<?php}else{ $user = protect($_POST['username']); $pass = protect($_P

1. <?php
2. }
3. else
4. {
5.   $user = protect($_POST['username']);
6.   $pass = protect($_POST['password']);
7.  
8. if($user && $pass)
9. {
10. $pass = md5($pass); //compare the encrypted password
11. $sql="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass'";
12. $query=mysql_query($sql) or die(mysql_error());
13.  
14.     if(mysql_num_rows($query) > 0)
15.     {
16.       $row = mysql_fetch_assoc($query);
17.       $_SESSION['id'] = $row['id'];
18.       $_SESSION['username'] = $row['username'];
19.    
20.       echo "<script type=\"text/javascript\">window.location=\"home.php\"</script>";   
21.     }
22.     else
23.    {
24.     echo "<script type=\"text/javascript\">
25.     alert(\"Username and password combination is incorrect!\");
26.     window.location=\"index.php\"</script>";
27.    }   
28. }
29. else
30. {          
31.    echo "<script type=\"text/javascript\">
32.     alert(\"You need to gimme a username AND password!\");
33.     window.location=\"index.php\"</script>";
34. }
35. }
36. ?>