<?php
include('config.php');
if (get_magic_quotes_gpc())
{
$_POST['username'] = stripslashes($_POST['username']);
$_POST['password'] = stripslashes($_POST['password']);
}
$myusername = mysql_real_escape_string($_POST['username']);
$mypassword = mysql_real_escape_string($_POST['password']);
$sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'";
$result= mysql_query($sql) or die(mysql_error());


// If result matched $myusername and $mypassword, table row must be 1 row
if($row = mysql_fetch_array($result)) {
$userid = $_SESSION['id'] = $row['id'];
$username = $_SESSION['username'] = $row['username'];
$sid = defined('SID') ? '?'. SID : '';
header("location: welcome.php$sid");
}
else{
echo "Wrong username or password.";

}



?>