On 2/8/06, Fredrik Tillman <fredrik@xxxxxxxxxxxxxxxxx> wrote: > Ok here are some code: > <? > /* Check User Script */ > session_start(); // Start Session > > include 'db.php'; > // Convert to simple variables > $username = $_POST['username']; > $password = $_POST['password']; > > if((!$username) || (!$password)){ > echo "Please enter ALL of the information! <br />"; > include 'index.htm'; > exit(); > } > > // Convert password to md5 hash > $password = md5($password); > > // check if the user info validates the db > $sql = mysql_query("SELECT * FROM users WHERE username='$username' AND > password='$password' AND activated='1'"); > $login_check = mysql_num_rows($sql); > > > Don't forget to use mysql_real_escape_string on all user input that is going into your database. This is a good habit to be in. $username = mysql_real_escape_string($username);