151 lines
6.4 KiB
PHP
151 lines
6.4 KiB
PHP
|
|
<?php
|
|
|
|
/*
|
|
author: Thies Müller
|
|
contact: contactme@td00.de
|
|
source: https://github.com/td00/loginpagefoo
|
|
license: AGPL 3.0
|
|
*/
|
|
session_start(); //everytime we want to use $_SESSION or features regarding a valid session we need to start this
|
|
include 'db.inc.php'; //this is used to establish database connections thruout the app
|
|
|
|
/*
|
|
after this were building the default html page
|
|
We're using some bootstrap stuff here and later on for design purposes. Otherwise this pages would look like shit.
|
|
*/
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<title>Register</title>
|
|
<link rel="stylesheet" href="ressources/css/bootstrap.min.css" crossorigin="anonymous">
|
|
|
|
|
|
</head>
|
|
<body>
|
|
|
|
<?php
|
|
|
|
$showFormular = true; //default: render the form
|
|
|
|
|
|
|
|
if(isset($_GET['register'])) { //checking if "?register=1" is set in the url. used to have the registration on the same page
|
|
$error = false; //per default no error.
|
|
$email = $_POST['email']; //get the variable for the email
|
|
$username = $_POST['username']; //same for username
|
|
$givenName = $_POST['givenName']; //same for givenName
|
|
$lastName = $_POST['lastName']; //same for lastName
|
|
$password = $_POST['password']; //same for password
|
|
$password_confirm = $_POST['password_confirm']; //same for password_confirm
|
|
//regexes for passvalidation:
|
|
$REuppercase = preg_match('@[A-Z]@', $password); //search for capital letters
|
|
$RElowercase = preg_match('@[a-z]@', $password); //search for lowercase letters
|
|
$REnumber = preg_match('@[0-9]@', $password); //search for numbers
|
|
$REspecialChars = preg_match('@[^\w]@', $password); //search for the rest
|
|
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { //just check if this is a valid email. using phps own functions here.
|
|
echo '<div class="alert alert-danger" role="alert">Please use valid email</div><br>'; //if the email is invalid, fail with an error
|
|
$error = true; //here is the error defined
|
|
}
|
|
if(strlen($password) == 0) { //prohibit empty passwords
|
|
echo '<div class="alert alert-danger" role="alert">Please enter password</div><br>';
|
|
$error = true;
|
|
}
|
|
if($password != $password_confirm) { //check if passwords are alike
|
|
echo '<div class="alert alert-danger" role="alert">passwords doesnt match</div><br>';
|
|
$error = true;
|
|
}
|
|
if(!$REuppercase || !$RElowercase || !$REnumber || !$REspecialChars || strlen($password) < 8) { //here the regexes (defined up) are checked against the password
|
|
echo '<div class="alert alert-warning" role="alert">Password needs to be more complex.<br />';
|
|
echo '<i>Please implement at least 8 chars, upper & downer caser, one number & one special char.</i></div><br />';
|
|
$error = true;
|
|
}
|
|
|
|
|
|
if(!$error) { //if no error uccored until now do the following:
|
|
$statement = $pdo->prepare("SELECT * FROM users WHERE email = :email"); //check if the email address is already registered
|
|
$result = $statement->execute(array('email' => $email));
|
|
$user = $statement->fetch();
|
|
|
|
if($user !== false) { //if the query above does return something in the $user array, print an error
|
|
echo '<div class="alert alert-danger" role="alert">already a user here</div><br>';
|
|
$error = true;
|
|
}
|
|
}
|
|
|
|
if(!$error) {
|
|
$statement = $pdo->prepare("SELECT * FROM users WHERE username = :username"); //check if the username is already registered
|
|
$result = $statement->execute(array('username' => $username));
|
|
$user = $statement->fetch();
|
|
|
|
if($user !== false) { //if the query above does return something in the $user array, print an error
|
|
echo 'already a user here<br>';
|
|
$error = true;
|
|
}
|
|
}
|
|
|
|
if(!$error) { //if no error occured until now, proceed
|
|
$password_hash = password_hash($password, PASSWORD_DEFAULT); //lets hash the password with the default php function. this suffices for now.
|
|
|
|
//this is the giant mysql statement placing everything from the user input in the database:
|
|
//(also we're placing "isadmin"="0" & "activated"="0" at this point.)
|
|
$statement = $pdo->prepare("INSERT INTO users (email, username, givenName, activated, isadmin, lastName, password) VALUES (:email, :username, :givenName, '0', '0', :lastName, :password)");
|
|
$result = $statement->execute(array('email' => $email, 'username' => $username, 'givenName' => $givenName, 'lastName' => $lastName, 'password' => $password_hash));
|
|
|
|
if($result) {
|
|
echo '<div class="alert alert-success" role="alert">successfull registered. <a href="login.php">Login</a></div><meta http-equiv="refresh" content="1; URL=login.php">'; //if this was successfull, go to the login page.
|
|
$showFormular = false; //also dont print the form again, if we're registered.
|
|
} else {
|
|
echo 'Error. Please try again!<br>'; //else, print the form and try again
|
|
}
|
|
}
|
|
}
|
|
|
|
if($showFormular) { //this prints the form which begins after the closing brackets of php
|
|
?>
|
|
<script src="ressources/js/bootstrap.min.js"></script>
|
|
<div class="jumbotron jumbotron-fluid">
|
|
<div class="container">
|
|
<form action="?register=1" method="post">
|
|
|
|
<div class="form-group">
|
|
<label for="email">Email address</label>
|
|
<input type="email" class="form-control" size="40" id="email" placeholder="invalid@example.com" name="email">
|
|
</div>
|
|
|
|
<div class="form-group">
|
|
<label for="username">Username</label>
|
|
<input type="text" class="form-control" size="40" id="username" placeholder="Username" name="username">
|
|
</div>
|
|
|
|
<div class="form-group">
|
|
<label for="givenName">Given Name</label>
|
|
<input type="text" class="form-control" size="40" id="givenName" placeholder="Martha" name="givenName">
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="lastName">Family Name</label>
|
|
<input type="text" class="form-control" size="40" id="lastName" placeholder="Musterfrau" name="lastName">
|
|
</div>
|
|
|
|
<div class="form-group">
|
|
<label for="password">Password</label>
|
|
<input type="password" class="form-control" size="40" id="password" placeholder="Please enter password" name="password">
|
|
</div>
|
|
|
|
<div class="form-group">
|
|
<label for="password_confirm">Password (again):</label>
|
|
<input type="password" class="form-control" id="password_confirm" size="40" name="password_confirm" placeholder="Please confirm password">
|
|
</div>
|
|
|
|
<button type="submit" class="btn btn-primary">Register</button>
|
|
|
|
</form>
|
|
</div></div>
|
|
<?php
|
|
} //we need to close the if statement again.
|
|
?>
|
|
|
|
</body>
|
|
</html>
|