index.php

<?php
	session_start();
	$dbh = new PDO('mysql:host=localhost;dbname=contoh', "root", "");
?>

<form  method="POST">
    Username: <input type="text" name="username" required=""><br><br>
    Password: <input type="password" name="password" required=""><br><br>
<button name="login" type="submit">login</button><br>
</form>

<?php
if(isset($_POST['login'])){
	$sql= $dbh->query("SELECT * FROM user_demo2 WHERE username='$_POST[username]'") or die(mysqli_error($db));
	$login = $sql->fetch();

		// cek username dan password dengan yang ada di database
		if(md5($_POST['password']) == $login['password'] && $_POST['username'] == $login['username']){
			// bikin session
			$_SESSION['login'] = $_POST['username'];
			header("location: admin.php");
		}

		else { ?>
			<strong>Maaf:</strong> Kombinasi username dan password salah.
		<?php
		}

	}
   ?>