<?php
        session_start();
          include("./include/FunctionDB.php");
    ConnectDB();
    
        
   $Username =  $_REQUEST["Username"];
   $Password = $_REQUEST["Password"];
     if($Username && $Password) 
         {
    $Password = md5($Password);
    $sql = "SELECT * FROM user_tb WHERE (Username ='$Username' AND Password='$Password') AND Flag IN ('0','1')";
    $result = mysql_query($sql) or die(" $result".mysql_error());
    $row = mysql_num_rows($result);
    $rs = mysql_fetch_array($result);
    $Priority = $rs["Priority"];
   $_SESSION['valid_user'] = $Username;
    $_SESSION['priority'] = $priority;
    $_SESSION['password'] = $Password;
       if( $row < 1 )
              {
         
                     ?>
                   <body bgcolor="#"><br>
                   <center> <font face="Tohama" size="5" color="#FF0000">ชื่อผู้ใช้ หรือ รหัสผ่าน ไม่ถูกต้อง  กรุณากรอกใหม่ค่ะ</font>
                   </center>
                   <!--<meta http-equiv="refresh" content="3;URL=login.php">-->
                    <meta http-equiv="refresh" content="1;URL=login.php">
                 <!--  <meta http-equiv="Content-Type" content="text/html; charset=TIS-620">
                  <link href="./source/style.css" rel="stylesheet" type="text/css">-->
                  
                  <?php
            }
         else
            {
             
              $sql = "SELECT * FROM permission_tb WHERE permision='$Priority' ";
              $result2 = mysql_query($sql) or die(" $result".mysql_error());
              $rss = mysql_fetch_array($result2);
              session_register("valid_user");
              session_register("password") ;
              session_register("Priority") ;
               $goto = $rss["url"];
             //  header("$goto");
            //header("Location: $goto");
         
           echo "<meta http-equiv=\"refresh\" content=\"0;URL=$goto\">";
             }
     }
     else
        {
            ?>
              <br>
              <center> <font face="Tohama" size="5" color="#FF0000">กรุณากรอก ชื่อผู้ใช้ และรหัสผ่าน ก่อนเข้าระบบค่ะ </font>
              </center><br>
          <!--  <meta http-equiv="refresh" content="3;URL=login.php">-->
             <meta http-equiv="refresh" content="1;URL=login.php">
            </body>
            <?php
          }
?>