51 lines
1.9 KiB
PHP
51 lines
1.9 KiB
PHP
|
<?php
|
||
|
require('db.php');
|
||
|
function login ()
|
||
|
{
|
||
|
session_start();
|
||
|
if (isset($_REQUEST['username'])) {
|
||
|
//Checking is user existing in the database or not
|
||
|
global $con;
|
||
|
$username = stripslashes($_REQUEST['username']);
|
||
|
//escapes special characters in a string
|
||
|
$username = mysqli_real_escape_string($con,$username);
|
||
|
$password = stripslashes($_REQUEST['password']);
|
||
|
$password = mysqli_real_escape_string($con,$password);
|
||
|
$query = "SELECT * FROM users WHERE userLogin='$username'
|
||
|
and userPass='$password'";
|
||
|
$result = mysqli_query($con,$query) or die(mysql_error());
|
||
|
$rows = mysqli_num_rows($result);
|
||
|
if ($rows==1) {
|
||
|
$_SESSION['username'] = $username;
|
||
|
// Redirect user to home.php
|
||
|
header("Location: home.php");
|
||
|
} else {
|
||
|
echo "<h3>Username/password is incorrect.</h3>";
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
// If form submitted, insert values into the database.
|
||
|
function register ()
|
||
|
{
|
||
|
if (isset($_REQUEST['username'])) {
|
||
|
global $con;
|
||
|
// removes backslashes
|
||
|
$username = stripslashes($_REQUEST['username']);
|
||
|
//escapes special characters in a string
|
||
|
$username = mysqli_real_escape_string($con,$username);
|
||
|
$email = stripslashes($_REQUEST['email']);
|
||
|
$email = mysqli_real_escape_string($con,$email);
|
||
|
$password = stripslashes($_REQUEST['password']);
|
||
|
$password = mysqli_real_escape_string($con,$password);
|
||
|
$query = "INSERT into users (userLogin, userPass, userEmail)
|
||
|
VALUES ('$username', '$password', '$email')";
|
||
|
$result = mysqli_query($con,$query);
|
||
|
if ($result) {
|
||
|
echo "<div class='form'>
|
||
|
<h3>You are registered successfully.</h3>
|
||
|
<br/>Click here to <a href='index.php'>Login</a></div>";
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
?>
|