loginproc

1. <?php
2. session_start();
3. include 'database.php';
4. // Retrieve username and password from database according to user's input
5. $username=mysqli_real_escape_string($connect,$_POST['username']);
6. $password=mysqli_real_escape_string($connect,$_POST['password']);
7. $encrypted_mypassword=md5($password);
8. $sql = "SELECT * FROM staffdetail WHERE (username = '$username') and (password = '$encrypted_mypassword')";
9. $login = mysqli_query($connect,$sql);
10. $count = mysqli_num_rows($login) ;
11. // Check username and password match
12. while($row = mysqli_fetch_assoc($login)){
13.  
14.  
15. $_SESSION['roleid'] = $row['idrole'];
16. $_SESSION['employeeid'] = $row['id'];
17.  
18.  
19. $type = $_SESSION['roleid'];
20. }
21. if ($count != "") {
22. switch ($type) {
23. case 1:
24.  
25. header('Location: ../technician/index.php'); // admin Level;
26. break;
27. case 2:
28.  
29.  
30. header('Location: ../clerk/index.php');
31. break;
32. case 2:
33.  
34.  
35. header('Location: ../director/index.php');
36. break;
37.  
38. }
39.  
40.  
41.  
42.  
43. }
44. else {
45. Print'<script>alert(Incorrect username or password !");</script>';
46. Print'<script>window.location.assign("login.php");</script>';
47. }
48.  
49. ?>