<?phpsession_start();$host="localhost"; // Host name$username=""; // Mys

1. <?php
2. session_start();
3.  
4. $host="localhost"; // Host name
5. $username=""; // Mysql username
6. $password=""; // Mysql password
7. $db_name=""; // Database name
8. $tbl_name="members"; // Table name
9.  
10. // Connect to server and select databse.
11. mysql_connect("$host", "$username", "$password")or die("cannot connect");
12. mysql_select_db("$db_name")or die("cannot select DB");
13.  
14.  
15. if(isset($_POST))
16. {
17. // username and password sent from form
18. $myusername=$_POST['myusername'];
19. $mypassword=$_POST['mypassword'];
20.  
21. // To protect MySQL injection (more detail about MySQL injection)
22. $myusername = stripslashes($myusername);
23. $mypassword = stripslashes($mypassword);
24. $myusername = mysql_real_escape_string($myusername);
25. $mypassword = mysql_real_escape_string($mypassword);
26.  
27. $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
28. $result=mysql_query($sql);
29.  
30. // Mysql_num_row is counting table row
31. $count=mysql_num_rows($result);
32. // If result matched $myusername and $mypassword, table row must be 1 row
33.  
34.  
35. if($count){
36. session_regenerate_id();
37. $_SESSION['SESS_USERNAME'] = $myusername;
38. $_SESSION['SESS_PASSWORD'] = $mypassword;
39. session_write_close();
40. header("location: login_success.php");
41. }
42. else if
43. {
44. include("loginhtml.html");
45. }
46.  
47. else if (!isset( $_SESSION['mysession'])){
48. Header("Location: index.php");
49. }
50.  
51. ?>