Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/wreyesus/Sencillo_Carrito_de_Compras_en_PHP/llms.txt

Use this file to discover all available pages before exploring further.

The YUME|TEC store handles user authentication through a single page, nuevo_usuario.php, which renders a registration form and a login form side by side. New visitors fill in the registration form and are handled by registro.php; returning users submit the login form which is handled by ingreso.php. Both handlers write the authenticated user’s details into the PHP session and redirect to resumenc_compra.php — the assumption being that a visitor most often arrives at the auth page in the middle of completing a purchase.

Registration form (nuevo_usuario.php → registro.php)

The registration form posts to registro.php via method="post". All fields are marked required, preventing submission if any are left blank. The available fields are:
Field nameInput typeNotes
nicknametextUsed as the display name stored in $_SESSION['usuario']
nombretextFirst name, stored in the usuario table
correomailEmail address for the welcome email (see note below)
apellidotextLast name, stored in the usuario table
contrasenapasswordPassword; stored as plain text (see warning below)
contrasena_valipasswordRepeat-password field; checked client-side via comparar_contra()
paisselectEl Salvador, Guatemala, Honduras, Costa Rica, Nicaragua
ciudadtextCity, stored in the usuario table

Registration handler (registro.php)

When registro.php receives the POST, it performs three actions in order:
1

Insert the new user into MySQL

The submitted values are interpolated directly into an INSERT statement against the usuario table. The idusuario primary key is set to NULL so MySQL assigns the next auto-increment value, and fechaingreso is populated with the current date:
$consulta = "INSERT INTO usuario (idusuario, nickname, nombre, apellido, pais, ciudad, contrasena, fechaingreso)
VALUES (NULL, '$nickname', '$nombre', '$apellido', '$pais', '$ciudad', '$contrasena', '$fecha')";
mysql_query($consulta) or die(mysql_error());
2

Log the new user in immediately

Immediately after the insert, a SELECT query fetches the just-created row by matching nickname and contrasena. If the row is found, the session variables are set and the browser is redirected to the checkout summary page:
$_SESSION['idusuario'] = $rowsresult['idusuario'];
$_SESSION['usuario']   = $nickname;
header("location:resumenc_compra.php?login=true");
3

Send a welcome email via PHPMailer

After the redirect header is issued, registro.php configures a PHPMailer instance and sends a welcome message to the email address the user provided in the registration form:
$saludo          = "Muchas Gracias por registrarse en nuestra tienda";
$correo_empresa  = "[email protected]";
$empresa         = "Tu empresa";
$asunto          = "Gracias Por Registrarse";

$mail = new PHPMailer();
$mail->Host      = "la direccion de tu sitio web http://www.tusitio.com/";
$mail->From      = $correo_empresa;
$mail->FromName  = $empresa;
$mail->Subject   = $asunto;
$mail->AddAddress($correo, "Bienvenido " . $nombre);
$mail->Body      = $saludo;
$mail->AltBody   = "Registro Exitoso";
$mail->Send();
Update $correo_empresa, $empresa, and $mail->Host with your actual store details before deploying.
Passwords are stored as plain text in the contrasena column of the usuario table. In any real application, always hash passwords with password_hash() before storing them, and verify login attempts with password_verify(). Storing plain-text passwords exposes all user accounts if the database is ever compromised.

Login handler (ingreso.php)

The login form on nuevo_usuario.php posts nickname and contrasena to ingreso.php. The handler queries the usuario table for a matching row:
$consulta2 = "SELECT * FROM usuario WHERE nickname='$nickname' AND contrasena='$contrasena'";
$result    = mysql_query($consulta2) or die(mysql_error());
$filasn    = mysql_num_rows($result);
If one or more rows are returned, the session is populated and the visitor is redirected to the order summary page:
$_SESSION['idusuario'] = $rowsresult['idusuario'];
$_SESSION['usuario']   = $nickname;
header("location:resumenc_compra.php?login=true");
If no matching row is found ($filasn <= 0), $valido is set to false and no redirect occurs — the browser stays on the current page without an explicit error message being displayed to the user.

Logout (cerrar_sesion.php)

cerrar_sesion.php ends the current session in three steps and then redirects back to the store’s homepage:
session_start();
$_SESSION = array();
session_destroy();
header("location:index2.php?logout");
Resetting $_SESSION to an empty array before calling session_destroy() ensures that all session data — including the cart and the authenticated user’s identity — is cleared immediately, even if session_destroy() does not purge the superglobal in the same request on some server configurations.

Password match validation

Before the registration form can be submitted, a small JavaScript function on nuevo_usuario.php fires on the onChange event of the repeat-password field and alerts the user if the two entries do not match:
function comparar_contra() {
    var contra1 = document.getElementById('contra1').value;
    var contra2 = document.getElementById('contra2').value;

    if (contra1 != contra2) {
        alert('Las contraseñas no coinciden');
    }
}
The first password field carries id="contra1" and the second carries id="contra2". This is a convenience check only — there is no server-side re-validation that the two passwords matched before the insert is executed.
The email field in the registration form uses type="mail" — a non-standard attribute value — instead of the HTML5 type="email". Most browsers do not recognise type="mail" and fall back to treating the field as a plain text input, so built-in browser email format validation is not triggered. If you need format validation on the email field, change the attribute to type="email".

Build docs developers (and LLMs) love