This is the code for my login page.
Expand|Select|Wrap|Line Numbers
- <?php
- include('connect.php');
- $username=$_POST['username'];
- $password=$_POST['password'];
- // protect from MySQL injection
- $username = stripslashes($username);
- $password = stripslashes($password);
- $username = mysql_real_escape_string($username);
- $password = mysql_real_escape_string($password);
- $encrypted_password=md5($password);
- $sql="SELECT * FROM staff WHERE username='$username' and password='$encrypted_password'";
- $sqlresult=mysql_query($sql)or die("Could not retreive data from table");
- $row=mysql_fetch_array($sqlresult);
- ?>
Expand|Select|Wrap|Line Numbers
- <?php
- if (isset($_POST['submit']))
- {
- if ($row['username']==$username && $row['password']==$encrypted_password)
- {
- $username = $_SESSION['username'];
- $password = $_SESSION['password'];
- header("Location:admin.php");
- }
- elseif ($username == '' || $password == '')
- {
- echo '<div style="padding:5px 10px 5px 10px; margin:0px auto 20px; border:2px solid #FF0000; color:#FF0000; width:176px;">';
- echo "Please fill in all required fields";
- echo '</div>';
- }
- else
- {
- echo '<div style="padding:5px 10px 5px 10px; text-align:center; margin:0px auto 20px; border:2px solid #FF0000; color:#FF0000; width:255px;">';
- echo "INCORRECT USERNAME AND PASSWORD ENTERED:";
- echo "<br/>";
- echo "Please enter a valid username and password";
- echo '</div>';
- }
- }
- ?>
Expand|Select|Wrap|Line Numbers
- <?php
- session_start();
- if ($_SESSION['username'] = '')
- {
- header("location:login.php");
- }
- ?>