<?phpsession_start();if (!empty($_POST)) { $userAttempt = $_POST['userna

1. <?php
2. session_start();
3. if (!empty($_POST)) {
4. $userAttempt = $_POST['username'];
5. $passAttempt = $_POST['password'];
6. $con = mysql_connect("bel.sunderland.ac.uk","bg15oq","U08031993");
7.  
8. if (!$con) {
9. die('Could not connect: ' . mysql_error());
10. }
11.  
12. mysql_select_db("bg15oq", $con);
13. $result = mysql_query("SELECT * FROM users WHERE username = '$userAttempt'");
14. $row = mysql_fetch_array($result);
15. $username = $row['username'];
16. $password = $row['password'];
17. $salt = $row['salt'];
18. if(md5($passAttempt . $salt) == $password) {
19. $_SESSION['LoggedIn'] = true;
20. }
21.  
22. if(isset($_SESSION['LoggedIn']) && $_SESSION['LoggedIn'] == true) {
23. echo "Welcome, " . $username . "!<br />";
24. echo "<a href='index.php'>Return to Index</a>";
25. } else {
26. echo "Invalid Username/Password.<br />";
27. echo "<a href='login.php'>Return to Login</a>";
28. }
29. mysql_close($con);
30. } else {
31. ?>
32. <h1>Add New Request</h1>
33. <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
34. Username: <input name="username" type="text" id="username" /><br />
35. Password: <input name="password" type="password" id="password" /><br />
36. <input type="submit" name="Submit" value="Login" />
37. </form>
38. <a href='index.php'>Return to Index</a>
39. <?php } ?>