<?phprequire_once 'handler.php';$username = cleanString($_POST['username']);

1. <?php
2. require_once 'handler.php';
3. $username = cleanString($_POST['username']);
4. $password = md5($_POST['password']);
5. if(empty($username) || empty($password))
6. {
7.     echo 'You must enter a username and password!';
8. }  
9. else
10. {
11.     $sql = mysql_query("SELECT * FROM users WHERE username='$username'");
12.     if(mysql_num_rows($sql) < 1)
13.     {
14.         echo 'That username does not exist.';
15.     }  
16.     else
17.     {
18.         $sql2 = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
19.         if(mysql_num_rows($sql2) < 1)
20.         {
21.             echo 'Your password is incorrect.';
22.         }  
23.         else
24.         {
25.             $result= mysql_query("SELECT postcode FROM users WHERE username='$username'");
26.             $row = mysql_fetch_assoc($result);
27.             $postcode = $row['password'];
28.             $_SESSION['username'] = $username;
29.             $_SESSION['password'] = $password;
30.             $_SESSION['postcode'] = $postcode;
31.             header('location: /index.php');
32.         }
33.     }
34. }
35. ?>