Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- ob_start();
- session_start();
- // initializing variables
- $username = "";
- $password = "";
- $email = "";
- //errors variable
- $errors = array();
- // connect to the database
- $db = mysqli_connect('localhost', 'root', '', 'registration');
- if(!$db) {
- die("Connection failed: ".mysqli_connect_error());
- }
- // REGISTER USER
- if (isset($_POST['reg_user'])) {
- // receive all input values from the form
- $username = mysqli_real_escape_string($db, $_POST['username']);
- $email = mysqli_real_escape_string($db, $_POST['email']);
- $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
- $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
- // form validation: ensure that the form is correctly filled ...
- // by adding (array_push()) corresponding error unto $errors array
- if (empty($username)) { array_push($errors, "Username is required"); }
- if (empty($email)) { array_push($errors, "Email is required"); }
- if (empty($password_1)) { array_push($errors, "Password is required"); }
- if ($password_1 != $password_2) {
- array_push($errors, "The two passwords do not match");
- }
- // first check the database to make sure
- // a user does not already exist with the same username and/or email
- $user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
- $result = mysqli_query($db, $user_check_query);
- $user = mysqli_fetch_assoc($result);
- if ($user) { // if user exists
- if ($user['username'] === $username) {
- array_push($errors, "Username already exists");
- }
- if ($user['email'] === $email) {
- array_push($errors, "Email already exists");
- }
- }
- // Finally, register user if there are no errors in the form
- if (count($errors) == 0) {
- $password = md5($password_1);//encrypt the password before saving in the database
- $query = "INSERT INTO users (username, email, password)
- VALUES('$username', '$email', '$password')";
- mysqli_query($db, $query);
- $_SESSION['username'] = $username;
- $_SESSION['success'] = "You are now logged in";
- header('location: MainPage.php');
- }
- }
- if(isset($_POST['reg_exit']))
- {
- //exit for main page
- header('location: MainPage.php');
- }
- // ...
- // ...
- // LOGIN USER
- if (isset($_POST['login_user'])) {
- $username = mysqli_real_escape_string($db, $_POST['username']);
- $password = mysqli_real_escape_string($db, $_POST['password']);
- if (empty($username)) {
- array_push($errors, "Username is required");
- }
- if (empty($password)) {
- array_push($errors, "Password is required");
- }
- if (count($errors) == 0) {
- $password = md5($password);
- $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
- $results = mysqli_query($db, $query);
- if (mysqli_num_rows($results) == 1) {
- $_SESSION['username'] = $username;
- $_SESSION['success'] = "You are now logged in";
- header('location: MainPage.php');
- }else {
- array_push($errors, "Wrong username/password combination");
- }
- }
- }
- // ----- exit
- if(isset($_POST['exit_user']))
- {
- //exit for main page
- header('location: MainPage.php');
- }
- // --- Comment Section
- function setComments($db) {
- if(isset($_POST['commentSubmit'])) {
- $uid = $_POST['uid'];
- $date = $_POST['date'];
- $message = $_POST['message'];
- $sql = "INSERT INTO comments (uid,date,message) VALUES ('$uid','$date','$message')";
- $result=mysqli_query($db,$sql);
- }
- }
- function getComments($db) {
- $sql = "SELECT * FROM comments";
- $result = mysqli_query($db,$sql);
- while ($row = $result->fetch_assoc()) {
- echo "<div class='comment-box'><p>";
- echo $row['uid']."<br>";
- echo $row['date']."<br>";
- echo $row['message'];
- echo "</p>
- <form class='delete-form' method='POST' action='".deleteComments($db)."'>
- <input type='hidden' name='cid' value='".$row['cid']."'>
- <button type='submit' name='commentDelete'>Delete</button>
- </form>
- <form class='edit-form' method='POST' action='editcomment.php'>
- <input type='hidden' name='cid' value='".$row['cid']."'>
- <input type='hidden' name='uid' value='".$row['uid']."'>
- <input type='hidden' name='date' value='".$row['date']."'>
- <input type='hidden' name='message' value='".$row['message']."'>
- <button>Edit</button>
- </form>
- </div>";
- }
- }
- function editComments($db) {
- if(isset($_POST['commentSubmit'])) {
- $cid = $_POST['cid'];
- $uid = $_POST['uid'];
- $date = $_POST['date'];
- $message = $_POST['message'];
- $sql = "UPDATE comments SET message='$message' WHERE cid='$cid'";
- $result=mysqli_query($db,$sql);
- header("Location: single.php");
- }
- }
- function deleteComments($db) {
- if(isset($_POST['commentDelete'])) {
- $cid = $_POST['cid'];
- $sql = "DELETE FROM comments WHERE cid='$cid'";
- $result=mysqli_query($db,$sql);
- header("Location: single.php");
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement