login and signup

1. //This is for registration.php
2. <?php include('server.php'); ?>
3. <!DOCTYPE html>
4. <html>
5. <head>
6.     <title>Registration</title>
7.     <link rel="stylesheet" type="text/css" href="./css/styles.css">
8. </head>
9. <body>
10.     <center>
11.         <div id="signup_form_center" style="margin: 70px 0 50px;">
12.             <img src="./logo/wecon_logo_single.png" height="50px" viewBox="-3 -3 82 82" width="50">
13.             <h1 style="text-align: center; font-weight: bold; ">Sign Up</h1>
14.             <form action="registration.php" method="post">
15.                 <!-- display validation errors here -->
16.                 <?php include('errors.php') ?>
17.                 <input type="text" name="username" value="<?php echo $username; ?>"placeholder="Username">
18.                 <br>
19.                 <input type="email" name="email" value="<?php echo $email; ?>"placeholder="Email Address">
20.                 <br>
21.                 <input type="password" name="password_1" required="required"placeholder="Password">
22.                 <br>
23.                 <input type="password" name="password_2" required="required"placeholder="Confirm Password">
24.                 <br>
25.                 <center>
26.                     <input type="submit" name="reg_user" class="button">
27.                 </center>
28.             </form>
29.             <i>Already a user <a href="login.php" class="signup_a">Login</a></i>
30.         </div>
31.     </center>
32. </body>
33. </html>
34. //registration.php end
35.  
36.  
37. //This is for login.php
38. <?php include('server.php') ?>
39. <!DOCTYPE html>
40. <html>
41. <head>
42.     <title>Log in</title>
43.     <link rel="stylesheet" type="text/css" href="./css/styles.css">
44.     <link rel="stylesheet" type="text/css" href="./css/w3.css">
45. </head>
46. <body>
47.     <center>
48.         <div id="login_form_center">
49.             <img src="./logo/wecon_logo_single.png" height="50px" viewBox="-3 -3 82 82" width="50">
50.             <h1 style="text-align: center; font-weight: bold; ">The Right Place For Business</h1>
51.             <div style="margin: 0 auto; width: 268px;">
52.                 <form action="login.php" method="post">
53.                     <!-- display validation errors here -->
54.                     <?php include('errors.php'); ?>
55.                     <br>
56.                     <input type="text" name="username" placeholder="Username" required="required" style="height: 40px;width: auto";>
57.                     <br>
58.                     <input type="password" name="password" placeholder="Password" required="required" style="height: 40px;width: auto">
59.                     <br>
60.                     <button type="submit" name="login" class="button"> Login </button>
61.                 </form>
62.             </div>
63.             <i>Please if you don't have an account <a onclick="document.getElementById('id01').style.display='block'" class="signup_a">Sign Up</a>
64.             </i>
65.         </div>
66.     </center>
67. </body>
68. </html>
69. //login.php end
70.  
71. //This is for server.php
72. <?php
73.     session_start();
74.  
75.     $username = "";
76.     $email = "";
77.     $error = array();
78.  
79.     //connect to db
80.     $db = mysqli_connect('localhost', 'root', '', 'practice');
81.  
82.     // if the register button is clicked
83.     if (isset($_POST['reg_user'])) {
84.         $username = mysqli_real_escape_string($db, $_POST['username']);
85.         $email = mysqli_real_escape_string($db, $_POST['email']);
86.         $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
87.         $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
88.    
89.     // ensure that form fields are filled properly
90.     if (empty($username)) {
91.         array_push($errors, "Username is required");
92.         }
93.     if (empty($email)) {
94.         array_push($errors, "Email is required");
95.         }
96.     if (empty($password)) {
97.         array_push($errors, "Password is required");
98.         }
99.     if ($password_1 != $password_2) {
100.         array_push($errors, "Passwords do not match");
101.         }
102.  
103.         //if there are no errors, save user to database
104.     if (count($errors) == 0) {
105.         $password = md5($password_1); //This will encrypt the password
106.         $sql = "INSERT INTO user (username, email, password)
107.                     VALUES ('$username', '$email', '$password')";
108.         mysqli_query($db, $sql);
109.         $_SESSION['username'] = $username;
110.         $_SESSION['success'] = "You are now logged in";
111.         header('location: index.php'); //redirect to home page
112.     }
113.  
114.     }
115.  
116.    
117.     // log user in from login page
118.     if(isset($_POST['login'])) {
119.         $username = mysqli_real_escape_string($db, $_POST['username']);
120.         $password = mysqli_real_escape_string($db, $_POST['password']);
121.        
122.         // ensure that form fields are filled properly    
123.         if (empty($username)) {
124.             array_push($error, "Username is required");
125.         }
126.         if (empty($password)) {
127.             array_push($error, "Password is required");
128.         }
129.         if (count($error) == 0 ) {
130.             $passord = md5($password); //encrypt password before comparing with that from database
131.             $query = "SELECT * FROM user WHERE username='$username' AND password='$password'";
132.             $result = mysqli_query($db, $query);
133.             if (mysqli_num_rows($result) == 1) {
134.                 // log user in
135.                 $_SESSION['username'] = $username;
136.                 $_SESSION['success'] = "You are now logged in";
137.                 header("location: index.php"); //redirect to homepage
138.             }else{
139.                 array_push($error, "Wrong username/password combination. Please try again.");
140.             }
141.         }
142.     }
143.  
144.  
145.  
146.  
147.  
148. // logout
149.      if (isset($_GET['logout'])) {
150.         session_destroy();
151.         unset($_SESSION['username']);
152.         header('location: login.php');
153.      }
154.  
155. //This is the end of server.php
156.  
157. //This is for index.php
158. <?php include('server.php');
159.      
160.      // if user is not logged in, they cannot access this page
161.      if (empty($_SESSION['username'])) {
162.         header('location: login.php');
163.      }
164. ?>
165.  
166. <!DOCTYPE html>
167. <html>
168. <head>
169.     <title>Home Page</title>
170.     <link rel="stylesheet" type="text/css" href="/css/style.css">
171. </head>
172. <body>
173.  
174.     <h1>This is the homepage</h1>
175.     <?php if(isset($_SESSION['success'])): ?>
176.           <div>
177.             <h3>
178.                 <?php
179.                     echo $_SESSION['success'];
180.                     unset($_SESSION['success']);
181.                  ?>
182.             </h3>
183.         </div>
184.     <?php endif ?>
185.  
186.     <?php
187.         // if the user logs in print information about him
188.         if (isset($_SESSION["username"])) : ?>
189.         <h3>Welcome <strong><?php echo $_SESSION['username']; ?> ?></strong></h3>
190.         <p><a href="index.php?logout='1'" style="color: red;">Logout</a></p>
191.  
192.      <?php endif ?>
193.  
194.  
195. </body>
196. </html>
197.  
198. //end of index.php
199.  
200.  
201. //This is for errors.php
202. <?php if (count($error) > 0 ): ?>
203.     <div>
204.         <?php foreach ($error as $error): ?>
205.             <p><?php echo $error; ?></p>
206.         <?php endforeach ?>
207.     </div>
208. <?php endif ?>
209.  
210. //End of errors.php