<?php
include("conn.php");

if (isset($_REQUEST['username'])){
	$user_id_input = mysqli_escape_string($conn, $_REQUEST['username']);
	$password_input = mysqli_escape_string($conn, $_REQUEST['password1']);	

	$sql = "SELECT * FROM register_tb WHERE username = '$user_id_input' AND password = '$password_input'";
	$result = mysqli_query($conn, $sql) or die(mysqli_error($conn));
	
		if (mysqli_num_rows($result) > 0) {
			$info = mysqli_fetch_array($result);
				$id = $info['id'];
				$username = $info['username'];
				$password = $info['password'];
				$first_name = $info['first_name'];
				$last_name = $info['last_name'];
				$user_type = $info['user_type'];
				
				session_start();
				$_SESSION['id']=$id;
				$_SESSION['username']=$username;
				$_SESSION['password']=$password;
				$_SESSION['first_name']=$first_name;
				$_SESSION['last_name']=$last_name;
				$_SESSION['user_type']=$user_type;
				
				if($_SESSION['user_type']=='1'){ //author
					header("Location:welcome.php");
				}elseif($_SESSION['user_type']=='2'){ //Reviewer
					header("Location:my_publications.php");
				}
				
				
			} else {
				header("Location:login.php?status=0");		
			}	
}
?>