Welcome Guest, Not a member yet? Create Account  

PHP7/Mysqli - Simple Login, Registration
#1
(This post was last modified: 10-27-2017, 05:50 PM by Vespei.)

This is a PLAIN backend tutorial, I will have little to no html/css. This must be done by you. No security included.
All my tutorials will always be free

Notice: I suggest you setup a custom HASH system on login with time/uid and a few other factors. for the UID Session as you can spoof accounts with simple JS:

Code:
document.cookies = "uid = 1"

SQL Database
Code:
uid - int (11) - ai - primarykey
username - varchar (25)
email - varchar (50)
password - varchar (60)

config.php
(Don't forget to edit login info; you may name this something else for security, Just remember what you named it.)
Code:
<?php

   define("db_host", "host");
   define("db_user", "username");
   define("db_pass", "password");
   define("db_name", "name");

 $mysqli = mysqli_connect(db_host, db_user, db_pass, db_name);


 if ($mysqli->connect_errno) {
     echo "Database Failed:" . $mysqli->connect_error;
     exit();
 }

Index.php
Code:
<?php
error_reporting(E_ALL ^ E_NOTICE); // This is due to if there is not session, the session will error sometimes.
session_start();

if(isset($_SESSION["uid"])) {
 header('Location: ./home.php');
}
?>
(links to Login/Registration)

login.php
(Make sure to edit config.php if you did; Also edit "FROM user" to your table name)
Code:
<?php
error_reporting(E_ALL ^ E_NOTICE);
session_start();

require('./config.php');

if(isset($_SESSION["uid"])) {
 header('Location: ./home.php');
}

if(isset($_POST['login'])) {
 $username = htmlspecialchars($_POST['un']);
 $password = htmlspecialchars($_POST['pw']);
 $check1 = mysqli_query($mysqli, "SELECT * FROM user WHERE username='".$username."'");
 if(mysqli_num_rows($check1) > 0) {
   $query = "SELECT * FROM user WHERE username='".$username."'";
   $result = $mysqli->query($query);
   $row = mysqli_fetch_array($result, MYSQLI_ASSOC);
   if(password_verify($password,$row['password'])) {

     $_SESSION['uid'] = $row['uid'];
     header('Location: home.php');
   } else {
     $err = "Username or password is incorrect.";
   }
 } else {
   $err = "Username or password is incorrect.";
 }
}
   if(isset($err)) {
     echo "<center>" . $err . "</center><br/><br/>";
   }
  ?>

   <form method="post">
     <input type="text" name="un" placeholder="Username"><br>
     <br>
     <input type="password" placeholder="Password" name="pw"><br><br>
     <input name="login" type="submit" value="login">
   </form>
</body>
register.php
(Make sure to edit config.php if you did; Also edit "FROM user" to your table name)

Code:
<?php
error_reporting(E_ALL ^ E_NOTICE);
session_start();

require('./config');

if(isset($_SESSION["uid"])) {
 header('Location: ./home.php');
}

$enabled = 0; // Simple disable registration

if(isset($_POST['register'])) {
 if($enabled == 1) {
   $username = htmlspecialchars($_POST['un']);
   $email = htmlspecialchars($_POST['em']);
   $pass = htmlspecialchars($_POST['pw']);
   $cpass = htmlspecialchars($_POST['cpw']);


   if(strlen($username) > 25) {
     $err = "Username is over 25 characters.";
   } elseif(strlen($username) < 3) {
     $err = "Username is less than 3 characters.";
   } elseif(preg_match('/\s/',$username)) {
     $err = "Username has a space in it.";
   } elseif(strlen($pass) < 3) {
     $err = "Password to short.";
   } else {

     if($pass == $cpass) {
       $pass = password_hash($pass, PASSWORD_BCRYPT);
       $check1 = mysqli_query($mysqli, "SELECT * FROM `user` WHERE username='".$username."'");
       if(mysqli_num_rows($check1) > 0) {
         $err = "Username is taken.";
       } else {
         $check2 = mysqli_query($mysqli, "SELECT * FROM `user` WHERE email='".$email."'");
         if(mysqli_num_rows($check2) > 0) {
           $err = "Email is being used by another account.";
         } else {
           $sql = $mysqli->query("INSERT INTO user (username,email,password)Values('{$username}','{$email}','{$pass}')");
           header('Location: ./login.php');
         }
       }
     } else {
       $err = "Passwords don't match.";
     }
   }
  } else {
       $err = "Registration is disabled";
  }
 }

   if(isset($err)) {
     echo "<center>" . $err . "</center><br/><br/>";
   }
  ?>
   <form method="post">
     <input type="text"placeholder="Username" name="un"><br>
     <br>
     <input type="password" placeholder="Password" name="pw"><br>
     <br>
     <input type="password" placeholder="Confirm password" name="cpw"><br>
     <br>
     <input type="email" placeholder="Email" name="em"><br>
     <br>
     <inputtype="submit" name="register" value="Register">
   </form>
This tutorial is meant to be super easy for someone new to use a reference. I am not the best but it's somewhere to start. :')
Yes I realized i went back and forth from mysqli_query(); and $mysqli->query();
Likes 0


Messages In This Thread
PHP7/Mysqli - Simple Login, Registration - by Vespei - 10-26-2017, 05:05 PM



  1 Guest(s)