Untitled

<?php
session_start();
require 'config.php';
/**
 * Check POST request
 */
if (isset($_POST['username']) && isset($_POST['password'])) {
    // SQL syntax to get username & password
    $sql_check = "SELECT nama,
                         level_user,
                         id_user
                  FROM users
                  WHERE
                       username=?
                       AND
                       password=?
                  LIMIT 1";

    // start prepare
    $check_log = $dbconnect->prepare($sql_check);
    $check_log->bind_param('ss', $username, $password);

    $username = $_POST['username'];
    $password = md5($_POST['password']);

    $check_log->execute();

    $check_log->store_result();

    // check result, if valid username & password
    if ($check_log->num_rows == 1) {
        $check_log->bind_result($nama, $level_user, $id_user);

        // save user ID to session
        while ($check_log->fetch()) {
            $_SESSION['user_login'] = $level_user;
            $_SESSION['sess_id']    = $id_user;
            $_SESSION['nama']       = $nama;
        }

        $check_log->close();

        // redirect
        header('location:on-'.$level_user);
        exit();
    } else {
        // if username & password not valid
        header('location: login.php?error='.base64_encode('Username dan Password Invalid!!!'));
        exit();
    }
} else {
    header('location:login.php');
    exit();
}