<?php error_reporting(0); $host="localhost"; // Host name $username="roo

1. <?php
2. error_reporting(0);
3.  
4. $host="localhost"; // Host name
5. $username="root"; // Mysql username
6. $password=""; // Mysql password
7. $db_name="test"; // Database name
8. $tbl_name="members"; // Table name
9.  
10. // Connect to server and select databse.
11. mysql_connect("$host", "$username", "$password")or die("cannot connect");
12. mysql_select_db("$db_name")or die("cannot select DB");
13.  
14. // username and password sent from form
15. $myusername=$_POST['tunnus'];
16. $mypassword=$_POST['salasana'];
17.  
18. // To protect MySQL injection (more detail about MySQL injection)
19. $myusername = stripslashes($myusername);
20. $mypassword = stripslashes($mypassword);
21. $myusername = mysql_real_escape_string($myusername);
22. $mypassword = mysql_real_escape_string($mypassword);
23.  
24. $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
25. $result=mysql_query($sql);
26.  
27. // Mysql_num_row is counting table row
28. $count=mysql_num_rows($result);
29. // If result matched $myusername and $mypassword, table row must be 1 row
30.  
31. if($count==1){
32. // Register $myusername, $mypassword and redirect to file "login_success.php"
33. session_register("myusername");
34. session_register("mypassword");
35. echo("OK");
36. }
37. else {
38. echo "VIRHE";
39. }
40. ?>