Looking for a basic (but secure) php login. Is what I have so far, good?

[Paul92820]

I am a complete novice w/ PHP.  I've been looking for a basic, but secure php login page for my personal web page.  I stumbled across this 

which advises using the 4 php pages I'll paste below.  My concern is how secure is this?  One point is that in the second file(checklogin.php) the sql pw is in clear text (yikes).  I did move that to a /php folder on my webspace and locked that folder with .htaccess but I'm still a bit leery.

 

I have tested it, and everything does seem to work, but I have zero knowledge of how to identify security issues so I'm looking to you good folks for advice. 

 

Any and all constructive help is appreciated.  Thanks folks!

 

Page1: mainlogin.php

<html>
  <head>

    <title>Login</title>

    <style type="text/css">
    #loginform {
      border: 2px solid #ACA7A4 ;
      background-color: #878381 ;
      width: 280px ;
      }

    #loginform form {
      margin: 5px ;
      }

    label {
      display: block ;
      width: 90px ;
      float: left ;
      clear: both ;
      }

    label, input {
      margin-bottom: 4px ;
      }

    </style>
  </head>
<body bgcolor="#000000">

<div id="loginform">
  <form method="post" action="../php/checklogin.php" name="form1">

      <label for="username">Username:</label>
      <input type="text" name="myusername" id="username" />

      <label for="password">Password:</label>
      <input type="password" name="mypassword" id="password" /> <!-- Change "type" to "password" to create *** field -->
      <input type="submit" name="submit" value="Login" />

  </form>
</div>

</body>
</html>

 

 

Page2: checklogin.php

<?
  $host = "host.com" ;
  $username = "username" ;
  $password = "password" ;
  $db_name = "database" ;
  $tbl_name = "table" ;



  mysql_connect ($host, $username, $password) or die(mysql_error("Can't connect"));
  mysql_select_db ($db_name) or die (mysql_error());

$myusername = $_POST['myusername'];
$mypassword = $_POST['mypassword'];

$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result = mysql_query($sql);

$count = mysql_num_rows($result);

if($count==1) {
    session_register("myusername");
    session_register("mypassword");
    header("location:/login_success.php");
    }
    else {
      echo "Wrong Username or Password";
      }


?>

 

 

 

Page3: login_success.php

<?
  session_start();
    if(!session_is_registered(myusername)) {
      header("location:mainlogin.php");
      }
?>

<html>
  <head> <title>Welcome</title>
  </head>

  <body>
  <h1>Login Successful</h1>

    <p>

    <a href="logout.php">Log Out!</a></p>

  </body>
</html>

 

 

 

Page4: logout.php

<?
  session_start();
  session_destroy();

?>


<html>
  <head> <title>Goodbye</title>
  </head>
  
  <body>
  <h1>You've been logged out.</h1>

  </body>
</html>

[Pikachu2000]

That code, or at least part of it, appears to be from phpeasystep.com and is outdated. I wouldn't recommend using their site for anything, as all of the code I've seen from there is obsolete.

[Paul92820]

*sigh*

 

Ok...  Is there a better answer you could link me to?