<?php
if (isset($_POST['usname']) && isset($_POST['pasw'])){
$username = mysql_ramznegar($_POST['usname'],$link);
$password = mysql_ramznegar($_POST['pasw'],$link);
$query = "SELECT * FROM `admin` WHERE `usname` = $username";
$admin_result = mysql_query($query,$link);
$admin_result = mysql_fetch_array($admin_result,MYSQL_ASSOC);
if($admin_result['usname']==$username && $admin_result['passw']==$password){
if($admin_result[usname] == "admin"){
$_SESSION['auth'] = 1;
redirect("panel");
exit;
}
else{
echo 'ur username or password is invalid';
redirect("index.php");
}
}
}
?>