Simple signup/ login example by Miro Balearski

1. <?php
2.  
3. /****
4. Db schema
5.  
6. create table users (id int(10) not null primary key auto_increment,
7.                    username varchar(255) not null unique,
8.                    password varchar(255) not null,
9.                    email varchar(255) not null default '');
10.  
11. ****/                  
12.                    
13.                    
14. function get_dblink(){
15.    
16.     return  mysqli_connect("localhost","db_username","db_password","db_name");
17. }
18.  
19. function register_form(){?>
20.     <form method="post" >
21.         Username :<input type = "text" name="username">
22.         Passwod: <input type = "password" name="pass">
23.         Retype Passwod:<input type = "password" name="pass2">
24.         <input type="hidden" name="action" value="register">
25.         <input type="submit" value="Login">
26.     </form>
27.     <?php
28. }
29.  
30. function login_form(){
31.    
32.     ?>
33.     <form method="post">
34.         Username :<input type = "text" name="username">
35.         Passwod: <input type = "password" name="pass">
36.         <input type="hidden" name="action" value="login">      
37.         <input type="submit" value="Login">
38.     </form>
39.     <?php
40. }
41.  
42. function logout_form($username){ ?>
43.     <form method="post">
44.         <input type="hidden" name="action" value="logout">    
45.         Logout <?=$username?> <input type="submit" value="Logout">
46.     </form>
47.     <?php
48. }
49.  
50.  
51. /**************************************************************/
52.  
53.  
54. #Validators :
55.  
56. function validate_username($username){
57.    
58.     if(preg_match('/^[a-zA-Z0-9]{5,}$/', $username)) {
59.         return true;
60.     }else{
61.         throw new Exception("The username should contain a-zA-Z0-9 and should be long 5 chars or more ") ;
62.     }
63. }
64.  
65. function validate_password($pass){
66.    
67.     if(preg_match('/^[a-zA-Z0-9]{5,}$/', $pass)) {
68.         return true;
69.     }else{
70.         throw new Exception("The password should contain a-zA-Z0-9 and should be long 5 chars or more ");
71.     }
72. }
73. function validate_password_dont_match_the_username($pass, $username){
74.    
75.     if($pass===$username){
76.         throw new Exception("The password can not be the same as the username");  
77.     }else{
78.         return true;
79.     }
80. }
81.  
82. function validate_registration_passwords_match($pass, $pass2){
83.    
84.     if($pass===$pass2){
85.         return true;
86.     }
87.     throw new Exception("The passwords don't match");
88. }
89.  
90.  
91. # DB functions ################################################
92.  
93. function authenticate_user($username, $password){
94.    
95.     $username= mysqli_real_escape_string(get_dblink(),$username);
96.    
97.     $qry = "select id, username, password from users where username='$username' ";
98.     $res= mysqli_query(get_dblink(), $qry);
99.     $rr= mysqli_fetch_assoc($res);
100.    
101.     return password_verify($password, $rr['password']);
102. }
103.  
104. # Register user
105.  
106. function add_user_to_the_database($username,$pass){
107.    
108.     $dblink=get_dblink();
109.    
110.     $hashed_pass = password_hash($pass, PASSWORD_BCRYPT);
111.     $qry = "insert into users(username, password) values ('$username', '$hashed_pass')";
112.  
113.     mysqli_query( $dblink ,$qry);
114.     if (mysqli_error($dblink)){
115.         throw new Exception("Error inserting into the DB ". mysqli_error($dblink));
116.     }  
117. }
118.  
119.  
120.  
121.  
122. function register_user($username, $pass, $pass2){
123.    
124.     try{
125.         validate_username($username);
126.         validate_password_dont_match_the_username($pass,$username);
127.         validate_password($pass);
128.         validate_registration_passwords_match($pass, $pass2);
129.        
130.             # and finally
131.        add_user_to_the_database($username,$pass);
132.  
133.             # todo email validation
134.            # or
135.            # automaticaliy login the new user;
136.      
137.         login_user($username, $pass);
138.    
139.     } catch (Exception $e){
140.        
141.         print_r("<div style='color:red'>".$e->getMessage()."</div>");
142.     }
143. }
144.  
145.  
146. function login_user($username, $password){
147.    
148.     if($uid=authenticate_user($username, $password)){
149.         $_SESSION['valid_user_id']=$uid;
150.         $_SESSION['username']=$username;
151.        
152.     }
153. }
154.  
155. function loggedin_user(){
156.     return $_SESSION['valid_user_id'];
157. }
158.  
159. function logout_user(){
160.     session_destroy();
161. }
162.  
163. /***************************************************/
164.  
165. session_start();
166.  
167. # handle http post requests
168.  
169. if(isset($_POST['action']))
170.     switch($_POST['action']){
171.        
172.         case "login":
173.             login_user($_POST['username'], $_POST['pass']);
174.         break;
175.         case "logout":
176.             logout_user();
177.         break;  
178.         case "register":
179.             register_user($_POST['username'], $_POST['pass'], $_POST['pass2']);
180.         break;
181.     }
182.  
183. # application
184.  
185. if(!loggedin_user()){
186.    
187.     # show_some_content_for_NOT_logged_in_users_here();
188.  
189.     echo "<h1>You are not logged in. Please Login or Register</h1>";    
190.     echo "<br><H2>Register:</H2>";
191.  
192.     register_form();
193.  
194.     echo "<br><H2>Login:</H2>";
195.     login_form();
196.    
197.    
198.    
199.     # not registered users exprience stops here
200.    exit(0);
201. }
202.  
203.  
204.  
205. # This content will be available only for logged in users
206.  
207. echo "<h1>You are logged in as \"$_SESSION[username]\" </h1>";  
208. logout_form($_SESSION['username']);
209.  
210. # show_content_for_logged_in_users_only();