hjkhghopjkertteerterterterertertrtoirh

<?php session_start(); ob_start(); $dbhost = 'localhost'; $dbuser = 'root'; $dbpass = ''; $dbname = 'pokok'; $mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname); if ($mysqli→connect_errno) { printf("Connect failed: %s<br />", $mysqli→connect_error); exit(); } if ($_POST['userid'] != '' && $_POST['password'] != '') { echo $sql = "select USE_USERSCODE, USE_SHORTNAME, USE_PASSWORDS , USE_SYSSTATUS from LAN_USERSCODE where USE_USESTATUS='Y' AND USE_USERSCODE='" . $_POST['userid'] . "' and USE_PASSWORDS='" . md5($_POST['password']) . "'"; $query = mysqli_query($mysqli, $sql); while ($row = mysqli_fetch_array($query)) { $_SESSION['shortname'] = $row['USE_SHORTNAME']; $_SESSION['userscode'] = $row['USE_USERSCODE']; $_SESSION['sysstatus'] = $row['USE_SYSSTATUS']; } if (isset($_SESSION['shortname'])) { header("Location: admin/index"); } else { header("Location: login?error=1"); } } else { header("Location: login?error=1"); }