function login(){ global $con, $username, $errors; $username = e($_POST['u

1. function login(){
2. global $con, $username, $errors;
3.  
4. $username = e($_POST['username']);
5. $password = e($_POST['password']);
6.  
7. // make sure form is filled properly
8. if (empty($username)) {
9. array_push($errors, "Username is required");
10. }
11. if (empty($password)) {
12. array_push($errors, "Password is required");
13. }
14.  
15. // attempt login if no errors on form
16. if (count($errors) == 0) {
17. $password = md5($password);
18.  
19. $query = "SELECT fss_OnlineRegister.custid, custemail, password, fss_Customer.user_type FROM fss_OnlineRegister, fss_Customer WHERE custemail='$username' AND password='$password' LIMIT 1";
20. $results = mysqli_query($con, $query);
21.  
22. if (mysqli_num_rows($results) == 1) { // user found
23. // check if user is admin or user
24. $rows = mysqli_fetch_array($results);
25.  
26. $logged_in_user = mysqli_fetch_assoc($results);
27. if ($rows["user_type"] == "1") {
28.  
29. $_SESSION['user'] = $rows["custemail"];
30. $_SESSION['custid'] = $rows["custid"];
31. $_SESSION['success'] = "You are now logged in";
32. header('location: admin/index.php');
33. }else{
34. $_SESSION['user'] = $rows["custemail"];
35. $_SESSION['custid'] = $rows["custid"];
36. $_SESSION['success'] = "You are now logged in";
37.  
38. header('location: index.php');
39. }
40. }else {
41. array_push($errors, "Wrong username/password combination");
42. }
43. }
44. }