<?phpsession_start();$conn = mysql_connect("localhost", "root", "");mysql_

1. <?php
2. session_start();
3. $conn = mysql_connect("localhost", "root", "");
4. mysql_select_db("ash");
5. $user = mysql_real_escape_string($_POST["username"]);
6. $pass = mysql_real_escape_string($_POST["password"]);
7.  
8. $encrypt_pass = sha1($pass);
9.  
10. $result_admin= mysql_query("SELECT * FROM users WHERE username = '$user' AND password = '$encrypt_pass' AND isadmin = 1");
11. $result = mysql_query("SELECT * FROM users WHERE username = '$user' AND password = '$encrypt_pass'");
12.  
13. if (mysql_num_rows($result) == 0)
14.     {
15.      echo "No matching username and password found";
16.     }
17.        
18. else if(mysql_num_rows($result_admin) == 1)
19.     {
20.      $_SESSION['isadmin']=1;
21.      $_SESSION['user'] = $_POST["username"];
22.     header ("Location: index.php");          
23.     }
24. else if(mysql_num_rows($result) == 1)
25.     {
26.      $_SESSION['user'] = $_POST["username"];        
27.      header ("Location: index.php");
28.    
29.     }
30. ?>