-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.php
75 lines (69 loc) · 2.47 KB
/
action.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<?php
require("config/db.php");
if( isset($_GET['action']) && (!empty($_GET['action'])) ){
if($_GET['action'] == "login" && isset($_POST['username']) && (!empty($_POST['username'])) && isset($_POST['password']) && (!empty($_POST['password']))){
$username = str_replace(" ", "", $_POST['username']);
$password = $_POST['password'];
$query = "SELECT id, username, sex, score from user where username = ? and password = ?";
$result = $mysqli->prepare($query);
$result->bind_param("ss", $username, $password);
$result->bind_result($cid, $cusername, $csex, $cscore);
$result->execute();
$result->store_result();
if($result->num_rows > 0)
{
$result->fetch();
$_SESSION['username'] = $cusername;
$_SESSION['score'] = $cscore;
$_SESSION['sex'] = $csex;
$_SESSION['id'] = $cid;
die("<script>alert('success');location.href='user.php';</script>");
}
else{
die("<script>alert('username or password wrong');location.href='index.html';</script>");
}
$result->close();
$mysqli->close();
}
else if( $_GET['action'] == "reg" && isset($_POST['username']) && (!empty($_POST['username'])) && isset($_POST['password']) && (!empty($_POST['password'])) && isset($_POST['sex']) ){
$username = $_POST['username'];
$password = $_POST['password'];
$sex = intval($_POST['sex']);
$sex = $sex == 1?1:0;
$query = "SELECT id, username, sex, score from user where username = ? and password = ?";
$result = $mysqli->prepare($query);
$result->bind_param("ss", $username, $password);
$result->bind_result($id, $cusername, $csex, $cscore);
$result->execute();
$result->store_result();
#var_dump($cusername);
// var_dump($result->num_rows);
if($result->num_rows === 0)
{
$query = "insert into user(username, password, sex) values(?, ?, ?)";
$result = $mysqli->prepare($query);
$result->bind_param("ssi", $username, $password, $sex);
$res = $result->execute();
if($res == true){
echo "<script>alert('success');location.href='index.html';</script>";
}
else{
echo "<script>alert('fail');location.href='reg.html';</script>";
}
}
else{
die("<script>alert('username is used already!');location.href='reg.html';</script>");
}
}
else if($_GET['action'] == "score" && isset($_GET['score'])){
checkLogin();
$score = intval($_GET['score']);
$query = "update user set score = ? where username = ?";
$result = $mysqli->prepare($query);
$result->bind_param("is", $score, $_SESSION['username']);
$result = $result->execute();
}
}
else{
}
?>