-
Notifications
You must be signed in to change notification settings - Fork 1
/
s18.php
81 lines (70 loc) · 1.95 KB
/
s18.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php
session_start();
$name = "";
$email= "";
$errors = array();
$db = mysqli_connect('localhost', 'root', '', 'urcart');
if (isset($_POST['signup'])) {
$name = mysqli_real_escape_string($db, $_POST['name']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$pwd = mysqli_real_escape_string($db, $_POST['pwd']);
if (empty($name)) {
array_push($errors,"Username is required");
}
if (empty($email)) {
array_push($errors,"Email is required");
}
if (empty($pwd)) {
array_push($errors,"Password is required");
}
//if no error save user to database
if (count($errors) == 0) {
$password = md5($pwd);
$sql = "INSERT INTO users (usersName, usersEmail, usersPwd) VALUES ('$name','$email','$password')";
mysqli_query($db, $sql);
$_SESSION['name'] = $name;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}
}
// log the user in
if (isset($_POST['login'])) {
$name = mysqli_real_escape_string($db, $_POST['name']);
$pwd = mysqli_real_escape_string($db, $_POST['pwd']);
if (empty($name)) {
array_push($errors,"Username is required");
}
if (empty($pwd)) {
array_push($errors,"Password is required");
}
if (count($errors) == 0) {
$password = md5($pwd);
$query = "SELECT * FROM users WHERE usersName ='$name' AND usersPwd ='$password'";
$result = mysqli_query($db, $query);
if (mysqli_num_rows($result) == 1) {
$_SESSION['name'] = $name;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
} else {
array_push($errors, "wrong name/password combination");
}
}
}
// logout
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['name']);
header('location: login.php');
}
//sales
if (empty($_SESSION['name'] )) {
//
}
else{
if(isset($_POST['sale'])){
$name= $_SESSION['name'] ;
$pid = "19";
$quer = "INSERT INTO userprod (usersId, pid) VALUES ('$name','$pid')";
mysqli_query($db,$quer);
header('location: success.php');}}
?>