<?php include("include/db_con.php"); if (isset($_POST['username']) && isset(

1. <?php
2. include("include/db_con.php");
3. if (isset($_POST['username']) && isset($_POST['password'])) {
4. $myusername = $_POST['username'];
5. $mypassword = $_POST['password'];
6.  
7. $myusername = stripslashes($myusername);
8. $mypassword = stripslashes($mypassword);
9. $myusername = mysql_real_escape_string($myusername);
10. $mypassword = mysql_real_escape_string($mypassword);
11.  
12. $sql="SELECT * FROM " . DB_NAME . "WHERE username='$myusername' and password='$mypassword'";
13. result = mysql_query($sql);
14.  
15. if (mysql_num_rows($result) == 1) {
16. session_register('myusername');
17. session_register('mypassword');
18. header("location:staff.php");
19. }
20. else {
21. header("location:staff.php?error=2");
22. }
23. }
24. else {
25. header("location:staff.php?error=1");
26. }
27. ?>