loginSubmit function with permssion session

public function loginSubmit($un, $pw){

		// TODO pull correct login stuff
		$correctUsername = 'admin';
		$correctPassword = '123';

		// bounce to login if unsuccessful
		if($un != $correctUsername)
			header('Location: '.BASE_URL.'/login');
		elseif($pw != $correctPassword)
			header('Location: '.BASE_URL.'/login');

		// if correct username/pw, send to confirmation screen
		else {
			$_SESSION['username'] = $un;

			// Adding correct permissions to session data
			// build query
			$q = sprintf("SELECT * FROM User_Data WHERE username = %d;",
				$un
			);
			$result = $db->query($q); // execute query

			// make sure we found something
			if($result->num_rows == 0) {
				return null;
			} else {
				$row = $result->fetch_assoc(); // get results as associative array

				$_SESSION['permissions'] = $row['permissions'];

			}

			// Moves to profile page
			header('Location: '.BASE_URL.'/'.$un);
		}
	}