<?php session_start(); //connect to database /*$servername = "localhost"; $

1. <?php
2. session_start();
3. //connect to database
4. /*$servername = "localhost";
5. $username = "username";
6. $password = "password";
7. $conn = new mysqli($servername, $username, $password);*/
8. $conn = mysqli_connect("localhost","root","","authentication")
9. or die ("Error:".mysqli_error().":".mysqli_error());
10. mysqli_select_db($conn, "authentication");
11.  
12. if (isset($_POST['login_btn'])){
13. $username = mysql_real_escape_string($_POST['username']);
14. $password = mysql_real_escape_string($_POST['password']);
15. $password = md5($password);//hash pass before storing
16. $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
17. $result = mysqli_query($conn,$sql);
18.  
19. if (mysqli_num_rows($result) == 1){
20. $_SESSION['message'] = "You are now logged in";
21. $_SESSION['username'] = $username;
22. header("location: home.php"); //redirect to home page
23. } else {
24. $_SESSION['message'] = "Username/password combination incorrect !";
25. }
26. }
27.  
28. ?>
29.  
30. <!DOCTYPE html>
31. <html>
32. <head>
33. <title>Register, login & logout user</title>
34. <link rel="stylesheet" type="text/css" href="css/style.css">
35. </head>
36. <body>
37. <div class="header">
38. <h1>Register, login & logout user</h1>
39. </div>
40. <?php
41. if (isset($_SESSION['message'])){
42. echo "<div id='error_msg'>".$_SESSION['message']."</div>";
43. unset ($_SESSION['message']);
44. }
45. ?>
46. <form method="post" action="login.php">
47.  
48. <table>
49. <tr>
50. <td>Username: </td>
51. <td><input type="text" name="username" class="textInput"></td>
52. </tr>
53. <tr>
54. <td>Password: </td>
55. <td><input type="password" name="password" class="textInput"></td>
56. </tr>
57. </table>
58. <center><input type="submit" name="login_btn" value="Login" class="button">
59.  
60.  
61. </center>
62. </form>
63. </body>
64. </html>