InukVT/login.php

## login.php
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$username = mysqli_real_escape_string($db, $username);
$sql = "SELECT * FROM users WHERE username='$username'";
$res = mysqli_query($db, $sql) or die(mysqli_error($db));
if (mysqli_num_rows($res) > 0)
{
  $row = mysqli_fetch_assoc($res);
  $hash = $row['password'];

}
if (password_verify($password, $hash))
{
  $_SESSION['username'] = $username; // Initializing Session
  header("location: $uri_cookie"); // Redirecting To Other Page
  $error = "Your username is: $username";
  $sql = "SELECT role FROM users WHERE username='$username'";
  $result = mysqli_query($db, $sql);
  $row = mysqli_fetch_array($result, MYSQLI_ASSOC);
  if (mysqli_num_rows($result) == 1)
  {
      $_SESSION['role'] = $row['role'];
      $admin = $_SESSION['role'];
      echo "$admin";
  }
}
else {

    $error = "Incorrect username or password.<br>".$hash. "<br>" .$password;
}

## register.php
$username = $_POST['username'];
$password = $_POST['password'];
// To protect from MySQL injection
$username = stripslashes($username);
$username = mysqli_real_escape_string($db, $username);
$hash = password_hash($password, PASSWORD_DEFAULT);
//Check username and password from database
$sql = "INSERT INTO users(`uid`,`username`,`password`,`role`) VALUES (NULL, '$username','$hash','0')";
if(mysqli_query($db, $sql))
{
  //Code here for successful login!
  $register = true;
}
else
{
  //Error code, should be removed before primetime!
  echo "Something happened!<br>".mysqli_error($db);
}
	$username = $_POST['username'];
	$password = $_POST['password'];
	$username = stripslashes($username);
	$username = mysqli_real_escape_string($db, $username);
	$sql = "SELECT * FROM users WHERE username='$username'";
	$res = mysqli_query($db, $sql) or die(mysqli_error($db));
	if (mysqli_num_rows($res) > 0)
	{
	$row = mysqli_fetch_assoc($res);
	$hash = $row['password'];

	}
	if (password_verify($password, $hash))
	{
	$_SESSION['username'] = $username; // Initializing Session
	header("location: $uri_cookie"); // Redirecting To Other Page
	$error = "Your username is: $username";
	$sql = "SELECT role FROM users WHERE username='$username'";
	$result = mysqli_query($db, $sql);
	$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
	if (mysqli_num_rows($result) == 1)
	{
	$_SESSION['role'] = $row['role'];
	$admin = $_SESSION['role'];
	echo "$admin";
	}
	}
	else {

	$error = "Incorrect username or password.<br>".$hash. "<br>" .$password;
	}
	$username = $_POST['username'];
	$password = $_POST['password'];
	// To protect from MySQL injection
	$username = stripslashes($username);
	$username = mysqli_real_escape_string($db, $username);
	$hash = password_hash($password, PASSWORD_DEFAULT);
	//Check username and password from database
	$sql = "INSERT INTO users(`uid`,`username`,`password`,`role`) VALUES (NULL, '$username','$hash','0')";
	if(mysqli_query($db, $sql))
	{
	//Code here for successful login!
	$register = true;
	}
	else
	{
	//Error code, should be removed before primetime!
	echo "Something happened!<br>".mysqli_error($db);
	}