This is a simple registration system. The register.php page asks for the desired username, email and user password, and then sends the entered data to the database after clicking the submit button. The user is then redirected to the index.php page, which displays a welcome message and the name of the currently logged in user.The first step is to create the database and then the tables inside it. The database is called "registration" and the table - "Users". Table ’ users ’ will contain 4 fields.
CREATE
TABLE
’users’ (
’id’
int
(11)
NOT
NULL
AUTO_INCREMENT
PRIMARY
KEY
,
’ username’
varchar
(100)
NOT
NULL
,
’em ail’
varchar
(100)
NOT
NULL
,
’
password
’
varchar
(100)
NOT
NULL
)
phpMyAdmin after creating database and table Project folder containing the required files error.php php
if (count ($errors) > 0):? & Gt;
<
div
class
=
"error"
>
php
foreach ($errors as $error):?>
<
p
> php
echo $error?> < /
p
>
php
endforeach?>
< /
div
>
php
endif?>
Explanation:File error. php is responsible for storing system error messages. Assuming the user enters the wrong username / password combination, then in such cases the error messages will be stored in the $error variable, which will then be displayed to the user using ’ echo; PHP function.server.php
// Session must be started
/ / to use session variables
session_start();
// Declare and raise variables
$username
=
""
;
$email
=
""
;
$errors
=
array
();
$_ SESSION
[
’success’
] =
""
;
// DBMS connection code -> hostname,
// username, password, database name
$db
= mysqli_connect (
’localhost’
,
’root’
,
’ ’
,
’registration’
);
// Registration code
if
(isset (
$_ POST
[
’reg_user’
])) {
// Retrieve entered values and save
// in variables
// Data sanitization is performed to prevent
/ / SQL Injection
$username
= mysqli_real_escape_string (
$db
,
$_ POST
[
’username’
] );
$email
= mysqli_real_escape_string (
$db
,
$_ POST
[
’ email’
]);
$password_1
= mysqli_real_escape_string (
$db
,
$_ POST
[
’ password_1’
]);
$password_2
= mysqli_real_escape_string (
$db
,
$_ POST
[
’ password_2’
]);
// Ensure that the user did not leave any input fields blank
// messages error messages will be displayed for every blank input
if
(
empty
(
$username
)) {
array_push
(
$errors
,
"Username is required"
); }
if
( empty
(
$email
) ) {
array_push
(
$errors
,
"Email is required"
); }
if
( empty
(
$password_1
) ) {
array_push
(
$errors
,
"Password is required"
); }
if
(
$password_1
! =
$password_2
) {
array_push
(
$errors
,
"The two passwords do not match"
);
// Check if passwords match
}
// If the form contains no errors, register a user
if
(
count
(
$errors
) == 0) {
// Encrypt the password to improve data security
$password
= md5 (
$password_1
);
// Inserting data into the table
$query
= "INSERT INTO users (username, email, password)
VALUES (
’$username’
,
’ $email’
,
’$password’
)";
mysqli_query (
$db
,
$query
);
// Store the username of the currently logged in user
// in a session variable
$_ SESSION
[
’username’
] =
$username
;
// Welcome message
$_ SESSION
[
’ success’
] =
"You have logged in"
;
// The page the user will be on
// redirected after login
header (
’location: index .php’
);
}
}
// User login
if
(isset (
$_ POST
[
’login_user’
])) {
// Clean up data to prevent SQL injection
$username
= mysqli_real_escape_string (
$db
,
$_ POST
[
’username’
]);
$password
= mysqli_real_escape_string (
$db
,
$_ POST
[
’ password’
]);
// Error message if the input field is left blank
if
(
empty
(
$username
)) {
array_push
(
$errors
,
" Username is required "
);
}
if
(
empty
(
$password
)) {
array_push
(
$errors
,
"Password is required"
);
}
// Check for errors
if
(
count
(
$errors
) == 0) {
// Password guess
$password
= md5 (
$password
);
$query
=" SELECT * FROM users WHERE username =
’$username’
AND password =
’ $password’
";
$results
= mysqli_query (
$db
,
$query
);
// $results = 1 means one user with
// entered name user exists
if
(mysqli_num_rows (
$results
) == 1) {
// Store the username in the session variable
$_ SESSION
[
’username’
] =
$username
;
// Welcome message
$_ SESSION
[
’ success’
] =
"You have logged in ! "
;
// The page the user is sent to
// so that after logging in
header (
’location: index.php’
);
}
else
{
// If username and password do not match
array_push
(
$errors
,
"Username or password incorrect"
);
}
}
}
?>
Explanation:Session started with using the session_start() method. After that, the variables are declared and an array of errors is created. It will store all error messages. The server.php page then connects to the ’ registration ’ database created earlier. After the user clicks the register button on the register.php button, the entered data is sent to the database and this completes the new registration. However, the validation of the form is done before this to ensure that the user fills out the form correctly. All fields are required and cannot be left blank.Line 18 - 21:mysqli_real_escape_stringescapes special characters before sending data to the database. This is important to protect the database against SQL injection.Line 25 - 27:These lines check if the user fills in all the input fields and if "password" and "confirm password" are the same. If both passwords match, then the code continues.Line 29 - 32:whether the password matches or not.Line 35 - 46:If the error count up to this point is zero, the password is then encrypted with "md5" and the entered data is sent to the database. After the registration process is complete, the username is stored in a session variable and the user is redirected to the index.php page where they are asked for their login credentials. Line 50 - 80:first username and password entered in sanitized. This is important to improve the security of the database as it eliminates the chance of any SQL injection. The user receives an error message if the username or password field is left blank.
If the number of errors up to this code point is 0, a database check is performed. If the username entered by the user is found in the database, then the user logs on successfully. The user is then redirected to the index.php page.login.php php
include (’server.php’)?>
<
html
>
<
head
>
<
title
>
Login and Registration
System - LAMP Stack
< /
title
>
<
link
rel
=
"stylesheet"
type
=
"text / css "
href
=
"style.css"
>
< /
head
>
<
body
>
<
div
class
=
"header"
>
<
h2
> Login Here! < /
h2
>
< /
div
>
<
form
method
=
"post"
action
=
"login.php "
>
php
include (’ errors.php’); ?>
<
div
class
=
"input-group"
>
<
label
> Enter Username < /
label
>
<
input
type
=
"text"
name
=
"username"
>
< /
div
>
<
div
class
=
"input-group"
>
<
label
> Enter Password < /
label
>
<
input
type
=
"password"
name
=
"password"
>
< /
div
>
<
div
class
=
"input-group"
>
<
button
type
=
"submit"
class
=
"btn"
name
=
"login_user"
>
Login
plain "> >
<
label
> Enter Password < /
label
>
<
input
type
=
"password"
name
=
"password"
>
< /
div
>
<
div
class
=
"input-group"
>
<
button
type
=