<?php session_start(); if(isset($_POST['login'])) { include_once("db.ph

1. <?php
2. session_start();
3.  
4. if(isset($_POST['login'])) {
5. include_once("db.php");
6. $username = strip_tags($_POST['username']);
7. $password = strip_tags($_POST['password']);
8.  
9. $username = stripslashes($username);
10. $password = stripslashes($password);
11.  
12. $username = mysqli_real_escape_string($username);
13. $password = mysqli_real_escape_string($password);
14.  
15. $password = md5($password);
16.  
17. $sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
18. $query = mysqli_query($db, $sql);
19. $row = mysqli_fetch_array($query);
20. $id = $row['id'];
21. $db_password = $row['password'];
22.  
23. if($password == $db_password){
24. $_SESSION['username'] = $username;
25. $_SESSION['id'] = $id;
26. header ("Location: index.php");
27. } else {
28. echo "Incorrecto";
29. }
30.  
31. }
32. ?>