<?phpsession_start();require 'config.php';if ( isset($_POST['username']) &&

1. <?php
2. session_start();
3. require 'config.php';
4.  
5. if ( isset($_POST['username']) && isset($_POST['password']) ) {
6.  
7. $sql_check = "SELECT nama,
8. level_user,
9. id_user
10. FROM users
11. WHERE
12. username=?
13. AND
14. password=?
15. LIMIT 1";
16.  
17. $check_log = $dbconnect->prepare($sql_check);
18. $check_log->bind_param('ss', $username, $password);
19.  
20. $username = $_POST['username'];
21. $password = md5( $_POST['password'] );
22.  
23. $check_log->execute();
24.  
25. $check_log->store_result();
26.  
27. if ( $check_log->num_rows == 1 ) {
28. $check_log->bind_result($nama, $level_user, $id_user);
29.  
30. while ( $check_log->fetch() ) {
31. $_SESSION['user_login'] = $level_user;
32. $_SESSION['sess_id'] = $id_user;
33. $_SESSION['nama'] = $nama;
34.  
35. }
36.  
37. $check_log->close();
38.  
39. header('location:on-'.$level_user);
40. exit();
41.  
42. } else {
43. header('location: login.php?error='.base64_encode('Username dan Password Invalid!!!'));
44. exit();
45. }
46.  
47.  
48. } else {
49. header('location:login.php');
50. exit();
51. }