<?php //No validations require 'config.php'; class Login{ private $conx;

1. <?php
2. //No validations
3. require 'config.php';
4. class Login{
5. private $conx;
6.  
7. public function __construct(){
8. try{
9. $this->conx = new mysqli('127.0.0.1','root','','oop');
10. if($conx->connect_errno){
11. die("database failure".$conx->connect_error);
12. }
13.  
14.  
15. }catch(Exception $e){
16. echo 'error'.$conx->connect_error;
17. }
18.  
19.  
20. }
21.  
22. public function __destruct(){
23. $this->conx->close();
24.  
25. }
26. /*
27. *data is posted through prepared statements to minimise SQL injection
28. *prepared statement is first defined;
29. *parameters are then bound to the query statement
30. *parameters are given arguments and query executed
31. */
32. public function register($fname,$lname,$email,$username,$pass){
33. $username = $this->conx->real_escape_string($username);
34. $pass = $this->conx->real_escape_string($pass);
35. $query = $this->conx->prepare("INSERT INTO users (username,password,fname,lname,email) VALUES (?,?,?,?,?)");
36. $query->bind_param("sssss",$uname,$psw,$fnam,$lnam,$mail);
37. $uname = $username;
38. $psw = $pass;
39. $fnam = $fname;
40. $lnam = $lname;
41. $mail = $email;
42. if($query->execute() && $query->affected_rows== true){
43. echo 'success';
44.  
45. }else{
46. echo 'Error inserting data';
47. }
48.  
49. $query->close();
50.  
51. }
52.  
53. public function signin($username,$password){
54. $username = $this->conx->real_escape_string($username);
55. $password = $this->conx->real_escape_string($password);
56. $query = $this->conx->prepare("SELECT uid FROM users WHERE username=? AND password=?");
57. $query->bind_param("ss",$user,$pass);
58. $user = $username;
59. $pass = $password;
60. if($query->execute()==true){
61. if($query->num_rows>0){
62. echo 'Login Successful';
63. }else{
64. echo 'no such user exists';
65. }
66.  
67. }else{
68. echo 'oops!error'.$conx->connect_error;
69. }
70.  
71. }
72. }
73.  
74.  
75. ?>