You cannot update old code using the mysql_ extension by simply adding an i to the function names. The call-time parameter order is different and all the main statements require the connection as a call-time parameter.
You should forget about the mysqli extension and convert the code to use the much simpler PDO extension, use prepared queries when supplying external, unknown, dynamic values to the query when it gets executed, and use exceptions for database statement errors. Also, use php’s password_hash() and password_verify() and don’t copy variables to other variables for no reason. Doing these things will greatly simplify the code and bring it up to current standards.
The clean function is missing a $str variable in the return
Check if post values are set and empty()
Update sql to PDO