<? php include "db.php"; $msg = ""; if ($_SERVER['REQUEST_METHOD'] == 'PO

1. <? php include "db.php";
2.  
3. $msg = "";
4.  
5. if ($_SERVER['REQUEST_METHOD'] == 'POST')
6. {
7. $username = $_POST["username"];
8. $password = $_POST["password"];
9.  
10.  
11. if ($username == '' || $password == '')
12. {
13. $msg = "You must enter all fields";
14. }
15. else
16. {
17. $sql = "SELECT * FROM users WHERE username = '$username' AND password
18. = '$password'";
19. $query = mysql_query($sql);
20.  
21. if ($query == false)
22. {
23. echo "Could not successfully run query ($sql) from DB: " .
24. mysql_error();
25. exit;
26. }
27.  
28. $check_user = mysql_num_rows($query);
29. if($check_user>0)
30. {
31. // here you need $run_user data
32. // use fetch_ methods, for example `fetch_assoc()`
33. $user_data = mysql_fetch_assoc($query);
34.  
35. // print_r($user_data) to check keys
36. if ($user_data["user_role"] == 'admin')
37. {
38.  
39. header("abc.php");
40. exit;
41. }
42. else
43. {
44. if ($user_data["user_role"] == 'user') {
45. header("xyz.php");
46. exit;//redirect somehwere else
47. }
48. else
49. {
50. if($user_data["username"] != '$username' && $user_data["password"] !=
51. '$password')
52. {
53. echo "invalid username or password";
54. exit;
55. }`
56.  
57. here is my abc.php
58. <?php
59.  
60. session_start();
61. include "db.php";
62.  
63.  
64.  
65. if ((empty($_SESSION['user'])) ){
66. header('Location: login.php');
67. exit;
68. }
69. ?>