<?php//Opens connection to database$connection = mysql_connect("localhost"

1. <?php
2.  
3. //Opens connection to database
4. $connection = mysql_connect("localhost", "bagofdus_david", "OMGSENSWORD");
5.  
6. //Selects database
7. mysql_select_db("bagofdus_schoolStudent");
8.  
9. //Srores username and password in two variables
10. $username=$_POST["usernameText"];
11. $password=$_POST["passwordText"];
12.  
13. //Sql injection protection, prevents extra characters
14. $user=mysql_real_escape_string($username);
15. $pass=mysql_real_escape_string($password);
16.  
17. //Query selects relevant record from the database
18. $query=mysql_query("SELECT * FROM student where username='$username' AND password='$password'");
19.  
20. //Checks that username and password are in the same row
21. $count=mysql_num_rows($query);
22. if($count==1)
23. {
24. echo "Login Successful";
25. $hour = time() + 3600;
26.  
27. //Sets a one hour cookie
28. setcookie(username, $_POST['username'], $hour);
29. setcookie(password, $_POST['password'], $hour);
30.  
31. header('Location: home.html');
32.  
33. }
34. else
35. {
36. echo "Username or password is incorrect";
37. }
38.  
39.  
40.  
41. ?>