<?php//init $username = $_POST['username']; $password =$_POST['password'

1. <?php
2.  
3. //init
4.  $username = $_POST['username'];
5.  $password =$_POST['password'];
6.  $submit = $_POST['submit'];
7.  
8. // check
9.  
10. if ($submit)
11. {
12.     connect();
13.     if (isset($username) && isset($password))
14.     {
15.         $sql = "SELECT username,password FROM users WHERE username = '$username'" OR die(mysql_error());
16.        $res = mysql_query($sql);
17.        if ($res =mysql_query($sql))
18.        {
19.             if (mysql_num_rows($res) > 0)
20.             {
21.             $sql2 = "SELECT id FROM users WHERE username = $username AND password = sha1($password)";
22.             $res2 = mysql_query($sql2);
23.                 if (mysql_num_rows($res2) > 0)
24.                 {
25.                 $row = mysql_fetch_assoc($res2);
26.                 $_SESSION['uid'] = $row['id'];
27.                 echo "You have successfully logged in, $username .<br><br><a href=\"./index.php\">Click here to go to the forums.</a>";
28.                 }
29.                 else
30.                 {
31.                 die ("Username and password combination are incorrect!");
32.                 }
33.         }
34.         }
35.         else
36.         {
37.             die("User does not exist!");
38.         }
39.     }
40.     else
41.     {
42.     die("Please fill in all fields!");
43.     }
44. }
45.  
46. ?>