query("SELECT user_code FROM system_user WHERE user_name = '".$user."' AND user_trash = '0' LIMIT 1") ; // check if user exists if ($mysqli_user->num_rows > 0){ // set query as array $row_user = $mysqli_user->fetch_array(MYSQLI_ASSOC) ; // encode password with md5 + code $code = $row_user['user_code'] ; // check if capcha corrent $password = md5(md5($password).$code) ; // query for user $mysqli_user = $mysqli->query("SELECT user_id, user_name, user_code, user_permission, user_visit_count FROM system_user WHERE user_name = '".$user."' AND user_password = '".$password."' AND user_trash = '0' LIMIT 1") ; // check if user exists if ($mysqli_user->num_rows > 0){ echo 4 ; }else{ echo 2 ; } }else{ echo 2 ; } exit ; } } echo 'Page Error.' ; ?>