<?php session_start();include ("../connection.php"); # make a variab

1. <?php
2. session_start();
3. include ("../connection.php");
4.  
5. # make a variable out of the username that was posted in the index-page.
6. $username = $_POST['user'];
7. # I am not sure what this thing makes.. but it has something with safety to do.
8. $escaped_username = mysql_real_escape_string($username);
9. # make a md5 password.
10. $password = $_POST['pass'];
11.  
12. $queryN = mysql_query("SELECT * FROM user where username = '".$username."' and password = '".$password."'");#This variable will check if the user is a level 1 user (Normal User)
13. $queryA = mysql_query("SELECT * FROM user where username = '".$username."' and password = '".$password."' AND
14. level='9'");#This variable will check if the user is a level 9 user (Admin User)
15.  
16.  
17. if(mysql_num_rows($queryN) == 1)
18. {
19. $resultN = mysql_fetch_assoc($queryN);
20. $_SESSION['user'] = $_POST['user'];
21. header("location:login.php");
22. }
23. elseif(mysql_num_rows($queryA) == 1)
24. {
25. $resultA = mysql_fetch_assoc($queryA);
26. $_SESSION['admin'] = $_POST['user'];
27. header("location:login.php");
28. }
29. else
30. {
31. echo "Wrong Username or Password";
32. }
33. ?>
34. <form name="back" method="post" action="login.php">
35. <input type="submit" name="back" id="back" value="Back to Home">