//server.php<?phpsession_start();// initializing variables$username

1. //server.php
2.  
3. <?php
4. session_start();
5.  
6. // initializing variables
7. $username = "";
8. $email = "";
9. $errors = array();
10.  
11. // pripojeni do databeze
12. $db = mysqli_connect('localhost', 'root', 'usbw', 'users');
13.  
14. // registrace
15. if (isset($_POST['reg_user'])) {
16. // prijima vsechny informace z formulare viz. login.php
17. $username = mysqli_real_escape_string($db, $_POST['username']);
18. $email = mysqli_real_escape_string($db, $_POST['email']);
19. $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
20. $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
21.  
22. $level = 1;
23. //zkontroluje jestli je vybrana class(celkem harsh code asi pozdeji upravim)
24. if (empty($class)) {
25.  
26. array_push($errors, "You have to choose your class!");
27. } else {
28.  
29. $class = mysqli_real_escape_string($db, $_POST['class']);
30.  
31. }
32.  
33. // zkontroluje ze je form spravne vyplnen
34. if (empty($username)) { array_push($errors, "Username is required"); }
35. if (empty($email)) { array_push($errors, "Email is required"); }
36. if (empty($password_1)) { array_push($errors, "Password is required"); }
37. if ($password_1 != $password_2) {
38. array_push($errors, "The two passwords do not match");
39. }
40.  
41. // zkontroluje databazi
42. // a potom zkontroluje zda-li neexistuje stejny username nebo email
43. $user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
44. $result = mysqli_query($db, $user_check_query);
45. $user = mysqli_fetch_assoc($result);
46.  
47. if ($user) { // jestlize uzivatel existuje
48. if ($user['username'] === $username) {
49. array_push($errors, "Username already exists");
50. }
51.  
52. if ($user['email'] === $email) {
53. array_push($errors, "Email already exists");
54. }
55. }
56.  
57. // jestlize nejsou chyby ve formu provede registraci a zaslani dat do databaze
58. if (count($errors) == 0) {
59. $password = md5($password_1);//pro jistotu zahashuju hesla kdo to v dnesni dobe nedela lol
60. $query = "INSERT INTO users (username, email, password, level, class)
61. VALUES('$username', '$email', '$password', '$level', '$class')";
62. mysqli_query($db, $query);
63. $_SESSION['level'] = $level;
64. $_SESSION['username'] = $username;
65. $_SESSION['class'] = $class;
66. $_SESSION['success'] = "You are now logged in";
67. header('location: index.php');
68. }
69. }
70.  
71. // ...
72.  
73. // login uzivatele
74. if (isset($_POST['login_user'])) {
75. $username = mysqli_real_escape_string($db, $_POST['username']);
76. $password = mysqli_real_escape_string($db, $_POST['password']);
77.  
78. if (empty($username)) {
79. array_push($errors, "Username is required");
80. }
81. if (empty($password)) {
82. array_push($errors, "Password is required");
83. }
84.  
85. if (count($errors) == 0) {
86. $password = md5($password);
87. $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
88. $results = mysqli_query($db, $query);
89. if (mysqli_num_rows($results) == 1) {
90. $_SESSION['username'] = $username;
91. $_SESSION['success'] = "You are now logged in";
92. header('location: index.php');
93. }else {
94. array_push($errors, "Wrong username/password combination");
95. }
96. }
97. }
98.  
99. ?>