<?php // loginadmin.php //connect sa database require 'dbconnect.php';

1.  
2. <?php
3. // loginadmin.php
4. //connect sa database
5. require 'dbconnect.php';
6.  
7. //check if nana ang username
8.  
9. $checkuser = mysql_query("SELECT * FROM admin WHERE Username='$_POST[username]'");
10. $username_exist = mysql_num_rows($checkuser);
11.  
12. //add slashes to the username and md5() the password
13. $user = addslashes($_POST['username']);
14. $pass = $_POST['password'];
15.  
16. //kung wala ng exist because wala gi enter either ang username or ang password
17. if(($username_exist == 0) && (($_POST[username]==""||$_POST[username]==null)||($_POST[password]==""||$_POST[password]==null)))
18. {
19. header("Location: administrator.php");
20. echo "Invalid Username or Password.";
21. exit();
22. }
23.  
24. //kung wala pa ng exist sa world kana nga username
25. else if($username_exist == 0)
26. {
27. header("Location: administrator.php");
28. echo "Invalid Username or Password.";
29. exit();
30. }
31.  
32. //yes! kung ng exist ang username, check if the password entered kay sakto ba or not
33. else
34. {
35. $result = mysql_query("SELECT * FROM admin WHERE Username='$_POST[username]'");
36. while($row = mysql_fetch_array($result))
37. {
38. if($row['Username'] == $_POST[username] && $row['Password'] == $_POST[password])
39. {
40. session_start();
41. session_register('username');
42. session_register('password');
43. $_SESSION['username']=$user;
44. $_SESSION['password']=$pass;
45. //status = 1 kung admin
46. $_SESSION['status']=$row['Status'];
47. //adto lain page
48. header( "Location: login.php" );
49. }
50. else
51. {
52. header("Location: administrator.php");
53. echo "Invalid Username or Password.";
54. }
55. }
56. }
57. ?>