Authenticate

1. <?php
2. session_start();
3. include 'config.php';
4. include 'dbconnect.php';
5. include 'utilities.php';
6.  
7. if ($_POST) {
8.     $username = $_POST['username'];
9.     $password = sha1($_POST['password']);
10.    
11.     $query = "SELECT * FROM users WHERE username = '" . $username . "'
12.                 AND password = '" . $password . "'";
13.     $result = mysqli_query($_SESSION['dbconn'],$query);
14.     $record = mysqli_fetch_assoc($result);
15.     if ($record) {
16.         $_SESSION['user'] = array();
17.         $_SESSION['user']['username'] = $record['username'];
18.         $_SESSION['user']['admin'] = $record['admin'];
19.         $_SESSION['user']['can_add'] = $record['can_add'];
20.         $_SESSION['user']['can_edit'] = $record['can_edit'];
21.         $_SESSION['user']['can_delete'] = $record['can_delete'];
22.         $_SESSION['message'] = array('success','Welcome ' . $_SESSION['user']['username']);
23.     } else {
24.         $_SESSION['message'] = array('danger','User cannot be logged!');       
25.     }
26.     header('Location: ' . SITE_URL);   
27. }