web_AI-3/functions.php

<?php
require('db.php');
// the function which varifies a users credentials
// against the database
function login ()
{
    session_start();
    if (isset($_REQUEST['username'])) {
        //Checking is user existing in the database or not
        global $con;
        $username = stripslashes($_REQUEST['username']);
        //escapes special characters in a string
        $username = mysqli_real_escape_string($con,$username);
        $password = stripslashes($_REQUEST['password']);
        $password = mysqli_real_escape_string($con,$password);
        $query = "SELECT * FROM users WHERE userLogin='$username'
                  and userPass='$password'";
        $result = mysqli_query($con,$query) or die(mysql_error());
        $rows = mysqli_num_rows($result);
        if ($rows==1) {
            $_SESSION['username'] = $username;
            // Redirect user to home.php
            header("Location: home.php");
        } else {
            echo "<h3>Username/password is incorrect.</h3>";
        }
    }
}

// A function to register a new user
function register ()
{
    if (isset($_REQUEST['username'])) {
        global $con;
        // removes backslashes
        $username = stripslashes($_REQUEST['username']);
        //escapes special characters in a string
        $username = mysqli_real_escape_string($con,$username);
        $email = stripslashes($_REQUEST['email']);
        $email = mysqli_real_escape_string($con,$email);
        $password = stripslashes($_REQUEST['password']);
        $password = mysqli_real_escape_string($con,$password);
        $query = "INSERT into users (userLogin, userPass, userEmail)
                  VALUES ('$username', '$password', '$email')";
        $result = mysqli_query($con,$query);
        // checks if the username or email addresse is already taken
        if ($result) {
            echo "<div class='form'>
                  <h3>You are registered successfully.</h3>
                  <br/>Click here to <a href='index.php'>Login</a></div>";
        } elseif (mysqli_errno($con) == 1062) {
            echo "<h3>Username or Email already taken.</h3>";
        }
    }
}
?>