<?phpsession_start();if (isset($_POST['token']) && $_POST['token'] !== '') {

1. <?php
2.  
3. session_start();
4.  
5. if (isset($_POST['token']) && $_POST['token'] !== '') {
6.  
7. include "../config/config.php";
8.  
9. $user = mysqli_real_escape_string($con, (strip_tags($_POST['email'], ENT_QUOTES)));
10. $pass = sha1(md5(mysqli_real_escape_string($con, (strip_tags($_POST['password'], ENT_QUOTES)))));
11.  
12.  
13. $query = mysqli_query($con, "SELECT * FROM user WHERE (email= "" . $user . "" or username= "" . $user . "") and password= "" . $pass . "" and is_active=1,and is_admin");
14.  
15. if ($row = mysqli_fetch_array($query)) {
16.  
17. $_SESSION['user_id'] = $row['id'];
18. header("location: ../dashboard.php");
19.  
20. } else if ($row != mysqli_fetch_array($query)){
21. $_SESSION['user_id'] = $row['id'];
22. header("location: ../dashboardGeneral.php");
23. } else {
24. $invalid = sha1(md5("contrasena y email invalido"));
25. header("location: ../index.php?invalid=$invalid");
26. }
27. }
28. ?>