Login.php

1. <?php
2. session_start();
3.  
4. if(isset($_POST['login'])) {
5. include_once("db.php");
6. $username = strip_tags($_POST['username']);
7. $password = strip_tags($_POST['password']);
8.  
9. $username = stripslashes($username);
10. $password = stripslashes($password);
11.  
12. $username = mysqli_real_escape_string($db, $username);
13. $password = mysqli_real_escape_string($db, $password);
14.  
15. $password = md5($password);
16.  
17. $sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
18. $query = mysqli_query($db, $sql);
19. $row = mysqli_fetch_array($query);
20. $id = $row['id'];
21. $db_password = $row['password'];
22.  
23. if($password == $db_password) {
24. $_SESSION['username'] = $username;
25. $_SESSION['id'] = $id;
26. header("Location: index.php");
27. } else {
28. header("Location: access_denied.php");
29. }
30. }
31.  
32.  
33. ?>
34.  
35. <!doctype html>
36. <html>
37. <head>
38. <title>Login</title>
39.  
40.  
41. </head>
42.  
43. <body>
44. <h1>Login</h1>
45.  
46. <form action="login.php" method="POST" enctype="multipart/form-data">
47. <label>Username:<br/></label>
48. <input type="text" name="username" required="required" autofocus><br/>
49. <label>Password:<br/></label>
50. <input type="password" name="password" required="required"><br/><br/>
51. <input type="submit" value="Login">
52. </form>
53.  
54. <br/>
55.  
56. <a>Not yet registered? </a><a href="register.php">Click Here</a>
57. </body>
58.  
59. </html>