<?php include('connect_db.php'); $nameErr = $passwordErr = ""; $name =

1. <?php
2.  
3. include('connect_db.php');
4.  
5. $nameErr = $passwordErr = "";
6. $name = $password = "";
7.  
8. function input_check($data) {
9. $data = trim($data);
10. $data = stripslashes($data);
11. $data = htmlspecialchars($data);
12. return $data;
13. };
14.  
15. if($_SERVER["REQUEST_METHOD"] == "POST") {
16. if (empty($_POST['user'])) {
17. $nameErr = "<span style=\"color:red;\">Wrong username</span>";
18. } else {
19. $name = input_check($_POST['user']);
20. }
21. if (empty($_POST['password'])) {
22. $passwordErr = "<span style=\"color:red;\">Wrong password</span>";
23. } else {
24. $password = input_check($_POST['password']);
25. };
26.  
27.  
28. $userExists = " SELECT COUNT(id) as is_exists FROM users WHERE username='".$_POST['user']."' AND password='".$_POST['password']."' ";
29. $usernameFetch = mysqli_fetch_assoc($con->query($userExists));
30. $addUser = "INSERT INTO users (username, password) VALUES ('$name', '$password')";
31.  
32.  
33. if($nameErr == "" && $passwordErr == "") {
34. if($usernameFetch['is_exists']) {
35. header("Location:welcome.php");
36. } else {
37. //$con->query($addUser);
38. echo "<p style=\"color:red;\">Wrong user or password</p>";
39. }
40. };
41. };
42.  
43. ?>
44.  
45.  
46. <!DOCTYPE html>
47. <html lang="en">
48. <head>
49. <meta charset="UTF-8">
50. <title>Document</title>
51. </head>
52. <body>
53. <h3>Log in</h3>
54. <form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>" method="POST">
55. user: <input type="text" name="user" value="<?php echo $name; ?>">
56. <?php echo $nameErr; ?>
57. <br/>
58.  
59. password: <input type="text" name="password" value="<?php echo $password; ?>">
60. <?php echo $passwordErr; ?>
61. <br/>
62.  
63. <input type="submit" value="submit">
64. </form>
65. </body>
66. </html>