You are now logged out'; echo(""); } if(isset($_POST['log_in'])) { //echo 'Login procces'; if(isset($_POST['user_name'])) { $i_username = @mysqli_real_escape_string($dbc, trim($_POST['user_name'])); } else { $errors['User Name'] = 'You need to enter a user name!'; } if(isset($_POST['password'])) { $i_password = @mysqli_real_escape_string($dbc, trim($_POST['password'])); } else { $errors['password'] = "You need to enter a password!"; } if($i_password && $i_username) { //valid username $q3 = "select * from users where user_name='$i_username'"; //echo $q3; $r3 = mysqli_query($dbc, $q3); if(@mysqli_num_rows($r3) == 1) { //echo 'das good'; $firstName = ""; while($row = mysqli_fetch_array($r3)) { $firstName = $row['first_name']; } $q2 = "select * from users where user_name = '$i_username' and pass ='" . SHA1($i_password . $firstName) . "'"; //echo $q2; $r2 = mysqli_query($dbc, $q2); //30 minutes of error seaching to realize if frogot the s in mysqli if(@mysqli_num_rows($r2) == 1) { while($row = mysqli_fetch_array($r2)) { $_SESSION['use'] = true; $_SESSION['fname'] = $firstName; $_SESSION['user_id'] = $row['user_id']; $_SESSION['username'] = $row['user_name']; $_SESSION['agent'] = md5($_SERVER['HTTP_USERAGENT'] . 'salt'); header("Location: index.php"); } } else { $errors['password'] = "You entered an invalid password"; } } else { $errors['user'] = "You entered an invalid user name!"; } } } echo '

'; echo '
'; if($loggedIn) echo 'Profile'; else echo 'Log In'; echo '

'; echo '
'; if($loggedIn) { echo '

Welcome ' . $_SESSION['fname'] . '

'; echo '
'; } else { //prints login form echo '
'; } foreach($errors as $msg) echo " - $msg
"; echo '
';