<?php session_start(); $username = $_POST['username']; $password =

1. <?php
2.  
3.   session_start();
4.  
5.   $username = $_POST['username'];
6.   $password = $_POST['password'];
7.  
8.   if($username&&$password)
9.   {
10.     $connect = mysql_connect("localhost","root","") or die("Couldn't connect");
11.     mysql_select_db("syntax") or die("Couldn't find database");
12.    
13.     $query = mysql_query("SELECT * FROM users WHERE username='$username'");
14.  
15.     $numrows = mysql_num_rows($query);
16.    
17.     if ($numrows!=0)
18.     {  
19.       //login code
20.       while ($row = mysql_fetch_assoc($query))
21.       {
22.         $dbusername = $row['username'];
23.         $dbpassword = $row['password'];
24.       }
25.      
26.       //check to see if they match
27.       if($username==$dbusername&&md5($password)==$dbpassword)
28.       {
29.         echo "You have logged in sir. <a href='member.php'>Go to members area</a>";
30.         $_SESSION['username']=$username;
31.       }
32.       else
33.         echo "Incorrect Password";
34.     }
35.     else
36.       die("That user doesn't exist");
37.  
38.   }
39.   else
40.     echo "Please enter a username and a password.";
41.  
42. ?>