<?php// init$username = $_POST['username'];$password =$_POST['password'];

1. <?php
2. // init
3. $username = $_POST['username'];
4. $password =$_POST['password'];
5. $submit = $_POST['submit'];  
6.  
7. if (($_POST['submit']))
8. {
9.     connect();
10.     $username = mysql_real_escape_string($_POST['username']);
11.     $password = mysql_real_escape_string($_POST['password']);
12.     if (isset($username) && isset($password))
13.     {
14.         $sql = "SELECT username,password FROM users WHERE username = '$username'" OR die(mysql_error());
15.        $res = mysql_query($sql);
16.        if ($res = mysql_query($sql))
17.        {
18.             if (mysql_num_rows($res) > 0)
19.             {
20.             $sql2 = "SELECT id FROM users WHERE username = $username AND password = sha1($password)";
21.             $res2 = mysql_query($sql2);
22.                 if (mysql_num_rows($res2) > 0)
23.                 {
24.                 $row = mysql_fetch_assoc($res2);
25.                 $_SESSION['uid'] = $row['id'];
26.                 echo "You have successfully logged in, $username .<br><br><a href=\"./index.php\">Click here to go to the forums.</a>";
27.                 }
28.                 else
29.                 {
30.                 die ("Username and password combination are incorrect!");
31.                 }
32.         }
33.         }
34.         else
35.         {
36.             die("User does not exist!");
37.         }
38.     }
39.     else
40.     {
41.     die("Please fill in all fields!");
42.     }
43. }
44.  
45. ?>