Code: Select all
<?php
<? session_start();
include('inc/connect.php');
if ($_SESSION['auth'] != 'authed')
{
$login='1';
include ('form.php');
}
if (isset($_POST['submit']))
{
$email = $_POST['email'];
$password = $_POST['password'];
$result = @mysql_query("SELECT * FROM user WHERE email='$email' && password='$password'") or die(mysql_error());
if(!mysql_num_rows($result))
{
die('Invalid username and/or password');
}else{
$row = mysql_fetch_array($result);
$userlevel = $row['userlevel'];
$_SESSION['auth'] = 'authed';
$_SESSION['userlvl'] = $userlevel;
if ($_SESSION['userlvl']=='admin')
{
header('Location: adminpanel.php');
exit();
}elseif ($_SESSION['userlvl']=='customer'){
header('Location: customerpanel.php');
exit();
}
}
}
?>
?>