<?php
session_start();
$page_title='Status';
include("global.inc.php");
include("connection.inc.php");
include("status_inc.php");

$action = isset($_REQUEST['action'])?trim($_REQUEST['action']):'';
//$password = (isset($_REQUEST['password'])?md5(trim($_REQUEST['password'])):'');

$password = (isset($_REQUEST['password'])?trim($_REQUEST['password']):'');
$p = md5($password);

//$password = md5(trim($_REQUEST["password"]));

if($action == "logout")
{
	unset($_SESSION["flag"]);
	if(isset($_SESSION['status']))
	unset($_SESSION["status"]);
	header("Location:login.php");
	exit();
}

if($password != '')
{
		$sql = "SELECT access_level FROM  `user` WHERE PASSWORD =  '{$p}' ";
		if(!$result =mysqli_query($db, $sql))die(mysqli_error());
		if(mysqli_num_rows($result) > 0)
		{
		    //echo "<pre>"; print_r($result); echo "</pre>";
			$_SESSION["flag"] = 1;
			//$_SESSION["access"] = mysqli_result($result);
			header("Location: admin-status.php");
		exit();
		}
	else
		{
			$msg = "Enter correct password";
			header("Location:login.php?msg=".urlencode($msg));
			exit();
		}
}	
else
{
	if($password == '')
		{
			$msg = "Please enter password";
		}
			header("Location:login.php?msg=".urlencode($msg));
		exit();
}






?>