<?phpinclude('sql.php');$username = $_POST['username'];$password = $_POST['pa

1. <?php
2. include('sql.php');
3. $username = $_POST['username'];
4. $password = $_POST['password'];
5. $confirm = $_POST['confirm'];
6.  
7. if($username=='' || $password=''){header('Location:/register.php');}
8. if($password!=$confirm){header('Location:/register.php');}
9. $sql = "INSERT INTO login (username, password) VALUES ('".$username."', '".password_hash($password, PASSWORD_DEFAULT)."')";
10. if (mysqli_query($mysqli, $sql)) {
11. header('Location: /dashboard.php');
12. } else {
13. echo $mysqli->error;
14. }
15. mysqli_close($mysqli);
16.  
17. <?php
18. session_start();
19. $error='';
20.  
21. if (isset($_POST['submit'])) {
22. if (empty($_POST['username']) || empty($_POST['password'])) {
23. header("Location: /admin.php?error=invalid");
24. } else {
25. include('sql.php');
26. $username = mysqli_real_escape_string($mysqli,stripslashes($_POST['username']));
27. $password = mysqli_real_escape_string($mysqli,stripslashes($_POST['password']));
28. $sql="SELECT * FROM login WHERE username='".$username."'";
29. $result=$mysqli->query($sql);
30. if ($result->num_rows == 1) {
31. while($row = $result->fetch_assoc()) {
32. $verify = password_verify($password, $row['password']);
33. if($verify==false){
34. header("Location: /admin.php?error=mismatch");
35. } else {
36. $_SESSION['login_user']=$username;
37. $_SESSION['login_pass']=$password;
38. if($_POST['stay']=='stay'){
39. setcookie('username', $username, time()+31536000, '/');
40. setcookie('password', $password, time()+31536000, '/');
41. }
42. header("location: /dashboard.php");
43. }
44. }
45. } else {
46. header("Location: /admin.php?error=mismatch");
47. }
48. mysqli_close($mysqli);
49. }
50. }