<?phpinclude("config.php");session_start();if($_SERVER["REQUEST_METHOD"] ==

1. <?php
2. include("config.php");
3. session_start();
4.  
5. if($_SERVER["REQUEST_METHOD"] == "POST") {
6.  
7. $myusername = mysqli_real_escape_string($db,$_POST['username']);
8. $mypassword = mysqli_real_escape_string($db,$_POST['password']);
9.  
10. $sql = "SELECT * FROM user WHERE username = '$myusername' and password = '$mypassword'";
11. $result = mysqli_query($db,$sql);
12. $row = mysqli_fetch_array($result,MYSQLI_ASSOC);
13. $active = isset($row['active']);
14. $count = mysqli_num_rows($result);
15.  
16. $role = isset($row['role']);
17.  
18. if($role = 'admin'){
19. $link = 'admin.php';
20. }
21. elseif($role = 'user'){
22. $link = 'user.php';
23. }
24. elseif($role = 'expert'){
25. $link = 'expert.php';
26. }
27. else{
28. $link = '404.php';
29. }
30.  
31. if($count == 1) {
32. $_SESSION['username'] = $myusername;
33.  
34. header("Location: ".$link."");
35. exit();
36. }else {
37. $error = "Your Login Name or Password is invalid";
38. }
39. }
40. ?>