<?phpsession_start();//add slashes to the username and md5() the password

1. <?php
2. session_start();
3. //add slashes to the username and md5() the password
4. $user = addslashes($_POST['Username']);
5. $pass = ($_POST['Password']);
6. //set the database connection variables
7. $dbHost = "";
8. $dbUser = "";
9. $dbPass = "";
10. $dbDatabase = "";
11. //connet to the database
12. $db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");
13. mysql_select_db($dbDatabase, $db) or die ("Couldn't select the database.");
14. $pass = md5($pass);
15. $result=mysql_query("select * from user where username='$user' AND password='$pass'", $db);
16. //check that at least one row was returned
17. $rowCheck = mysql_num_rows($result);
18. if($rowCheck > 0){
19.   while($row = mysql_fetch_array($result)){
20.     //start the session and register a variable
21.     setcookie("user", $user, time()-3600);
22.     setcookie("user", $user, time()+3600);
23.    
24.     $muser = $_COOKIE['user'];
25.    
26.     $queryadmin = mysql_query("select * from user where username='$muser' AND group='admin'", $db);
27.     $rowCheck2 = mysql_num_rows($queryadmin);
28.     if($rowCheck2 > 0){
29.     $_SESSION['admin']=1;
30.     }
31.    
32.     //successful login code will go here...
33.     echo 'Success!';
34.     echo '<a href="index.php">Back to home</a>';
35.     echo '<meta http-equiv="refresh" content="1;url=index.php">';
36.     }
37. }
38. else{
39.     //if nothing is returned by the query, unsuccessful login code goes here...
40.     echo 'Incorrect login name or password. Please try again.';
41.     }
42. ?>