<?phpsession_start();if (isset($_POST["username"]) && isset($_POST["passwo

1. <?php
2. session_start();
3.  
4. if (isset($_POST["username"]) && isset($_POST["password"])) {
5.  
6. $username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]);
7. $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]);
8. include "connect_to_mysql.php";
9. $sql = mysql_query("SELECT id FROM users WHERE username='$username' AND password='$password' LIMIT 1");
10. $existCount = mysql_num_rows($sql);
11. if ($existCount == 1)
12. while($row = mysql_fetch_array($sql)){
13. $id = $row["id"];{
14. }
15. $_SESSION["id"] = $id;
16. $_SESSION["username"] = $username;
17. $_SESSION["password"] = $password;
18. $_SESSION["name"] = $name;
19. header("location:instructions.php");
20. exit();
21. } else {
22. echo 'That information is incorrect, try again <a href="login.php">Click Here</a>';
23. exit();
24. }
25. }
26.  
27. ?>