Click here to Skip to main content
14,732,921 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
I'm trying to create a very simple Login and Registration system using PHP and MSQLi and I'm not sure how to procede here

if()
LOGIN();
else()
REGISTER();


I don't want to complicate the code further by adding email,verification,logout option etc. and I don't wish to use a
<div class="form">
or other possible options that I've come across the internet. I'm just a beginner and I want to know if there's a right way to go with
if()
		LOGIN();
	else()	
		REGISTER();


What I have tried:

<!DOCTYPE html>
<html>
	<head>
		<title>LOGIN</title>
	</head>

	<body>
		<form name="login" action="login.php" method="POST">
			Username:<input type="text" name="username"/><br/>
			Password:<input type="password" name="password"/><br/>
			<input type="submit" name="action" value="Login"/>
			<input type="submit" name="action" value="Register"/>
		</form>
	</body>
</html>






<!DOCTYPE html>
<html>
<head>
<title>LOGIN Result</title>

<?php
function DeclareVariables()
{
	global $username,$password;
	global $hostname,$database,$db_username,$db_password;
	global $DB,$connectDB_ok,$result;
/*	
	$hostname="localhost";    // XAMPP
	$database="MyServiceDB";  // XAMPP
	$db_username="root";      // XAMPP
	$db_password="";          // XAMPP
*/

	$hostname="localhost";          //"mysql.hostinger.gr";
	$database="id15378361_mydb";
	$db_username="id15378361_user"; // phpMyAdmin username
	$db_password="Password123!";    // phpMyAdmin password

	$username=$_POST['username'];
	$password=$_POST['password'];

	$connectDB_ok=true;
	
	
	
	
	
}
function Failed($error_msg)
{
	global $connectDB_ok;

	$connectDB_ok=false;
	print $error_msg;
}



function ConnectToDB()
{
	global $DB,$hostname,$database,$db_username,$db_password,$connectDB_ok;
	
	$DB=mysqli_connect($hostname,$db_username,$db_password) or Failed("MySQL connecting error");
	if($connectDB_ok)
	{
		mysqli_select_db($DB,$database) or Failed("DATABASE selection error");
	}
}





function QueryToDB()
{
	global $DB,$result,$connectDB_ok,$username;
	
	if($connectDB_ok)
	{
		if (trim($username)!='') //check if username is not empty
		{
			$query="SELECT * FROM RegisteredUsers WHERE Name='$username';";
			$result=mysqli_query($DB,$query) or Failed("SQL query error");
		}
		else
			Failed("Please enter a valid username");
	}
}




function CheckUser()
{
	global $DB,$result,$connectDB_ok,$username,$password;
	
	if($connectDB_ok) 
	{
		$num=mysqli_num_rows($result);
		if ($num==0) // if there are no records returned the user doesn't exist
		{
			print "USER ".$username." doesn't exist";
		}
		else //($num==1) >1 is not possible since Name is a UNIQUE db-field
		{
			$row=mysqli_fetch_row($result);
			$password_from_db=$row[2]; // 2 refers to the 3rd column (0-based logic: 0,1,2)
			if ($password_from_db==$password)
			{
				print "LOGIN of ".$username." was successful";
			}
			else
			{
				print "WRONG PASSWORD for USER ".$username;
			}
		}
	}
}




function AddNewUser()
{
	global $DB,$connectDB_ok,$username,$password;
	
	if($connectDB_ok)
	{
		if (trim($username)!='') //check if username is not empty
		{
			$query="SELECT MAX(ID) AS 'max_id' FROM RegisteredUsers;";
			$result=mysqli_query($DB,$query) or Failed("NEW-ID error");
			if($connectDB_ok)
			{
				$row=mysqli_fetch_row($result);
				$newID=$row[0]+1; // 0 refers to the 1st-column=ID (0-based logic: 0,1,2)
				$query="INSERT INTO RegisteredUsers (ID,Name,Password) VALUES ($newID,'$username','$password');";
				mysqli_query($DB,$query) or Failed("INSERTION error (probably user already exists)");
				if($connectDB_ok)
				{
					print $username." inserted successfully";
				}
			}
		}
		else
			Failed("Please enter a valid username");
	}
}






function LOGIN()
{
	DeclareVariables();
	
	ConnectToDB();
	QueryToDB();
	CheckUser();

}


function REGISTER()
{
	DeclareVariables();
	
	ConnectToDB();
	QueryToDB();
	AddNewUser();
}



?>



</head>



<body>
<?php 
	if()
		LOGIN();
	else()	
		REGISTER();
?>
</body>
</html>
Posted
Updated 29-Nov-20 0:47am
Comments
Richard Deeming 30-Nov-20 4:42am
   
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation / interpolation to build a SQL query. ALWAYS use a parameterized query.
PHP: SQL Injection - Manual[^]
Richard Deeming 30-Nov-20 4:42am
   
You are also storing passwords in plain text. Don't do that.
Secure Password Authentication Explained Simply[^]

PHP even has built-in functions to help you do the right thing:
PHP: password_hash[^]
PHP: password_verify[^]

1 solution

Have a look at this and try. They are very basic examples only and would help you build what you are looking for:
PHP - Login Example - Tutorialspoint[^]
Creating a User Login System with PHP and MySQL - Tutorial Republic[^]

They are step by step and if you feel stripping few HTML out of them too, you can try that of.
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900