<?php$host="localhost"; // Host name $username="root"; // Mysql username $

1. <?php
2. $host="localhost"; // Host name
3. $username="root"; // Mysql username
4. $password="usbw"; // Mysql password
5. $db_name="Cms"; // Database name
6. $tbl_name="members"; // Table name
7.  
8. // Connect to server and select databse.
9. mysql_connect("$host", "$username", "$password")or die("cannot connect");
10. mysql_select_db("$db_name")or die("cannot select DB");
11.  
12. // username and password sent from form
13. $myusername=$_POST['myusername'];
14. $mypassword=$_POST['mypassword'];
15. $encrypted_mypassword=md5($mypassword);
16.  
17. // To protect MySQL injection (more detail about MySQL injection)
18. $myusername = stripslashes($myusername);
19. $mypassword = stripslashes($mypassword);
20. $myusername = mysql_real_escape_string($myusername);
21. $mypassword = mysql_real_escape_string($mypassword);
22.  
23. $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";
24. $result=mysql_query($sql);
25.  
26. // Mysql_num_row is counting table row
27. $count=mysql_num_rows($result);
28. // If result matched $myusername and $mypassword, table row must be 1 row
29.  
30. if($count==1){
31. // Register $myusername, $mypassword and redirect to file "login_success.php"
32. session_register("myusername");
33. session_register("mypassword");
34. header("location:index.php");
35. }
36. else {
37. echo "Wrong Username or Password";
38. }
39. ?>