if (isset($_POST['login_user'])) { $username = mysqli_real_escape_string($db,

1. if (isset($_POST['login_user'])) {
2. $username = mysqli_real_escape_string($db, $_POST['username']);
3. $password = mysqli_real_escape_string($db, $_POST['password']);
4.  
5. if (empty($username)) {
6. array_push($errors, "Username is required");
7. }
8. if (empty($password)) {
9. array_push($errors, "Password is required");
10. }
11.  
12. if (count($errors) == 0) {
13. $password = md5($password);
14. //$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
15. $query = "SELECT username='$username' AND password='$password' FROM users";
16. $results = mysqli_query($db, $query);
17.  
18. if (mysqli_num_rows($results) == 1) {
19. $_SESSION['username'] = $username;
20. $_SESSION['success'] = "You are now logged in";
21. header('location: index.php');
22. }else {
23. array_push($errors, "Wrong username/password combination");
24. }
25. }
26. }
27.  
28. ?>