///form:///<form id='loginform' name='loginform' action='' method='post' >

1. ///form:///
2.  
3. <form id='loginform' name='loginform' action='' method='post' >
4. user name:<input class='required' name='myusername' type='text' id='myusername'><br />
5. password:<input class='required' name='mypassword' type='password' id='mypassword' /><br />
6. <input id='loginbutton' class='button' type='button' name='Submit' value='Login' />
7. </form>
8. <p class='response_msg'></p>
9.  
10.  
11.  
12.  
13. ///scipt:///
14.  
15. $('#loginbutton').click(function() {
16.  
17. $('#loginform').ajaxSubmit({
18. url: 'checklogin.php',
19. type: 'POST',
20. success: function(responseText, statusText, xhr, $form) {
21. responseText = jQuery.trim(responseText);
22.  
23. if(responseText === "SUCCESS")
24. window.location = "index.php?site=login_success";
25. else
26. {
27. $('#loginbox .response_msg').html(responseText);
28. }
29. }
30. });
31. });
32.  
33.  
34.  
35. checklogin:
36.  
37. <?php
38.  
39. /*
40. @session_start();
41. include_once "func.php";
42. include_once "connect.php";
43. if(isset($_POST['myusername']))
44. {
45. if(isset($_POST['mypassword']))
46. {
47. $user = filter_var($_POST['myusername'], FILTER_SANITIZE_STRING);
48. $query = mysql_query("SELECT * FROM user WHERE username='$user'") or die(mysql_error());
49. if(mysql_num_rows($query) == 0)
50. die("Fel user / pass");
51. $result = mysql_fetch_assoc($query);
52. $pass = md5($_POST['mypassword'].$result['salt']);
53. if(strcmp($pass, $result['password']) == 0)
54. {
55. $_SESSION['loggedIn']= true;
56. $_SESSION['user'] = $variable['username'];
57. $_SESSION['userid'] = $variable['userid'];
58. die("SUCCESS");
59. }
60. else
61. die("Fel user / pass.");
62. }
63. header("Location:index.php");
64. }
65. header("Location:index.php");
66. */
67.  
68.  
69. @session_start();
70. ob_start();
71. include_once "connect.php";
72. $tbl_name = "user";
73.  
74.  
75. // Define $myusername and $mypassword
76. $myusername=$_POST['myusername'];
77. $mypassword=$_POST['mypassword'];
78.  
79. // To protect MySQL injection (more detail about MySQL injection)
80. $myusername = stripslashes($myusername);
81. $mypassword = stripslashes($mypassword);
82. $myusername = mysql_real_escape_string($myusername);
83. $mypassword = mysql_real_escape_string($mypassword);
84.  
85. $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
86. $result=mysql_query($sql);
87.  
88. $variable = mysql_fetch_assoc($result);
89.  
90.  
91.  
92. // Mysql_num_row is counting table row
93. $count=mysql_num_rows($result);
94. // If result matched $myusername and $mypassword, table row must be 1 row
95.  
96. if($count==1){
97. // Register $myusername, $mypassword and redirect to file "login_success.php"
98. $_SESSION['loggedIn']= true;
99. $_SESSION['user'] = $variable['username'];
100. $_SESSION['userid'] = $variable['userid'];
101. //$_SESSION['user'] = $result['username'];
102.  
103. die("SUCCESS");
104.  
105.  
106. //header("location:index.php?site=login_success");
107. }
108. else {
109. die("something was wrong!");
110. //echo "wrong username or password. Try again!";
111. }
112.  
113. ob_end_flush();
114.  
115. ?>