PhpShit/index.php

<!DOCTYPE html>
<html>
<head>
    <meta charset='utf-8'>
    <meta http-equiv='X-UA-Compatible' content='IE=edge'>
    <title>Placeholder Login</title>
    <meta name='viewport' content='width=device-width, initial-scale=1'>
    <link rel='stylesheet' type='text/css' media='screen' href='main.css'>
    <script src='main.js'></script>
</head>
<body>
    <header>
        <span style="font-family: cursive; color:white; font-size: xx-large;" >Placeholder</span>
        <nav>
            <table>
                <tr>
                    <th><a href="index.html">            
                      <span></span>
                      <span></span>
                      <span></span>
                      <span></span>Home</a></th>
                    <th><a href="Equipment.html">
                      <span></span>
                      <span></span>
                      <span></span>
                      <span></span>Equipment</a></th>
                    <th><a href="">            
                      <span></span>
                      <span></span>
                      <span></span>
                      <span></span>About Us</a></th>
                </tr>
            </table>
        </nav>
    </header>
    <div class="login-box">
        <h2>Login</h2>
        <form action="index.php" METHOD="post">
          <div class="user-box">
            <input type="text" name="employeeID" required="">
            <label>Username</label>
          </div>
          <div class="user-box">
            <input type="password" name="employeePassword" required="">
            <label>Password</label>
          </div>
            <div id="pakbox">
                <button type="submit" id="submitButton" name="Submitto">Submit</button>
            </div>
        </form>
        <div id="regbox"><div id="memb">Not a member?</div>
            <a href="register.html">
            <span></span>
            <span></span>
            <span></span>
            <span></span>
            Click Here!
           </a>
        </div>
        

    </div>
</body>
</html>


<?php
        session_start();
        define('MYSQL','localhost');
        define('USERNAME','root');
        define('PASSWORD','');
        define('DATABASE','g1_pila');
        if(isset($_SESSION['Attempts']) == 0){
            $_SESSION['Attempts'] = 3;
}
        $connect = mysqli_connect(MYSQL,USERNAME,PASSWORD,DATABASE) or die('<script>alert("Server Connection Failed.");</script>');
        if(isset($_POST['Submitto'])){
            $employeeUser = $_POST['employeeID'];
            $employeePass = $_POST['employeePassword'];
            $whereto = "SELECT EMPLOYEE_ID,PASSWD FROM employee where EMPLOYEE_ID='$employeeUser'";
            $result = mysqli_query($connect,$whereto);
            $rows = mysqli_num_rows($result);
            $row = mysqli_fetch_array($result);
            if($_SESSION['Attempts'] != 0){
                if($rows == 0){
                    echo"<script> alert('No such User Exists')</script>";
                }elseif ($row[1] != $employeePass){
                    $_SESSION['Attempts']--;
                    echo "<script>
						alert('Incorrect password, ";
                    echo $_SESSION['Attempts'];
                    if($_SESSION['Attempts'] < 2){
                        echo " Try left');</script>";
                    }else{
                        echo " Tries left'); </script>";
                    }
                }else{
                    $_SESSION['EmployeeID'] = $employeeUser;
                    header("location:home.php");
                }
            }else{
                echo "<script language='javascript'>
						alert('Sorry, You ran out of attempts');
				  </script>";
                session_destroy();
            }
        }
        ?>