<?php include("inc/config.php"); if(isset($_GET['do'])) { $username = my

1. <?php
2.  
3. include("inc/config.php");
4.  
5. if(isset($_GET['do'])) {
6.  
7. $username = mysql_real_escape_string($_POST['username']);
8. $password = mysql_real_escape_string(encrypt($_POST['password']));
9.  
10. if($username && $password) {
11.  
12. $query = mysql_query("SELECT `username` FROM `users` WHERE `username` = '{$username}'") or die(mysql_error());
13. $count = mysql_num_rows($query);
14.  
15. if($count > 0) {
16.  
17. $query2 = mysql_query("SELECT `username` FROM `users` WHERE `username`='{$username}' AND `password`='{$password}'");
18. $count2 = mysql_num_rows($query2);
19.  
20. if($count2 > 0) {
21.  
22. $row = mysql_fetch_assoc($query2);
23. $_SESSION['username'] = $row['username'];
24.  
25. echo("You have successfully logged in as {$username}, redirecting you.");
26. echo("<meta http-equiv='Refresh' content='1; URL=index.php'/>");
27.  
28. } else {
29.  
30. echo("Your username and password do not match!");
31. echo("<meta http-equiv='Refresh' content='1; URL=login.php'/>");
32.  
33. }
34. } else {
35.  
36. echo("The username you supplied does not exist!");
37. echo("<meta http-equiv='Refresh' content='1; URL=login.php'/>");
38.  
39. }
40. } else {
41.  
42. echo("You must supply both a username and password!");
43. echo("<meta http-equiv='Refresh' content='1; URL=login.php'/>");
44.  
45. }
46.  
47. } else {
48.  
49. ?>
50.  
51. <form action="login.php?do" method="post">
52.  
53. <label>Username</label> <input type="text" name="username" />
54.  
55. <br />
56.  
57. <label>Password</label> <input type="password" name="password" />
58.  
59. <br />
60.  
61. <input type="submit" name="submit" value="Submit" />
62.  
63. </form>
64.  
65. <?php
66.  
67. }
68.  
69. ?>