<?php
include("conn.php");

if (isset($_REQUEST['submit'])){
	$user_id_input = mysqli_escape_string($conn, $_REQUEST['username']);
	$password_input = mysqli_escape_string($conn, $_REQUEST['password1']);	

	$sql = "SELECT * FROM user_register WHERE email = '$user_id_input' AND pw = '$password_input'";
	$result = mysqli_query($conn, $sql) or die(mysqli_error($conn));
	
		if (mysqli_num_rows($result) > 0) {
			$info = mysqli_fetch_array($result);
				$id = $info['id'];
				$fname = $info['fname'];
				$oname = $info['oname'];
				$phone = $info['phone'];
				$email = $info['email'];
				$pw = $info['pw'];
				$status = $info['status'];
				
				session_start();
				$_SESSION['user_id']=$id;
				$_SESSION['phone']=$phone;
				$_SESSION['email']=$email;
				//$_SESSION['password']=$password;
				$_SESSION['first_name']=$fname;
				$_SESSION['last_name']=$oname;
				
				//if($fname=='admin'){
					header("Location:welcome.php");
				//}else{
				//	header("Location:index.php");
				//}
				
				
			} else {
				header("Location:login.php?status=0");		
			}	
}
?>