<?phpinclude 'config.php';session_start();if($_SERVER["REQUEST_METHOD"

1. <?php
2.  
3. include 'config.php';
4. session_start();
5.  
6. if($_SERVER["REQUEST_METHOD"] == "POST") {
7. $myusername=mysqli_real_escape_string($conn, $_POST['username']);
8. $mypassword=mysqli_real_escape_string($conn, $_POST['password']);
9. }
10.  
11. if (strlen($myusername) < 1) {
12. $_SESSION["error"] .= "Username is too short !<br>";
13. }
14. if (strlen($mypassword) < 1) {
15. $_SESSION["error"] .= "Password is too short !<br>";
16. }
17.  
18. if(isset($_SESSION["error"])) {
19. header("location: /pages/login.php");
20. exit;
21. }
22.  
23. $mypassword=sha1($mypassword);
24.  
25. $sql="SELECT * FROM user WHERE username='$myusername' and password='$mypassword';";
26. $result=mysqli_query($conn, $sql);
27.  
28. $count = mysqli_num_rows($result);
29.  
30. if($count == 1) {
31. $_SESSION["logged_user"] = $myusername;
32. $_SESSION["logged_in"] = "yes";
33.  
34. $sql="SELECT * FROM user WHERE username='$myusername' and password='$mypassword' and admin=1;";
35. $result=mysqli_query($conn, $sql);
36.  
37. $count = mysqli_num_rows($result);
38.  
39. if($count == 1) {$_SESSION["admin"] = "True";}
40.  
41. header("location: ../index.php");
42. }
43. else {
44. $_SESSION["error"] .= "Username or Password is wrong !<br>";
45. header("location: /pages/login.php");
46. }
47.  
48. mysqli_close($conn);
49. ?>