real_escape_string($_POST['email']); $password = $link->real_escape_string($_POST['password']); if($email == "" || $password == ""){ $msg = "Account or Password fields cannot be empty!"; }else { $sql = "SELECT * FROM tbl_users WHERE pwd = '$password' AND email='$email' "; $result = mysqli_query($link, $sql); if(mysqli_num_rows($result) > 0){ $row = mysqli_fetch_assoc($result); if($row['pwd'] == $password && $row['email'] == $email){ $_SESSION['email']=$_POST['email']; $_SESSION['fname']=$row['fname']; $_SESSION['lname']=$row['lname']; $_SESSION['acctno']=$row['acctno']; $_SESSION['uid']=$row['id']; $_SESSION['pin']=$row['pin']; $_SESSION['phone']=$row['phone']; $_SESSION['pics']=$row['pics']; $_SESSION['ip']=$row['ip']; $_SESSION['address']=$row['address']; $_SESSION['balance']=$row['balance']; $_SESSION['country']=$row['country']; $_SESSION['utype']=$row['utype']; $_SESSION['zipcode']=$row['zipcode']; $_SESSION['bdate']=$row['bdate']; $_SESSION['bname']=$row['bname']; $_SESSION['state']=$row['state']; $_SESSION['city']=$row['city']; $_SESSION['ssn']=$row['ssn']; $_SESSION['rtn']=$row['rtn']; $account = $_SESSION['acctno']; header("location:secured/users/pin.php?account=$account&&email=$email"); } else{ $msg = "Email or Password incorrect!"; } } } } function test_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; }