<?phpsession_start();if (isset($_POST["username"]) && isset($_POST["passwo

1. <?php
2. session_start();
3.  
4. if (isset($_POST["username"]) && isset($_POST["password"])) {
5.  
6. $username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]);
7. $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]);
8. include "connect_to_mysql.php";
9. $sql = mysql_query("SELECT id FROM admin WHERE username='$username' AND password='$password' LIMIT 1");
10. $existCount = mysql_num_rows($sql);
11. if ($existCount == 1)
12. while($row = mysql_fetch_array($sql)){
13. $id = $row["id"];{
14. }
15. $_SESSION["id"] = $id;
16. $_SESSION["username"] = $username;
17. $_SESSION["password"] = $password;
18. header("location:index.php");
19. exit();
20. } else {
21. echo 'That information is incorrect, try again <a href="login.php">Click Here</a>';
22. exit();
23. }
24. }
25.  
26. ?>