Untitled

<?php

$dbc = mysqli_connect('127.0.0.1', '40076509', 'password', '40076509_news') or die('Error connecting to MySQL server');

if (empty($SESSION_['s_id']))
	{
	// Read the entered username and password
	$username = $_POST['username'];
	$password = $_POST['password'];

	// Select password from database
	$loginresult = mysqli_query($dbc, "SELECT password FROM user WHERE username = '$username'") or die('Error accessing the user database');
	$row = mysqli_fetch_assoc($loginresult);
	if (mysqli_num_rows($loginresult) > 0 && password_verify($password, $row['password']))
		{
		$SESSION_['s_id'] = $username;
		}
	   else
	    {
		echo ("Access denied. <a href='login.php'>Try again?</a>");
		exit();
	    }
	mysqli_close($dbc);
	}

if (isset($SESSION_['s_id']))
	{
	$dbc = mysqli_connect('127.0.0.1', '40076509', 'password', '40076509_news') or die('Error connecting to MySQL server');
	// Read articles from database
	$result = mysqli_query($dbc, "SELECT category, title, date, id FROM content") or die('Error querying the content database');

	if (mysqli_num_rows($result) == 0)
		{
		echo ("No articles found");
		}
	  else
		{
		while ($row = mysqli_fetch_assoc($result))
			{
			echo ("
				<hr><p><a href=article.php?id=" . $row["id"] . " target='_blank'>" . $row["category"] . " - " . $row["title"] . "</a>
				<br />" . $row["date"] . "
				<br /><form action='modify.php?id=" . $row["id"] . "' method='post'><input type='submit' name='submit' value='Delete' /></form></p>
			");
			}
		echo ("<hr><p><a href='cmsadd.php'><button>Add New Article</button></a></p>");
		}

	mysqli_close($dbc);
	}
   else
	{
	header("Location: login.php");
	exit();
	}

?>