<?php session_start(); // variable declaration $username = ""; $email

1. <?php
2.     session_start();
3.  
4.     // variable declaration
5.     $username = "";
6.     $email    = "";
7.     $errors = array();
8.     $_SESSION['success'] = "";
9.    
10.  
11.  
12.     // connect to database
13.     $db = mysqli_connect('localhost', 'iotaeyjx_login', 'amitsaha1993', 'iotaeyjx_login');
14.  
15.     // REGISTER USER
16.     if (isset($_POST['reg_user'])) {
17.         // receive all input values from the form
18.         $username = mysqli_real_escape_string($db, $_POST['username']);
19.         $email = mysqli_real_escape_string($db, $_POST['email']);
20.         $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
21.         $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
22.  
23.         // form validation: ensure that the form is correctly filled
24.         if (empty($username)) { array_push($errors, "Username is required"); }
25.         if (empty($email)) { array_push($errors, "Email is required"); }
26.         if (empty($password_1)) { array_push($errors, "Password is required"); }
27.  
28.         if ($password_1 != $password_2) {
29.             array_push($errors, "The two passwords do not match");
30.         }
31.  
32.         // register user if there are no errors in the form
33.         if (count($errors) == 0) {
34.             $password = md5($password_1);//encrypt the password before saving in the database
35.             $query = "INSERT INTO users (username, email, password)
36.                       VALUES('$username', '$email', '$password')";
37.             mysqli_query($db, $query);
38.  
39.             $_SESSION['username'] = $username;
40.             $_SESSION['success'] = "You are now logged in";
41.             header('location: index.php');
42.         }
43.  
44.     }
45.  
46.     // ...
47.  
48.     // LOGIN USER
49.     if (isset($_POST['login_user'])) {
50.         $username = mysqli_real_escape_string($db, $_POST['username']);
51.         $password = mysqli_real_escape_string($db, $_POST['password']);
52.  
53.         if (empty($username)) {
54.             array_push($errors, "Username is required");
55.         }
56.         if (empty($password)) {
57.             array_push($errors, "Password is required");
58.         }
59.  
60.         if (count($errors) == 0) {
61.             $password = md5($password);
62.             $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
63.            
64.            
65.             $results = mysqli_query($db, $query);
66.            
67.  
68.             if (mysqli_num_rows($results) == 1) {
69.                
70.                 $sql_2 = "INSERT INTO login_logs(username) VALUES ('" . $username . "')";
71.                 $results2 = mysqli_query($db, $sql_2);
72.                
73.  
74.              
75.                 $_SESSION['username'] = $username;
76.                 $_SESSION['success'] = "You are now logged in";
77.                 header('location: index.php');
78.             }else {
79.                 array_push($errors, "Wrong username/password combination");
80.             }
81.         }
82.     }
83.    
84.     if (isset($_GET['logout'])) {
85.        
86.        
87.                 session_destroy();
88.                 unset($_SESSION['username']);
89.            
90.                 $sql_3 = "UPDATE login_logs SET logout_time = current_timestamp where username ='$username'";
91.                 $results3 = mysqli_query($db, $sql_3);
92.                
93.                
94.                 $_SESSION['success'] = "You are now logged out";
95.                 header('location: login.php');
96.                
97.        
98.     }
99.    
100.    
101.  
102.  
103. ?>