<?php
@session_start();
include("config.php");
error_reporting(0);


$mobile=$_POST['mobile']; 
$password=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
//$mobile = stripslashes($mobile);
//$password = mysql_real_escape_string($password);

	//$password = md5($password);

    $sql="SELECT * FROM employee WHERE emp_mobile='$mobile' AND password='$password' "; 
$result=mysql_query($sql);
 $row = mysql_fetch_array($result); 
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

if($count==1){

$_SESSION['empid']=stripslashes($row['id']); 
//$_SESSION['mobile']=$mobile;
$_SESSION['emp_mobile']=$row['emp_mobile'];
$_SESSION['empname']=$row['emp_name'];
$_SESSION['branch']=$row['branch'];
header("location:welcome.php?flag=dn");
}
else {
header("location:index.php?flag=invalid");

}
    if($row['permition']!=='approve')
				{
					header("Location:index.php?flag=unaproved"); exit;
				}
				else{
					header("Location:welcome.php?flag=right");
					exit;
				}
   
?>