Untitled

<?php  // file users/login.php
//start session
session_start();
 // build db connection, note database.php is one directory level above this file
require_once('db_config.php');
// username and password sent from form
//Protect from MySQL Injection
//strip out commands, and cut down amount of strings to 32
$username = strip_tags(substr($_POST['username'],0,32));
$password = strip_tags(substr($_POST['password'],0,32));

//use PHP crypt function (one way encryption - meaning once it's encrypted it cannot be changed back (decrypted).

//using the salt encryption depends on the character set you want to encrypt the default is (two-character salts)

//MD5 is a 12 character salt but higher level salts can be used depending on the level of security required
$cleanpw = crypt(md5($password), md5($username));

//use MySWL_Real_Escape to encrypt the password
// table users:
$query = "SELECT username, password FROM users WHERE username='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."'limit 1";
$login_result = mysql_query($query);
//print out the query result for testing
//print_r($login_result);
$count=mysql_num_rows($login_result);
//print out the number of rows
//print_r($count);

//check if the query was succcessful
 if($count==1) { // test for single row

   //  $rows=$login_result->fetch();
	  // set session var for successful login and check for user authentication
     $_SESSION['username']= $count['username'];
	// print_r($_SESSION);//print out session for testing
	 header('Location:login_success.php');
 }
 else{
	 echo "wrong username and password";
 }
?>