Untitled

<?php
session_start();
require_once 'mydbms.php';
$DBcon=mysqli_connect('localhost','batab','kina','kina');

if (isset($_SESSION['userSession'])!="") {
 header("Location: home.php");
 exit;
}

include_once $_SERVER['DOCUMENT_ROOT'] . '/Kina/securimage/securimage.php';
$securimage = new Securimage();

if (isset($_POST['btn-login'])) {

 if ($securimage->check($_POST['captcha_code']) == false) {
      // the code was incorrect
      // you should handle the error so that the form processor doesn't continue
      // or you can use the following code if there is no validation or you do not know how
      echo "The security code entered was incorrect.<br /><br />";
      echo "Please go <a href='javascript:history.go(-1)'>back</a> and try again.";
      exit;
    }

 $username = strip_tags($_POST['username']);
 $password = strip_tags($_POST['password']);

 $username = $DBcon->real_escape_string($username);
 $password = $DBcon->real_escape_string($password);

 $query = $DBcon->query("SELECT user_id, username, password FROM users WHERE username='$username'");
 $row=$query->fetch_array();


  $_SESSION['user_id']=$row['user_id'];
$_SESSION['role']=$row['role'];


 $count = $query->num_rows; // if email/password are correct returns must be 1 row

 if($count==1)
 {
                if ($row['role']=="administrator")
            {

                               header ("location: home.php");

            }
            else if ($row['role']=="user")
            {
                               $_SESSION['role']=$row['role'];

                               header ("location: 404.php");


            }
 }


 if (password_verify($password, $row['password']) && $count==1) {
  $_SESSION['userSession'] = $row['user_id'];
  header("Location: index.php");
 } else {
  $msg = "<div class='alert alert-danger'>
     <span class='glyphicon glyphicon-info-sign'></span> &nbsp; Invalid Username or Password !
    </div>";
 }
 $DBcon->close();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script src='https://www.google.com/recaptcha/api.js'></script>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Coding Cage - Login & Registration System</title>
<link href="bootstrap/css/bootstrap.min.css" rel="stylesheet" media="screen">
<link href="bootstrap/css/bootstrap-theme.min.css" rel="stylesheet" media="screen">
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>

<div class="signin-form">

 <div class="container">


       <form class="form-signin" method="post" id="login-form">

        <h2 class="form-signin-heading">Sign In.</h2><hr />

        <?php
  if(isset($msg)){
   echo $msg;
  }
  ?>

        <div class="form-group">
        <input type="text" class="form-control" placeholder="Felhasználónév" name="username" required />
        <span id="check-e"></span>
        </div>

        <div class="form-group">
        <input type="password" class="form-control" placeholder="Password" name="password" required />
        </div>

      <hr />
        <img id="captcha" src="/Kina/securimage/securimage_show.php" alt="CAPTCHA Image" />
        <input type="text" name="captcha_code" size="10" maxlength="6" />
    <a href="#" onclick="document.getElementById('captcha').src = '/Kina/securimage/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a>
        <div class="form-group">
            <button type="submit" class="btn btn-default" name="btn-login" id="btn-login">
      <span class="glyphicon glyphicon-log-in"></span> &nbsp; Sign In
   </button>

            <a href="register.php" class="btn btn-default" style="float:right;">Sign UP Here</a>

        </div>


      </form>

    </div>

</div>

</body>
</html>