gistfile1.phtml

<title>Check login</title>
<?php

$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password="root"; // Mysql password 
$db_name="account"; // Database name 
$tbl_name="member"; // Table name 

// Connect to server and select databse.
mysql_connect('localhost', 'root', 'root')or die("cannot connect"); 
mysql_select_db('account')or die("cannot select DB");

// username and password sent from form 
$email=$_POST['email']; 
$password=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$email = stripslashes($email);
$password = stripslashes($password);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE email='$email' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row
if($count==1){

// Register $username, $password and redirect to file "login_success.php"

	include('connect.php');
	$query = "SELECT * FROM image";
   if ( !($result = mysql_query($query,$con)) ) {
      die('<p>Error reading database</p></body></html>');
   } else {
      for ( $i = 0 ; $i < mysql_num_rows($result) ; $i++ ) {
        $row = mysql_fetch_assoc($result);
        //echo '<img src="'.$row['name'].$row['id']. '" alt="' . $row['alt'] . '" title="' . $row['name']  .'"/>  ' . "\n";
        
		if($_POST['prod_id']==true){
		echo header("location:../members/".$_REQUEST['email']."/checkout.php?id=". $_POST['prod_id']."");}
		else{header("location:../members/".$email."/"."index.php");}
        
      }
   }   
}
else {
echo "Wrong Username or Password";
}
?>