  
5.  
6. // username and password sent from form
7.  $username=$_POST['username'];
8.  $password=$_POST['password'];
9.  
10.  
11. // To protect MySQL injection
12.  $username = stripslashes($username);
13.  $password = stripslashes($password);
14.  $username = mysql_real_escape_string($username);
15.  $password = mysql_real_escape_string($password);
16.  
17. $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
18.  $result=mysql_query($sql);
19.  
20.  
21. // Mysql_num_row is counting table row
22.  $count=mysql_num_rows($result);
23.  
24. // If result matched $myusername and $mypassword, table row must be 1 row
25.  
26. if($count==1){
27.  
28. // Register $myusername, $mypassword and redirect to file "login_success.php"
29.  session_register("username");
30.  session_register("password");
31.  header("location:login.007?action=success");
32.  }
33.  else {
34.  echo "
35. <html>
36. <head>
37. <link rel=\"stylesheet\" href=\"style.css\" type=\"text/css\">
38. <title>Login Failure</title>
39. </head>
40. <body>
41. <div id=\"container\">
42. <div class=\"content\">
43. <h1 class=\"title\">Login Failed</h1>
44. <p class=\"txt\">Incorrect Username/Password combination. If I were you I'd <a href=\"login.007?action=login\">go back</a> and try again.</p>
45. </div>
46. </div>
47. </body>
48. </html>
49. ";
50.  }
51. }
52. if ($action == "success") {
53.  session_start();
54.  if(!session_is_registered(myusername)){
55.  header("location:main_login.php");
56.  }
57.  
58. echo "
59. <html>
60. <head>
61. <link rel=\"stylesheet\" href=\"style.css\" type=\"text/css\">
62. <title>Login Success</title>
63. <meta http-equiv=\"refresh\" content=\"2;url=index.007\">
64. </head>
65. <body>
66. <div id=\"container\">
67. <div class=\"content\">
68. <h1 class=\"title\">Login Success</h1>
69. <p class=\"txt\">You have been logged in and will be redirected to the main page.</p>
70. </div>
71. </div>
72. </body>
73. </html>
74. ";
75. }
76. if ($action == "logout") {
77.  session_start();
78.  session_destroy();
79. echo "
80. <html>
81. <head>
82. <link rel=\"stylesheet\" href=\"style.css\" type=\"text/css\">
83. <title>Logout Success</title>
84. <meta http-equiv=\"refresh\" content=\"2;url=index.007\">
85. </head>
86. <body>
87. <div id=\"container\">
88. <div class=\"content\">
89. <h1 class=\"title\">Logout Success</h1>
90. <p class=\"txt\">You have been logged out successfully and will be redirected to the main page now.</p>
91. </div>
92. </div>
93. </body>
94. </html>
95. ";
96. }
97. if ($action == "login") {
98. echo "
99. <html>
100. <head>
101. <link rel=\"stylesheet\" href=\"style.css\" type=\"text/css\">
102. <title>Login</title>
103. </head>
104. <body>
105. <div id=\"container\">
106. <div class=\"content\">
107. <h1 class=\"title\">Login</h1>
108. <p class=\"txt\">Please enter your information below.</p>
109. <form name=\"loginform\" method=\"post\" action=\"login.007?action=logincheck\">
110. <input name=\"username\" type=\"text\" id=\"username\" value=\"Username\" onfocus=\"this.value = '';\"><br>
111. <input type=\"text\" id=\"fakepassword\" value=\"Password\" onfocus=\"this.style.display = 'none'; document.getElementById('password').style.display = 'inline'; document.getElementById('password').focus();\">
112. <input type=\"password\" id=\"password\" name=\"password\" style=\"display: none;\"><br>
113. <input type=\"submit\" value=\"Login\">
114. </form>
115. </div>
116. </div>
117. </body>
118. </html>
119. ";
120. }