$email = $_POST["email"]; } if (empty($_POST["password"])) { $errorcount++; } else { $password = $_POST["password"]; } if ($errorcount > 0) { $errormsg = "<p>One or more required field is missing!</p>"; $fieldspassed = FALSE; } if ($fieldspassed) { if ($mysqli = ConnectToDB()) { $email = $mysqli->real_escape_string($email); $password = $mysqli->real_escape_string($password); $regusers = $mysqli->query(SelectElementsWhere("*", "email = '{$email}' AND password = '******'", "users")); if ($regusers->num_rows == 1) { $email = ""; $password = ""; $user = $regusers->fetch_assoc(); $_SESSION['valid'] = TRUE; $_SESSION['uid'] = $user['id']; header("Location: index.php"); exit; } else { $password = ""; $loginerrormsg = "<p>The username or password was incorrect!</p>"; } $regusers->free(); } if (CloseDBConnection($mysqli)) {
<?php session_start(); if ($_SESSION['valid']) { if ($mysqli = ConnectToDB()) { $users = $mysqli->query(SelectElementsWhere("*", "id = " . $_SESSION['uid'] . "", "users")); if ($users->num_rows == 1) { $user = $users->fetch_assoc(); $_SESSION['firstname'] = $user['firstname']; } $users->free(); } if (CloseDBConnection($mysqli)) { } } else { $_SESSION['firstname'] = "Guest"; }
if ($errorcount > 0) { $errormsg = "<p>One or more required field is missing!</p>"; $fieldspassed = FALSE; } if ($password != $confpass) { $passerrormsg = "<p>The passwords do not match!</p>"; $fieldspassed = FALSE; } if ($fieldspassed) { if ($mysqli = ConnectToDB()) { $firstname = $mysqli->real_escape_string($firstname); $lastname = $mysqli->real_escape_string($lastname); $email = $mysqli->real_escape_string($email); $password = $mysqli->real_escape_string($password); $okToRegisterUser = TRUE; $existingusers = $mysqli->query(SelectElementsWhere("*", "email = '{$email}'", "users")); if ($existingusers->num_rows > 0) { $okToRegisterUser = FALSE; $regusererrormsg = "<p>A user with this email address (username) already exists!</p>"; $email = ""; } if ($okToRegisterUser) { if ($mysqli->query("INSERT INTO users (id, firstname, lastname, email, password) VALUES (NULL, '{$firstname}', '{$lastname}', '{$email}', '{$password}')")) { $regsuccessmsg = "<p>Registration successful!!</p>"; } } $existingusers->free(); } if (CloseDBConnection($mysqli)) { } }