<?phpsession_start();//initializing variables$username = "";$email = "";

1. <?php
2.  
3. session_start();
4.  
5. //initializing variables
6.  
7. $username = "";
8. $email = "";
9.  
10. $errors = array();
11.  
12. //connect to db
13. $db = mysqli_connect('localhost','root','','login') or die("could not connect to database");
14.  
15. //Register user
16. if(isset($_POST['reg_user'])){
17. $username = mysqli_real_escape_string($db, $_POST['username']);
18. $email = mysqli_real_escape_string($db, $_POST['email']);
19. $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
20. $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
21.  
22. //form validation
23.  
24. if(empty($username)){array_push($errors, "Username is required");}
25. if(empty($email)){array_push($errors, "Email is required");}
26. if(empty($password_1)){array_push($errors, "Password is required");}
27. if($password_1 != $password_2){array_push($errors, "Passwords do not match");
28. }
29.  
30. // check db for existing user with same username
31.  
32. $user_check_query = "SELECT * FROM user WHERE username = '$username' or email = '$email' LIMIT 1";
33.  
34. $results = mysqli_query($db, $user_check_query);
35. $user = mysqli_fetch_assoc($result);
36.  
37. if($user){
38. if($user['username'] === $username){
39. array_push($errors, "Username already exists");
40. }
41. if($user['email'] === $email){
42. array_push($errors, "This email id already has a registered username");
43. }
44. }
45.  
46. //Register the userif no error
47.  
48. if(count($errors) == 0){
49.  
50. $password = md5($password_1); //this will encrypt password
51. $query = "INSERT INTO user (username, email, password) VALUES ('$username', '$email', '$password')";
52.  
53. mysqli_query($db,$query);
54. $_SESSION['username'] = $username;
55. $_SESSION['success'] = "You are now logged in";
56.  
57. header('location: index.php');
58. }
59. }
60.  
61. //Login user
62.  
63. if(isset($_POST['login_user'])){
64. $username = mysqli_real_escape_string($db, $_POST['username']);
65. $password = mysqli_real_escape_string($db, $_POST['password_1']);
66.  
67. if(empty($username)){
68. array_push($errors, "Username is required");
69. }
70. if(empty($password)){
71. array_push($errors, "Password is required");
72. }
73. if(count($errors) == 0){
74. $password = md5($password);
75.  
76. $query = "SELECT * FROM user WHERE username='$username' AND password='$password'";
77. $results = mysqli_query($db, $query);
78.  
79. if(mysqli_num_rows($results)){
80. $_SESSION['username'] = $username;
81. $_SESSION['succes'] = "Logged in successfully";
82. header('location: index.php');
83. }else{
84. array_push($errors, "Wrong username/password combination. Please try again.");
85. }
86. }
87. }
88.  
89. ?>
90.  
91. if(isset($_SESSION['username'])){
92. $_SESSION['msg'] = "You must log in to view this page";
93. header("location : login.php");
94. }
95.  
96. if(isset($_GET['logout'])){
97. session_destroy();
98. unset($_SESSION['username']);
99. header("location : login.php");
100. }
101.  
102.  
103. ?>
104. <!doctype html>
105.  
106. <html>
107. <head>
108. <title>Home</title>
109. </head>
110. <body>
111.  
112. <div class="header">
113. <h2>Home Page</h2>
114. </div>
115. <div class="content">
116. <!-- notification message -->
117. <?php if(isset($_SESSION['success'])) : ?>
118. <div class="error success" >
119. <h3>
120. <?php
121.  
122. echo $_SESSION['success'];
123. unset($_SESSION['success']);
124.  
125. ?>
126.  
127. </h3>
128. </div>
129. <?php endif ?>
130.  
131. <!-- logged in user information -->
132. <?php if (isset($_SESSION['username'])) : ?>
133. <h3>Welcome</h3>
134. }
135.  
136. <button><a href="index.php?logout='1'"></a></button>
137.  
138. <?php endif ?>
139. </div>
140.  
141. </body>
142. </html>