<?phpsession_start();require 'config.php';if ( isset($_POST['username'])

1. <?php
2. session_start();
3. require 'config.php';
4.  
5. if ( isset($_POST['username']) && isset($_POST['password']) ) {
6.  
7. $sql_check = "SELECT nama,
8. level_user,
9. id_user
10. FROM users
11. WHERE
12. username=?
13. AND
14. password=?
15. LIMIT 1";
16.  
17. $check_log = $dbconnect->prepare($sql_check);
18.  
19.  
20. $username = $_POST['username'];
21. $password = md5( $_POST['password'] );
22.  
23. $check_log->bindParam(1, $username, PDO::PARAM_STR);
24. $check_log->bindParam(2, $password, PDO::PARAM_STR);
25.  
26.  
27.  
28. $check_log->execute();
29.  
30. $check_log->store_result();
31.  
32. if ( $check_log->num_rows == 1 ) {
33. $check_log->bind_result($nama, $level_user, $id_user);
34.  
35. while ( $check_log->fetch() ) {
36. $_SESSION['user_login'] = $level_user;
37. $_SESSION['sess_id'] = $id_user;
38. $_SESSION['nama'] = $nama;
39.  
40. }
41.  
42. $check_log->close();
43.  
44. header('location:on-'.$level_user);
45. exit();
46.  
47. } else {
48. header('location: login.php?error='.base64_encode('Username dan Password Invalid!!!'));
49. exit();
50. }
51.  
52.  
53. } else {
54. header('location:login.php');
55. exit();
56. }