<?phpinclude_once('templatecode/db.php');$user_name=$_POST['username'];$pa

1. <?php
2. include_once('templatecode/db.php');
3. $user_name=$_POST['username'];
4. $password=$_POST['pass'];
5.  
6. $user_name = stripslashes($user_name);
7. $password = md5(stripslashes($password));
8. $user_name = mysql_real_escape_string($user_name);
9. $password = mysql_real_escape_string($password);
10.  
11. $result=mysql_query("SELECT * FROM users WHERE username='$user_name' and password='".$password."'");
12. $count=mysql_num_rows($result);
13. $row = mysql_fetch_array($result);
14. $is_admin = $row['is_admin'];
15.  
16. if($count==1){
17.  
18. session_register("user_name");
19. session_register("password");
20. session_register("is_admin");
21. header("location:index.php");
22. }
23. else {
24. $content = "Wrong Username or Password";
25. }
26. include_once('templatecode/header.php');
27.  
28.  
29.  
30. ?>
31.  
32. <!-- content goes here -->
33. <h2 class="title">Login</h2>
34. <div class="entry">
35.         <p>
36.         <?php echo $content ?>
37.     </p>
38. </div>
39.  
40.  
41. <?php
42. include_once('templatecode/footer.php');
43. ?>