<?php//init$_POST['username'] = $username;$_POST['password'] = $password

1. <?php
2.  
3. //init
4. $_POST['username'] = $username;
5. $_POST['password'] = $password;
6. $_POST['submit'] = $submit;
7.  
8. // check
9.  
10. if ($submit)
11. {
12.     connect();
13.     if ($username && $password)
14.     {
15.         $sql = "SELECT username,password FROM users WHERE username = $username";
16.        $res = mysql_query($sql);
17.        if (mysql_num_rows($res) > 0)
18.        {
19.         $sql2 = "SELECT id FROM users WHERE username = $username AND password = sha1($password)";
20.         $res2 = mysql_query($sql2);
21.                     if(mysql_num_rows($res2) > 0)
22.                     {
23.                         $row = mysql_fetch_assoc($res2);
24.                         $_SESSION['uid'] = $row['id'];
25.                         echo "You have successfully logged in, $username .<br><br><a href=\"./index.php\">Click here to go to the forums.</a>";
26.                     }
27.                     else
28.                     {
29.                         die ("Username and password combination are incorrect!");
30.                     }
31.         }
32.         else
33.         {
34.             die("User does not exist!");
35.         }
36.     }
37.        else
38.         {
39.         die("Please fill in all fields!");
40.         }
41. }
42.  
43. ?>