<?php//add slashes to the username and md5() the password$user = $_POS

1. <?php
2.  
3.  
4.  
5. //add slashes to the username and md5() the password
6. $user = $_POST['username'];
7. $pass = md5($_POST['password']);
8.  
9. include("connectionDetails.php");
10. $db = getConnection();
11. $sql = "SELECT * from users where username='$user' AND password='$pass'";
12. $result = $db->query($sql);
13.  
14. //check that at least one row was returned
15.  
16. foreach ($result as $row)
17. {
18. //start the session and register a variable
19.  
20. session_start();
21. session_register('username');
22.  
23. //successful login code will go here...
24. echo 'Success!';
25.  
26. //we will redirect the user to another page where we will make sure they're logged in
27. //header( "Location: checkLogin.php" );
28.  
29.  
30.  
31.  
32. else
33.  
34. //if nothing is returned by the query, unsuccessful login code goes here...
35.  
36. echo 'Incorrect login name or password. Please try again.';
37. }
38.  
39.  
40.  
41. ?>