<?PHP$s = mysql_real_escape_string($_POST['s']);$u = mysql_real_escape_str

1. <?PHP
2.  
3. $s = mysql_real_escape_string($_POST['s']);
4. $u = mysql_real_escape_string($_POST['u']);
5. $p = mysql_real_escape_string(md5($_POST['p']));
6.  
7. $selectuser = mysql_query("SELECT * FROM users WHERE username='$u'");
8. $exist = mysql_num_rows($selectuser);
9. while($row = mysql_fetch_assoc($selectuser)){
10.  
11. $id = $row['id'];
12. $rank = $row['rank'];
13. $password = $row['password'];
14.  
15. }
16.  
17. if($s) {
18.  
19. if($u&&$p){
20.  
21. if($exist!=0){
22.  
23. if($password==$p){
24.  
25. $_SESSION['badgeshop'] = $u;
26. session_start();
27. header("Location: index.php");
28.  
29. }
30. else
31. echo "<div class='error'>Password is completely wrong!</div>";
32.  
33.  
34. }
35. else
36. echo "<div class='error'>User doesn't even exist!</div>";
37.  
38.  
39. }
40. else
41. echo "<div class='error'>Please enter ALL fields!</div>";
42.  
43. }
44.  
45.  
46. ?>