rQuery('SELECT * FROM MemberForm_Users WHERE Username LIKE "' . $db->Escape(trim($_SESSION['username'])) . '"'); if ($row->Password == md5(trim($_SESSION['password']))){ $LoggedIn = true; if ($_POST['LibraryID']) $LibraryID = (int) $_POST['LibraryID']; else $LibraryID == $row->LibraryID; } unset($row); } if($LoggedIn) //Password Matches { //Password is correct, do not display the form, allow user to see the page } //If no input exists, this is the first time the form is displayed. Show form, do not show page. elseif(!$_POST["f_username"] or !$_POST["f_password"]) { $exit = 'X'; } //Occurs any time the password does not match. Show error, show form, & do not show page. else { echo "Sorry, authentication failed."; $exit = 'X'; } if($exit == "X") //If user is not yet authenticated, show form & EXIT { ?>

Username   Password