login.php

1. <?php
2.         include('dbcon.php');
3.         session_start();
4.         $username = $_POST['username'];
5.         $password = $_POST['password'];
6.        
7.         /* admin */
8.         $resultFilms = $conn->prepare("select * from users where username = '$username' and password = '$password'")or die(mysql_error());
9.         $resultFilms->execute();
10.         $num_row = $resultFilms->rowcount();
11.         $row = $resultFilms->fetch();
12.        
13.         /* Staff */
14.         $query_teacher = $conn->prepare("SELECT * FROM staff WHERE username='$username' AND password='$password'")or die(mysql_error());
15.         $query_teacher->execute(); 
16.         $num_row_teacher = $query_teacher->rowcount();
17.         $row_teahcer = $query_teacher->fetch();
18.        
19.  
20.        
21.         if( $num_row > 0 ) {
22.         $_SESSION['id']=$row['user_id'];
23.         echo 'true_user';  
24.         $conn->query("insert into user_log (username,login_date,user_id)values('$username',NOW(),".$row['user_id'].")")or die(mysql_error());
25.         }
26.         else if ($num_row_teacher > 0){
27.         $_SESSION['id']=$row_teahcer['staff_id'];
28.         echo 'true';
29.         $conn->query("insert into user_log (username,login_date,user_id)values('$username',NOW(),".$row_teahcer['staff_id'].")")or die(mysql_error());
30.          }
31.  
32.          else{
33.                 echo 'false';
34.         }  
35.         ?>