Untitled

#logger en person ind
if(isset($_POST['login'])) {

        $username = $_POST['username'];
        $password = sha1($_POST['password']);

        $mysql = connect();
        $sql = "SELECT id,username,password,fornavn,efternavn,level,dag FROM users WHERE username = ? AND password = ? LIMIT 1";
        $stmt = $mysql->prepare($sql);
        $stmt->bind_param("ss", $username, $password);
        $stmt->execute();
        $stmt->store_result();

        if( $stmt->num_rows == 0)
        {
            #echo "Brugernavn eller er kodeord forkert";
        }
        else
        {

            $stmt->bind_result($id,$username,$password,$fornavn,$efternavn,$level,$dag);
            $stmt->fetch();
            $stmt = $mysql->prepare("UPDATE users SET online = '1', login_time = 'login_time' WHERE username = '$username'") or die($mysql->error);
            $stmt->execute();


            #System til point
            $dagTjek = date('z');
            if($dag != $dagTjek)
            {
                $mysql = connect();
                $stmt = $mysql->prepare("UPDATE users SET point = '$point+10', dag='$dagTjek' WHERE username = '$username'") or die($mysql->error);
                $stmt->execute();
            }

            $_SESSION['username']   = $username;
            $_SESSION['userid']     = $id;
            $_SESSION['fornavn']    = $fornavn;
            $_SESSION['brugerid']   = $id;
            $_SESSION['efternavn']  = $efternavn;
            $_SESSION['level']      = $level;
            $_SESSION['loggetind']  = true;
            #$_SESSION['timestamp'] = time();
            $sti = $_SERVER['SCRIPT_NAME']; // Finder URL'en til header location
            header("location: ".$sti ."");

        }#Lukker else
}#Lukker isset login