document.write('<div class="php" style="font-family: monospace;"><br />');
document.write('<span style="color: #808080; font-style: italic;">// First we connect to the database</span><br />');
document.write('db::<span style="color: #006600;">connect</span><span style="color: #66cc66;">&#40;</span><span style="color: #ff0000;">\'localhost\'</span>, <span style="color: #ff0000;">\'root\'</span>, <span style="color: #ff0000;">\'\'</span>, <span style="color: #ff0000;">\'testDatabase\'</span><span style="color: #66cc66;">&#41;</span>;<br />');
document.write('<br />');
document.write('<span style="color: #808080; font-style: italic;">// Input is the following:</span><br />');
document.write('<span style="color: #808080; font-style: italic;">// $_POST[\'username\'] containing the specified username.</span><br />');
document.write('<span style="color: #808080; font-style: italic;">// $_POST[\'password\'] cointainging the specified password.</span><br />');
document.write('<br />');
document.write('<span style="color: #808080; font-style: italic;">// The first thing you always do with data which comes from the use</span><br />');
document.write('<span style="color: #808080; font-style: italic;">// is to sanitize it (never trust the user).</span><br />');
document.write('<span style="color: #808080; font-style: italic;">// The function db::escape() is a pseudo function for functions such as</span><br />');
document.write('<span style="color: #808080; font-style: italic;">// mysql_real_escape_string() and other like it or in worst case just for</span><br />');
document.write('<span style="color: #808080; font-style: italic;">// addslashes()</span><br />');
document.write('<span style="color: #0000ff;">$_POST</span><span style="color: #66cc66;">&#91;</span><span style="color: #ff0000;">\'username\'</span><span style="color: #66cc66;">&#93;</span> = db::<span style="color: #006600;">escape</span><span style="color: #66cc66;">&#40;</span><span style="color: #0000ff;">$_POST</span><span style="color: #66cc66;">&#91;</span><span style="color: #ff0000;">\'username\'</span><span style="color: #66cc66;">&#93;</span><span style="color: #66cc66;">&#41;</span>;<br />');
document.write('<span style="color: #808080; font-style: italic;">// Never store passwords unless you have encrypted them first!</span><br />');
document.write('<span style="color: #808080; font-style: italic;">// Think about this situation, your database gets hacked and the hackers</span><br />');
document.write('<span style="color: #808080; font-style: italic;">// manages to retrieve your whole user table. What do you think they</span><br />');
document.write('<span style="color: #808080; font-style: italic;">// might do then? Login as a user (possible with the highest rank, admin)</span><br />');
document.write('<span style="color: #808080; font-style: italic;">// and play around. But if you store the password in an encrypted form,</span><br />');
document.write('<span style="color: #808080; font-style: italic;">// they have no chanse to do this.</span><br />');
document.write('<span style="color: #0000ff;">$_POST</span><span style="color: #66cc66;">&#91;</span><span style="color: #ff0000;">\'password\'</span><span style="color: #66cc66;">&#93;</span> = <a target="_blank"&nbsp; href="http://www.php.net/sha1"><span style="color: #000066;">sha1</span></a><span style="color: #66cc66;">&#40;</span><span style="color: #0000ff;">$_POST</span><span style="color: #66cc66;">&#91;</span><span style="color: #ff0000;">\'password\'</span><span style="color: #66cc66;">&#93;</span><span style="color: #66cc66;">&#41;</span>;<br />');
document.write('<br />');
document.write('<span style="color: #808080; font-style: italic;">// Now let\'s execute a query to se if we have a match</span><br />');
document.write('<span style="color: #0000ff;">$result</span> = db::<span style="color: #006600;">query</span><span style="color: #66cc66;">&#40;</span><span style="color: #ff0000;">&quot;SELECT `userID` FROM `users` WHERE `username` = \'&quot;</span>.<span style="color: #0000ff;">$_POST</span><span style="color: #66cc66;">&#91;</span><span style="color: #ff0000;">\'username\'</span><span style="color: #66cc66;">&#93;</span>.<span style="color: #ff0000;">&quot;\' AND `password` = \'&quot;</span>.<span style="color: #0000ff;">$_POST</span><span style="color: #66cc66;">&#91;</span><span style="color: #ff0000;">\'password\'</span><span style="color: #66cc66;">&#93;</span>.<span style="color: #ff0000;">&quot;\'&quot;</span><span style="color: #66cc66;">&#41;</span>;<br />');
document.write('<br />');
document.write('<span style="color: #808080; font-style: italic;">// Did any rows match?</span><br />');
document.write('<span style="color: #b1b100;">if</span> <span style="color: #66cc66;">&#40;</span>db::<span style="color: #006600;">numRows</span><span style="color: #66cc66;">&#40;</span><span style="color: #0000ff;">$result</span><span style="color: #66cc66;">&#41;</span> == <span style="color: #cc66cc;">0</span><span style="color: #66cc66;">&#41;</span><br />');
document.write('&nbsp; &nbsp; &nbsp; &nbsp; <span style="color: #808080; font-style: italic;">// No rows matched, send the user a error message</span><br />');
document.write('&nbsp; &nbsp; &nbsp; &nbsp; <a target="_blank"&nbsp; href="http://www.php.net/echo"><span style="color: #000066;">echo</span></a> <span style="color: #ff0000;">\'The username you enetered doesn<span style="color: #000099; font-weight: bold;">\\'</span>t exists or the password supplied with the username is incorrect, please try again.\'</span>;<br />');
document.write('<span style="color: #b1b100;">else</span><br />');
document.write('&nbsp; &nbsp; &nbsp; &nbsp; <span style="color: #808080; font-style: italic;">// The query matched a username with the specified password =D</span><br />');
document.write('&nbsp; &nbsp; &nbsp; &nbsp; <a target="_blank"&nbsp; href="http://www.php.net/echo"><span style="color: #000066;">echo</span></a> <span style="color: #ff0000;">\'Woho, you are one of us! Here are the top secret documents..\'</span>;<br />');
document.write('&nbsp;</div>');
document.write('<br />&nbsp;<br /><div style="font-size: 12px">Brought to you by the community at <a href="http://www.bytemycode.com/snippets/snippet/246/1/" target="_blank">byteMyCode</a>.</div>');