<?php

// Check if this is a login submit else just display login page
if (isset($_POST['user'])) {

  // Connect to Database
  $link = mysql_connect('localhost', 'root', '')
    or die('Could not connect: ' . mysql_error());
  mysql_select_db('test') or die('Could not connect to the database');

  // Construct a query based on user supplied input for user and password

  $username = $_POST['user'];
  $password = $_POST['password'];

  $query = 'select * from accounts where user ="'.$username.'" AND password="'.$password.'"';
  $result = mysql_query($query) or die ('Query failed: ' . mysql_error());

  // Did it return rows with Data? If so, it found the user/pass and we consider it authenticated.
  $returnrows = mysql_num_rows($result);

  if ($returnrows >= 1 ) {
    echo "<CENTER> <B>User Authenticated!</B> <CENTER>";
  }
  else {
    echo "<CENTER> <B>User NOT Authenticated!</B> </CENTER>";
  }

  // Display the Query
  echo "<BR><Br><i>$query</i>";
}

else {
?>    
<CENTER>
<FORM action="index.php" method="post">
   <P>
    Username:
        <INPUT type="text" name="user"><BR>
        Password:
        <INPUT type="text" name="password"><BR>
    <INPUT type="submit" name="submit" value="Submit"> <INPUT type="reset">
    </P>
</FORM>
</CENTER>
<?php
}
?>