documented register.php
This commit is contained in:
Thies Mueller
81
register.php
81
register.php
@@ -1,7 +1,19 @@
|
||||
|
||||
<?php
|
||||
session_start();
|
||||
include 'db.inc.php';
|
||||
|
||||
/*
|
||||
author: Thies Müller
|
||||
contact: contactme@td00.de
|
||||
source: https://github.com/td00/loginpagefoo
|
||||
license: AGPL 3.0
|
||||
*/
|
||||
session_start(); //everytime we want to use $_SESSION or features regarding a valid session we need to start this
|
||||
include 'db.inc.php'; //this is used to establish database connections thruout the app
|
||||
|
||||
/*
|
||||
after this were building the default html page
|
||||
We're using some bootstrap stuff here and later on for design purposes. Otherwise this pages would look like shit.
|
||||
*/
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
@@ -14,80 +26,83 @@ include 'db.inc.php';
|
||||
<body>
|
||||
|
||||
<?php
|
||||
$showFormular = true;
|
||||
|
||||
$showFormular = true; //default: render the form
|
||||
|
||||
|
||||
|
||||
if(isset($_GET['register'])) {
|
||||
$error = false;
|
||||
$email = $_POST['email'];
|
||||
$username = $_POST['username'];
|
||||
$givenName = $_POST['givenName'];
|
||||
$lastName = $_POST['lastName'];
|
||||
$password = $_POST['password'];
|
||||
$password_confirm = $_POST['password_confirm'];
|
||||
if(isset($_GET['register'])) { //checking if "?register=1" is set in the url. used to have the registration on the same page
|
||||
$error = false; //per default no error.
|
||||
$email = $_POST['email']; //get the variable for the email
|
||||
$username = $_POST['username']; //same for username
|
||||
$givenName = $_POST['givenName']; //same for givenName
|
||||
$lastName = $_POST['lastName']; //same for lastName
|
||||
$password = $_POST['password']; //same for password
|
||||
$password_confirm = $_POST['password_confirm']; //same for password_confirm
|
||||
//regexes for passvalidation:
|
||||
$REuppercase = preg_match('@[A-Z]@', $password);
|
||||
$RElowercase = preg_match('@[a-z]@', $password);
|
||||
$REnumber = preg_match('@[0-9]@', $password);
|
||||
$REspecialChars = preg_match('@[^\w]@', $password);
|
||||
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
echo '<div class="alert alert-danger" role="alert">Please use valid email</div><br>';
|
||||
$error = true;
|
||||
$REuppercase = preg_match('@[A-Z]@', $password); //search for capital letters
|
||||
$RElowercase = preg_match('@[a-z]@', $password); //search for lowercase letters
|
||||
$REnumber = preg_match('@[0-9]@', $password); //search for numbers
|
||||
$REspecialChars = preg_match('@[^\w]@', $password); //search for the rest
|
||||
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { //just check if this is a valid email. using phps own functions here.
|
||||
echo '<div class="alert alert-danger" role="alert">Please use valid email</div><br>'; //if the email is invalid, fail with an error
|
||||
$error = true; //here is the error defined
|
||||
}
|
||||
if(strlen($password) == 0) {
|
||||
if(strlen($password) == 0) { //prohibit empty passwords
|
||||
echo '<div class="alert alert-danger" role="alert">Please enter password</div><br>';
|
||||
$error = true;
|
||||
}
|
||||
if($password != $password_confirm) {
|
||||
if($password != $password_confirm) { //check if passwords are alike
|
||||
echo '<div class="alert alert-danger" role="alert">passwords doesnt match</div><br>';
|
||||
$error = true;
|
||||
}
|
||||
if(!$REuppercase || !$RElowercase || !$REnumber || !$REspecialChars || strlen($password) < 8) {
|
||||
if(!$REuppercase || !$RElowercase || !$REnumber || !$REspecialChars || strlen($password) < 8) { //here the regexes (defined up) are checked against the password
|
||||
echo '<div class="alert alert-warning" role="alert">Password needs to be more complex.<br />';
|
||||
echo '<i>Please implement at least 8 chars, upper & downer caser, one number & one special char.</i></div><br />';
|
||||
$error = true;
|
||||
}
|
||||
|
||||
|
||||
if(!$error) {
|
||||
$statement = $pdo->prepare("SELECT * FROM users WHERE email = :email");
|
||||
if(!$error) { //if no error uccored until now do the following:
|
||||
$statement = $pdo->prepare("SELECT * FROM users WHERE email = :email"); //check if the email address is already registered
|
||||
$result = $statement->execute(array('email' => $email));
|
||||
$user = $statement->fetch();
|
||||
|
||||
if($user !== false) {
|
||||
if($user !== false) { //if the query above does return something in the $user array, print an error
|
||||
echo '<div class="alert alert-danger" role="alert">already a user here</div><br>';
|
||||
$error = true;
|
||||
}
|
||||
}
|
||||
|
||||
if(!$error) {
|
||||
$statement = $pdo->prepare("SELECT * FROM users WHERE username = :username");
|
||||
$statement = $pdo->prepare("SELECT * FROM users WHERE username = :username"); //check if the username is already registered
|
||||
$result = $statement->execute(array('username' => $username));
|
||||
$user = $statement->fetch();
|
||||
|
||||
if($user !== false) {
|
||||
if($user !== false) { //if the query above does return something in the $user array, print an error
|
||||
echo 'already a user here<br>';
|
||||
$error = true;
|
||||
}
|
||||
}
|
||||
|
||||
if(!$error) {
|
||||
$password_hash = password_hash($password, PASSWORD_DEFAULT);
|
||||
if(!$error) { //if no error occured until now, proceed
|
||||
$password_hash = password_hash($password, PASSWORD_DEFAULT); //lets hash the password with the default php function. this suffices for now.
|
||||
|
||||
//this is the giant mysql statement placing everything from the user input in the database:
|
||||
//(also we're placing "isadmin"="0" & "activated"="0" at this point.)
|
||||
$statement = $pdo->prepare("INSERT INTO users (email, username, givenName, activated, isadmin, lastName, password) VALUES (:email, :username, :givenName, '0', '0', :lastName, :password)");
|
||||
$result = $statement->execute(array('email' => $email, 'username' => $username, 'givenName' => $givenName, 'lastName' => $lastName, 'password' => $password_hash));
|
||||
|
||||
if($result) {
|
||||
echo '<div class="alert alert-success" role="alert">successfull registered. <a href="login.php">Login</a></div><meta http-equiv="refresh" content="1; URL=login.php">';
|
||||
$showFormular = false;
|
||||
echo '<div class="alert alert-success" role="alert">successfull registered. <a href="login.php">Login</a></div><meta http-equiv="refresh" content="1; URL=login.php">'; //if this was successfull, go to the login page.
|
||||
$showFormular = false; //also dont print the form again, if we're registered.
|
||||
} else {
|
||||
echo 'Error. Please try again!<br>';
|
||||
echo 'Error. Please try again!<br>'; //else, print the form and try again
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if($showFormular) {
|
||||
if($showFormular) { //this prints the form which begins after the closing brackets of php
|
||||
?>
|
||||
<script src="ressources/js/bootstrap.min.js"></script>
|
||||
<div class="jumbotron jumbotron-fluid">
|
||||
@@ -128,7 +143,7 @@ if($showFormular) {
|
||||
</form>
|
||||
</div></div>
|
||||
<?php
|
||||
}
|
||||
} //we need to close the if statement again.
|
||||
?>
|
||||
|
||||
</body>
|
||||
|
||||
Reference in New Issue
Block a user