<? // THIS USES THE SHORT-OPEN TAG. SUGGEST YOU CONVERT TO THE FULL TAG LIKE <?php
// THIS NEEDS TO BE THE FIRST LINE OF EVERY SCRIPT
error_reporting(E_ALL);
// set up database
$Host = "db380492857.db.1and1.com";
$User = "dbo380492857";
$Password = "abcxyz";
$DBName = "db380492857";
// THE FOLLOWING INSTRUCTION CAN FAIL, AND MUST BE TESTED FOR SUCCESS
$Link = mysql_connect ($Host, $User, $Password);
// THE FIELDS HERE NEED TO BE ESCAPED
$qry = "SELECT * from admin where code = '" . $_POST['uc'] . "' and password = '" . $_POST['pwd'] . "'";
// THIS FUNCTION IS DEPRECATED - CHANGE IT. http://php.net/manual/en/function.mysql-db-query.php
$res = mysql_db_query ($DBName, $qry, $Link);
// HOW DO YOU KNOW WHAT VALUE IN IN $res? YOU HAVE TO TEST IT BEFORE YOU TRUST IT IN ANOTHER FUNCTION
$n = mysql_num_rows($res);
// WHAT WOULD YOU DO IF $n == 3? MAYBE YOU NEED A LIMIT IN THE QUERY
if ($n == 0) {
header("Location: login.php?bad=1");
exit;
}
// THE SESSION IS NOT STARTED UNLESS THE LOGIN IS SUCCESSFUL? THAT IS A RECIPE FOR CONFUSION
session_start();
$_SESSION['vavusr'] = $_POST['pwd'];
$_SESSION['user'] = $_POST['uc'];
$_SESSION['alast_used'] = time();
header("Location: admin_menu.php");
exit;
// THE ZEND CODING STANDARD RECOMMENDS ELIMINATING THE CLOSING PHP TAG. OMIT IT.
?>
ASKER
PHP is a widely-used server-side scripting language especially suited for web development, powering tens of millions of sites from Facebook to personal WordPress blogs. PHP is often paired with the MySQL relational database, but includes support for most other mainstream databases. By utilizing different Server APIs, PHP can work on many different web servers as a server-side scripting language.
TRUSTED BY
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
Please read it over and have a look at the code samples. It is intentionally simplistic, but it is the foundation of "how it's done."