Please help.
Code: Select all
<?php
include('config.php');
if(isset($_POST['username'])){
//Connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());
session_start();
$username = $_POST['username'];
$password = md5($_POST['password']);
$query = "SELECT * FROM ff_users WHERE username = ' . $username . ' and password = ' . $password . '";
$result = mysql_query($query);
if (mysql_num_rows($result) < 1){
echo "<form name=\"login\" method=\"post\" action=\"logon.php\"><div id=\"sideform\"><input type=\"text\" name=\"username\" size=\"15\" class=\"\" maxLength=\"20\"><input type=\"password\" name=\"password\" size=\"15\" class=\"\" maxLength=\"20\"><input type=\"submit\" name=\"submit\" value=\"Logon\"></div></form><br><b>Invalid Username or Password</b>";
}
else{
$_SESSION['username'] = $username;
echo " <div id=\"sideform\">
Welcome, <b>" . $_SESSION['username'] . "</b>
</div>
</form>";
}
}
else {
echo "NOT POSTED<form name=\"login\" method=\"post\" action=\"logon.php\"><div id=\"sideform\"><input type=\"text\" name=\"username\" size=\"15\" class=\"\" maxLength=\"20\"><input type=\"password\" name=\"password\" size=\"15\" class=\"\" maxLength=\"20\"><input type=\"submit\" name=\"submit\" value=\"Logon\"></div></form>";
}
?>