restructuring

db.php

@@ -6,7 +6,8 @@ $db_password = 'password';
 $db = 'webshopdb';
 $db_port = '3306';
 
-$con = mysqli_connect("$db_server","$db_user","$db_password","$db","$db_port");
+$db_connection = mysqli_connect("$db_server","$db_user","$db_password",
+                                "$db","$db_port");
 // Check connection
 if (mysqli_connect_errno()) {
   echo "Failed to connect to MySQL: " . mysqli_connect_error();

functions.php

@@ -0,0 +1,55 @@
+<?php
+require('db.php');
+session_start();
+// If form submitted, insert values into the database.
+function login() 
+{ 
+    if (isset($_POST['username'])) {
+        global $db_connection;
+        // removes backslashes
+        $username = stripslashes($_REQUEST['username']);
+        //escapes special characters in a string
+        $username = mysqli_real_escape_string($db_connection,$username);
+        $password = stripslashes($_REQUEST['password']);
+        $password = mysqli_real_escape_string($db_connection,$password);
+        //Checking is user existing in the database or not
+        $query = "SELECT * FROM `users` WHERE username='$username'
+                  and password='".md5($password)."'";
+        $result = mysqli_query($db_connection,$query) or die(mysql_error());
+        $rows = mysqli_num_rows($result);
+        if ($rows==1) {
+            $_SESSION['username'] = $username;
+            // Redirect user to home.php
+            header("Location: ./home.php");
+        } else {
+            echo "<div class='form'>
+                  <h3>Username/password is incorrect.</h3>
+                  <br/>Click here to <a href='login.php'>Login</a></div>";
+          }
+    }
+}
+// If form submitted, insert values into the database.
+function register()
+{
+    if (isset($_REQUEST['username'])) {
+    // removes backslashes
+    $username = stripslashes($_REQUEST['username']);
+    //escapes special characters in a string
+    $username = mysqli_real_escape_string($db_connection,$username);
+    $email = stripslashes($_REQUEST['email']);
+    $email = mysqli_real_escape_string($db_connection,$email);
+    $password = stripslashes($_REQUEST['password']);
+    $password = mysqli_real_escape_string($db_connection,$password);
+    $trn_date = date("Y-m-d H:i:s");
+    $query = "INSERT into `users` (username, password, email, trn_date)
+              VALUES ('$username', '".md5($password)."',
+                      '$email', '$trn_date')";
+        $result = mysqli_query($db_connection,$query);
+        if ($result) {
+            echo "<div class='form'>
+                  <h3>You are registered successfully.</h3>
+                  <br/>Click here to <a href='login.php'>Login</a></div>";
+        }
+}
+}
+?>

index.php

@@ -1,5 +1,6 @@
 <?php
-include 'login.php';
+include 'functions.php';
+login();
 ?>
 <!DOCTYPE html>
 <html>
@@ -23,7 +24,7 @@ include 'login.php';
         <form action="" method="post" name="login">
         <input type="text" name="username" placeholder="Username" required />
         <input type="password" name="password" placeholder="Password" required />
-        <input name="submit" type="submit" value="Login" />
+        <input name="submit" type="submit"/>
         </form>
         <p>Not registered yet? <a href='registrationindex.php'>Register Here</a></p>
     </div>

login.php

@@ -1,27 +0,0 @@
-<?php
-require('db.php');
-session_start();
-// If form submitted, insert values into the database.
-if (isset($_POST['username'])) {
-    // removes backslashes
-    $username = stripslashes($_REQUEST['username']);
-    //escapes special characters in a string
-    $username = mysqli_real_escape_string($con,$username);
-    $password = stripslashes($_REQUEST['password']);
-    $password = mysqli_real_escape_string($con,$password);
-    //Checking is user existing in the database or not
-    $query = "SELECT * FROM `users` WHERE username='$username'
-              and password='".md5($password)."'";
-    $result = mysqli_query($con,$query) or die(mysql_error());
-    $rows = mysqli_num_rows($result);
-    if ($rows==1) {
-        $_SESSION['username'] = $username;
-        // Redirect user to home.php
-        header("Location: home.php");
-    } else {
-        echo "<div class='form'>
-              <h3>Username/password is incorrect.</h3>
-              <br/>Click here to <a href='login.php'>Login</a></div>";
-    }
-}
-?>

login_failed.php

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+  <!-- enable utf-8 encoding for umlauts etc.-->
+  <meta charset="utf-8">
+  <!-- Description of what this dose -->
+  <meta name ="viewport" content="width=device-width, initial-scale=1">
+  <!-- link to the default css file -->
+  <link rel="stylesheet" href="css/stylesheet.css"/>
+</head>
+
+<body>
+<h3>Login failed!</h3>
+</body>
+</html>

navigation.php

@@ -1,7 +1,5 @@
- <?php
- echo '<ul>
+<ul>
     <li><a href="ticket.php">Ticket</a></li>
     <li><a href="board.php">Board</a></li>
     <li><a class="active" href="home.php">Home</a></li>
-  </ul>'
-?>
+</ul>