Untitled

<!DOCTYPE html>
<html>
    <head>
        <meta charset = "utf-8">
        <title>Login</title>
        <link rel="stylesheet" href="../TP 1/css/style.css"/>
    </head>

<body>
    <?php
        include('../TP Djamil Stasaid/db.php');
        session_start();

        // if form submitted, insert values into the database.
    if (isset($_POST['username'])){
        $username = stripslashes($_REQUEST['username']); //removes backslashes + security
        $username = mysqli_real_escape_string($conn,$username); //escapes special characters in a string + security
        $password = stripslashes($_REQUEST['password']);
        $password = mysqli_real_escape_string($conn,$password);

    //Checking if user existing in the database or not
    $query = "SELECT * FROM users WHERE username='$username' and password='".$password."'";
    $result = mysqli_query($conn,$query) or die(mysql_error());

    $rows = mysqli_num_rows($result);
    print_r ($rows);
        if($rows==1){
            $_SESSION['username'] = $username;
            header("Location: imc.php"); //redirect user to imc.php
        }else {
            echo "<div class='form'><h3>Username/password is incorrect.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
            }
        }else {
    ?>
    <div class="form">
        <h1>Log In</h1>
            <form action="login.php" method="post" name="login">
                <input type="text" name="username" placeholder="Username" required/>
                <input type="password" name="password" placeholder="Password" required/>
                <input name="submit" type="submit" value="Login"/>
            </form>
        <p>Not registred yet? <a href='../TP 1/registration.php'>Register Here</a></p>
            <br/><br/>
    </div>

    <?php } ?>
</body>

</html>