puedes hacer algo como esto:
Cita: <?php
require_once('db.php');
include('functions.php');
if(isset($_POST['Login']))
{
if($_POST['username']!='' && $_POST['password']!='')
{
//Use the input username and password and check against 'users' table
$query = mysql_query('SELECT ID, Username, Active FROM users WHERE Username = "'.mysql_real_escape_string($_POST['username']).'" AND Password = "'.mysql_real_escape_string(md5($_POST['password'])).'"');
if(mysql_num_rows($query) == 1)
{
$row = mysql_fetch_assoc($query);
if($row['Active'] == 1)
{
session_start();
$_SESSION['user_id'] = $row['ID'];
$_SESSION['logged_in'] = TRUE;
header("Location: members.php");
}
else {
$error = 'Your membership was not activated. Please open the email that we sent and click on the activation link';
}
}
else {
$error = 'Login failed !';
}
}
else {
$error = 'Please user both your username and password to access your account';
}
}
?>
<?php if(isset($error)){ echo "&error=". $error;}?>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<input type="text" id="username" name="username" size="32" value="" />
<input type="password" id="password" name="password" size="32" value="" />
<input type="submit" name="Login" value="Login" />
</form>