Hệ thống quản lý hàng tồn kho trong php
1 <?php
2 session_start();
3
4 // initializing variables
5 $username = "";
6 $email = "";
7
8 $errors = array();
9
10 // connect to the database
11 $db = mysqli_connect('localhost', 'root', '', 'inventory');
12 if (mysqli_connect_errno())
13 {
14 echo "Failed to connect to MySQL: " . mysqli_connect_error();
15 }
16
17 // REGISTER USER
18 if (isset($_POST['reg_user'])) {
19 // receive all input values from the form
20 $first_name=mysqli_real_escape_string($db, $_POST['first_name']);
21 $last_name=mysqli_real_escape_string($db, $_POST['last_name']);
22 $username = mysqli_real_escape_string($db, $_POST['username']);
23 $email = mysqli_real_escape_string($db, $_POST['email']);
24 $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
25 $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
26 $mobile= mysqli_real_escape_string($db, $_POST['mobile']);
27
28 // form validation: ensure that the form is correctly filled ...
29 // by adding (array_push()) corresponding error unto $errors array
30 if (empty($username)) { array_push($errors, "Username is required"); }
31 if (empty($first_name)) { array_push($errors, "First Name is required"); }
32 if (empty($last_name)) { array_push($errors, "Last Name is required"); }
33 if (empty($email)) { array_push($errors, "Email is required"); }
34 if (empty($password_1)) { array_push($errors, "Password is required"); }
35 if (empty($mobile)) { array_push($errors, "Mobile is required"); }
36 if ($password_1 != $password_2) {
37 array_push($errors, "The two passwords do not match");
38 }
39
40 // first check the database to make sure
41 // a user does not already exist with the same username and/or email
42 $user_check_query = "SELECT * FROM register WHERE username='$username' OR email='$email' LIMIT 1";
43 $result = mysqli_query($db, $user_check_query);
44 $user = mysqli_fetch_assoc($result);
45
46 if ($user) { // if user exists
47 if ($user['username'] === $username) {
48 array_push($errors, "Username already exists");
49 }
50
51 if ($user['email'] === $email) {
52 array_push($errors, "email already exists");
53 }
54 }
55
56 // Finally, register user if there are no errors in the form
57 if (count($errors) == 0) {
58 $password = md5($password_1);//encrypt the password before saving in the database
59
60 $query = "INSERT INTO register (username,email,password_1,first_name,last_name,mobile)
61 VALUES('$username', '$email', '$password','$first_name','$last_name',$mobile)";
62 mysqli_query($db, $query);
63 $_SESSION['username'] = $username;
64 $_SESSION['first_name'] =$first_name;
65 $_SESSION['last_name'] =$last_name;
66 header('location: index.php');
67 }
68 }
69
70 // LOGIN USER
71 if(isset($_POST['submit']))
72 {
73
74 //mysql_select_db($dbDatabase, $db)or die("Couldn't select the database.");
75
76 $username = mysqli_real_escape_string($db, $_POST['username']);
77 $password = mysqli_real_escape_string($db, $_POST['password']);
78
79 if (empty($username)) {
80 array_push($errors, "Username is required");
81 }
82 if (empty($password)) {
83 array_push($errors, "Password is required");
84 }
85
86 if (count($errors) == 0)
87 {
88 $password = md5($password);
89 if (md5($_POST['password']) !== $password)
90 {
91 echo "Password is invalid";
92 }
93 $query = "SELECT * FROM register WHERE username='$username' AND password_1 ='$password'";
94
95
96
97
98 $sql="SELECT first_name,last_name FROM register WHERE username='$username' AND password_1 ='$password'";
99 $result=mysqli_query($db,$sql);
100 $row=mysqli_fetch_assoc($result);
101
102
103
104 $results = mysqli_query($db, $query);
105 $res=mysqli_num_rows($results);
106 if ($res)
107 {
108 $_SESSION['username'] = $username;
109 $_SESSION['first_name'] =$row["first_name"];
110
111 $_SESSION['last_name'] =$row["last_name"];
112 header('location: index.php');
113 }
114 else
115 {
116 array_push($errors, "Wrong username/password combination");
117 }
118 }
119
120
121
122
123 }
124
125 ?>
126