#Actual Login Script.function do_login(){ //If the user has submitted th

1. #Actual Login Script.
2. function do_login()
3. {
4.         //If the user has submitted the form
5.         if($_POST['submit']){
6.             //protect the posted value then store them to variables
7.             $username = protect($_POST['username']);
8.             $password = protect($_POST['password']);
9.             $password = md5($password);
10.  
11.             //Check if the username or password boxes were not filled in
12.             if(!$username || !$password){
13.                 //if not display an error message
14.                 echo "<center>You need to fill in a <b>Username</b> and a <b>Password</b>!</center>";
15.             }else{
16.                 //if the were continue checking
17.  
18.                 //select all rows from the table where the username matches the one entered by the user
19.                 $res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."'");
20.                 $num = mysql_num_rows($res);
21.  
22.                 //check if there was not a match
23.                 if($num == 0){
24.                     //if not display an error message
25.                     echo "<center>The <b>Username</b> you supplied does not exist!</center>";
26.                 }else{
27.                     //if there was a match continue checking
28.  
29.                     //select all rows where the username and password match the ones submitted by the user
30.                     $res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
31.                     $num = mysql_num_rows($res);
32.  
33.                     //check if there was not a match
34.                     if($num == 0){
35.                         //if not display error message
36.                         echo "<center>The <b>Password</b> you supplied does not match the one for that username!</center>";
37.                     }else{
38.                         //if there was continue checking
39.  
40.                         //split all fields fom the correct row into an associative array
41.                         $row = mysql_fetch_assoc($res);
42.  
43.  
44.                             //set the login session storing there id - we use this to see if they are logged in or not
45.                             $session_id = $row['user_id'];
46.                             $session_username = $username;
47.                             $session_level = $row['permission'];
48.  
49.                             $_SESSION['user_id'] = $session_id;
50.                             $_SESSION['permission'] = $session_level;
51.                             $_SESSION['username'] = $session_username;
52.  
53.                             //show message
54.                             echo "<center>" . $_SESSION['username'] . ", you have successfully logged in!</center>";
55.                             header('Location: index.php');
56.                         }
57.                     }
58.                 }
59.             }
60.                            
61. }