Source of: /ADI/auth-db-sessions/model.php

<?php

function login_user($db,$uid,$pwd) {

   // avoid SQL injection
   $uid = mysqli_real_escape_string($db,trim($uid));
  
   $password_digest = md5($pwd); //generate the md5 hash of the received password
  
  
   $query = "SELECT * FROM users
           WHERE userid = '$uid'
           AND password = '$password_digest'";
   $result = @ mysqli_query($db, $query);
   if (!$result)
       showerror($db);

   if (mysqli_num_rows($result) > 0)
       $user = mysqli_fetch_assoc($result);
   else
       $user = array()  ;

   return $user;
}

function check_if_user_exists($db,$newid) {
  
  // Check for existing user (avoid SQL injection)
  $newid mysqli_real_escape_string($db,trim($newid));
  $query = "SELECT * FROM users WHERE userid = '" . $newid ."'";
  $result = @ mysqli_query($db, $query);
  if(!$result)
     showerror($db);

  if(mysqli_num_rows($result) > 0)
   $user_exists=true;
  else
   $user_exists=false;

  return $user_exists;

}

function register_user($db,$userid,$fullname,$email,$notes){

   $password = substr(md5(time()),0,6);  //generate a pseudo random 6 character password ...
  
   $_SESSION['uid'] = $userid;            //these session variables are only necessary
   $_SESSION['password'] = $password;    //because email is deactivated !!
  
   $present_date = date("Y-m-d H:i:s");
   $password_digest = md5($password); //generate a md5 hash of the password
 
   $query = "INSERT INTO users(userid,password,fullname,email,notes, created_at)
                   VALUES('$userid','$password_digest','$fullname','$email','$notes','$present_date')";
 
   if(!mysqli_query($db, $query))
       showerror($db);

   return true;            //if email was activated we would return $password ...
      
}

?>