[help] Improve login script

[Montana"]

I am fairly new at php and just wrote this login script. Please rate, suggest and comment.
For any questions about the script you can send me a pm or comment.
I am from the Netherlands by the way. Thanks for commenting!

Login form

PHP Code:

<?php session_start();?>
<html>
<head>
<title>Inlog</title>
</head>
<body>
<form id='loginform' name='frm' method='POST' action='?action=login'>
                <table id='logintable' cellpadding='0' cellspacing='10' border='0'>
                <tr><td>Email:</td><td><input type='text' name='email' size='20'></td></tr>
                <tr><td>Password:</td><td><input type='password' name='password' size='20'></td></tr>
                <tr><td style="border-bottom: 1px solid #000"></td><td><input type='submit' value='Login' name='login'></td></tr>
                <tr><td>Als je nog geen account hebt,<td><a href="registratie.php">registreer een account.</a></tr>
</form>
<?php
include("include/sanitize.php");
include("connect.php");
$email = sanitize($_POST['email']);
$password = sanitize($_POST['password']);
$sql = ("SELECT * FROM `members` WHERE `email` = ('".$email."')");
$ophalen = mysql_query($sql) or die(mysql_error());
$aantal = mysql_num_rows($ophalen);
if ($_GET["action"] == "login")
{
    if(($aantal == 0))
        {
        echo"<p>Niet alle gegevens zijn goed ingevuld. Vul de gegevens opnieuw in.</p>";
        }
    else{
        while($record = mysql_fetch_object($ophalen))
            {
            $password_db = $record->password;
            $id = $record->Id_nummer;
            }
        require ("PassHash.php");
        if (PassHash::check_password($password_db, $password))
            {
            ?><meta http-equiv="refresh" content="0;url=beheer.php" /><?php;
            $_SESSION['id-nummer'] = "$id";
            }
        else
            {
            echo"<p>Niet alle gegevens zijn goed ingevuld. Vul de gegevens opnieuw in.</p>";
            }
        }
}
?>
</body>
</html> 


PassHash

PHP Code:

<?php
    class PassHash {
  private static $algo = '$2a';  
  private static $cost = '$10';   
  public static function unique_salt() {  
    return substr(sha1(mt_rand()),0,22);  
  }  
  public static function hash($password) {  
    return crypt($password,  
    self::$algo .  
    self::$cost .  
    '$' . self::unique_salt());  
  }  
  public static function check_password($hash, $password) {  
    $full_salt = substr($hash, 0, 29);  
    $new_hash = crypt($password, $full_salt);  
    return ($hash == $new_hash);  
  }  
    }
?>

Registration page

PHP Code:

<title>Registratie</title>
</head>
<body>
<?php
$code="cryptografie";
$codewoord=$_POST["codewoord"];
if($_POST['submit']){
    if($code==$codewoord)
    {
    include("connect.php");
    include("include/sanitize.php");
    $naam = sanitize($_POST['naam']);
    $email = sanitize($_POST['email']);
    $password0 = sanitize($_POST['password0']);
    $password1 = sanitize($_POST['password1']);
        if ($password0 !== $password1){
        echo "De wachtwoorden zijn niet aan elkaar gelijk. Probeer het opnieuw.";
        }
        else{
            require ("PassHash.php");
            $pass_hash = PassHash::hash($_POST['password0']);
            $sql_aanmelding = ("INSERT INTO `862697_test`.`members` (`naam`, `email`, `password`, `datum`) VALUES ('" . $naam . "', '". $email . "', '". $pass_hash . "', NOW())");
            $verzenden = mysql_query($sql_aanmelding);
            echo"Beste ".$naam.", je aanmelding is goed doorgekomen, je kunt nu inloggen. <br />";
            echo'Klik <a href="/">hier</a> om terug naar de loginpagina te gaan.';
        }
    }
    else{
  echo "Codewoord klopt niet. <br />";
  echo'Klik <a href="registratie.php">hier</a> om terug naar de registratiepagina te gaan.';
    }
}

else{
?>
<form name='loginform' action="registratie.php" method="post">
<table id='logintable' cellpadding='0' cellspacing='10' border='0'>
<TR><TD>Naam: <TD><input type="text" name="naam">
<TR><TD>E-mail: <TD><input type="text" name="email">
<TR><TD>Wachtwoord: <TD><input type="password" name="password0">
<TR><TD>Wachtwoord herhalen: <TD><input type="password" name="password1">
<TR><TD>Codewoord: <TD><input type="password" name="codewoord">
<TR><TD><TD><input type='submit' value='Submit' name='submit'>
</form>
<?php
}
?>
</body>
</html> 


Password verification page

PHP Code:

<?php
    session_start();
    if ($_GET["action"] == "logout") {
        unset($_SESSION["id-nummer"]);
        session_unset();
        header("Location: /");
        }
    if (isset($_SESSION['id-nummer'])){
        include("connect.php");
        $via = $_GET["Dropmenu"];
        $naam_sql = "SELECT * FROM `862697_test`.`members` WHERE `Id_nummer` = '".$_SESSION['id-nummer']."' ";
        $naam = mysql_query($naam_sql);
        while($record = mysql_fetch_object($naam)){
        echo'Welkom ' .$record->naam. ', fijn dat je er weer bent. <a href="?action=logout">Uitloggen</a>';
    }
echo "logged in"
    }
    else{
echo "not logged in"
        }
?>

[Haxalot]

It's generally bad practice to use static properties/methods due to their globalised scope. Also, it would be better if you opted to eschew the original MySQL functions, due to their outdated nature (and they're currently in deprecation). Try MySQLi or PDO since you're using the object-oriented paradigm.

I'd also like to see the sanitise.php file as well, because I'm curious how you're protecting yourself form both XSS and SQLi attacks with that one function. I assume you're using functions like htmlspecialchars() or htmlentities() to prevent XSS attacks; however these escaping functions should only be invoked upon outputting data from the database (not when inputting data). Information inside the database should be kept intact until you're manipulating it as a general rule of thumb.