<?php// login.php// logs the user into the admin panelsession_start();

1. <?php
2.  
3. // login.php
4. // logs the user into the admin panel
5. session_start();
6. include 'mysql.php';
7.  
8. if (isset($_POST['user']) && isset($_POST['pass'])) {
9. $username = $_POST['user'];
10. $password = $_POST['pass'];
11.  
12. // Protection against MySQL insertion (security measure)
13. $username = stripslashes($username);
14. $password = stripslashes($password);
15. $username = mysql_real_escape_string($username);
16. $password = mysql_real_escape_string($password);
17.  
18. // Encrypts the password
19. $password = md5($password);
20.  
21. // Making a query to the database
22. $sql = "SELECT user, pass FROM users WHERE user='$username' AND pass='$password'";
23. $result = mysql_query($sql);
24.  
25. // Checking if there is a match, and only one match
26. $count = mysql_num_rows($result);
27. if($count == 1) {
28. // If username and password is correct, register session and bring user to panel.php
29. $_SESSION['logged_in'] = TRUE;
30. header("Location: panel.php");
31. } else {
32. // If not the username and / or password is / are correct, bring user to warning no. 1
33. header("Location: index.php?w=1");
34. }
35. } else {
36. // If not both username and password fields are filled out, bring user to warning no. 2
37. header("Location: index.php?w=2");
38. }
39.  
40. ?>