<?php//Get values passed from POST method$username = $_POST['user'];$pas

1. <?php
2.  
3. //Get values passed from POST method
4. $username = $_POST['user'];
5. $password= $_POST['pass'];
6. $email= $_POST['email'];
7.  
8. //to prevent mysql injection
9. $username = stripcslashes($username);
10. $password = stripcslashes($password);
11. $email = stripcslashes($email);
12. $username = mysql_real_escape_string($username);
13. $password = mysql_real_escape_string($password);
14. $email = mysql_real_escape_string($email);
15.  
16. //connect to the database
17. $con = mysqli_connect("localhost", "root", "", "DB_Parasitica");
18. //mysql_select_db("DB_Parasitica");
19.  
20. if($_POST["login"]) {
21. //Query the database for user
22. $result = mysql_query("select * from accounts where username = '$username' and password = '$password'") or die("Failed to query database ".mysql_error());
23. $row = mysql_fetch_array($result);
24. if ($row['username'] == $username && $row['password'] == $password ){
25. echo " Login success!!! Welcome ".$row['username'];
26. } else {
27. echo "Failed to login...";
28. }
29. }
30.  
31. if($_POST["register"] {
32. //$sql = "INSERT INTO accounts (id, username, password, salt, email, active, subdays, lastlogin, failedattempts, created) VALUES ("", '" . $username . "','" . $password . "',"''",'" . $email . "', "", "", "''", "", "''")";
33. $sql = "INSERT INTO accounts (id, username, password, salt, email, active, subdays, lastlogin, failedattempts, created)
34. VALUES ('', ".$username.", ".$password.", '', ".$email.", '', '', '', '', '')";
35.  
36. if (mysqli_query($sql) {
37. echo "New account registered successfully!";
38. } else {
39. echo "failed to register " .mysqli_error();
40. }
41.  
42.  
43. }
44.  
45. mysqli_close($con);
46. ?>