connect_errno) {
die("DB connection error: " . $mysql->connect_error);
}
$error = "";
// FORM SUBMISSION HANDLER (plain-text passwords)
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$email = trim($_POST['email'] ?? "");
$password = trim($_POST['password'] ?? "");
if ($email === "" || $password === "") {
$error = "Please enter both email and password.";
} else {
// Look up the user by email
$stmt = $mysql->prepare(
"SELECT user_id, full_name, password, is_admin
FROM users
WHERE usc_email = ?
LIMIT 1"
);
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
$user = $result->fetch_assoc();
if (!$user) {
$error = "Account not found.";
} else {
$stored = $user['password'];
// Plain text check
if ($stored !== $password) {
$error = "Incorrect password.";
} else {
// LOGIN SUCCESS
$_SESSION['user_id'] = $user['user_id'];
$_SESSION['full_name'] = $user['full_name'];
$_SESSION['is_admin'] = $user['is_admin'];
// Redirect to landing page for everyone
header("Location: landing.php"); // change to your real landing filename
exit();
}
}
}
}
?>
USC Marketplace Login
