gistfile1.phtml

<?php // best practice: always have <?php at the top

$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password="root"; // Mysql password 
$db_name="account"; // Database name 
$tbl_name="member"; // Table name 

// Connect to server and select databse.
mysql_connect('localhost', 'root', 'root')or die("cannot connect"); 
mysql_select_db('account')or die("cannot select DB");

// username and password sent from form 
$email=$_POST['email']; 
$password=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$email = stripslashes($email);
$password = stripslashes($password);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE email='$email' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row
if($count==1) {
	if($_POST['prod_id']==true){
		echo header("location:../members/".$_REQUEST['email']."/checkout.php?id=". $_POST['prod_id']."");
	} else {
		header("location:../members/".$email."/"."index.php");
	}
    
    	// Register $username, $password and redirect to file "login_success.php"
	include('connect.php');
	
	echo "<title>Check login</title>";
	
	$query = "SELECT * FROM image";
	
	if ( !($result = mysql_query($query,$con)) ) {
		die('<p>Error reading database</p></body></html>');
	} else {
		for ( $i = 0 ; $i < mysql_num_rows($result) ; $i++ ) {
        		$row = mysql_fetch_assoc($result);
	        	//echo '<img src="'.$row['name'].$row['id']. '" alt="' . $row['alt'] . '" title="' . $row['name']  .'"/>  ' . "\n";
		}   
	}
} else {
    echo "Wrong Username or Password";
}
?>