<?php session_start(); $username = ""; $email = ""; $

1. <?php
2. session_start();
3.  
4. $username = "";
5. $email = "";
6. $errors = array();
7.  
8. // connect to the database
9. $db = mysqli_connect('localhost', 'root', '', 'registration');
10.  
11. // if the register button is clicked
12. if (isset($_POST['register'])) {
13. $username = mysql_real_escape_string($_POST['username']);
14. $email = mysql_real_escape_string($_POST['email']);
15. $password_1 = mysql_real_escape_string($_POST['password_1']);
16. $password_2 = mysql_real_escape_string($_POST['password_2']);
17.  
18. // ensure that form fields are filled properly
19. if (empty($username)) {
20. array_push($errors, "Username is required");
21. }
22. if (empty($email)) {
23. array_push($errors, "Email is required");
24. }
25. if (empty($password_1)) {
26. array_push($errors, "Password is required");
27. }
28. if($password_1 != $password_2){
29. array_push($errors, "The two passwords do not match");
30. }
31.  
32. // if there are no errors, save user to database
33. if (count($errors)== 0) {
34. $password = md5($password_1); // encrypt password before storing in database(security)
35. $sql = "INSERT INTO users (username, email, password)
36. VALUES ('$username', '$email', '$password')";
37. mysqli_query($db, $sql);
38. $_SESSION['username'] = $username;
39. $_SESSION['sucess'] = "You are now logged in";
40. header('location: index.php'); // redirect to home page
41.  
42. }
43.  
44. }
45.  
46. // log user in from login
47. if (isset($_POST['login'])){
48. $username = mysql_real_escape_string($_POST['username']);
49. $password = mysql_real_escape_string($_POST['password']);
50.  
51. // ensure that form fields are filled properly
52. if (empty($username)) {
53. array_push($errors, "Username is required");
54. }
55. if (empty($password)) {
56. array_push($errors, "Password is required");
57. }
58.  
59. if (count($errors)== 0 ) {
60. $password = md5($password); // encrypt password before comparing with that from database
61. $query = "SELECT * FROM users WHERE usernamer='$username' AND password='$password'";
62. $result = mysqli_query($db, $query);
63. if (mysqli_num_rows($result) == 1) {
64. // log user in
65. $_SESSION['username'] = $username;
66. $_SESSION['sucess'] = "You are now logged in";
67. header('location: index.php'); // redirect to home page
68. }else{
69. array_push($errors, "wrong username/password combination");
70.  
71. }
72. }
73.  
74.  
75. }
76.  
77. // logout
78. if (isset($_GET['logout'])){
79. session_destroy();
80. unset($_SEEION['username']);
81. header('location: login.php');
82. }
83. ?>