<?php}else{ //We check if the form has been sent if(isset($_POST['u

1. <?php
2. }
3. else
4. {
5.    
6.     //We check if the form has been sent
7.     if(isset($_POST['username'], $_POST['password']))
8.     {
9.         //We remove slashes depending on the configuration
10.        
11.             $username = $pdo->quote($_POST['username']);
12.             $password = stripslashes($_POST['password']);
13.        
14.         //We get the password of the user
15.         $req = $pdo->query('SELECT password,id from users where username="'.$username.'"');
16.         $dn = $req->fetchAll(PDO::FETCH_ASSOC);
17.  
18.         $count = $req->rowCount();
19.         //We compare the submited password and the real one, and we check if the user exists
20.         if($dn['password']==$password and $count>0)
21.         {
22.             //If the password is good, we dont show the form
23.             $form = false;
24.             //We save the user name in the session username and the user Id in the session userid
25.             $_SESSION['username'] = $_POST['username'];
26.             $_SESSION['userid'] = $dn['id'];
27. ?>