6C8tfzZh
2017-01-11 22:38:02

if (isset($_POST['submit']))
{
$user = $_POST['user'];
$pass = $_POST['pass'];
$admin = $_POST['admin'];

if( $user == "" || $pass == "")
{
echo '<div id ="errormsg">Please fill in all fields</div>';
}

else
{
$query = mysqli_query($dbcon, "SELECT * FROM users WHERE username = '$user'
and password = '$pass' and admin = '$admin' ") or die ("Can't query the database");
$count = mysqli_num_rows($query);

if($count == 1)
{
if ($admin == 1)
{
$_SESSION['username'] = $user;
header("location: admin.php");
}
else if ($admin == 0)
{
$_SESSION['username'] = $user;
header("location: users.php");
}
else
{
echo '<div id="errormsg">No matches, try again</div>';
}
}
}
}

<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<fieldset>
<label class="login">Username:</label><input type="text" name="user" /><br />
<label class="login">Password:</label><input type="password" name="pass" /><br />
<label class="login">Admin?:</label><input type="checkbox" value="1" name="admin" /><br/>

<input type="submit" name="submit" value="Login" />
</fieldset>
</form

if ($admin == 1)

if (isset($admin))

if (isset($admin))
{
$_SESSION['username'] = $user;
header("location: admin.php");
exit;
} else {
$_SESSION['username'] = $user;
header("location: users.php");
exit;
}

$query = mysqli_query($dbcon, "SELECT * FROM users WHERE username = '".$user."'' and password = '".$pass."''") or die ("Can't query the database");