<?phpsession_start();$user = $_POST['user'];$_SESSION['user'] = $user;

1. <?php
2. session_start();
3. $user = $_POST['user'];
4. $_SESSION['user'] = $user;
5.  
6.  
7. define('DB_HOST', 'localhost');
8. define('DB_NAME', 'mkuiper1');
9. define('DB_USER','mkuiper1');
10. define('DB_PASSWORD','password');
11.  
12.  
13. $con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
14. $db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
15. /*
16. $ID = $_POST['user'];
17. $Password = $_POST['pass'];
18. */
19.  
20. function SignIn($data){
21.  
22. //checking the 'user' name which is from Sign-In.html, is it empty or have some text
23. if(!empty($data['user'])){
24.  
25. //$query = mysql_query("SELECT * FROM WebsiteUsers where userName = '".$data['user']."' AND pass = '".$data['pass']."'") or die(mysql_error());
26. // The above query is sql-injecation valnerable query, use the below query instead
27. // Also do not use mysql erxtension anymore is deprecated, use mysqli instead
28. // Let us say that your db connection is stored in $con variable
29.  
30. $stmt = $con->prepare("SELECT * FROM WebsiteUsers where userName = '$_POST[user]' AND pass = '$_POST[pass]'");
31. $stmt->bind_param('ss', $data['user'],$data['pass']);
32.  
33. if($stmt->execute()){
34. $stmt->store_result();
35. if($stmt->num_rows>0){
36. $result = $stmt->get_result();
37. while ($row = $result->fetch_assoc()) {
38. $_SESSION['userName'] = $row['pass'];
39. //echo "Login Succesvol!"; do not echo anything here before redirecting !!!
40. $_SESSION['loggedin'] = 1;
41. header("Location: index.php");
42. }
43. }
44. }
45. } else{
46. $message = "Verkeerde Gebruikersnaam/Wachtwoord!";
47. echo ("<SCRIPT LANGUAGE='JavaScript'>
48. window.alert('$message')
49. window.location = '/Sign-In.php';
50. </SCRIPT>");
51. }
52. }
53.  
54. if(isset($_POST['submit'])){
55. SignIn($_POST);
56. }
57.  
58.  
59.  
60. ?>