diff --git a/login.php b/login.php index a11edfb..eda853d 100644 --- a/login.php +++ b/login.php @@ -13,25 +13,25 @@ session_start(); // If form submitted, insert values into the database. if (isset($_POST['username'])){ // removes backslashes - $username = stripslashes($_REQUEST['username']); + $username = stripslashes($_REQUEST['username']); //escapes special characters in a string - $username = mysqli_real_escape_string($con,$username); - $password = stripslashes($_REQUEST['password']); - $password = mysqli_real_escape_string($con,$password); - //Checking is user existing in the database or not + $username = mysqli_real_escape_string($con,$username); + $password = stripslashes($_REQUEST['password']); + $password = mysqli_real_escape_string($con,$password); + //Checking is user existing in the database or not $query = "SELECT * FROM `users` WHERE username='$username' and password='".md5($password)."'"; - $result = mysqli_query($con,$query) or die(mysql_error()); - $rows = mysqli_num_rows($result); + $result = mysqli_query($con,$query) or die(mysql_error()); + $rows = mysqli_num_rows($result); if($rows==1){ - $_SESSION['username'] = $username; + $_SESSION['username'] = $username; // Redirect user to index.php - header("Location: home.php"); + header("Location: home.php"); }else{ - echo "
+ echo "

Username/password is incorrect.


Click here to Login
"; - } + } }else{ ?>