Basic login page

1. <?php
2. mysql_connect("localhost", "USERNAME", "PASSWORD");
3. mysql_select_db("SCHEMA");
4.  
5. session_start(); //we're using sessions so this is required!
6.  
7. if($_SESSION['loggedin'] == TRUE) {
8. header('location: employee.php'); //members area
9. }else{
10.  
11. if($_POST['submitLogin']) {
12. //verify login from user input
13.  
14. $username = mysql_real_escape_string($_POST['username']);
15. $password = md5(mysql_real_escape_string($_POST['password']));
16.  
17. $select_user = mysql_query("SELECT COUNT(id) AS amount FROM users WHERE username = '$username' AND password = '$password' ");
18. $user = mysql_fetch_assoc($select_user);
19. $amount_found = (int)$user['amount']; //amount of users found by the query
20.  
21. if($amount_found > 0) {
22. $login_attempt = 1; //successful login attempt
23. $_SESSION['loggedin'] = TRUE;
24. $_SESSION['username'] = $username;
25. header('location: employee.php'); //members area
26. }else{
27. $login_attempt = 0; //invalid login attempt
28. }
29.  
30. }
31.  
32. if( ($_POST['submitLogin'] AND isset($login_attempt) AND $login_attempt = 0) OR !$_POST['submitLogin'] ) {
33.  
34. //show login form
35.  
36. if($_POST['submitLogin']) { //attempted to login? (-> invalid login)
37. echo "<p>Invalid login. </p>";
38. }
39.  
40.  
41. ?>
42.  
43. <form method="POST" action="login.php">
44. <b>Username:</b> <br /> <input type="text" name="username"> <p>
45. <b>Password:</b> <br /> <input type="password" name="password"> <p>
46. <input type="submit" name="submitLogin" value="Login!">
47. </form>
48.  
49. <?php
50.  
51. }
52.  
53. }
54.  
55. ?>