peerapongsam · January 4, 2017 11:32
diff --git a/checklogin.php b/checklogin.php
 <?php
 session_start();
 mysql_connect("localhost","root","");
 mysql_select_db("tutorials");
 $strSQL = "SELECT * FROM member WHERE username = '".mysql_real_escape_string($_POST['txtusername'])."' 
 and password = '".mysql_real_escape_string($_POST['txtpassword'])."'";
 $Query = mysql_query($strSQL);
 $Result = mysql_fetch_array($Query);
 if(!$Result)
 {
 echo "Username and Password Incorrect!";
 }
 else
 {
 $_SESSION["member_id"] = $Result["member_id"];
 $_SESSION["status"] = $Result["status"];

 session_write_close();

 if($Result["status"] == "admin")
 {
 header("location:admin.php");
 }
 else
 {
 header("location:user.php");
 }
 }
 mysql_close();
 ?>
	<?php
	session_start();
	mysql_connect("localhost","root","");
	mysql_select_db("tutorials");
	$strSQL = "SELECT * FROM member WHERE username = '".mysql_real_escape_string($_POST['txtusername'])."'
	and password = '".mysql_real_escape_string($_POST['txtpassword'])."'";
	$Query = mysql_query($strSQL);
	$Result = mysql_fetch_array($Query);
	if(!$Result)
	{
	echo "Username and Password Incorrect!";
	}
	else
	{
	$_SESSION["member_id"] = $Result["member_id"];
	$_SESSION["status"] = $Result["status"];

	session_write_close();

	if($Result["status"] == "admin")
	{
	header("location:admin.php");
	}
	else
	{
	header("location:user.php");
	}
	}
	mysql_close();
	?>