Mini Shell

<?php
    include '../db/database.php';
    
    $username = mysqli_real_escape_string($link,$_POST['username']);
    $password = mysqli_real_escape_string($link,$_POST['password']);
    $year = mysqli_real_escape_string($link,$_POST['year']);
    

    $salt = 'tikde78uj4ujuhlaoikiksakeidke';
    $hash_login_password = hash_hmac('sha256', $password, $salt);
    
    $sql = "SELECT * FROM teacher WHERE username='".$username."' and password='".$hash_login_password."' ";
    $result = mysqli_query($link, $sql);
    
   if(mysqli_num_rows($result)==1){
        session_start();
        $row_user = mysqli_fetch_array($result, MYSQLI_ASSOC);
        $_SESSION['teacherID'] = $row_user['teacherID'];      
        $_SESSION['username'] = $row_user['username'];
        $_SESSION['year'] = $year;
        header('Content-Type: application/json');
        echo json_encode(array('status' => 'success'));
    } else {
        header('Content-Type: application/json');
        $errors = "Username หรือ Password ไม่ถูกต้อง" . mysqli_error($link);
        echo json_encode(array('status' => 'danger','message' => $errors));
    }
    
    mysqli_close($link);