diff --git a/register.php b/register.php
index b6b4ee0..3a7aa6e 100644
--- a/register.php
+++ b/register.php
@@ -1,7 +1,19 @@
@@ -14,80 +26,83 @@ include 'db.inc.php';
Please use valid email
';
- $error = true;
+ $REuppercase = preg_match('@[A-Z]@', $password); //search for capital letters
+ $RElowercase = preg_match('@[a-z]@', $password); //search for lowercase letters
+ $REnumber = preg_match('@[0-9]@', $password); //search for numbers
+ $REspecialChars = preg_match('@[^\w]@', $password); //search for the rest
+ if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { //just check if this is a valid email. using phps own functions here.
+ echo 'Please use valid email
'; //if the email is invalid, fail with an error
+ $error = true; //here is the error defined
}
- if(strlen($password) == 0) {
+ if(strlen($password) == 0) { //prohibit empty passwords
echo 'Please enter password
';
$error = true;
}
- if($password != $password_confirm) {
+ if($password != $password_confirm) { //check if passwords are alike
echo 'passwords doesnt match
';
$error = true;
}
- if(!$REuppercase || !$RElowercase || !$REnumber || !$REspecialChars || strlen($password) < 8) {
+ if(!$REuppercase || !$RElowercase || !$REnumber || !$REspecialChars || strlen($password) < 8) { //here the regexes (defined up) are checked against the password
echo 'Password needs to be more complex.
';
echo 'Please implement at least 8 chars, upper & downer caser, one number & one special char.
';
$error = true;
}
- if(!$error) {
- $statement = $pdo->prepare("SELECT * FROM users WHERE email = :email");
+ if(!$error) { //if no error uccored until now do the following:
+ $statement = $pdo->prepare("SELECT * FROM users WHERE email = :email"); //check if the email address is already registered
$result = $statement->execute(array('email' => $email));
$user = $statement->fetch();
- if($user !== false) {
+ if($user !== false) { //if the query above does return something in the $user array, print an error
echo 'already a user here
';
$error = true;
}
}
if(!$error) {
- $statement = $pdo->prepare("SELECT * FROM users WHERE username = :username");
+ $statement = $pdo->prepare("SELECT * FROM users WHERE username = :username"); //check if the username is already registered
$result = $statement->execute(array('username' => $username));
$user = $statement->fetch();
- if($user !== false) {
+ if($user !== false) { //if the query above does return something in the $user array, print an error
echo 'already a user here
';
$error = true;
}
}
- if(!$error) {
- $password_hash = password_hash($password, PASSWORD_DEFAULT);
+ if(!$error) { //if no error occured until now, proceed
+ $password_hash = password_hash($password, PASSWORD_DEFAULT); //lets hash the password with the default php function. this suffices for now.
+ //this is the giant mysql statement placing everything from the user input in the database:
+ //(also we're placing "isadmin"="0" & "activated"="0" at this point.)
$statement = $pdo->prepare("INSERT INTO users (email, username, givenName, activated, isadmin, lastName, password) VALUES (:email, :username, :givenName, '0', '0', :lastName, :password)");
$result = $statement->execute(array('email' => $email, 'username' => $username, 'givenName' => $givenName, 'lastName' => $lastName, 'password' => $password_hash));
if($result) {
- echo 'successfull registered.
Loginsuccessfull registered.
Login
';
+ echo 'Error. Please try again!
'; //else, print the form and try again
}
}
}
-if($showFormular) {
+if($showFormular) { //this prints the form which begins after the closing brackets of php
?>
@@ -128,7 +143,7 @@ if($showFormular) {