nielsmh/login.php

## login.php
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$username = mysqli_real_escape_string($db, $username);
$sql = "SELECT * FROM users WHERE username='$username'";
$res = mysqli_query($db, $sql) or die(mysqli_error($db));
if (mysqli_num_rows($res) > 0)
{
  $row = mysqli_fetch_assoc($res);
  $hash = $row['password'];

  if (password_verify($password, $hash))
  {
    $_SESSION['username'] = $username; // Initializing Session
    header("location: $uri_cookie"); // Redirecting To Other Page
    $error = "Your username is: $username";
    $_SESSION['role'] = $row['role'];  //////// allerede hentet i den originale SELECT *
    $admin = $_SESSION['role'];
    echo "$admin";
  }
  else {

      $error = "Incorrect username or password.<br>".$hash. "<br>" .$password;
  }
}

## register.php
$username = $_POST['username'];
$password = $_POST['password'];
// To protect from MySQL injection
$username = mysqli_real_escape_string($db, $username);
$hash = password_hash($password, PASSWORD_DEFAULT);
//Check username and password from database
$sql = "INSERT INTO users(`username`,`password`,`role`) VALUES ('$username','$hash','0')";
if(mysqli_query($db, $sql))
{
  //Code here for successful login!
  $register = true;
}
else
{
  //Error code, should be removed before primetime!
  echo "Something happened!<br>".mysqli_error($db);
}
	$username = $_POST['username'];
	$password = $_POST['password'];
	$username = stripslashes($username);
	$username = mysqli_real_escape_string($db, $username);
	$sql = "SELECT * FROM users WHERE username='$username'";
	$res = mysqli_query($db, $sql) or die(mysqli_error($db));
	if (mysqli_num_rows($res) > 0)
	{
	$row = mysqli_fetch_assoc($res);
	$hash = $row['password'];

	if (password_verify($password, $hash))
	{
	$_SESSION['username'] = $username; // Initializing Session
	header("location: $uri_cookie"); // Redirecting To Other Page
	$error = "Your username is: $username";
	$_SESSION['role'] = $row['role']; //////// allerede hentet i den originale SELECT *
	$admin = $_SESSION['role'];
	echo "$admin";
	}
	else {

	$error = "Incorrect username or password.<br>".$hash. "<br>" .$password;
	}
	}
	$username = $_POST['username'];
	$password = $_POST['password'];
	// To protect from MySQL injection
	$username = mysqli_real_escape_string($db, $username);
	$hash = password_hash($password, PASSWORD_DEFAULT);
	//Check username and password from database
	$sql = "INSERT INTO users(`username`,`password`,`role`) VALUES ('$username','$hash','0')";
	if(mysqli_query($db, $sql))
	{
	//Code here for successful login!
	$register = true;
	}
	else
	{
	//Error code, should be removed before primetime!
	echo "Something happened!<br>".mysqli_error($db);
	}