checklogin.php

1.   <?php
2.     // ob_start();
3.     include '../include/config.php';
4.     session_start();
5.     // Define $myusername and $mypassword
6.     $myusername=$_POST['myusername'];
7.     $mypassword=$_POST['mypassword'];
8.    
9.     // To protect MySQL injection
10.     $myusername = stripslashes($myusername);
11.     $mypassword = stripslashes($mypassword);
12.     $myusername = mysql_real_escape_string($myusername);
13.     $mypassword = mysql_real_escape_string($mypassword);
14.  
15.     // Select database and check login and class
16.     $sql="SELECT * FROM `members` WHERE username='$myusername' and password='$mypassword'";
17.     $result=mysql_query($sql);
18.  
19.     // Mysql_num_row is counting table row
20.     $count=mysql_num_rows($result);
21.  
22.     // If result matched $myusername and $mypassword, table row must be 1 row
23.       if ($count == 1)  {
24.  
25.         // Overwrite $sql
26.         $sql="SELECT class, username FROM `members` WHERE username='$myusername' LIMIT 1";
27.         $result=mysql_query($sql);
28.         $data=mysql_fetch_array($result);
29.         $class_number=$data['class'];
30.         $_SESSION['username'] = $data['username'];
31.         $_SESSION['class'] = $data['class'];
32.  
33.  
34.         if (($class_number == 2) || ($class_number == 6)) {
35.           session_register("myusername" , "mypassword");
36.           //$_SESSION['class'] = $data['class'];
37.           header("location:add.php");
38.           $_SESSION['username'] = $data['username'];
39.           $_SESSION['class'] = $data['class'];
40.         }
41.         elseif ($class_number == 1) {
42.           echo "Access denied</br>";
43.           // header("location:../index.php");
44.         }
45.       } else {
46.         echo "login failed";
47.       }
48.  
49.   ?>