Code: Select all
<style type="text/css">
body,td,th {
font-family: Verdana, Geneva, sans-serif;
}
</style>
<?php // login.php
include 'functions.php';
// check if both username and password contain values
if(isset($_POST['username']) && isset($_POST['password']))
{
// username and password sent from form
$username = $_POST['username'];
$password = $_POST['password'];
// protect MySQL injection and encrypt password
$username = sanitizeString($username);
$password = sanitizeString($password);
$password = "1x3w5v7r" . $password . "c2e4b6t8";
$password = md5('password');
$query = "SELECT username,password FROM user_accounts
WHERE username='$username' AND password='$password'";
$count = mysql_num_rows(queryMysql($query));
if($count==1)
{
// Register $username, $password and redirect to file "main.php"
session_register("username");
session_register("password");
header("Location: /main.php");
exit;
}
else
{
$error = $username = $password = "";
$error = "<tr><td colspan='2' align='center' bgcolor='#FF6666'><font size='2' color='#FFFFFF'><b>invalid username/password</b></font></td></tr>";
}
}
echo <<<_END
<center>
<br />
<form method='post' action='login.php'>
<table border="0" cellspacing="0" cellpadding="5">
<tr>
<td align="center" colspan="2" bgcolor="#FFCC66"><font size="6"><b>Database<b /></font></td>
</tr>
$error
<tr>
<td bgcolor="#E6E6E6" align="right">username</td>
<td bgcolor="#E6E6E6"><input type='text' maxlength='16' name='username'
value='$username' /></td>
</tr>
<tr>
<td bgcolor="#E6E6E6" align="right">password</td>
<td bgcolor="#E6E6E6"><input type='password' maxlength='16' name='password' value='$password' /></td>
</tr>
<tr>
<td colspan="2" align="center"><input type='submit' value=' > > > l o g i n < < < ' /></td>
</tr>
</table>
</form>
</center>
_END;
?>