<?php
error_reporting(0);
@session_start();
include("config.php");



$mobile=$_POST['mobile']; 
$password=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$mobile = stripslashes($mobile);
$password = mysql_real_escape_string($password);

	//$password = md5($password);

    $sql="SELECT * FROM admin WHERE mobile='$mobile' AND password='$password' "; 
$result=mysql_query($sql);
 $row = mysql_fetch_array($result); 
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
//echo $count; exit;
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"

$_SESSION['adminid']=stripslashes($row['id']); 
//$_SESSION['mobile']=$mobile;
$_SESSION['admin_mobile']=$row['customer_mobile'];


header("location:dashboard.php?flag=dn");
}
else {
header("location:index.php?flag=invalid");
exit;
}
   
?>