<?php

include("config.php");

// start session
session_start();

// connect to database
$connectionID = mysql_connect($hostname,$username,$password);

if(!mysql_select_db($database,$connectionID))
{
	die ("Connection failed.");
}

$sql = "SELECT idx, username, password, name, gname FROM userdata WHERE ".
		"(username LIKE '".$_REQUEST["uname"]."') AND ".
		"(password = '".md5($_REQUEST["password"])."')";

$result = mysql_query($sql);

if(mysql_num_rows($result) > 0)
{
	// read userdata into array
	$data = mysql_fetch_array($result);
	
	// create session variables
	$_SESSION["user_id"] = $data["idx"];
	$_SESSION["uname"] = $data["username"];
	$_SESSION["name"] = $data["name"];
	$_SESSION["gname"] = $data["gname"];
	
	header ("Location: intern.php");
}
else
{
	header ("Location: loginform.php?err=1");
}
?>