session_start(); $message = ""; include('conn.php'); if(isset($_POST['user'], $_POST['pass'])) { $sql = "SELECT * FROM usuarios WHERE user = '".$_POST['user']."' AND password='".$_POST['pass']."'"; print($sql); $result = mysql_query($sql) or die(mysql_error()); $num_return = mysql_num_rows($result); $row = mysql_fetch_array($result); if ($num_return == 1) { session_register('user'); $_SESSION['user'] = $_POST['user']; session_register('password'); $_SESSION['password'] = $_POST['pass']; if($row['permisos'] == 'admin'){ header ("Location: menu.php"); } else if($row['permisos'] == 'normal'){ header ("Location: menu.php"); } } else { if( $_POST['send'] == 'send' ) $message = "El usuario o la contraseña son invalidos, por favor intente nuevamente."; else $message = ''; } mysql_free_result($sql); } ?>