<?php session_start();?><?php$username = $_POST['username'];$password = $_

1. <?php session_start();?>
2. <?php
3. $username = $_POST['username'];
4. $password = $_POST['password'];
5. if ($username&&$password)
6. {
7. include ('connect.php');
8. $query = mysql_query("SELECT * FROM users WHERE username = '%s'", mysql_real_escape_string($username));
9. $numrows = mysql_num_rows($query);
10. ?>
11. <?php
12. if ($numrows!=0)
13. {
14. // code to login
15. while ($row = mysql_fetch_assoc($query))
16. {
17. $dbusername = $row['username'];
18. $dbpassword = $row['password'];
19. $dbinitials = $row['initials'];
20. }
21. if ($username==$dbusername&&$password==$dbpassword)
22. {
23. echo "Your Logged In! <a href='index.php'>Click here</a> to go to the user page.";
24. $_SESSION['username']=$dbusername;
25. $_SESSION['initials']=$dbinitials;
26. }
27. else
28. echo "Incorrect Username or Password!.";
29. }
30. else
31. echo "That user doesn't Exist!";
32. }
33. else
34. echo "Please Enter a Username and Password.";
35. ?>