<?phpsession_start();include 'header.php';include 'functions.php';?>

1. <?php
2. session_start();
3. include 'header.php';
4. include 'functions.php';
5. ?>
6.  
7. <center>
8. <table>
9. <form method="POST" action="login.php">
10. <tr>
11. <td>Username : </td><td><input type="text" name="username"/></td>
12. </tr>
13. <tr>
14. <br /> <td>Password :</td><td><input type="password" name="password"/></td>
15. </tr>
16. <tr>
17. <td><input type="submit" name="submit" value="log in"/></td>
18. </tr>
19. </form>
20. </table>
21. </center>
22. <?php
23.  
24. //init
25. $_POST['username'] = $username;
26. $_POST['password'] = $password;
27. $_POST['submit'] = $submit;
28.  
29. // check
30.  
31. if ($submit)
32. {
33.     connect();
34.     if ($username && $password)
35.     {
36.         $sql = "SELECT username,password FROM users WHERE username = $username";
37.        $res = mysql_query($sql);
38.        if (mysql_num_rows($res) > 0)
39.        {
40.         $sql2 = "SELECT id FROM users WHERE username = $username AND password = sha1($password)";
41.         $res2 = mysql_query($sql2);
42.                     if(mysql_num_rows($res2) > 0)
43.                     {
44.                         $row = mysql_fetch_assoc($res2);
45.                         $_SESSION['uid'] = $row['id'];
46.                         echo "You have successfully logged in, $username .<br><br><a href=\"./index.php\">Click here to go to the forums.</a>";
47.                     }
48.                     else
49.                     {
50.                         die ("Username and password combination are incorrect!");
51.                     }
52.         }
53.         else
54.         {
55.             die("User does not exist!");
56.         }
57.     }
58.        else
59.         {
60.         die("Please fill in all fields!");
61.         }
62. }
63.  
64. ?>
65.  
66. <?php
67. include ('footer.php');
68. ?>