thies/loginpagefoo
Template
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

documented register.php

Browse Source
This commit is contained in:
Thies Mueller 2021-01-12 15:28:16 +01:00
parent e844220840
commit 94259e06ee
1 changed files with 48 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
register.php
View File

@ -1,7 +1,19 @@
<?php <?php
session_start();
include 'db.inc.php'; /*
author: Thies Müller
contact: contactme@td00.de
source: https://github.com/td00/loginpagefoo
license: AGPL 3.0
*/
session_start(); //everytime we want to use $_SESSION or features regarding a valid session we need to start this
include 'db.inc.php'; //this is used to establish database connections thruout the app
/*
after this were building the default html page
We're using some bootstrap stuff here and later on for design purposes. Otherwise this pages would look like shit.
*/
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
@ -14,80 +26,83 @@ include 'db.inc.php';
<body> <body>
<?php <?php
$showFormular = true;
$showFormular = true; //default: render the form
if(isset($_GET['register'])) { if(isset($_GET['register'])) { //checking if "?register=1" is set in the url. used to have the registration on the same page
$error = false; $error = false; //per default no error.
$email = $_POST['email']; $email = $_POST['email']; //get the variable for the email
$username = $_POST['username']; $username = $_POST['username']; //same for username
$givenName = $_POST['givenName']; $givenName = $_POST['givenName']; //same for givenName
$lastName = $_POST['lastName']; $lastName = $_POST['lastName']; //same for lastName
$password = $_POST['password']; $password = $_POST['password']; //same for password
$password_confirm = $_POST['password_confirm']; $password_confirm = $_POST['password_confirm']; //same for password_confirm
//regexes for passvalidation: //regexes for passvalidation:
$REuppercase = preg_match('@[A-Z]@', $password); $REuppercase = preg_match('@[A-Z]@', $password); //search for capital letters
$RElowercase = preg_match('@[a-z]@', $password); $RElowercase = preg_match('@[a-z]@', $password); //search for lowercase letters
$REnumber = preg_match('@[0-9]@', $password); $REnumber = preg_match('@[0-9]@', $password); //search for numbers
$REspecialChars = preg_match('@[^\w]@', $password); $REspecialChars = preg_match('@[^\w]@', $password); //search for the rest
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { //just check if this is a valid email. using phps own functions here.
echo '<div class="alert alert-danger" role="alert">Please use valid email</div><br>'; echo '<div class="alert alert-danger" role="alert">Please use valid email</div><br>'; //if the email is invalid, fail with an error
$error = true; $error = true; //here is the error defined
} }
if(strlen($password) == 0) { if(strlen($password) == 0) { //prohibit empty passwords
echo '<div class="alert alert-danger" role="alert">Please enter password</div><br>'; echo '<div class="alert alert-danger" role="alert">Please enter password</div><br>';
$error = true; $error = true;
} }
if($password != $password_confirm) { if($password != $password_confirm) { //check if passwords are alike
echo '<div class="alert alert-danger" role="alert">passwords doesnt match</div><br>'; echo '<div class="alert alert-danger" role="alert">passwords doesnt match</div><br>';
$error = true; $error = true;
} }
if(!$REuppercase || !$RElowercase || !$REnumber || !$REspecialChars || strlen($password) < 8) { if(!$REuppercase || !$RElowercase || !$REnumber || !$REspecialChars || strlen($password) < 8) { //here the regexes (defined up) are checked against the password
echo '<div class="alert alert-warning" role="alert">Password needs to be more complex.<br />'; echo '<div class="alert alert-warning" role="alert">Password needs to be more complex.<br />';
echo '<i>Please implement at least 8 chars, upper & downer caser, one number & one special char.</i></div><br />'; echo '<i>Please implement at least 8 chars, upper & downer caser, one number & one special char.</i></div><br />';
$error = true; $error = true;
} }
if(!$error) { if(!$error) { //if no error uccored until now do the following:
$statement = $pdo->prepare("SELECT * FROM users WHERE email = :email"); $statement = $pdo->prepare("SELECT * FROM users WHERE email = :email"); //check if the email address is already registered
$result = $statement->execute(array('email' => $email)); $result = $statement->execute(array('email' => $email));
$user = $statement->fetch(); $user = $statement->fetch();
if($user !== false) { if($user !== false) { //if the query above does return something in the $user array, print an error
echo '<div class="alert alert-danger" role="alert">already a user here</div><br>'; echo '<div class="alert alert-danger" role="alert">already a user here</div><br>';
$error = true; $error = true;
} }
} }
if(!$error) { if(!$error) {
$statement = $pdo->prepare("SELECT * FROM users WHERE username = :username"); $statement = $pdo->prepare("SELECT * FROM users WHERE username = :username"); //check if the username is already registered
$result = $statement->execute(array('username' => $username)); $result = $statement->execute(array('username' => $username));
$user = $statement->fetch(); $user = $statement->fetch();
if($user !== false) { if($user !== false) { //if the query above does return something in the $user array, print an error
echo 'already a user here<br>'; echo 'already a user here<br>';
$error = true; $error = true;
} }
} }
if(!$error) { if(!$error) { //if no error occured until now, proceed
$password_hash = password_hash($password, PASSWORD_DEFAULT); $password_hash = password_hash($password, PASSWORD_DEFAULT); //lets hash the password with the default php function. this suffices for now.
//this is the giant mysql statement placing everything from the user input in the database:
//(also we're placing "isadmin"="0" & "activated"="0" at this point.)
$statement = $pdo->prepare("INSERT INTO users (email, username, givenName, activated, isadmin, lastName, password) VALUES (:email, :username, :givenName, '0', '0', :lastName, :password)"); $statement = $pdo->prepare("INSERT INTO users (email, username, givenName, activated, isadmin, lastName, password) VALUES (:email, :username, :givenName, '0', '0', :lastName, :password)");
$result = $statement->execute(array('email' => $email, 'username' => $username, 'givenName' => $givenName, 'lastName' => $lastName, 'password' => $password_hash)); $result = $statement->execute(array('email' => $email, 'username' => $username, 'givenName' => $givenName, 'lastName' => $lastName, 'password' => $password_hash));
if($result) { if($result) {
echo '<div class="alert alert-success" role="alert">successfull registered. <a href="login.php">Login</a></div><meta http-equiv="refresh" content="1; URL=login.php">'; echo '<div class="alert alert-success" role="alert">successfull registered. <a href="login.php">Login</a></div><meta http-equiv="refresh" content="1; URL=login.php">'; //if this was successfull, go to the login page.
$showFormular = false; $showFormular = false; //also dont print the form again, if we're registered.
} else { } else {
echo 'Error. Please try again!<br>'; echo 'Error. Please try again!<br>'; //else, print the form and try again
} }
} }
} }
if($showFormular) { if($showFormular) { //this prints the form which begins after the closing brackets of php
?> ?>
<script src="ressources/js/bootstrap.min.js"></script> <script src="ressources/js/bootstrap.min.js"></script>
<div class="jumbotron jumbotron-fluid"> <div class="jumbotron jumbotron-fluid">
@ -128,7 +143,7 @@ if($showFormular) {
</form> </form>
</div></div> </div></div>
<?php <?php
} } //we need to close the if statement again.
?> ?>
</body> </body>