<code>
  <pre>
&lt;?php

include ('includes/header.html');

# This piece of javascript will default the cursor to the Username input box.
echo &quot;&lt;script type=\&quot;text/javascript\&quot;&gt;
window.onload=function(){document.forms['login'].elements['user'].focus();}
&lt;/script&gt;&quot;;

# Execute this block of code if the user has supplied a username and password.
if ($_POST['user'] &amp;&amp; $_POST['pass']) {
	
	# Sanitize the data the user has provided and save them as variables.
	$username = mysqli_real_escape_string($dbc, $_POST['user']);
	$pass = mysqli_real_escape_string($dbc, $_POST['pass']);
	
	# Validate the username and password to contain only a-z, A-Z, 0-9 and . - _ with 4 to 20 characters.
	if (eregi('^[a-z0-9.-_]{4,20}$', $username) &amp;&amp; eregi('^[a-z0-9.-_]{4,20}$', $pass)) {
		
	# This statement will return the database row matching their username and password.
	$q = &quot;SELECT user_id FROM users WHERE username='$username' AND password=SHA1('$pass')&quot;;
	$r = mysqli_query($dbc, $q);
	$row = mysqli_fetch_array($r);
	# Only execute this block of code if the username and password was correct.
	if (mysqli_num_rows($r) == 1) {
		# Set the user's uniquely registered ID as a session variable.
		$_SESSION['user'] = $row['user_id'];
		# Set the HTTP_USER_AGENT as a session variable for later additional validation checks.
		$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
		# Redirect the user to the home page upon successfully logging in.
		header(&quot;Location:index.php&quot;);
	} else {
		# If the username and password were incorrect, do not log them in - just display this error.
		echo '&lt;p&gt;Wrong username or password&lt;/p&gt;';
	}
	} else {
		# Echo an error if the username and password fail the validation checks.
		echo &quot;&lt;p&gt;Your username and password must contain be between 4 and 20 characters of length and consist only of letters, numbers or a period, dash or underscore.&lt;/p&gt;&quot;;
	}
}

# A form for the user to log in.
?&gt;
&lt;div id=&quot;title&quot;&gt;
&lt;h2&gt;Login&lt;/h2&gt;
&lt;/div&gt;
&lt;div id=&quot;box&quot;&gt;
&lt;form action=&quot;login.php&quot; method=&quot;post&quot; name=&quot;login&quot;&gt;
&lt;p&gt;Username:&lt;/p&gt;&lt;p&gt;&lt;input type=&quot;text&quot; name=&quot;user&quot; size=&quot;10&quot; maxlength=&quot;20&quot; value=&quot;&quot;/&gt;&lt;/p&gt;
&lt;p&gt;Password:&lt;/p&gt;&lt;p&gt;&lt;input type=&quot;password&quot; name=&quot;pass&quot; size=&quot;10&quot; maxlength=&quot;20&quot; /&gt;&lt;/p&gt;
&lt;p id=&quot;login&quot;&gt;&lt;input type=&quot;submit&quot; name=&quot;submit&quot; value=&quot;Login&quot; /&gt;&lt;/p&gt;
&lt;/form&gt;
&lt;/div&gt;
&lt;?php

include ('includes/footer.html');

?&gt;
  </pre>
</code>