<?php require('db.php'); // If form submitted, insert values into the

1. <?php
2. require('db.php');
3. // If form submitted, insert values into the database.
4. if (isset($_REQUEST['username'])){
5. $username = stripslashes($_REQUEST['username']); // removes backslashes
6. $username = mysqli_real_escape_string($con,$username); //escapes special characters in a string
7. $email = stripslashes($_REQUEST['email']);
8. $email = mysqli_real_escape_string($con,$email);
9. $password = stripslashes($_REQUEST['password']);
10. $password = mysqli_real_escape_string($con,$password);
11. $hashedpw = password_hash($password, PASSWORD_BCRYPT, ['cost' => 11]);
12. $ipaddress = $_SERVER['REMOTE_ADDR'];
13.  
14. $reg_date = date("Y-m-d H:i:s");
15. $query = "INSERT into `user` (username, password, email, reg_date, ip) VALUES ('$username', '$hashedpw', '$email', '$reg_date', '$ipaddress')";
16. $result = mysqli_query($con,$query);
17. if($result){
18. header("Location: regsuccess.php");
19. }
20. }else{
21. ?>
22.  
23. <?php
24. require('db.php');
25. function redirect($DoDie = true) {
26. header('Location: success.php');
27. if ($DoDie)
28. die();
29. }
30. session_start();
31. if(isset($_SESSION['username'])) {
32. redirect();
33. }
34. // If form submitted, insert values into the database.
35. if (isset($_POST['username'])){
36. $username = stripslashes($_REQUEST['username']); // removes backslashes
37. $username = mysqli_real_escape_string($con,$username); //escapes special characters in a string
38. $password = stripslashes($_REQUEST['password']);
39. $password = mysqli_real_escape_string($con,$password);
40. $hash_query = "SELECT password FROM `user` WHERE username='$username'";
41. $hash_result = mysqli_query($con,$hash_query) or die(mysql_error());
42. $ipaddress = $_SERVER['REMOTE_ADDR'];
43.  
44. //Checking is user existing in the database or not
45. $query = "SELECT * FROM `user` WHERE username='$username' and password='$password'";
46. $result = mysqli_query($con,$query) or die(mysql_error());
47. $rows = mysqli_num_rows($result);
48. if($rows==1){
49. if (password_verify($password, $hash_result)) {
50. $_SESSION['username'] = $username;
51. $trn_date = date("Y-m-d H:i:s");
52. $query = "UPDATE `user` SET `ip` = '$ipaddress', `last_login` = '$trn_date' WHERE `username` = '$username'";
53. $result = mysqli_query($con,$query) or die(mysql_error());
54. $rows = mysqli_num_rows($result);
55. header("Location: success.php"); // Redirect user to index.php
56. }
57. else {
58. header("Location: error.php");
59. }
60. }
61. else {
62. header("Location: error.php");
63. }
64. }
65. else {
66.  
67. ?>