Code: Select all
<?php
if (isset($_POST['username'])&&isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
if (!empty($username)&&!empty($password)){
$query = "SELECT * FROM `employeedetails` WHERE `username`='".mysql_real_escape_string($username)."' AND `password`='".mysql_real_escape_string($password)."' AND `access_level`='1'";
$result = mysql_query($query);
if($rows = mysql_num_rows($result) == 1){
$user_id = mysql_result($result, 0, 'employeeID');
$_SESSION['user_id'] = $user_id;
header("Location: index.php");
} else if ($rows = mysql_num_rows($result) == 0){
$query = "SELECT * FROM `employeedetails` WHERE `username`='".mysql_real_escape_string($username)."' AND `password`='".mysql_real_escape_string($password)."' AND `access_level`='2'";
$result = mysql_query($query);
if($rows = mysql_num_rows($result) == 1){
$user_id = mysql_result($result, 0, 'employeeID');
$_SESSION['user_id'] = $user_id;
header("Location: maindex.php");
} else if($rows = mysql_num_rows($result) == 0){
$query = "SELECT * FROM `employeedetails` WHERE `username`='".mysql_real_escape_string($username)."' AND `password`='".mysql_real_escape_string($password)."' AND `access_level`='3'";
$result = mysql_query($query);
if($rows = mysql_num_rows($result) == 1){
$user_id = mysql_result($result, 0, 'employeeID');
$_SESSION['user_id'] = $user_id;
header("Location: rindex.php");
} else if($rows = mysql_num_rows($result) == 0) {
$query = "SELECT * FROM `employeedetails` WHERE `username`='".mysql_real_escape_string($username)."' AND `password`='".mysql_real_escape_string($password)."' AND `access_level`='4'";
$result = mysql_query($query);
if($rows = mysql_num_rows($result) == 1){
$user_id = mysql_result($result, 0, 'employeeID');
$_SESSION['user_id'] = $user_id;
header("Location: index.php");
} else if($rows = mysql_num_rows($result) == 0) {
echo 'Username and Password Not Found.';
}
}
}
}
} else {
echo '<html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head><link type="text/css" rel="stylesheet" href="css/board.css"/></head>
<body>
<div class="error">
Username and Password should not be blank.
<div class="warning">
<img src="images/warning.png"/>
</div>
</div>
</body>
</html>';
}
}