<?php session_start(); // initializing variables $server = "local

1. <?php
2. session_start();
3. // initializing variables
4.  
5. $server = "localhost";
6. $user = "id7022262_base_yusran";
7. $password = "yusran8";
8. $nama_database = "id7022262_pendaftaran_siswa";
9. $errors = array();
10. // connect to the database
11. $db = mysqli_connect($server, $user, $password, $nama_database);
12. // REGISTER USER
13. if (isset($_POST['reg_user'])) {
14. // receive all input values from the form
15. /* $username = mysqli_real_escape_string($db, $_POST['username']);
16. $email = mysqli_real_escape_string($db, $_POST['email']);
17. $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
18. $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
19. */
20. $username = $_POST['username'];
21. $email = $_POST['email'];
22. $password_1 = $_POST['password_1'];
23. $password_2 = $_POST['password_2'];
24. // form validation: ensure that the form is correctly filled ...
25. // by adding (array_push()) corresponding error unto $errors array
26. if (empty($username)) { array_push($errors, "Username is required"); }
27. if (empty($email)) { array_push($errors, "Email is required"); }
28. if (empty($password_1)) { array_push($errors, "Password is required"); }
29. if ($password_1 != $password_2) {
30. array_push($errors, "The two passwords do not match");
31. }
32. // first check the database to make sure
33. // a user does not already exist with the same username and/or email
34.  
35. $user_check_query = "INSERT INTO login_siswa (username, email, password_1) VALUE ('$username', '$email', '$password_1')";//"SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
36. $result = mysqli_query($db, $user_check_query);
37. $user = mysqli_fetch_assoc($result);
38. if ($user) { // if user exists
39. if ($user['username'] === $username) {
40. array_push($errors, "Username already exists");
41. }
42. if ($user['email'] === $email) {
43. array_push($errors, "email already exists");
44. }
45. }
46. // Finally, register user if there are no errors in the form
47. else if (count($errors) == 0) {
48. $password = md5($password_1);//encrypt the password before saving in the database
49. $query = "INSERT INTO login_siswa (username, email, password_1)
50. VALUES('$username', '$email', '$password_1')";
51. mysqli_query($db, $query);
52. $_SESSION['username'] = $username;
53. $_SESSION['success'] = "You are now logged in";
54. header('location: index.php');
55. }
56. }
57. // ...
58. if (isset($_POST['login_user'])) {
59. // $username = mysqli_real_escape_string($db, $_POST['username']);
60. // $password = mysqli_real_escape_string($db, $_POST['password_1']);
61. $username = $_POST['username'];
62. $password_1 = $_POST['password_1'];
63. /*
64. $id = $_POST['id'];
65. $nama = $_POST['nama'];
66. $alamat = $_POST['alamat'];
67. $jk = $_POST['jenis_kelamin'];
68. $agama = $_POST['agama'];
69. $sekolah = $_POST['sekolah_asal'];
70. */
71. if (empty($username)) {
72. array_push($errors, "Username is required");
73. }
74. if (empty($password_1)) {
75. array_push($errors, "Password is required");
76. }
77. if (count($errors) == 0) {
78. $password = md5($password);
79. $query = "SELECT * FROM login_siswa WHERE username='$username' AND password_1='$password_1'";
80. $results = mysqli_query($db, $query);
81. if (mysqli_num_rows($results) == 1) {
82. $_SESSION['username'] = $username;
83. $_SESSION['success'] = "You are now logged in";
84. header('location: index.php');
85. }else {
86. array_push($errors, "Wrong username/password combination");
87. }
88. }
89. }
90. ?>