web_AI-3/functions.php

<?php
require('db.php');
function login ()
{
    session_start();
    if (isset($_REQUEST['username'])) {
        //Checking is user existing in the database or not
        global $con;
        $username = stripslashes($_REQUEST['username']);
        //escapes special characters in a string
        $username = mysqli_real_escape_string($con,$username);
        $password = stripslashes($_REQUEST['password']);
        $password = mysqli_real_escape_string($con,$password);
        $query = "SELECT * FROM users WHERE userLogin='$username'
                  and userPass='$password'";
        $result = mysqli_query($con,$query) or die(mysql_error());
        $rows = mysqli_num_rows($result);
        if ($rows==1) {
            $_SESSION['username'] = $username;
            // Redirect user to home.php
            header("Location: home.php");
        } else {
            echo "<h3>Username/password is incorrect.</h3>";
        }
    }
}
    // If form submitted, insert values into the database.
function register ()
{
    if (isset($_REQUEST['username'])) {
        global $con;
        // removes backslashes
        $username = stripslashes($_REQUEST['username']);
        //escapes special characters in a string
        $username = mysqli_real_escape_string($con,$username);
        $email = stripslashes($_REQUEST['email']);
        $email = mysqli_real_escape_string($con,$email);
        $password = stripslashes($_REQUEST['password']);
        $password = mysqli_real_escape_string($con,$password);
        $query = "INSERT into users (userLogin, userPass, userEmail)
                  VALUES ('$username', '$password', '$email')";
        $result = mysqli_query($con,$query);
        if ($result) {
            echo "<div class='form'>
                  <h3>You are registered successfully.</h3>
                  <br/>Click here to <a href='index.php'>Login</a></div>";
        }
    }
}
?>
move php functions into functions file 2017-02-06 21:55:36 +01:00			`<?php`
			`require('db.php');`
			`function login ()`
			`{`
			`session_start();`
			`if (isset($_REQUEST['username'])) {`
			`//Checking is user existing in the database or not`
			`global $con;`
			`$username = stripslashes($_REQUEST['username']);`
			`//escapes special characters in a string`
			`$username = mysqli_real_escape_string($con,$username);`
			`$password = stripslashes($_REQUEST['password']);`
			`$password = mysqli_real_escape_string($con,$password);`
			`$query = "SELECT * FROM users WHERE userLogin='$username'`
			`and userPass='$password'";`
			`$result = mysqli_query($con,$query) or die(mysql_error());`
			`$rows = mysqli_num_rows($result);`
			`if ($rows==1) {`
			`$_SESSION['username'] = $username;`
			`// Redirect user to home.php`
			`header("Location: home.php");`
			`} else {`
			`echo "<h3>Username/password is incorrect.</h3>";`
			`}`
			`}`
			`}`
			`// If form submitted, insert values into the database.`
			`function register ()`
			`{`
			`if (isset($_REQUEST['username'])) {`
			`global $con;`
			`// removes backslashes`
			`$username = stripslashes($_REQUEST['username']);`
			`//escapes special characters in a string`
			`$username = mysqli_real_escape_string($con,$username);`
			`$email = stripslashes($_REQUEST['email']);`
			`$email = mysqli_real_escape_string($con,$email);`
			`$password = stripslashes($_REQUEST['password']);`
			`$password = mysqli_real_escape_string($con,$password);`
			`$query = "INSERT into users (userLogin, userPass, userEmail)`
			`VALUES ('$username', '$password', '$email')";`
			`$result = mysqli_query($con,$query);`
			`if ($result) {`
			`echo "<div class='form'>`
			`<h3>You are registered successfully.</h3>`
			`<br/>Click here to <a href='index.php'>Login</a></div>";`
			`}`
			`}`
			`}`
			`?>`