<?php session_start(); //variable to store error message $error='';

1. <?php
2. session_start();
3.  
4. //variable to store error message
5. $error='';
6.  
7. if ( isset( $_POST[ 'submit' ] ) )
8. {
9.  
10. if (empty( $_POST[ 'username' ] ) || empty( $_POST[ 'password' ]))
11. {
12.  
13. $error = "Please input a username or password.";
14.  
15. } else {
16.  
17. // Define $username and $password
18. $username = $_POST[ 'username' ];
19. $password = $_POST[ 'password' ];
20.  
21. // To protect MySQL injection for Security purpose
22. $username = stripslashes( $username );
23. $password = stripslashes( $password );
24.  
25. $username = mysql_escape_string( $username );
26. $password = mysql_escape_string( $password );
27.  
28. //$password = md5($password);
29.  
30. //Establishing Connection with Server by passing server_name, user_id and password as a parameter
31. $connection = mysql_connect( "localhost", "ct5006mu_cms", "admin432" );
32.  
33. //Selecting Database
34. $db = mysql_select_db( "ct5006mu_portfolio", $connection );
35.  
36. //SQL query to fetch information of registerd users and finds user match.
37. $query = mysql_query( "SELECT * FROM users WHERE password='$password' AND username='$username'", $connection );
38.  
39. //perform query
40. $rows = mysql_num_rows( $query );
41.  
42. if ( $rows == 1 ) {
43.  
44. //Initializing Session
45. $_SESSION[ 'login_user' ] = $username;
46.  
47. //Redirecting to other page
48. header( "location: profile.php" );
49.  
50. } else {
51.  
52. $error = "Username or Password is invalid";
53.  
54. }
55.  
56. //Closing Connection
57. mysql_close( $connection );
58.  
59. }
60.  
61. }
62.  
63. ?>