Daryl code with some fixes.

1. <?php
2.  
3.   session_start();  
4.   require("p_db_connection.php");
5.   $username = $_POST['username'];
6.   $password = $_POST['password'];
7.   if($username<>'' and $password<>'')
8.   {
9.     #You shouldnt be using md5 or sha1 for passwords
10.    #read this https://crackstation.net/hashing-security.htm
11.    $encrypt_password = sha1($password);
12.     $sql = "SELECT * FROM useraccount WHERE user_name = '".$username."' AND user_pass = '".$encrypt_password."' AND user_status = 'Activated' LIMIT 1 ";
13.     $result = mysqli_query($conn, $sql);
14.     if(mysqli_errno($con)>0)
15.     {
16.       echo "Query error " . mysqli_errno($con);
17.       #dont leak information ( to hackers ) displaying mysqli_error($con)
18.      
19.       #handle the error
20.      
21.     } else {
22.       $count = mysqli_num_rows($result);    
23.       if($count > 0)
24.       {
25.         while($info_result = mysqli_fetch_assoc($result))
26.         {
27.           $_SESSION['user_name'] = $username;
28.           if($info_result['user_privileges'] === "Admin")
29.           {
30.             header("Location: ../user_profile.php?login=success");
31.             exit;
32.           }
33.           if($info_result['user_privileges'] === "Reporting User")
34.           {
35.             header("Location: ../user_profile_r.php?login=success");
36.             exit;
37.           }
38.           if($info_result['user_privileges'] === "Monitoring User")
39.           {
40.             header("Location: ../user_profile_m.php?login=success");
41.             exit;
42.           }
43.           if($info_result['user_privileges'] === "External User")
44.           {
45.             header("Location: ../user_profile_e.php?login=success");
46.             exit;
47.           }
48.         }
49.       }
50.     }
51.   }
52.   $_SESSION['error_login'] = "Your username and password did not match in our system.";
53.   header("Location: ../login.php?error=didnotmatch");
54.  
55. ?>