<center><?php//connectinclude 'all.php';$session_username = $_SESSION[

1. <center>
2. <?php
3. //connect
4. include 'all.php';
5.  
6. $session_username = $_SESSION['username'];
7.  
8. if ($_POST['login'])
9. {
10. //get form data
11. $username = addslashes(strip_tags($_POST['username']));
12. $password = addslashes(strip_tags($_POST['password']));
13.  
14. if (!$username||!$password)
15. echo "Enter a username and password";
16. else
17. {
18. //log in
19. $login = mysql_query("SELECT * FROM users WHERE username='$username'");
20. if (mysql_num_rows($login)==0)
21. echo "No such user";
22. else
23. {
24. while ($login_row = mysql_fetch_assoc($login))
25. {
26.  
27. //get database password
28. $password_db = $login_row['password'];
29.  
30. //encrypt form password
31. $password = md5($password);
32.  
33. //check password
34. if ($password!=$password_db)
35. echo "Incorrect password;
36. else
37. {
38. $_SESSION['username']=$username; //assign session
39. header("Location: login.php"); //refresh
40. }
41. }
42.  
43.  
44. }
45. }
46. }
47. else
48. {
49.  
50. if (isset($session_username))
51. {
52. echo "You are logged in, $session_username. <a href='logout.php'>Log out</a>";
53. }
54. else
55. {
56. echo "
57. <form action='login.php' method='POST'>
58. Username:
59.  
60. <input type='text' name='username'><p />
61. Password:
62.  
63. <input type='password' name='password'><p />
64. <input type='submit' name='login' value='Login'>
65. </form>
66. ";
67. }
68.  
69. }
70.  
71. ?>
72. </center>