Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require('db.php');
- // If form submitted, insert values into the database.
- if (isset($_REQUEST['username'])){
- $username = stripslashes($_REQUEST['username']); // removes backslashes
- $username = mysqli_real_escape_string($con,$username); //escapes special characters in a string
- $email = stripslashes($_REQUEST['email']);
- $email = mysqli_real_escape_string($con,$email);
- $password = stripslashes($_REQUEST['password']);
- $password = mysqli_real_escape_string($con,$password);
- $hashedpw = password_hash($password, PASSWORD_BCRYPT, ['cost' => 11]);
- $ipaddress = $_SERVER['REMOTE_ADDR'];
- $reg_date = date("Y-m-d H:i:s");
- $query = "INSERT into `user` (username, password, email, reg_date, ip) VALUES ('$username', '$hashedpw', '$email', '$reg_date', '$ipaddress')";
- $result = mysqli_query($con,$query);
- if($result){
- header("Location: regsuccess.php");
- }
- }else{
- ?>
- <?php
- require('db.php');
- function redirect($DoDie = true) {
- header('Location: success.php');
- if ($DoDie)
- die();
- }
- session_start();
- if(isset($_SESSION['username'])) {
- redirect();
- }
- // If form submitted, insert values into the database.
- if (isset($_POST['username'])){
- $username = stripslashes($_REQUEST['username']); // removes backslashes
- $username = mysqli_real_escape_string($con,$username); //escapes special characters in a string
- $password = stripslashes($_REQUEST['password']);
- $password = mysqli_real_escape_string($con,$password);
- $hash_query = "SELECT password FROM `user` WHERE username='$username'";
- $hash_result = mysqli_query($con,$hash_query) or die(mysql_error());
- $ipaddress = $_SERVER['REMOTE_ADDR'];
- //Checking is user existing in the database or not
- $query = "SELECT * FROM `user` WHERE username='$username' and password='$password'";
- $result = mysqli_query($con,$query) or die(mysql_error());
- $rows = mysqli_num_rows($result);
- if($rows==1){
- if (password_verify($password, $hash_result)) {
- $_SESSION['username'] = $username;
- $trn_date = date("Y-m-d H:i:s");
- $query = "UPDATE `user` SET `ip` = '$ipaddress', `last_login` = '$trn_date' WHERE `username` = '$username'";
- $result = mysqli_query($con,$query) or die(mysql_error());
- $rows = mysqli_num_rows($result);
- header("Location: success.php"); // Redirect user to index.php
- }
- else {
- header("Location: error.php");
- }
- }
- else {
- header("Location: error.php");
- }
- }
- else {
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement