Untitled

<?php
session_start();
if (isset($_SESSION["manager"])){
 header("location: index.php");
 exit();
 }
 ?>

<?php
//Parse the login form if the user has filled it out and pressed "Log in"

if (isset($_POST["username"]) && isset($_POST["password"])){

    $manager = preg_replace('#[^A-Za-z0-9]#i','',$_POST["username"]);//filter everything but numbers & letters
    $password = preg_replace('#[^A-Za-z0-9]#i','',$_POST["password"]);//filter everything but numbers & letters
    //connect to the MySQL database
    include ("/home/lateral/public_html_com533/Scripts/connect_to_mysql.php");
    $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); //query the person
    //------MAKE SURE PERSON EXISTS IN DATABASE ------
    $existCount= mysql_num_rows($sql); //count the row nums
    if ($existCount == 1) {// evaluate the count
        while($row = mysql_fetch_array($sql)){
            $id = $row["id"];
            }
            $_SESSION["id"] = $id;
            $_SESSION["manager"] = $manager;
            $_SESSION["password"] = $password;
            header("location: index.php");
            exit();
            }else{
                echo 'That information is incorrect, try again <a href="index.php">Click here</a>';
                exit();
                }
            }
?>

<?php # Script 3.4 - index.php
$page_title = 'Store Admin Page';
include ("../includes/header.php");
?>

<h2>Please log in to manage the store</h2>

<form id="" method="post" action="admin_login.php">

<label for="username" Username:</label>
<input name="username" placeholder="Username" type="text" id="username" size="40"/>

<label for="password" Password:</label>
<input name="password" placeholder="Password" type="password" id="password" size="40"/>

<label>
    <input type="submit" name="button" id="button" value="login"/>
</label>
</form>


<?php
include ('../includes/footer.php');
?>