<?php $username = $_POST['username']; $password = md5($_POST['password'

1. <?php
2. $username = $_POST['username'];
3. $password = md5($_POST['password']);
4.  
5. if($username && $password){
6. require_once 'Db_functions.php';
7. $conn = db_open();
8. $userStr = "SELECT GEBRUIKERSNAAM FROM GEBRUIKER WHERE GEBRUIKERSNAAM = '" . $username . "'";
9.  
10. $result = sqlsrv_query($conn, $userStr, null);
11. if($result === false) {
12. session_destroy();
13. die();
14. }
15.  
16. $passStr = "SELECT WACHTWOORD FROM GEBRUIKER WHERE GEBRUIKERSNAAM = '" . $username . "'";
17.  
18. $result = sqlsrv_query($conn, $passStr, null);
19. if($result === false) {
20. session_destroy();
21. die();
22. }
23.  
24. while($row = sqlsrv_fetch_array($result, SQLSRV_FETCH_ASSOC)){
25. if($row['WACHTWOORD'] == $password){
26. $SESSION['username'] = $username;
27. db_close($conn);
28. echo'login succesvol';
29. }
30. else{
31. session_destroy();
32. db_close($conn);
33. }
34. }
35. }
36. ?>