<?php
session_start();

// here is the code that connects to the database. Note that the username
// and password are "hard-coded".

$username="php"; /* Your MySQL username/password goes here! */
$password="php";
$database="dbintro";

mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

// try to create a new record from the submission
$username =  mysql_real_escape_string($_REQUEST['username']);
$password= mysql_real_escape_string($_REQUEST['password']);

if ($username && $password) {

  // here we define the SQL command
  $query = "SELECT * FROM people WHERE Username='$username' AND Password='$password'";

  // submit the query to the database
  $res=mysql_query($query);

  // make sure it worked!
  if (!$res) {
	echo mysql_error();
	exit;
  }

  // find out how many records we got
  $num = mysql_numrows($res);
  if ($num==0) {
	echo "<h3>Invalid login</h3>\n";
	exit;
  } elseif ($num!=1) {
	echo "<h3>Error - unexpected result!\n";
	exit;
  }

  // valid login, set the session variable
  $_SESSION['userid']=mysql_result($res,0,'userid');
  echo "<h3>Welcome $username</h3>\n";
}
?>

<form>
<table border=0>
<tr> 
  <td>Username:</td>
  <td><input type=text name=username></td>
</tr>

<tr> 
  <td>Password:</td>
  <td><input type=password name=password></td>
</tr>

<tr> 
  <td colspan=2>
   <input type=submit value="Login">
  </td>
</tr>
</table>
</form>