<?phpinclude 'config.php';$session_username = $_SESSION['username'];

1. <?php
2.  
3. include 'config.php';
4.  
5. $session_username = $_SESSION['username'];
6.  
7. if ($_POST['login'])
8. {
9. //get form data
10. $username = addslashes(strip_tags($_POST['username']));
11. $password = addslashes(strip_tags($_POST['password']));
12.  
13. if (!$username||!$password)
14. echo "Enter a username and password";
15. else
16. {
17. //log in
18. $login = mysql_query("SELECT * FROM users WHERE username='$username'");
19. if (mysql_num_rows($login)==0)
20. echo "No such user";
21. else
22. {
23. while ($login_row = mysql_fetch_assoc($login))
24. {
25.  
26. //get database password
27. $password_db = $login_row['password'];
28.  
29. //encrypt form password
30. $password = md5($password);
31.  
32. //check password
33. if ($password!=$password_db)
34. echo "Incorrect password";
35.  
36. else
37. {
38. $_SESSION['username']=$username; //assign session
39. header("Location: index.php"); //refresh
40. }
41. }
42.  
43.  
44.  
45. }
46. }
47. }
48. else
49. {
50.  
51. if (isset($session_username))
52. {
53. echo "You are logged in, $session_username. <a href='logout.php'>Log out</a>";
54. }
55. else
56. {
57. ?> <html>
58. <head><title>Login Page</title>
59. <link href="login.css" rel="stylesheet" type="text/css" />
60. </head>
61. <body>
62. <div class="wrapper">
63. <div id="Box1">
64. <form action='index.php' method='POST'>
65. Username:
66.  
67. <input type='text' name='username'><p />
68. Password:
69.  
70. <input type='password' name='password'><p />
71. <input type='submit' name='login' value='Log in'>
72. </form></div></div>
73. </body>
74. </html> <?php
75. }
76.  
77. }
78.  
79. ?>