Untitled

<?php
session_start();
require 'config.php';
if ( isset($_POST['username']) && isset($_POST['password']) ) {
$username = $_POST['username'];
$password = md5($_POST["password"] );
$sql_check = "SELECT nama,level_user,id_user FROM users WHERE username=? AND password=? LIMIT 1";
$check_log = $dbconnect->prepare($sql_check);
die($dbconnect->error);
$check_log->bind_param('ss', $username, $password);
$check_log->execute();
$check_log->store_result();
if ( $check_log->num_rows == 1) {
$check_log->bind_result($nama, $level_user, $id_user);
while ( $check_log->fetch() ) {
$_SESSION['user_login'] = $level_user;
$_SESSION['sess_id'] = $id_user;
$_SESSION['nama'] = $nama;
}
$check_log->close();
header('location:on-' .$level1_user);
exit();
} else {
header('location: login.php?error=' .base64_encode('Username dan Password Invalid!!!'));
exit();
}
} else {
header('location:login.php');
exit();
}
?>