<?php session_start(); if(isset($_POST['submit'])){ $user = $_P

1. <?php
2. session_start();
3. if(isset($_POST['submit'])){
4. $user = $_POST['username'];
5. $pwrd = $_POST['pwrd'];
6. //include database connection
7. include('includes/db_connect.php');
8. if(empty($user) || empty($pwrd)){
9. echo 'Nada informado';
10. }else{
11. //prevenção de sql injection
12. $user = strip_tags($user);
13. $user = $db->real_escape_string($user);
14. $pwrd = strip_tags($pwrd);
15. $pwrd = $db->real_escape_string($pwrd);
16. $pwrd = md5($pwrd);
17. $query = $db-> query("SELECT user_id, username FROM user WHERE username='$user' AND password='$pwrd'");
18.  
19. //echo $query->num_rows; ver se tem algo no banco
20.  
21. if($query->num_rows === 1){
22. while($row = $query->fetch_object()){
23. $_SESSION['user_id'] = $row->user_id;
24. }
25.  
26.  
27. header('Location: admin/index.php');
28. exit();
29. }else{
30. echo 'Nada informado';
31. }
32. }
33. }
34.  
35. ?>
36.  
37. <?php
38.  
39. include('../includes/db_connect.php');
40.  
41. $query = $db-> query("SELECT user_id, username FROM user WHERE username='$user'");
42.  
43.  
44. echo 'bem vindo: $ não sei o que colocar aqui';
45.  
46.  
47. ?>
48.  
49. <?php
50. session_start();
51. echo "bem vindo: ".$_SESSION['username'];
52. ?>
53.  
54. $_SESSION['username'] = $row->username;
55.  
56. if($query->num_rows === 1)//se o resultado da query === 1...execute
57.  
58. if($query->num_rows === 1)
59. { $row = $query->fetch_object();
60. $_SESSION['username'] = $row->username;
61. header('Location: admin/index.php');
62. exit();
63. }else
64. { echo 'Nada informado';
65. }