130 lines
3.3 KiB
PHP
130 lines
3.3 KiB
PHP
<?php
|
|
$path = $_SERVER['DOCUMENT_ROOT'];
|
|
require_once($path . '/core/header.php');
|
|
require_once($path . '/core/footer.php');
|
|
require_once($path . '/core/database.php');
|
|
|
|
//TODO: email / invite registration
|
|
|
|
// if a registration was submitted
|
|
if($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|
|
|
// function to handle failed registrations
|
|
function failed_register($msg) {
|
|
header("Location: /register.php?error=$msg");
|
|
exit();
|
|
}
|
|
|
|
// assign the form contents to variables
|
|
// NOTE: all usernames are converted to lowercase
|
|
$username = strtolower($_POST['user'] ?? '');
|
|
$password = $_POST['pass'] ?? '';
|
|
$password_conf = $_POST["confirm_pass"] ?? '';
|
|
|
|
// Check for empty or blank fields
|
|
if ($username == '') failed_register("invalid username");
|
|
if ($password == '') failed_register("invalid password");
|
|
|
|
if ($password != $password_conf) failed_register("passwords did not match");
|
|
|
|
if (strlen($password) > 32) {
|
|
failed_register("passwords can be at most 32 characters long");
|
|
}
|
|
if (strlen($password) < 8) {
|
|
failed_register("passwords must be at least 8 characters long");
|
|
}
|
|
if (strlen($username) > 32) {
|
|
failed_register("usernames can be at most 32 characters long");
|
|
}
|
|
if (strlen($username) < 3) {
|
|
failed_register("usernames must be at least 3 characters long");
|
|
}
|
|
|
|
$conn = get_database_conn();
|
|
// Check if the user already exists
|
|
$check_user_sql = "SELECT * FROM user WHERE username = ? LIMIT 1";
|
|
$stmt = mysqli_prepare($conn, $check_user_sql);
|
|
mysqli_stmt_bind_param($stmt, 's', $username);
|
|
if (mysqli_stmt_execute($stmt)) {
|
|
mysqli_stmt_store_result($stmt);
|
|
|
|
if (mysqli_stmt_num_rows($stmt) == 1) {
|
|
failed_register("username already in use");
|
|
}
|
|
} else {
|
|
failed_register("username check sql failed");
|
|
}
|
|
mysqli_stmt_close($stmt);
|
|
|
|
//finally, hash the pasword and insert the new user into the database
|
|
$hash = password_hash($password, PASSWORD_BCRYPT);
|
|
$insert_user_sql = "INSERT INTO user (username, password, admin, registered, last_login)
|
|
VALUES (?, ?, 0, now(), NULL);";
|
|
$stmt = mysqli_prepare($conn, $insert_user_sql);
|
|
mysqli_stmt_bind_param($stmt, 'ss', $username, $hash);
|
|
mysqli_stmt_execute($stmt);
|
|
|
|
// Make sure the insert worked
|
|
if (mysqli_stmt_affected_rows($stmt) != 1) {
|
|
failed_register('insert statement failed!');
|
|
}
|
|
//TODO: Tell the user they have been registered
|
|
}
|
|
|
|
display_header("~chan - register");
|
|
?>
|
|
<div style="
|
|
margin: auto;
|
|
width: 350px;
|
|
padding-top: 100px;
|
|
">
|
|
<h1>register</h1>
|
|
<form action="/register.php" method="post" class="input-form">
|
|
<table>
|
|
<tr>
|
|
<td><b>username:</b></td>
|
|
<td>
|
|
<input name="user" type="text">
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>password:</b></td>
|
|
<td>
|
|
<input name="pass" type="password">
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>confirm password:</b></td>
|
|
<td>
|
|
<input name="confirm_pass" type="password">
|
|
</td>
|
|
</tr>
|
|
<!--
|
|
<tr>
|
|
<td><b>email:</b></td>
|
|
<td>
|
|
<input name="email" type="email">
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>confirm email:</b></td>
|
|
<td>
|
|
<input name="confirm_email" type="email">
|
|
</td>
|
|
</tr>
|
|
-->
|
|
</table>
|
|
<br>
|
|
<button type="Submit">submit</button>
|
|
<?php if(isset($_GET['error'])): ?>
|
|
<br><br>
|
|
<div class="error">
|
|
<?php echo htmlspecialchars($_GET['error']); ?>
|
|
</div>
|
|
<?php endif; ?>
|
|
</form>
|
|
</div>
|
|
<?php
|
|
display_footer();
|
|
?>
|