<?phpob_start();$host="*"; // Host name $username="*"; // Mysql username

1. <?php
2. ob_start();
3. $host="*"; // Host name
4. $username="*"; // Mysql username
5. $password="*"; // Mysql password
6. $db_name="login"; // Database name
7. $tbl_name="*"; // Table name
8.  
9. // Connect to server and select databse.
10. mysql_connect("$host", "$username", "$password")or die("cannot connect");
11. mysql_select_db("$db_name")or die("cannot select DB");
12.  
13. // Define $myusername and $mypassword
14. $myusername=$_POST['myusername'];
15. $mypassword=$_POST['mypassword'];
16. // To protect MySQL injection (more detail about MySQL injection)
17. $myusername = stripslashes($myusername);
18. $mypassword = stripslashes($mypassword);
19. $approved = stipslashes($approved);
20. $myusername = mysql_real_escape_string($myusername);
21. $mypassword = mysql_real_escape_string($mypassword);
22. $approved = mysql_real_escape_string($approved);
23.  
24. $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' and approved='$approved'";
25. $result=mysql_query($sql);
26.  
27. // Mysql_num_row is counting table row
28. $count=mysql_num_rows($result);
29. // If result matched $myusername and $mypassword, table row must be 1 row
30.  
31. if($approved != 'yes') {
32. echo "You haven't been approved as staff! - You can't Login yet.";
33. }else{
34.  
35. if($count==1){
36. // Register $myusername, $mypassword and redirect to file "login_success.php"
37. session_register("myusername");
38. session_register("mypassword");
39. header("location:login_success.php");
40. }
41. else {
42. echo "Wrong Username or Password";
43. }
44. }
45. ob_end_flush();
46. ?>