function login(){ $user_login = mysql_real_escape_string($_POST['user_login'])

1. function login(){
2.     $user_login = mysql_real_escape_string($_POST['user_login']);
3.     $pass_login = mysql_real_escape_string($_POST['pass_login']);
4.     $submit_login = $_POST['submit_login'];
5.    
6.     $check_username = mysql_query("SELECT * FROM `account` WHERE username='$user_login'");
7.     $numacc = mysql_num_rows($check_username);
8.    
9.     if ($numacc == 1) {
10.    
11.         $user_login_get_username_and_password = mysql_query("SELECT * FROM `account` WHERE username='$user_login'");
12.         while ($row = mysql_fetch_array($user_login_get_username_and_password))
13.             {
14.                 $db_username = $row['username'];
15.                 $db_password = $row['password'];
16.                 $db_id = $row['id'];
17.             }
18.    
19.         if(isset($submit_login) && strlen($user_login) > 1 && strlen($pass_login) > 1) {
20.             $pass_hash_login = sha1(strtoupper($user_login).'!'.strtoupper($pass_login));
21.             if($db_password == $pass_hash_login && strtoupper($db_username) == strtoupper($user_login)) {
22.                
23.                     $_SESSION['username'] = $db_username;
24.                     $_SESSION['id'] = $db_id;
25.                     echo '<script type="text/javascript">alert("You are logged in, press OK to continue.");</script>';
26.                     echo '<script type="text/javascript">window.location = "index.php"</script>';
27.                    
28.             }else{
29.                 die ('pass and user do not match');
30.             }
31.         }
32.     }
33. }