<?phpsession_start();// initializing variables$username = "";$email = ""

1. <?php
2. session_start();
3.  
4. // initializing variables
5. $username = "";
6. $email = "";
7. $errors = array();
8.  
9. // connect to the database
10. $db = mysqli_connect('localhost', 'root', 'test', 'test');
11.  
12. // REGISTER USER
13. if (isset($_POST['reg_user'])) {
14. // receive all input values from the form
15. $username = mysqli_real_escape_string($db, $_POST['username']);
16. $email = mysqli_real_escape_string($db, $_POST['email']);
17. $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
18. $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
19. $balance = mysqli_real_escape_string($db, $_POST['balance']);
20.  
21. // form validation: ensure that the form is correctly filled ...
22. // by adding (array_push()) corresponding error unto $errors array
23. if (empty($username)) { array_push($errors, "Username is required"); }
24. if (empty($email)) { array_push($errors, "Email is required"); }
25. if (empty($password_1)) { array_push($errors, "Password is required"); }
26. if (empty($balance)) { $balance = "0"; }
27. if ($password_1 != $password_2) {
28. array_push($errors, "The two passwords do not match");
29. }
30.  
31. // first check the database to make sure
32. // a user does not already exist with the same username and/or email
33. $user_check_query = "SELECT * FROM users WHERE username='$username' OR
34. email='$email' LIMIT 1";
35. $result = mysqli_query($db, $user_check_query);
36. $user = mysqli_fetch_assoc($result);
37.  
38. if ($user) { // if user exists
39. if ($user['username'] === $username) {
40. array_push($errors, "Username already exists");
41. }
42.  
43. if ($user['email'] === $email) {
44. array_push($errors, "email already exists");
45. }
46. }
47.  
48. // Finally, register user if there are no errors in the form
49. if (count($errors) == 0) {
50. $password = md5($password_1);//encrypt the password before saving in the database
51.  
52. $query = "INSERT INTO users (username, email, password, balance)
53. VALUES('$username', '$email', '$password', '$balance')";
54. mysqli_query($db, $query);
55. $_SESSION['username'] = $username;
56. $_SESSION['balance'] = $balance;
57. $_SESSION['success'] = "You are now logged in";
58. header('location: index.php');
59. }
60. }
61.  
62. // ...
63.  
64. // LOGIN USER
65. if (isset($_POST['login_user'])) {
66. $username = mysqli_real_escape_string($db, $_POST['username']);
67. $password = mysqli_real_escape_string($db, $_POST['password']);
68. $balance = mysqli_real_escape_string($db, $_POST['balance']);
69.  
70.  
71.  
72. if (empty($username)) {
73. array_push($errors, "Username is required");
74. }
75. if (empty($password)) {
76. array_push($errors, "Password is required");
77. }
78.  
79. if (count($errors) == 0) {
80. $password = md5($password);
81. $query = "SELECT * FROM users WHERE username='$username' AND
82. password='$password'";
83.  
84.  
85.  
86.  
87. $results = mysqli_query($db, $query);
88. if (mysqli_num_rows($results) == 1) {
89. $_SESSION['username'] = $username;
90. $_SESSION['password'] = $password;
91. $_SESSION['balance'] = $balance;
92. $_SESSION['success'] = "You are now logged in";
93. header('location: index.php');
94. }else {
95. array_push($errors, "Wrong username/password combination");
96. }
97. }
98. }
99.  
100. ?>
101.  
102. this is the code on how to query data on db right?
103. $query = "SELECT * FROM users WHERE username='$username' AND
104. password='$password'";