<?phpini_set('display_errors','on');error_reporting(E_ALL);ob_start();$h

1. <?php
2. ini_set('display_errors','on');
3. error_reporting(E_ALL);
4. ob_start();
5. $host="localhost"; // Host name
6. $username="login"; // Mysql username
7. $password="*"; // Mysql password
8. $db_name="login"; // Database name
9. $tbl_name="members"; // Table name
10.  
11. // Connect to server and select databse.
12. mysql_connect("$host", "$username", "$password")or die("cannot connect");
13. mysql_select_db("$db_name")or die("cannot select DB");
14.  
15. // Define $myusername and $mypassword
16. $myusername=$_POST['myusername'];
17. $mypassword=$_POST['mypassword'];
18. // To protect MySQL injection (more detail about MySQL injection)
19. $myusername = stripslashes($myusername);
20. $mypassword = stripslashes($mypassword);
21. $myusername = mysql_real_escape_string($myusername);
22. $mypassword = mysql_real_escape_string($mypassword);
23. $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' and approved='$approved'";
24. $result=$db->query($sql);
25. // Mysql_num_row is counting table row
26. $count=mysql_num_rows($result);
27. // If result matched $myusername and $mypassword, table row must be 1 row
28.  
29. if($approved != 'yes') {
30. echo "You haven't been approved as staff! - You can't Login yet.";
31. }else{
32.  
33. if($count==1){
34. // Register $myusername, $mypassword and redirect to file "login_success.php"
35. $_SESSION['myusername'] = $myusername;
36. $_SESSION['mypassword'] = $mypassword;
37. header("location:login_success.php");
38. }
39. else {
40. echo "Wrong Username or Password";
41. }
42. }
43. ob_end_flush();
44. ?>