How to display authorized user information in PHP?

Session variables are used to display logged user information in PHP. Project explanation and code:
This is a simple registration system. The register.php page asks for the desired username, email and user password, and then sends the entered data to the database after clicking the submit button. The user is then redirected to the index.php page, which displays a welcome message and the name of the currently logged in user.The first step is to create the database and then the tables inside it. The database is called "registration" and the table - "Users". Table ’ users ’ will contain 4 fields.

id - primary key - autoincrement

username - varchar (100)

email - varchar (100)

password - varchar (100)

"Identity" will be the primary key, which means it will be unique for each logged in user. It will also automatically increase with every new registration. The datatype for username, email and password will be varchar. The size can be adjusted as required, however 100 is sufficient.SQL for the table: CREATE TABLE ’users’ ( ’id’ int (11) NOT NULL AUTO_INCREMENT PRIMARY KEY , ’ username’ varchar (100) NOT NULL , ’em ail’ varchar (100) NOT NULL , ’ password ’ varchar (100) NOT NULL) phpMyAdmin after creating database and table Project folder containing the required files error.php php  if (count ($errors) > 0):? & Gt; < div class = "error" > php foreach ($errors as $error):?> < p > php echo $error?> < / p > php endforeach?> < / div > php  endif?> Explanation:File error. php is responsible for storing system error messages. Assuming the user enters the wrong username / password combination, then in such cases the error messages will be stored in the $error variable, which will then be displayed to the user using ’ echo; PHP function.server.php  
// Session must be started
/ / to use session variables
session_start();  
// Declare and raise variables $username = "" ; $email  = "" ; $errors = array (); $_ SESSION [ ’success’ ] = "" ;  
// DBMS connection code -> hostname,
// username, password, database name $db = mysqli_connect ( ’localhost’ , ’root’ , ’ ’ , ’registration’ );  
// Registration code if (isset ( $_ POST [ ’reg_user’ ])) { // Retrieve entered values ​​and save // in variables // Data sanitization is performed to prevent / / SQL Injection $username = mysqli_real_escape_string ( $db , $_ POST [ ’username’ ] ); $email = mysqli_real_escape_string ( $db , $_ POST [ ’ email’ ]); $password_1 = mysqli_real_escape_string ( $db , $_ POST [ ’ password_1’ ]); $password_2 = mysqli_real_escape_string ( $db , $_ POST [ ’ password_2’ ]); // Ensure that the user did not leave any input fields blank // messages error messages will be displayed for every blank input if ( empty ( $username )) { array_push ( $errors , "Username is required" ); } if ( empty ( $email ) ) { array_push ( $errors , "Email is required" ); } if ( empty ( $password_1 ) ) { array_push ( $errors , "Password is required" ); } if ( $password_1 ! = $password_2 ) { array_push ( $errors , "The two passwords do not match" ); // Check if passwords match } // If the form contains no errors, register a user if ( count ( $errors ) == 0) { // Encrypt the password to improve data security $password = md5 ( $password_1 ); // Inserting data into the table $query = "INSERT INTO users (username, email, password) VALUES ( ’$username’ , ’ $email’ , ’$password’ )"; mysqli_query ( $db , $query ); // Store the username of the currently logged in user // in a session variable $_ SESSION [ ’username’ ] = $username ; // Welcome message $_ SESSION [ ’ success’ ] = "You have logged in" ; // The page the user will be on // redirected after login header ( ’location: index .php’ ); } }  
// User login if (isset ( $_ POST [ ’login_user’ ])) { // Clean up data to prevent SQL injection $username = mysqli_real_escape_string ( $db , $_ POST [ ’username’ ]); $password = mysqli_real_escape_string ( $db , $_ POST [ ’ password’ ]); // Error message if the input field is left blank if ( empty ( $username )) { array_push ( $errors , " Username is required " ); } if ( empty ( $password )) { array_push ( $errors , "Password is required" ); } // Check for errors if ( count ( $errors ) == 0) { // Password guess $password = md5 ( $password ); $query =" SELECT * FROM users WHERE username = ’$username’ AND password = ’ $password’ "; $results = mysqli_query ( $db , $query ); // $results = 1 means one user with // entered name user exists if (mysqli_num_rows ( $results ) == 1) { // Store the username in the session variable $_ SESSION [ ’username’ ] = $username ; // Welcome message $_ SESSION [ ’ success’ ] = "You have logged in ! " ; // The page the user is sent to // so that after logging in header ( ’location: index.php’ ); } else { // If username and password do not match array_push ( $errors , "Username or password incorrect" ); } } }  
?> Explanation:Session started with using the session_start() method. After that, the variables are declared and an array of errors is created. It will store all error messages. The server.php page then connects to the ’ registration ’ database created earlier. After the user clicks the register button on the register.php button, the entered data is sent to the database and this completes the new registration. However, the validation of the form is done before this to ensure that the user fills out the form correctly. All fields are required and cannot be left blank.Line 18 - 21:mysqli_real_escape_stringescapes special characters before sending data to the database. This is important to protect the database against SQL injection.Line 25 - 27:These lines check if the user fills in all the input fields and if "password" and "confirm password" are the same. If both passwords match, then the code continues.Line 29 - 32:whether the password matches or not.Line 35 - 46:If the error count up to this point is zero, the password is then encrypted with "md5" and the entered data is sent to the database. After the registration process is complete, the username is stored in a session variable and the user is redirected to the index.php page where they are asked for their login credentials. Line 50 - 80:first username and password entered in sanitized. This is important to improve the security of the database as it eliminates the chance of any SQL injection. The user receives an error message if the username or password field is left blank.
If the number of errors up to this code point is 0, a database check is performed. If the username entered by the user is found in the database, then the user logs on successfully. The user is then redirected to the index.php page.login.php php include (’server.php’)?> < html > < head > < title > Login and Registration System - LAMP Stack < / title > < link rel = "stylesheet" type = "text / css " href = "style.css" > < / head > < body > < div class = "header" > < h2 > Login Here! < / h2 > < / div > < form method = "post" action = "login.php " > php include (’ errors.php’); ?> < div class = "input-group" > < label > Enter Username < / label > < input type = "text" name = "username" > < / div > < div class = "input-group" > < label > Enter Password < / label > < input type = "password" name = "password" > < / div > < div class = "input-group" > < button type = "submit" class = "btn" name = "login_user" > Login plain "> > < label > Enter Password < / label > < input type = "password" name = "password" > < / div > < div class = "input-group" > < button type =