Inventory Page Code
register.php 
<?php
// Start the PHP session to manage user sessions across pages
session_start();

// Include the database connection file
require_once("webmodules/mysqli_connection.php");

// Function to sanitize user input to prevent XSS and other attacks
function sanitize($data) {
  $data = trim($data); 
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}

// Check if the request method is POST and all required fields are filled
if (strtoupper($_SERVER['REQUEST_METHOD']) === 'POST') {
    if (!empty($_POST['pass']) && !empty($_POST['user']) && !empty($_POST['username'])) {

        $validationed = false; // Flag to track if validation is successful
        $err_msg = ""; // Variable to store error messages

        // Sanitize the input data
        $user = sanitize($_POST['user']);
        $username = sanitize($_POST['username']);
        $passwd = password_hash(sanitize($_POST['pass']), PASSWORD_DEFAULT); // Hash the password

        // Escape special characters in the username for SQL safety
        $user = mysqli_real_escape_string($db_conn, $user);

        // Check if the username already exists in the database
        $sql = "SELECT * FROM users WHERE login='$user';";
        $result  = mysqli_query($db_conn, $sql);
        $num_rows = mysqli_num_rows($result);

        // If the username does not exist, insert the new user into the database
        if (!$num_rows) {
            $sql = "INSERT INTO users (login, hash, username) VALUES ('$user', '$passwd', '$username')";
            if(mysqli_query($db_conn, $sql)){
                echo "Records added successfully.";
                $validationed = true;
            } else {
                echo "Unable to create account $sql. " . mysqli_error($link);
            }
        }

        // If validation failed, set an error message
        if ($validationed === false) {
            $err_msg = "Unable To create account. Username already Exists";
        } else {
            // Close the database connection and redirect to the login page
            mysqli_close($db_conn);
            header("Location: login.php");
            exit();
        }
    }
} else {
    // If the request is not POST, destroy any existing session to reset the login state
    session_destroy();
    session_unset();
    session_start();
}
login.php 
<?php
// Start PHP session to manage user sessions
session_start();

// Include the database connection file
require_once("webmodules/mysqli_connection.php");

// Function to sanitize user input to prevent XSS attacks
function sanitize($data) {
  $data = trim($data);                  
  $data = stripslashes($data);         
  $data = htmlspecialchars($data);
  return $data;
}

// Check if the form has been submitted
if(strtoupper($_SERVER['REQUEST_METHOD']) === 'POST') {
    if (isset($_POST['pass']) && isset($_POST['user'])) {

        // Predefine variables
        $validationed = false; // Flag to track successful login
        $err_msg = "";         // Store error messages

        // Sanitize user inputs
        $user = sanitize($_POST['user']);
        $passwd = sanitize($_POST['pass']);

        // Prevent SQL injection by escaping special characters
        $user = mysqli_real_escape_string($db_conn, $user);
                
        // Query the database for the entered username
        $sql = "SELECT * FROM users WHERE login='" . $user . "';";
        $result = mysqli_query($db_conn, $sql) or die(mysqli_error($db_conn));
        $row_count = mysqli_num_rows($result);

        // If the user exists, verify the password
        if ($row_count > 0) {
            $row = mysqli_fetch_assoc($result);

            // Verify the hashed password stored in the database
            if (password_verify($passwd, $row['hash'])) {
                // Store user information in session variables
                $_SESSION['login_name'] = $row['login'];
                $_SESSION['login_time'] = time(); // Store login timestamp
                $_SESSION['user_name'] = $row['username'];
                $_SESSION['address'] = $row['address'];
                $_SESSION['phone'] = $row['phone'];

                $validationed = true; // Set validation flag to true
            }
        }

        // Handle login failure
        if ($validationed === false) {
            $err_msg = "Invalid User"; // Display error if login fails
        } else {
            // If authenticated, set session variable
            $_SESSION['authenticated'] = true;

            // Redirect the user to the homepage
            header("Location: index.php");
            exit();
        }
    }
} else {
    // Log out the user if they visit the login page without submitting the form
    session_destroy(); // Destroy the current session
    session_unset();   // Unset all session variables
    session_start();   // Start a new session
}

Project information

  • Category: Full-Stack Web Development
  • Tech Stack: HTML, CSS, PHP, MySQL
  • Project date: April 2023
  • Key Feature: User Authentication & Dynamic Data Management

Project Description

This project is a dynamic Travel Agency website developed as the final project for my web development class in college. It features a comprehensive user management system where users can register an account with secure password hashing, log in with authentication checks, and manage their personal information. The website integrates with a MySQL database to handle user data and product information, allowing real-time updates to travel packages and pricing. It showcases robust PHP backend functionality with session management, form validation, and secure database interactions.