login.php
Code: Select all
<?php
include("connect.php");
$username = strtolower(trim($_POST["username"]));
$password = strtolower(trim($_POST["password"]));
$result = mysql_query("SELECT * FROM users WHERE username='$username' && password='$password'");
$row = mysql_fetch_array($result);
if(!$_POST["username"]) {
header("Location: index.php");
} elseif(!$_POST["password"]) {
header("Location: index.php");
} elseif($username == $row["username"] && $password == $row["password"]) {
$result = mysql_query("SELECT username,user_code,account_type FROM users WHERE username='$username'");
$row = mysql_fetch_array($result);
session_start();
$_SESSION["user"] = $row["username"];
$_SESSION["user_code"] = $row["user_code"];
$_SESSION["account_type"] = $row["account_type"];
header("Location: index.php");
} else {
header("Location: index.php");
}
?>Code: Select all
<?php
session_start();
if($_SESSION["account_type"] !== "Customer") {
// Do not allow access
header("Location: logout.php");
}
if($_SESSION["account_type"] == "Customer") {
// Allow access
}
?>Code: Select all
<?php
session_start();
session_unset();
$_SESSION = array();
session_destroy();
header("Location: index.php");
?>feyd | I've rebuilt your poll.