System: Windows NT WINDOWS18 10.0 build 17763 (Windows Server 2016) AMD64 | User: IWPD_3544(appclien)

Path: D:\Inetpub\vhosts\appclients.in\fruits-vegitables.nmvm.org\includes

<?php
include "../admin/config.php";
$email=mysqli_real_escape_string($con,$_POST['email']);
$password=$_POST['password'];
$sql_Q=mysqli_query($con,"select * from register where cpassword='$password' and ccompany='customer' and (cemail='$email' || ctel='$email')") or die(mysqli_error($con));
//echo mysqli_num_rows($sql_Q);
if(mysqli_num_rows($sql_Q)>0){
$result=mysqli_fetch_array($sql_Q);
$sessionID = session_id();
mysqli_query($con,"UPDATE register SET session_id='$sessionID' where cemail='$email' and cpassword='$password' and ccompany='customer'") or die(mysqli_error($con));

$_SESSION['user_id']=$result['reg_id'];
$_SESSION['regEmailID']=$result['cemail'];
$_SESSION['userName']=$result['cfname']." ".$result['clname'];
$_SESSION['regMobileNo']=$result['ctel'];
$_SESSION['userType']=$result['ccompany'];
$_SESSION['walletAmount']=$result['wallet'];	
if($result['alternateno']!=0)$_SESSION['marketingID']=$result['alternateno'];
else $_SESSION['marketingID']="RBM01";

 if(isset($_SESSION['cart']) && count($_SESSION['cart'])>0){
   $url="../proceedtopay.php"; 
 }
 else{
  $url='/';
 }
?>

<script>
//alert("Login Successful!!");
window.location='<?php echo $url?>';
</script>
<?php
}
else
{
?>
<script>
alert("error!You have entered wrong username or password");
window.location="<?php echo $_SERVER['HTTP_REFERER']; ?>";
</script>
<?php
}
?>