Untitled

<?php

if(isset($_POST['login'])) {

    // variablerna lagrar information från formuläret som används i MySQL-frågan
    $username = mysql_real_escape_string(trim($_POST['userid']));
    $password = mysql_real_escape_string(trim($_POST['user_pass']));

    if($USE_MD5){
        $password = md5($password);
    }

    // kontrollerar om användaruppgifterna finns i MySQL-tabellen
    $query = mysql_query("SELECT * FROM `login` WHERE `userid` = '$username' AND `user_pass` = '$password' LIMIT 1") or die(mysql_error());
    $row = mysql_fetch_array($query);

    // kontrollerar om användarkontot finns
    if(mysql_num_rows($query) > 0) {

        $_SESSION['account_login'] = 'true';
        $_SESSION['account_id'] = $row['account_id'];
        $_SESSION['account_username'] = $username;
        $_SESSION['account_level'] = $row['level'];
        $_SESSION['account_email'] = $row['email'];
        echo "You successfully logged in...<br/><br/>";
        echo ">><a href=\"index.php?p=settings\"> Press here to continue</a>";

    }
    else {
        echo "Failed to login...<br/><br/>";
        echo ">><a href=\"index.php?p=login\"> Try again</a>";
    }
}

else {
    echo "<h2>Login</h2>";
    echo "<form action=\"\" method=\"post\">";
    echo "<table border=\"0\">";
    echo "<tr><td>Username</td><td><input name=\"username\" type=\"text\"/></td></tr>";
    echo "<tr><td>Password</td><td><input name=\"password\" type=\"password\"/></td></tr>";
    echo "<tr><td colspan=\"2\" ><input name=\"login\" type=\"submit\" id=\"login\" value=\"Login!\"/></td></tr>";
    echo "</table>";
    echo "</form>";
}

?>