PHP files for First Page in Web App - fixes #6

eslamdyab21 · Apr 9, 2023 · 401bbd2 · 401bbd2
1 parent 151c2e8
commit 401bbd2
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 0 deletions.
diff --git a/customers-web-application/SignIn.php b/customers-web-application/SignIn.php
@@ -0,0 +1,28 @@
+<?php      
+
+    $conn=mysqli_connect('localhost','root','','whr');
+    if(mysqli_connect_errno()) {  
+        die("Failed to connect with MySQL: ". mysqli_connect_error());  
+    }    
+    $email = $_POST['Email'];  
+    $password = $_POST['Password'];  
+        //to prevent from mysqli injection  
+        $email = stripcslashes($email);  
+        $password = stripcslashes($password);  
+        $email = mysqli_real_escape_string($conn, $email);  
+        $password = mysqli_real_escape_string($conn, $password);  
+        $sql = "select * from `users` where Email = '".$email."' and password = '".$password."'";  
+        $result = mysqli_query($conn, $sql);  
+        $row = mysqli_fetch_array($result, MYSQLI_ASSOC);  
+        $count = mysqli_num_rows($result);  
+
+        if($count == 1){  
+            echo "<h1><center> Login successful </center></h1>";  
+        }  
+        else{  
+            echo "<h1> Login failed. Invalid username or password.</h1>";  
+        }     
+?>  
+<script>
+    localStorage.setItem('Email','".$email."');
+</script>
diff --git a/customers-web-application/SignUp.php b/customers-web-application/SignUp.php
@@ -0,0 +1,34 @@
+<?php
+    //connect to db
+    $conn=mysqli_connect('localhost','root','','whr');
+    $error_field=array();
+    if(!(isset($_POST['Name'])&& !empty($_POST['Name'])))
+        $error_field[]='Name';
+    if(!(isset($_POST['Email'])&& filter_input(INPUT_POST,'Email',FILTER_VALIDATE_EMAIL)))
+       $error_field[]='Email';
+    if(!(isset($_POST['Password'])&& strlen($_POST['Password'])>5))
+       $error_field[]='Password';
+
+    if($error_field) {
+        header("Location:FirstPage.html?error_fields=".implode(",",$error_field));
+           exit(); 
+    }
+    if(!$conn)
+    { echo mysqli_connect_error();
+      exit;}
+    //Escape any special characters to avoid SQL injection
+    $name=mysqli_escape_string($conn,$_POST['Name']);
+    $email=mysqli_escape_string($conn,$_POST['Email']);
+    $password=mysqli_escape_string($conn,$_POST['Password']);
+    //insert data
+$query = "insert into `users` (`Name`,`Email`,`Password`) values ('".$name."','".$email."','".$password."')";
+    if(mysqli_query($conn,$query))
+    {
+        echo "Thank You For Signing Up";
+    }
+    else
+    {
+        echo $query;
+        echo mysqli_error($conn);
+    }
+?>