// First we connect to the database db::connect('localhost', 'root', '', 'testDatabase'); // Input is the following: // $_POST['username'] containing the specified username. // $_POST['password'] cointainging the specified password. // The first thing you always do with data which comes from the use // is to sanitize it (never trust the user). // The function db::escape() is a pseudo function for functions such as // mysql_real_escape_string() and other like it or in worst case just for // addslashes() $_POST['username'] = db::escape($_POST['username']); // Never store passwords unless you have encrypted them first! // Think about this situation, your database gets hacked and the hackers // manages to retrieve your whole user table. What do you think they // might do then? Login as a user (possible with the highest rank, admin) // and play around. But if you store the password in an encrypted form, // they have no chanse to do this. $_POST['password'] = sha1($_POST['password']); // Now let's execute a query to se if we have a match $result = db::query("SELECT `userID` FROM `users` WHERE `username` = '".$_POST['username']."' AND `password` = '".$_POST['password']."'"); // Did any rows match? if (db::numRows($result) == 0) // No rows matched, send the user a error message echo 'The username you enetered doesn\'t exists or the password supplied with the username is incorrect, please try again.'; else // The query matched a username with the specified password =D echo 'Woho, you are one of us! Here are the top secret documents..';