If pre obsah poľa – PHP – Fórum – Programujte.com

Ahoj, mám tento kód. Potrebujem zmeniť header, ak je v DB v stĺpci privileges hodnota user, tak chcem mať header (game/main.php);, ak bude napríklad admin tak administration.php. Vedel by mi to niekto prosím poupraviť? Ďakujem za pomoc. Tu je kód:
 

if(isset($_POST['odoslat'])){   

    $username = mysqli_real_escape_string($con, $_POST['username']);
    $username = trim( $username );
    $username = htmlspecialchars( $username, ENT_QUOTES );
     
    $password = mysqli_real_escape_string($con, $_POST['password']);
    $password = trim( $password );
    $password = htmlspecialchars( $password, ENT_QUOTES );  
    
    $login_check = mysqli_query($con,"SELECT `id` FROM `user` WHERE `username`='$username' AND `password`='".sha1($front_salt.$password.$back_salt)."'") or die (mysqli_error($con));
    if(mysqli_num_rows($login_check) == 0){
      echo $lang['ECHO_BAD_COMBINATION'];
    }else{
      $activated_check = mysqli_query($con,"SELECT `activated` FROM `user` WHERE `username`='$username' AND `password`='".sha1($front_salt.$password.$back_salt)."'") or die (mysqli_error($con));
      $activated = mysqli_fetch_assoc($activated_check);
      if($activated['activated'] == 0){
        echo $lang['ECHO_NOT_ACTIVATED'];
      }else{
        $get_id = mysqli_fetch_assoc($login_check);
        $_SESSION['uid'] = $get_id['id'];

    
       header("Location: game/main.php");
     
        $t = file_get_contents("game/logs/prihlasenia.txt");
      $today = date("Y-m-d H:i:s");
      $t .= $today." Používateľ ".$username." "."sa prihlásil!"."\r\n";
      file_put_contents("game/logs/prihlasenia.txt",$t);
      }       
    }
  }

Som v tomto začiatočník. Ďakujem za každú pomoc. Mám 2 registračné stránky no na prihlásenie chcem urobiť jeden script, ktorý to rozdelí. Ďakujem za pomoc.

Není k tomu potřeba nic, co bys tam už neměl... 

if(isset($_POST['odoslat'], $_POST['username'], $_POST['password'])) {
  //odkud jsi tu silenost opsal?
  $username = mysqli_real_escape_string($con, $_POST['username']);
  $username = trim( $username );
  $username = htmlspecialchars( $username, ENT_QUOTES );
   
  $password = mysqli_real_escape_string($con, $_POST['password']);
  $password = trim( $password );
  $password = htmlspecialchars( $password, ENT_QUOTES );  

  //takove skladani sql je na prd
  //kazdopadne muzes vsechny potrebne sloupce nacist najednou
  $query = mysqli_query($con,"SELECT `id`, `activated`, `privileges` FROM `user` WHERE `username`='$username' AND `password`='".sha1($front_salt.$password.$back_salt)."'") or die (mysqli_error($con));

  if(mysqli_num_rows($query) == 0){
    echo $lang['ECHO_BAD_COMBINATION'];
  }else{
    $user = mysqli_fetch_assoc($query);

    if($user['activated'] == 0){
      echo $lang['ECHO_NOT_ACTIVATED'];
    }else{
      $_SESSION['uid'] = $user['id'];

      if ($user['privileges'] == 'admin') {
        header("Location: administration.php");
      } else {
        header("Location: game/main.php");
      }

      //taky hruza
      $t = file_get_contents("game/logs/prihlasenia.txt");
      $today = date("Y-m-d H:i:s");
      $t .= $today." Používateľ ".$username." "."sa prihlásil!"."\r\n";
      file_put_contents("game/logs/prihlasenia.txt",$t);
    }       
  }
}

    $login_check     = mysqli_query($con,"SELECT `id` FROM `user` WHERE `username`='$username' AND `password`='".sha1($front_salt.$password.$back_salt)."'") or die (mysqli_error($con));    $activated_check = mysqli_query($con,"SELECT `activated` FROM `user` WHERE `username`='$username' AND `password`='".sha1($front_salt.$password.$back_salt)."'") or die (mysqli_error($con)); 
    $user            = mysqli_query($con,"SELECT `id`,`privileges`,`activated` FROM `user` WHERE `username`='$username' AND `password`='".sha1($front_salt.$password.$back_salt)."'") or die (mysqli_error($con));

Neni mi jasne, proc na user check, activated a privilegia pouzivas 100.000 a 1 sql dotazu, kdyz staci 1.