<?php //Start session session_start(); // Notice that variables declared $

1. <?php
2.     //Start session
3.     session_start(); //   Notice that variables declared $_SESSION _____  are destroyed when the page is exited.
4.  
5.     //Include database connection details
6.     require_once('connection.php');  // invoking the php script which makes connection to our MySQL server
7.  
8.     //Array to store validation errors  
9.     $errmsg_arr = array();  // we can ommit this line
10.  
11.     //Validation error flag
12.     $errflag = false;  // used to check errors in input etc
13.  
14.     //Function to sanitize values received from the form.PREVENTING SQL INJECTION
15.     function clean($str) {
16.         $str = @trim($str);  // removes whitespace
17.         if(get_magic_quotes_gpc()) {  //get_magic_quotes_gpc() is a function that checks the configuration (php.ini) and returns 0 if magic_quotes_gpc is off (otherwise it returns 1).
18.             $str = stripslashes($str); //  removes slashes.  
19.        
20.         }
21.         return mysql_real_escape_string($str);      //Escapes special characters in the unescaped_string,
22.             //taking into account the current character set of the connection so that it is safe to place it in a mysql_query(). mysql_query() will be used later on
23.     }
24.  
25.     //Sanitize the POST values
26.     $username = clean($_POST['username']);
27.     $password = clean($_POST['password']);
28.  
29.     //Input Validations
30.     if($username == '') {
31.         $errmsg_arr[] = 'Username missing';
32.         $errflag = true;
33.     }
34.     if($password == '') {
35.         $errmsg_arr[] = 'Password missing';
36.         $errflag = true;
37.     }
38.  
39.     //If there are input validations, redirect back to the login form
40.     if($errflag) {
41.         $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
42.         session_write_close();
43.         header("location: index.php"); // sends HTTP request to our login page.
44.         exit();
45.     }
46.  
47.     //Create query
48.     $qry="SELECT * FROM member WHERE username='$username' AND password='$password'";
49.     $result=mysql_query($qry); // creating queries
50.  
51.     //Check whether the query was successful or not
52.     if($result) {
53.         if(mysql_num_rows($result) > 0) { // this method returns the number of rows which are found from the query. USUALLY we must have one row returned. further sanity checks can be performed here
54.             //Login Successful //
55.             session_regenerate_id();   // we need to preserve the Session variables
56.             $member = mysql_fetch_assoc($result); // creates a reference to the data in DB
57.             $_SESSION['SESS_MEMBER_ID'] = $member['mem_id']; // creating variables for the session.
58.             $_SESSION['SESS_FIRST_NAME'] = $member['username'];
59.             $_SESSION['SESS_LAST_NAME'] = $member['password'];
60.             session_write_close();  
61.             header("location: home.php");  // sends HTTP request to our home page.
62.             exit();
63.         }else {
64.             //Login failed
65.             $errmsg_arr[] = 'user name and password not found';
66.             $errflag = true;
67.             if($errflag) {
68.                 $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
69.                 session_write_close();
70.                 header("location: index.php");
71.                 exit();
72.             }
73.         }
74.     }else {
75.         die("Query failed");
76.     }
77. ?>