<?phpsession_start();$fullname = "";$class = "";$username = "";$erro

1. <?php
2. session_start();
3.  
4. $fullname = "";
5. $class = "";
6. $username = "";
7. $errors =  array();
8.  
9. $db =mysqli_connect('localhost','root','','registration');
10.  
11. //register user
12. if(isset($_POST['reg_user'])){
13.     $fullname = mysqli_real_escape_string($db, $_POST['fullname']);
14.     $class = mysqli_real_escape_string($db, $_POST['class']);
15.     $username = mysqli_real_escape_string($db, $_POST['username']);
16.     $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
17.     $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
18.  
19.     if (empty($fullname )) { array_push($errors, "Fullname is required"); }
20.     if (empty($class)) { array_push($errors, "Class is required"); }
21.     if (empty($username)) {array_push ($errors, "Username is required"); }
22.     if (empty($password_1)) { array_push($errors, "Password is required"); }
23.     if ($password_1 != $password_2) {
24.     array_push($errors, "The two passwords do not match");
25. }
26.  
27.  $user_check_query = "SELECT * FROM users WHERE username='$username' OR class='$class' LIMIT 1";
28.  $result = mysqli_query($db, $user_check_query);
29.  $user = mysqli_fetch_assoc($result);
30.  
31.  if ($user){
32.      if ($user['username']===$username){
33.          array_push($errors, "Username already exist");
34.      }
35.  
36.      if ($user['class']=== $class){
37.          array_push($errors, "Class already exist");
38.      }
39.  }
40.  
41.   if (count($errors) == 0) {
42.     $password = md5($password_1);//encrypt the password before saving in the database
43.  
44.     $query = "INSERT INTO users (fullname, class, username, password)
45.               VALUES('$fullname', '$class', '$username','$password')";
46.     mysqli_query($db, $query);
47.     $_SESSION['username'] = $username;
48.     $_SESSION['success'] = "You are now logged in";
49.     header('location: index.php');
50.   }
51. }
52.  
53.  
54. //login useer
55. if (isset($_POST['login_user'])) {
56.   $username = mysqli_real_escape_string($db, $_POST['username']);
57.   $password = mysqli_real_escape_string($db, $_POST['password']);
58.  
59.   if (empty($username)) {
60.     array_push($errors, "Username is required");
61.   }
62.   if (empty($password)) {
63.     array_push($errors, "Password is required");
64.   }
65.  
66.   if (count($errors) == 0) {
67.     $password = md5($password);
68.     //$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
69.     $query = "SELECT username='$username' AND password='$password' FROM users";
70.     $results = mysqli_query($db, $query);
71.  
72.         if (mysqli_num_rows($results) == 1) {
73.       $_SESSION['username'] = $username;
74.       $_SESSION['success'] = "You are now logged in";
75.       header('location: index.php');
76.     }else {
77.         array_push($errors, "Wrong username/password combination");
78.     }
79.   }
80. }
81.  
82. ?>