<?php session_start(); include_once("db_connect.php"); if(isset($_P

1. <?php
2. session_start();
3. include_once("db_connect.php");
4.  
5. if(isset($_POST['loginSub'])) {
6. //Connect to DB
7. include_once("db_connect.php");
8.  
9. //Gets whatever is inside input box and prevents sql injection
10. $username=strip_tags($_POST['user']);
11. $password=strip_tags($_POST['password']);
12.  
13. //Gets whatever is inside input box and prevents sql injection
14. $username=stripslashes($username);
15. $password=stripslashes($password);
16.  
17. //Gets whatever is inside input box and prevents sql injection
18. $username=mysqli_real_escape_string($username);
19. $password=mysqli_real_escape_string($password);
20.  
21. // Look in users table and filter those who have same username is the one inputed.
22. $sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
23. $query = mysqli_query("$db,$sql");
24. $row = mysqli_fetch_array($query);
25. $id = $row['id'];
26. $db_password = $row['password'];
27.  
28. if($password == $db_password) {
29. $_SESSION['username']= $username;
30. $_SESSION['id']= $id;
31. //useless code doesnt work header('Location: editor.php');
32.  
33. } else{
34. echo "Incorrect details.Try again!";
35. }
36. }
37. ?>
38.  
39. <div id="loginform">
40. <form id="login" action="loginAuth.php">
41. <label for="login"><strong>Login:</strong></label>
42. <input type="text"size=20 autocorrect=off autocapitalize=words name="user">
43. <label for="loginPassword" name="password"> <strong>Password:</strong></label>
44. <input type="password" name="Password">
45. <input name="loginSub" type="submit" value="login">
46. </form>
47. </div>
48.  
49. $username=mysqli_real_escape_string($username);
50. $password=mysqli_real_escape_string($password);