API tools faq
paste
Guest User

Untitled

a guest
Apr 3rd, 2018
139
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.17 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3.  
  4. // connect to database
  5. $db = mysqli_connect('localhost', 'root', '', 'multi_login');
  6.  
  7. // variable declaration
  8. $username = "";
  9. $email = "";
  10. $errors = array();
  11.  
  12. // call the register() function if register_btn is clicked
  13. if (isset($_POST['register_btn'])) {
  14. register();
  15. }
  16.  
  17. // REGISTER USER
  18. function register(){
  19. // call these variables with the global keyword to make them available in function
  20. global $db, $errors, $username, $email;
  21.  
  22. // receive all input values from the form. Call the e() function
  23. // defined below to escape form values
  24. $username = e($_POST['username']);
  25. $email = e($_POST['email']);
  26. $password_1 = e($_POST['password_1']);
  27. $password_2 = e($_POST['password_2']);
  28.  
  29. // form validation: ensure that the form is correctly filled
  30. if (empty($username)) {
  31. array_push($errors, "Username is required");
  32. }
  33. if (empty($email)) {
  34. array_push($errors, "Email is required");
  35. }
  36. if (empty($password_1)) {
  37. array_push($errors, "Password is required");
  38. }
  39. if ($password_1 != $password_2) {
  40. array_push($errors, "The two passwords do not match");
  41. }
  42.  
  43. // register user if there are no errors in the form
  44. if (count($errors) == 0) {
  45. $password = md5($password_1);//encrypt the password before saving in the database
  46.  
  47. if (isset($_POST['user_type'])) {
  48. $user_type = e($_POST['user_type']);
  49. $query = "INSERT INTO users (username, email, user_type, password,kehadiran)
  50. VALUES('$username', '$email', '$user_type', '$password', '$kehadiran')";
  51. mysqli_query($db, $query);
  52. $_SESSION['success'] = "New user successfully created!!";
  53. header('location: home.php');
  54. }else{
  55. $query = "INSERT INTO users (username, email, user_type, password,kehadiran)
  56. VALUES('$username', '$email', 'user', '$password', '$kehadiran')";
  57. mysqli_query($db, $query);
  58.  
  59. // get id of the created user
  60. $logged_in_user_id = mysqli_insert_id($db);
  61.  
  62. $_SESSION['user'] = getUserById($logged_in_user_id); // put logged in user in session
  63. $_SESSION['success'] = "You are now logged in";
  64. header('location: index.php');
  65. }
  66. }
  67. }
  68.  
  69. // return user array from their id
  70. function getUserById($id){
  71. global $db;
  72. $query = "SELECT * FROM users WHERE id=" . $id;
  73. $result = mysqli_query($db, $query);
  74.  
  75. $user = mysqli_fetch_assoc($result);
  76. return $user;
  77. }
  78.  
  79. // escape string
  80. function e($val){
  81. global $db;
  82. return mysqli_real_escape_string($db, trim($val));
  83. }
  84.  
  85. function display_error() {
  86. global $errors;
  87.  
  88. if (count($errors) > 0){
  89. echo '<div class="error">';
  90. foreach ($errors as $error){
  91. echo $error .'<br>';
  92. }
  93. echo '</div>';
  94. }
  95. }
  96.  
  97. function isLoggedIn()
  98. {
  99. if (isset($_SESSION['user'])) {
  100. return true;
  101. }else{
  102. return false;
  103. }
  104. }
  105.  
  106. // log user out if logout button clicked
  107. if (isset($_GET['logout'])) {
  108. session_destroy();
  109. unset($_SESSION['user']);
  110. header("location: login.php");
  111. }
  112.  
  113. // call the login() function if register_btn is clicked
  114. if (isset($_POST['login_btn'])) {
  115. login();
  116. }
  117.  
  118. // LOGIN USER
  119. function login(){
  120. global $db, $username, $errors;
  121.  
  122. // grap form values
  123. $username = e($_POST['username']);
  124. $password = e($_POST['password']);
  125.  
  126. // make sure form is filled properly
  127. if (empty($username)) {
  128. array_push($errors, "Username is required");
  129. }
  130. if (empty($password)) {
  131. array_push($errors, "Password is required");
  132. }
  133.  
  134. // attempt login if no errors on form
  135. if (count($errors) == 0) {
  136. $password = md5($password);
  137.  
  138. $query = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1";
  139. $results = mysqli_query($db, $query);
  140.  
  141. if (mysqli_num_rows($results) == 1) { // user found
  142. // check if user is admin or user
  143. $logged_in_user = mysqli_fetch_assoc($results);
  144. if ($logged_in_user['user_type'] == 'admin') {
  145.  
  146. $_SESSION['user'] = $logged_in_user;
  147. $_SESSION['success'] = "You are now logged in";
  148. header('location: admin/home.php');
  149. }else{
  150. $_SESSION['user'] = $logged_in_user;
  151. $_SESSION['success'] = "You are now logged in";
  152.  
  153. header('location: index.php');
  154. }
  155. }else {
  156. array_push($errors, "Wrong username/password combination");
  157. }
  158. }
  159. }
  160.  
  161. function isAdmin()
  162. {
  163. if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin' ) {
  164. return true;
  165. }else{
  166. return false;
  167. }
  168. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!