if ($_GET['act'] === 'login') {
    $user = $_POST['username'];
    $pwd  = $_POST['password'];

    $stmt = $pdo->prepare("SELECT * FROM users WHERE username=? AND password=?");
    $stmt->execute([$user, $pwd]);
    $u = $stmt->fetch();

    if ($u) {
        $_SESSION['shop_id'] = $u['id'];
        $_SESSION['username'] = $u['username'];
        header("Location: index.php");
        exit;
    } else {
        echo "<script>alert('账号或密码错误');</script>";
    }
}