$sql = "SELECT * FROM user WHERE username = '$_POST[username]' AND password = '$

1. $sql = "SELECT * FROM user WHERE username = '$_POST[username]' AND password = '$_POST[password]'"; $result = mysql_query($sql); $temukan = mysql_num_rows($result); if ($temukan > 0) { $log = mysql_fetch_assoc($result); $_SESSION['username'] = $_POST['username']; $hak_akses = explode(", ", $log['hak_akses']); $_SESSION['barang'] = !empty(in_array("barang", $hak_akses)) ? "TRUE" : "FALSE"; $_SESSION['transaksi'] = !empty(in_array("transaksi", $hak_akses)) ? "TRUE" : "FALSE"; header("location:halaman_utama.php"); } else { echo"Gagal Login ..."; }