shop/validate.php at master · 88Group/shop · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<?php
$con=mysqli_connect("us-cdbr-iron-east-04.cleardb.net","b966a2a16a969f","01d02abd","heroku_0b7502a16e114a3");
session_start();
// Check connection
if (mysqli_connect_errno())
	{
	echo "Failed to connect to MySQL: " . mysqli_connect_error(); }
	elseif(isset($_POST['submit']) && !isset($_SESSION["uid"]))
	{
		$id = mysqli_real_escape_string($con,$_POST['userID']);
		$pass = mysqli_real_escape_string($con,$_POST['password']);
		$sql = "SELECT * FROM users WHERE userID = '$id' AND password = '$pass' LIMIT 1";
		$res = mysqli_query($con,$sql);
	if (!$res)
	{
	die('Error: ' . mysqli_error($con));
	 }
	 else
	 {
	 	if(mysqli_num_rows($res)==0)
	 	{
	 		echo "UserID or Password is/are incorrect";
	 	}
	 	else
	 	{

				$_SESSION["uid"] = $id;
				if(isset($_SESSION["pid"]) && isset($_SESSION["quan"]))
				{
					echo "<script> window.location.href = 'recover.php';</script>";
				}
				else
				{
					echo "<script> window.location.href = 'index.php';</script>";
				}
	 	}
	 }
	}
	elseif (isset($_SESSION["uid"])) {
		echo "<script> alert('You are already logged in');</script>";
		echo "<script> window.location.href = 'index.php';</script>";
	}

mysqli_close($con);
 ?>