i am following procedural login(only with views and includes). lines below and above 46 are as follows.
else { // get and clean data from form $input['user'] = htmlentities($_POST['username'], ENT_QUOTES); $input['pass'] = htmlentities($_POST['password'], ENT_QUOTES); // create query if ($stmt = $mysqli->prepare("SELECT members.id, permissions.name FROM members, permissions WHERE username=? AND password = ? AND members.type = permissions.id")) { $stmt->bind_param("ss", $input['user'], md5($input['pass'] . $config['salt'])); $stmt->execute(); $stmt->bind_result($id, $type); $stmt->fetch(); // check if there is a match in the database for the user/password combination if ($id) { // close statement $stmt->close(); // set session variable $_SESSION['id'] = $id; $_SESSION['type'] = $type; $_SESSION['username'] = $input['user']; $_SESSION['last_active'] = time(); // redirect to member's page header("Location: members.php"); }