Untitled

<?php
 include 'php/adminloginfunctions.php';

 if ($_SERVER["REQUEST_METHOD"] == "POST") {
   if ($_POST['type'] == 'login'){
      $username = $_POST['loginusername'];
      $password = $_POST['loginpassword'];
    if (login($username, $password)) {
      header('Location: http://' . $_SERVER['SERVER_NAME'].':1080' . dirname($_SERVER['REQUEST_URI']) . '/home.php');
        exit();
    }

} else {
    logout();
}

}

?>

<?php
  include 'adminmySQLCon.php';
  sec_session_start();

  function sec_session_start() {
    $session_name = 'sec_session_id';
    $secure = true;
    $httponly = true;
     if (ini_set('session.use_only_cookies', 1) === FALSE) {
       header("Location: ../error.php?err=Could not initiate a safe session            (ini_set)");
        exit();
  }
      $cookieParams = session_get_cookie_params();
      session_set_cookie_params($cookieParams["lifetime"],
      $cookieParams["path"],
      $cookieParams["domain"],
      $secure,
      $httponly);
       session_name($session_name);
       session_start();
       session_regenerate_id(true);
}


 function login($email, $password) {
    global $conn;
     if ($stmt = $conn->prepare("SELECT Occupant.idOccupant,           Occupant.Occ_Email, Occupant.Occ_Password, roles.RoleLevel
         FROM Occupant INNER JOIN userrolemapping ON Occupant.idOccupant = userrolemapping.URMUserId
          INNER JOIN roles on roles.idRoles = userrolemapping.URMRoleID
       WHERE Occ_Email = ?
        LIMIT 1")) {
       $stmt->bind_param('s', $email);
       $stmt->execute();
       $stmt->store_result();
       $stmt->bind_result($user_id, $username, $db_password, $userrole);
       $stmt->fetch();

       if ($stmt->num_rows == 1) {
          if (checkbrute($user_id) == true) {
            return false;
        } else {
            if (password_verify($password, $db_password)) {
                $user_browser = $_SERVER['HTTP_USER_AGENT'];
                $_SESSION['user_id'] = $user_id;
                $_SESSION['username'] = $username;
                $_SESSION['login_string'] = hash('sha512',
                          $db_password . $user_browser);
                $_SESSION['userrole'] = $userrole;
                // Login successful.
                return true;
            } else {
                $now = time();
                $conn->query("INSERT INTO login_attempts(idOccupant, time)
                                VALUES ('$user_id', '$now')");

                return false;
            }
        }
    } else {

        return false;
    }
}
}

<?php
   include 'php/adminloginfunctions.php';
   echo $_SESSION['userrole'];
 ?>