Code from login page:
$link=mysql_connect("localhost","dbuser","****");
if(!$link){
die("Couln't open database!");
}
$db="myschema"; mysql_select_db($db) or die("Could not open $db");
if(!empty($_REQUEST['user'])){
$theUser=$_REQUEST['user'];
}
else{
$theUser="";
}
$result=mysql_query("SELECT * FROM users WHERE UserName='$theUser' ");
$num_rows=mysql_num_rows($result);
while($a_row=mysql_fetch_row($result)){
if($_REQUEST['pass']==stripslashes($a_row[1])){
$msg="";
$_SESSION['user']=$theUser;
$_SESSION['userGroup']="admin";
}
}