Untitled

<?php
session_start();
if (!isset($_SESSION['zalogowany'])){
$login = $_POST['user'];
$pass = $_POST['password'];
require("../lib/connect.php");
$sql = "SELECT * FROM users where user='$login' and pass='$pass'";
$result = $conn->query($sql);
$res_num = $result->num_rows;
if ($res_num==1) {
$_SESSION['zalogowany'] = 1;
$_SESSION['login'] = $login;
header('location:index.php');
}else{
echo"Zly login lub haslo";
echo"<br><a href='index.php'>Zaloguj sie jeszcze raz</a>";
}
}else{
header('location:index.php');
}
?>