Untitled

<?php
	header('Content-type: application/json');
	if ($_GET['action'] == "settings") {
		echo(json_encode(array("error"=>"none","messagedisplay"=>"true","message"=>"Welcome to the beta! Please report any bugs to <a href=\"mailto:me@tdoyle.me\">me@tdoyle.me</a>!")));
	}
	else {
	$username = $_GET['username'];
	$password = $_GET['password'];
	$mysqli = new mysqli('localhost', 'shippr', 'nice try', 'shippr');
	if (mysqli_connect_errno()) {exit(json_encode(array("error"=>"yes","message"=>"Problem with the mothership,".mysqli_connect_error()."")));};
	if ($stmt = $mysqli->prepare("SELECT firstname,lastname,id,password,email FROM users WHERE username='$username'")) {
		$stmt->execute();
		$stmt->bind_result($firstname,$lastname,$id,$userpassword,$email);
		$stmt->store_result();
		$rownumber = $mysqli->affected_rows;
	}
	if ($rownumber == "0") {
		exit(json_encode(array("error"=>"yes","message"=>"User not found")));
	}

	while ($stmt->fetch()) {
		if (md5($password) == "$userpassword") {
			if ($_GET['action'] == "shiplist") {
				if($shipped = $mysqli->prepare("SELECT id,trackingnumber,shipper,user,status FROM shipping WHERE user='$username'")) {
					$shipped->execute();
					$shipped->bind_result($shipid,$trackingnumber,$shipper,$trackinguser,$status);
					$shipped->store_result();
					$packages = $shipped->affected_rows;
				}
					echo '{"shipped":[';
					if ($packages == "1") {
						while ($shipped->fetch()) {
							echo '{"type": "'.$shipper.'","number": "'.$trackingnumber.'","status": "'.$status.'"}';
						}
					}
					else {
						while ($shipped->fetch()) {
							echo '{"type": "'.$shipper.'","number": "'.$trackingnumber.'","status": "'.$status.'"},';
						}
					}
					echo "]}";
				}
			else {
				echo(json_encode(array("error"=>"none","username"=>"$username", "firstname"=>"$firstname","lastname"=>"$lastname","userid"=>"$id","useremail"=>"$email")));
			}
		}
		else {
			exit(json_encode(array("error"=>"yes","message"=>"Invalid password")));
		}
	}
	$stmt->close();
	$mysqli->close();
	}
?>