File Manager V1.5

FILE_CONTENT: user_login.php

<?php
session_start();
require_once('db_conn.php');


$email	= ( isset( $_REQUEST['email'] ) )? 		$_REQUEST['email']: null;
$password	= ( isset( $_REQUEST['password'] ) )? 		$_REQUEST['password']: null;

$email = htmlspecialchars($email);
$password = htmlspecialchars($password);


$result = mysqli_query($conn,"SELECT * FROM user where email = '".$email."' and password = '".$password."'");
	$message = mysqli_num_rows($result);
	if ($message != '0'){
	while($row = mysqli_fetch_array($result)){
	
	$_SESSION['firstname'] = $row['firstname'];
	$_SESSION['surname'] = $row['surname'];
    $_SESSION['id'] = $row['id'];
	$_SESSION['id2']= $row['id2'];
	$_SESSION['cluster'] = $row['cluster'];
	
	
	header("location:home.php");
	} }
	
	else {
		
		echo ("<SCRIPT LANGUAGE='JavaScript'>
    window.alert('No Administrative privilages, enter a correct username & password & try again')
    window.location.href='index.php';
    </SCRIPT>");
	
	}
	
$conn->close();


?>