<?phpob_start();session_start();// initializing variables$username =

1. <?php
2. ob_start();
3.  
4. session_start();
5.  
6. // initializing variables
7. $username = "";
8. $password = "";
9. $email = "";
10.  
11. //errors variable
12. $errors = array();
13.  
14. // connect to the database
15. $db = mysqli_connect('localhost', 'root', '', 'registration');
16. if(!$db) {
17. die("Connection failed: ".mysqli_connect_error());
18. }
19.  
20.  
21. // REGISTER USER
22. if (isset($_POST['reg_user'])) {
23. // receive all input values from the form
24. $username = mysqli_real_escape_string($db, $_POST['username']);
25. $email = mysqli_real_escape_string($db, $_POST['email']);
26. $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
27. $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
28.  
29. // form validation: ensure that the form is correctly filled ...
30. // by adding (array_push()) corresponding error unto $errors array
31. if (empty($username)) { array_push($errors, "Username is required"); }
32. if (empty($email)) { array_push($errors, "Email is required"); }
33. if (empty($password_1)) { array_push($errors, "Password is required"); }
34. if ($password_1 != $password_2) {
35. array_push($errors, "The two passwords do not match");
36. }
37.  
38. // first check the database to make sure
39. // a user does not already exist with the same username and/or email
40. $user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
41. $result = mysqli_query($db, $user_check_query);
42. $user = mysqli_fetch_assoc($result);
43.  
44. if ($user) { // if user exists
45. if ($user['username'] === $username) {
46. array_push($errors, "Username already exists");
47. }
48.  
49. if ($user['email'] === $email) {
50. array_push($errors, "Email already exists");
51. }
52. }
53.  
54. // Finally, register user if there are no errors in the form
55. if (count($errors) == 0) {
56. $password = md5($password_1);//encrypt the password before saving in the database
57.  
58. $query = "INSERT INTO users (username, email, password)
59. VALUES('$username', '$email', '$password')";
60. mysqli_query($db, $query);
61. $_SESSION['username'] = $username;
62. $_SESSION['success'] = "You are now logged in";
63. header('location: MainPage.php');
64. }
65. }
66.  
67. if(isset($_POST['reg_exit']))
68. {
69. //exit for main page
70. header('location: MainPage.php');
71. }
72.  
73. // ...
74. // ...
75.  
76. // LOGIN USER
77. if (isset($_POST['login_user'])) {
78. $username = mysqli_real_escape_string($db, $_POST['username']);
79. $password = mysqli_real_escape_string($db, $_POST['password']);
80.  
81. if (empty($username)) {
82. array_push($errors, "Username is required");
83. }
84. if (empty($password)) {
85. array_push($errors, "Password is required");
86. }
87.  
88. if (count($errors) == 0) {
89. $password = md5($password);
90. $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
91. $results = mysqli_query($db, $query);
92. if (mysqli_num_rows($results) == 1) {
93. $_SESSION['username'] = $username;
94. $_SESSION['success'] = "You are now logged in";
95. header('location: MainPage.php');
96. }else {
97. array_push($errors, "Wrong username/password combination");
98. }
99. }
100. }
101.  
102. // ----- exit
103.  
104. if(isset($_POST['exit_user']))
105. {
106. //exit for main page
107. header('location: MainPage.php');
108. }
109.  
110. // --- Comment Section
111.  
112. function setComments($db) {
113. if(isset($_POST['commentSubmit'])) {
114. $uid = $_POST['uid'];
115. $date = $_POST['date'];
116. $message = $_POST['message'];
117.  
118. $sql = "INSERT INTO comments (uid,date,message) VALUES ('$uid','$date','$message')";
119. $result=mysqli_query($db,$sql);
120.  
121. }
122. }
123.  
124. function getComments($db) {
125. $sql = "SELECT * FROM comments";
126. $result = mysqli_query($db,$sql);
127. while ($row = $result->fetch_assoc()) {
128. echo "<div class='comment-box'><p>";
129. echo $row['uid']."<br>";
130. echo $row['date']."<br>";
131. echo $row['message'];
132. echo "</p>
133. <form class='delete-form' method='POST' action='".deleteComments($db)."'>
134. <input type='hidden' name='cid' value='".$row['cid']."'>
135. <button type='submit' name='commentDelete'>Delete</button>
136. </form>
137.  
138. <form class='edit-form' method='POST' action='editcomment.php'>
139. <input type='hidden' name='cid' value='".$row['cid']."'>
140. <input type='hidden' name='uid' value='".$row['uid']."'>
141. <input type='hidden' name='date' value='".$row['date']."'>
142. <input type='hidden' name='message' value='".$row['message']."'>
143. <button>Edit</button>
144. </form>
145. </div>";
146. }
147.  
148. }
149.  
150. function editComments($db) {
151. if(isset($_POST['commentSubmit'])) {
152. $cid = $_POST['cid'];
153. $uid = $_POST['uid'];
154. $date = $_POST['date'];
155. $message = $_POST['message'];
156.  
157. $sql = "UPDATE comments SET message='$message' WHERE cid='$cid'";
158. $result=mysqli_query($db,$sql);
159. header("Location: single.php");
160.  
161. }
162. }
163.  
164. function deleteComments($db) {
165. if(isset($_POST['commentDelete'])) {
166. $cid = $_POST['cid'];
167.  
168. $sql = "DELETE FROM comments WHERE cid='$cid'";
169. $result=mysqli_query($db,$sql);
170. header("Location: single.php");
171.  
172. }
173.  
174. }
175.  
176.  
177.  
178.  
179.  
180.  
181. ?>