Untitled

<?php
session_start(); // Sessions need to be started before any output and whitespace, to use $_SESSION variables.
function processPassword($i){ // Once you have hashed passwords with this function, do not alter it, as it will produce different results, which will result in incorrect passwords.
    return sha1(md5($i));
}

$host = "localhost"; // Host name
$username = "****"; // Mysql username
$password = "********"; // Mysql password
$db_name = "mammoth8_user"; // Database name
$tbl_name = "members"; // Table name

// Connect to server and select databse.
$conn = mysql_connect($host, $username, $password) or die("cannot connect"); // Storing the link is needed to close the connection when the script is complete. Or the queries are complete on long scripts. Closing the connection allows for system resources to be freed for other scripts.
mysql_select_db($db_name, $conn) or die("cannot select DB");

// To protect MySQL injection (more detail about MySQL injection)
if(get_magic_quotes_gpc()){ // returns true if Magic Quotes are turned on on your server
    $uname = mysql_real_escape_string(stripslashes($_POST['uname']));
    $upass = processPassword(stripslashes($_POST['upass']));
}else{
    $uname = mysql_real_escape_string($_POST['uname']);
    $upass = processPassword($_POST['upass']);
}

$result = mysql_query("SELECT * FROM {$tbl_name} WHERE username='{$uname}' AND password='{$upass}'");
if(mysql_num_rows($result) > 0){
    // Register $uname, $upass and redirect to file "login_success.php"
    // session_start() was included at the top of the script. To access the contents, simply refere to it.
    $_SESSION['uname'] = $uname;
    // Not a good idea to store the password or even the hash of the password in session variables. Session hijacking is possible.
    header("Location: login_success.php");
}else {
    echo "Wrong Username or Password"; // Excellent! Never tell the user that the password is wrong for that username.
}
mysql_close($conn);
?>