On 2/8/06, Fredrik Tillman <fredrik@xxxxxxxxxxxxxxxxx> wrote:
> Ok here are some code:
> <?
> /* Check User Script */
> session_start(); // Start Session
>
> include 'db.php';
> // Convert to simple variables
> $username = $_POST['username'];
> $password = $_POST['password'];
>
> if((!$username) || (!$password)){
> echo "Please enter ALL of the information! <br />";
> include 'index.htm';
> exit();
> }
>
> // Convert password to md5 hash
> $password = md5($password);
>
> // check if the user info validates the db
> $sql = mysql_query("SELECT * FROM users WHERE username='$username' AND
> password='$password' AND activated='1'");
> $login_check = mysql_num_rows($sql);
>
>
>
Don't forget to use mysql_real_escape_string on all user input that is going
into your database. This is a good habit to be in.
$username = mysql_real_escape_string($username);
