Simple-Website/server.php at main · itzRR/Simple-Website · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<?php
// Database connection
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "users";

$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $action = $_POST['action']; // Determine if it's login or register
    $user = $conn->real_escape_string($_POST['username']);
    $pass = $_POST['password'];

    if ($action === 'register') {
        // Registration Logic
        $name = $conn->real_escape_string($_POST['name']);
        $email = $conn->real_escape_string($_POST['email']);
        $hashedPass = password_hash($pass, PASSWORD_BCRYPT); // Secure password

        $sql = "INSERT INTO users (name, email, username, password) VALUES ('$name', '$email', '$user', '$hashedPass')";
        if ($conn->query($sql) === TRUE) {
            header("Location: index.html");
            exit();
        } else {
            if ($conn->errno === 1062) {
                echo "Error: Username or email already exists!";
            } else {
                echo "Error: " . $conn->error;
            }
        }
    } elseif ($action === 'login') {
        // Login Logic
        $sql = "SELECT * FROM users WHERE username='$user'";
        $result = $conn->query($sql);

        if ($result->num_rows > 0) {
            $row = $result->fetch_assoc();
            if (password_verify($pass, $row['password'])) {
                header("Location: index.html");
                exit();
            } else {
                echo "Error: Invalid password!";
            }
        } else {
            echo "Error: No user found with that username!";
        }
    }
}

$conn->close();
?>