<?php session_start(); // variable declaration $username = ""; $email

1. <?php
2. session_start();
3.  
4. // variable declaration
5. $username = "";
6. $email = "";
7. $errors = array();
8. $_SESSION['success'] = "You are now logged in";
9.  
10.  
11. // connect to database
12. $db = mysqli_connect('localhost', 'id5659948_waji12', 'cool.waji', 'id5659948_waji');
13.  
14. // REGISTER USER
15. if (isset($_POST['reg_user'])) {
16. // receive all input values from the form
17. $username = mysqli_real_escape_string($db, $_POST['username']);
18. $email = mysqli_real_escape_string($db, $_POST['email']);
19. $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
20. $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
21.  
22. // form validation: ensure that the form is correctly filled
23. if (empty($username)) { array_push($errors, "Username is required"); }
24. if (empty($email)) { array_push($errors, "Email is required"); }
25. if (empty($password_1)) { array_push($errors, "Password is required"); }
26.  
27. if ($password_1 != $password_2) {
28. array_push($errors, "The two passwords do not match");
29. }
30.  
31. // register user if there are no errors in the form
32. if (count($errors) == 0) {
33. $password = md5($password_1);//encrypt the password before saving in the database
34. $query = "INSERT INTO users (username, email, password)
35. VALUES('$username', '$email', '$password')";
36. mysqli_query($db, $query);
37.  
38.  
39. $_SESSION['username'] = $username;
40. $_SESSION['success'] = "You are now logged in";
41. header('location: index.php');
42. }
43.  
44. }
45.  
46. // ...
47.  
48. // LOGIN USER
49. if (isset($_POST['login_user'])) {
50. $username = mysqli_real_escape_string($db, $_POST['username']);
51. $password = mysqli_real_escape_string($db, $_POST['password']);
52.  
53. if (empty($username)) {
54. array_push($errors, "Username is required");
55. }
56. if (empty($password)) {
57. array_push($errors, "Password is required");
58. }
59.  
60. if (count($errors) == 0) {
61. $password = md5($password);
62. $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
63. $results = mysqli_query($db, $query);
64.  
65. if (mysqli_num_rows($results) == 1) {
66. $_SESSION['username'] = $username;
67. $_SESSION['success'] = "You are now logged in";
68. header('location: index.php');
69. }else {
70. array_push($errors, "Wrong username/password combination");
71. }
72. }
73. }
74.  
75. ?>