<?php /** * Begin our sessions via session_start() * Include our confi

1. <?php
2.  
3.     /**
4.      *  Begin our sessions via session_start()
5.      *  Include our config file, no need for paranthesis()
6.      */
7.      
8.     session_start();
9.     include 'config.php';
10.    
11.     if ( isset( $_POST['submit'] ) )
12.     {
13.        
14.         /**
15.          *  Clean our username from SQL injections
16.          */
17.          
18.         $username = mysql_real_escape_string( $_POST['username'] );
19.        
20.         /**
21.          * Encrypts our password with a salt for extra security instead of just
22.          * encrypting the pass we md5 both, never change it
23.          */
24.         $password = md5( $_POST['password'] . 'tH1s-i$-4-s8lt-f0R-xTr4h-S3cur1tZy' );
25.        
26.         /**
27.          *  Create our query and check if the info is valid against the database
28.          */
29.        
30.         $query = mysql_query("SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
31.        
32.         /**
33.          *  Check if the numbers of rows from our query is great than 1
34.          */
35.        
36.         if ( mysql_num_rows( $query ) > 0 )
37.         {
38.        
39.             /**
40.              *  If so set our session info
41.              */
42.              
43.             $_SESSION['username'] = $username;
44.             $_SESSION['password'] = $password;
45.            
46.         }
47.         else
48.         {
49.            
50.             /**
51.              *  Redirect our user if login has failed
52.              */
53.              
54.             header("Refresh: 0; url=index.php?page=failedlogin");
55.  
56.         }
57.        
58.     }
59.    
60.     /**
61.      *  End our login page, don't end it with ?> if only PHP exists at the end
62.      */