Untitled

<html>

<head>

<script src='https://www.google.com/recaptcha/api.js'></script>

</head>

<body>

<br />
<p>Please log in to your account below:</p>

<form action="index.php" method="post" target="_self">
    <b>User Name:</b><br>
    <input type="text" size="20" name="userid"><br />
<br />
    <b>Password:</b><br>
    <input type="password" size="20" name="password"><br />
<br />

<div class="g-recaptcha" data-sitekey="_MY PUBLIC SITE KEY_"></div>
<br />
    <input type="submit" name="submit" value="Login">
    <input type="hidden" value="validate" name="content">
</form>

<?php

if (isset($_POST['submit'])) {
    $userid = $_POST["userid"];
    $password = $_POST["password"];
    $secretkey = "_MY SECRET KEY_";
    $responsekey = $_POST["g-recaptcha-response"];
    $useripaddress = $_SERVER["REMOTE_ADDR"];

    $url = "https://www.google.com/recaptcha/api/siteverify?secret={$secretkey}&respone={$responsekey}&remoteip={$useripaddress}";
    $response = file_get_contents($url);
    echo $response;
}

require_once("scripts/thecrab.php");

$userid = htmlspecialchars($_POST['userid']);
$password = htmlspecialchars($_POST['password']);

$query = "SELECT userid from users where userid = ? and password = PASSWORD(?)";
$stmt = $pdo->prepare($query);
$stmt->execute([$userid, $password]);

if (!$stmt->rowCount() & $response->success == 0) {
    echo "<h2>Sorry, your user account was not validated.</h2><br>n";
    echo "<a href="index.php?content=login">Try again</a><br>n";
    echo "<a href="index.php">Return to Home</a>n";
} else {
    $_SESSION['valid_recipe_user'] = $userid;
    echo "<h2>Log In Successful</h2><br>n";
    echo "<a href="index.php"><img src="images/image-11.png"></a>n";
}
?>

{
    "success": false,
    "error-codes": [
        "missing-input-response"
    ]
}

if (!$stmt->rowCount() & $response->success == 0)

if (isset($_POST['submit'])) // Checks to see if the form was submitted