Simple signup/ login example by Miro Balearski

1. <?php
2.  
3. /****
4. Db schema
5.  
6. create table users (id int(10) not null primary key auto_increment,
7.                    username varchar(255) not null unique,
8.                    password varchar(255) not null,
9.                    email varchar(255) not null default '');
10.  
11. ****/                  
12.                    
13.                    
14. function get_dblink(){
15.     return  mysqli_connect("localhost","db_username","db_password","db_name");
16. }
17.  
18. function register_form(){?>
19.     <form method="post" >
20.         Username :<input type = "text" name="username">
21.         Passwod: <input type = "password" name="pass">
22.         Retype Passwod:<input type = "password" name="pass2">
23.         <input type="hidden" name="action" value="register">
24.         <input type="submit" value="Login">
25.     </form>
26.     <?php
27. }
28.  
29. function login_form(){
30.    
31.     ?>
32.     <form method="post">
33.         Username :<input type = "text" name="username">
34.         Passwod: <input type = "password" name="pass">
35.         <input type="hidden" name="action" value="login">      
36.         <input type="submit" value="Login">
37.     </form>
38.     <?php
39. }
40.  
41. function logout_form($username){ ?>
42.     <form method="post">
43.         <input type="hidden" name="action" value="logout">     
44.         Logout <?=$username?> <input type="submit" value="Logout">
45.     </form>
46.     <?php
47. }
48.  
49.  
50. /**************************************************************/
51.  
52.  
53. #Validators :
54.  
55. function validate_username($username){
56.    
57.     if(preg_match('/^[a-zA-Z0-9]{5,}$/', $username)) {
58.             return true;
59.     }else{
60.         throw new Exception("The username should contain a-zA-Z0-9 and should be long 5 chars or more ") ; 
61.     }
62. }
63.  
64. function validate_password($pass){
65.    
66.     if(preg_match('/^[a-zA-Z0-9]{5,}$/', $pass)) {
67.             return true;
68.     }else{
69.        
70.         throw new Exception("The password should contain a-zA-Z0-9 and should be long 5 chars or more ");
71.        
72.     }
73. }
74. function validate_password_dont_match_the_username($pass, $username){
75.    
76.     if($pass===$username){
77.         throw new Exception("The password can not be the same as the username");   
78.     }else{
79.         return true;
80.     }
81. }
82.  
83. function registration_passwords_match($pass, $pass2){
84.    
85.     if($pass===$pass2){
86.         return true;
87.     }
88.     throw new Exception("The passwords don't match");
89. }
90.  
91.  
92. # DB functions ################################################
93.  
94. function authenticate_user($username, $password){
95.    
96.     $username= mysqli_real_escape_string(get_dblink(),$username);
97.    
98.     $qry = "select id, username, password from users where username='$username' ";
99.     $res= mysqli_query(get_dblink(), $qry);
100.     $rr= mysqli_fetch_assoc($res);
101.    
102.     return password_verify($password, $rr['password']);
103. }
104.  
105. # Register user
106.  
107. function add_user_to_the_database($username,$pass){
108.    
109.     $hashed_pass = password_hash($pass, PASSWORD_BCRYPT);
110.     $qry = "insert into users(username, password) values ('$username', '$hashed_pass')";
111.    
112.    
113.     $dblink=get_dblink();
114.     mysqli_query( $dblink ,$qry);
115.     if (mysqli_error($dblink)){
116.         throw new Exception("Error inserting into the DB ". mysqli_error($dblink));
117.     }  
118. }
119.  
120.  
121.  
122.  
123. function register_user($username, $pass, $pass2){
124.    
125.     try{
126.         validate_username($username);
127.         validate_password_dont_match_the_username($pass,$username);
128.         validate_password($pass);
129.        
130.         registration_passwords_match($pass, $pass2);
131.        
132.         # and finally
133.         add_user_to_the_database($username,$pass);
134.  
135.         # todo email validation
136.         # or
137.         # automaticaliy login the new user;
138.        
139.         login_user($username, $pass);
140.        
141.     } catch (Exception $e){
142.        
143.         print_r("<div style='color:red'>".$e->getMessage()."</div>");
144.     }
145. }
146.  
147.  
148. function login_user($username, $password){
149.    
150.     if($uid=authenticate_user($username, $password)){
151.         $_SESSION['valid_user_id']=$uid;
152.         $_SESSION['username']=$username;
153.        
154.     }
155. }
156.  
157. function loggedin_user(){
158.    
159.     return $_SESSION['valid_user_id'];
160.    
161. }
162.  
163. function logout_user(){
164.  
165.     session_destroy();
166. }
167.  
168. /***************************************************/
169.  
170. session_start();
171.  
172. # handle http post requests
173.  
174. if(isset($_POST['action']))
175.     switch($_POST['action']){
176.        
177.         case "login":
178.             login_user($_POST['username'], $_POST['pass']);
179.         break;
180.         case "logout":
181.             logout_user();
182.         break;  
183.         case "register":
184.             register_user($_POST['username'], $_POST['pass'], $_POST['pass2']);
185.         break;
186.     }
187.  
188. # application
189.  
190. if(loggedin_user()){
191.  
192.     echo "<h1>You are logged in as \"$_SESSION[username]\" </h1>";  
193.     logout_form($_SESSION['username']);
194.    
195. }else{
196.     echo "<h1>You are not logged in. Please Login or Register</h1>";    
197.     echo "<br><H2>Register:</H2>";
198.  
199.     register_form();
200.  
201.     echo "<br><H2>Login:</H2>";
202.     login_form();
203. }