<?php /* author: Thies Müller contact: contactme@td00.de source: https://github.com/td00/loginpagefoo license: AGPL 3.0 */ session_start(); //everytime we want to use $_SESSION or features regarding a valid session we need to start this include 'db.inc.php'; //this is used to establish database connections thruout the app /* after this were building the default html page We're using some bootstrap stuff here and later on for design purposes. Otherwise this pages would look like shit. */ ?> <!DOCTYPE html> <html> <head> <title>Register</title> <link rel="stylesheet" href="ressources/css/bootstrap.min.css" crossorigin="anonymous"> </head> <body> <?php $showFormular = true; //default: render the form if(isset($_GET['register'])) { //checking if "?register=1" is set in the url. used to have the registration on the same page $error = false; //per default no error. $email = $_POST['email']; //get the variable for the email $username = $_POST['username']; //same for username $givenName = $_POST['givenName']; //same for givenName $lastName = $_POST['lastName']; //same for lastName $password = $_POST['password']; //same for password $password_confirm = $_POST['password_confirm']; //same for password_confirm //regexes for passvalidation: $REuppercase = preg_match('@[A-Z]@', $password); //search for capital letters $RElowercase = preg_match('@[a-z]@', $password); //search for lowercase letters $REnumber = preg_match('@[0-9]@', $password); //search for numbers $REspecialChars = preg_match('@[^\w]@', $password); //search for the rest if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { //just check if this is a valid email. using phps own functions here. echo '<div class="alert alert-danger" role="alert">Please use valid email</div><br>'; //if the email is invalid, fail with an error $error = true; //here is the error defined } if(strlen($password) == 0) { //prohibit empty passwords echo '<div class="alert alert-danger" role="alert">Please enter password</div><br>'; $error = true; } if($password != $password_confirm) { //check if passwords are alike echo '<div class="alert alert-danger" role="alert">passwords doesnt match</div><br>'; $error = true; } if(!$REuppercase || !$RElowercase || !$REnumber || !$REspecialChars || strlen($password) < 8) { //here the regexes (defined up) are checked against the password echo '<div class="alert alert-warning" role="alert">Password needs to be more complex.<br />'; echo '<i>Please implement at least 8 chars, upper & downer caser, one number & one special char.</i></div><br />'; $error = true; } if(!$error) { //if no error uccored until now do the following: $statement = $pdo->prepare("SELECT * FROM users WHERE email = :email"); //check if the email address is already registered $result = $statement->execute(array('email' => $email)); $user = $statement->fetch(); if($user !== false) { //if the query above does return something in the $user array, print an error echo '<div class="alert alert-danger" role="alert">already a user here</div><br>'; $error = true; } } if(!$error) { $statement = $pdo->prepare("SELECT * FROM users WHERE username = :username"); //check if the username is already registered $result = $statement->execute(array('username' => $username)); $user = $statement->fetch(); if($user !== false) { //if the query above does return something in the $user array, print an error echo 'already a user here<br>'; $error = true; } } if(!$error) { //if no error occured until now, proceed $password_hash = password_hash($password, PASSWORD_DEFAULT); //lets hash the password with the default php function. this suffices for now. //this is the giant mysql statement placing everything from the user input in the database: //(also we're placing "isadmin"="0" & "activated"="0" at this point.) $statement = $pdo->prepare("INSERT INTO users (email, username, givenName, activated, isadmin, lastName, password) VALUES (:email, :username, :givenName, '0', '0', :lastName, :password)"); $result = $statement->execute(array('email' => $email, 'username' => $username, 'givenName' => $givenName, 'lastName' => $lastName, 'password' => $password_hash)); if($result) { echo '<div class="alert alert-success" role="alert">successfull registered. <a href="login.php">Login</a></div><meta http-equiv="refresh" content="1; URL=login.php">'; //if this was successfull, go to the login page. $showFormular = false; //also dont print the form again, if we're registered. } else { echo 'Error. Please try again!<br>'; //else, print the form and try again } } } if($showFormular) { //this prints the form which begins after the closing brackets of php ?> <script src="ressources/js/bootstrap.min.js"></script> <div class="jumbotron jumbotron-fluid"> <div class="container"> <form action="?register=1" method="post"> <div class="form-group"> <label for="email">Email address</label> <input type="email" class="form-control" size="40" id="email" placeholder="invalid@example.com" name="email"> </div> <div class="form-group"> <label for="username">Username</label> <input type="text" class="form-control" size="40" id="username" placeholder="Username" name="username"> </div> <div class="form-group"> <label for="givenName">Given Name</label> <input type="text" class="form-control" size="40" id="givenName" placeholder="Martha" name="givenName"> </div> <div class="form-group"> <label for="lastName">Family Name</label> <input type="text" class="form-control" size="40" id="lastName" placeholder="Musterfrau" name="lastName"> </div> <div class="form-group"> <label for="password">Password</label> <input type="password" class="form-control" size="40" id="password" placeholder="Please enter password" name="password"> </div> <div class="form-group"> <label for="password_confirm">Password (again):</label> <input type="password" class="form-control" id="password_confirm" size="40" name="password_confirm" placeholder="Please confirm password"> </div> <button type="submit" class="btn btn-primary">Register</button> </form> </div></div> <?php } //we need to close the if statement again. ?> </body> </html>