Question 42230 in PHP Question posted in
Official manual can be found here.

Conflict between Login form and Registeration form in the same page – PHP

My website has a login form and registration form in one page.

However, the system gets confused and uses both specifically $username and $password for login in and registering when filling up. Wanting to know how to separate and let the system differentiate these inputs. New to developing these

the PHP:

<?php 
    if($_SERVER['REQUEST_METHOD'] == "POST")
    {

        $user_name = $_POST['user_name1'];
        $password = $_POST['password1'];

        if(!empty($user_name) && !empty($password) && !is_numeric($user_name))
        {


            $query = "select * from users where user_name = '$user_name' limit 1";
            $result = mysqli_query($con, $query);

            if($result)
            {
                if($result && mysqli_num_rows($result) > 0)
                {

                    $user_data = mysqli_fetch_assoc($result);
                    
                    if($user_data['password'] === $password)
                    {

                        $_SESSION['user_id'] = $user_data['user_id'];
                        header("Location: index.php");
                        die;
                    }
                }
            }
            
          
            echo "wrong username or password!";
            
        }else
        {
            header("Location: login.php");
            echo "wrong username or password!";
        }
    }

    if($_SERVER['REQUEST_METHOD'] == "POST")
    {

        $user_name = $_POST['user_name'];
        $password = $_POST['password'];
        $f_name = $_POST['f_name'];
        $l_name = $_POST['l_name'];
        $home_add = $_POST['home_add'];
        $email = $_POST['email'];
        $mob_no = $_POST['mob_no'];


        if(!empty($user_name) && !empty($password) && !is_numeric($user_name))
        {

            
            $user_id = random_num(20);
            $query = "insert into users 
(user_id,user_name,password,f_name,l_name,email,home_add,mob_no) 
                     values 
('$user_id','$user_name','$password','$f_name','$l_name','$email','$home_add','$mob_no')";

            mysqli_query($con, $query);

            header("Location: login.php");
            die;
        }else
        {
            echo "Please enter some valid information!";
        }
    }
?>

The Login and Registration form:

 enter code here<div class="c2">
                <div class="Form C">
                    <div class="form-btn">
                        <span>Login</span>
                        <span>Register</span>
 
                    </div>
                    
                    <form method="post" id="Login">
                        <input type="username" name="user_name1" placeholder="Username" >
                        <input type="password" name="password1" placeholder="Password" >
                        <button type="submit"  class="btn">Login</button>
                    </form>
                    
                     <form method="post" id="Reg" >

                        <input type="username" name="user_name" placeholder="Username" >
                        <input type="password" name="password" placeholder="Password" >
                        <input type="firstname" name="f_name" placeholder="Firstname">
                        <input type="lastname" name="l_name" placeholder="Lastname">
                        
                        <input type="email" name="email" placeholder="Email">
                        <input type="Homeaddress" name="home_add" placeholder="Home Address">
                        <input type="Mobileno" name="mob_no" placeholder="Mobile No.">
                       
                        <button type="submit"  class="btn">Register</button>
                    </form>
                </div>
            </div>
Tags:

2

Answers


  1. 0

    If you want separate the file of login and registration make another file example is login.php & registration.php and add action to your HTML form action="login.php"

    Or you don’t want to separate their file make a condition that will identify them if they’re login or registration something like this

    if($_SERVER['REQUEST_METHOD'] == "POST"){ 
  if(!empty($_POST['username1']) AND !empty($_POST['password1'])  ){
       //login
    }else{
      //registration
    }
 }

    Or a hidden input so you can identify the login and registration

    Note: Learn the how to prevent sql injection

    Login or Signup to reply.
  2. 0

    We have 2 problems to solve here:

    1. The one you see which is the form submission challenge,
    2. The one you’re missing which is securing the Login/Registration process

    For the first one you can add name attribute in your html form:

    ...
<button type="submit" name="login" class="btn">Login</button>
...
<button type="submit" name="register" class="btn">Register</button>
...
<?php
    if($_SERVER['REQUEST_METHOD'] === "POST"){ 
        if (isset($_POST["login"]) {
            // Login
        } elseif (isset($_POST["register"]) {
            // Register
        } else {
            // throw an error page/message
            die(" >>> 400: Bad Request");
        }
    }

    And now for the second problem, you need to consider the following:

    1. After form submission, validate user input before going through any process and always use parameterized query. This can help with the attack known as SQL Injection
    2. Secure your form against CSRF Attack, google about it first and then you’ll find it easy to implement, I suggest php-csrf
    1. Add session_regeneration_id() before $_SESSION['user_id'] = $user_data['user_id'];, google about Session Hijacking!

    Good Luck!

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search