
133 lines
3.3 KiB

require_once($path . '/core/header.php');
require_once($path . '/core/footer.php');
require_once($path . '/core/security.php');
require_once($path . '/core/database.php');
//TODO: email / invite registration
// if a registration was submitted
// function to handle failed registrations
function failed_register($msg) {
header("Location: /register.php?login_failed=$msg");
// assign the form contents to variables
// NOTE: all usernames are converted to lowercase
$username = strtolower($_POST['user'] ?? '');
$password = $_POST['pass'] ?? '';
$password_conf = $_POST["confirm_pass"] ?? '';
// Check for empty or blank fields
if ($username == '') failed_register("invalid username");
if ($password == '') failed_register("invalid password");
if ($password != $password_conf) failed_register("passwords did not match");
if (strlen($password) > 32)) {
failed_register("passwords can be at most 32 characters long");
if (strlen($password) < 8)) {
failed_register("passwords must be at least 8 characters long");
if (strlen($username) > 32)) {
failed_register("usernames can be at most 32 characters long");
if (strlen($username) < 3)) {
failed_register("usernames must be at least 3 characters long");
// Check if the user already exists
$check_user_sql = "SELECT * FROM user WHERE username = ? LIMIT 1";
$stmt = mysqli_prepare($DB_CONN, $check_user_sql);
mysqli_stmt_bind_param($stmt, 's', $username);
if (mysqli_stmt_execute($stmt)) {
if (mysqli_stmt_num_rows($stmt) == 1) {
failed_register("username already in use");
} else {
failed_register("username check sql failed");
//finally, hash the pasword and insert the new user into the database
//hash with blowfish with 10 rounds
$hash = hash_string($password, 10);
$insert_user_sql = "INSERT INTO user (username, password, admin, registered, last_login)
VALUES (?, ?, 0, now(), NULL);";
$stmt = mysqli_prepare($DB_CONN, $insert_user_sql);
mysqli_stmt_bind_param($stmt, 'ss', $username, $hash);
// Make sure the insert worked
if (mysqli_stmt_affected_rows($stmt) != 1) {
failed_register('insert statement failed!');
//TODO: Tell the user they have been registered
display_header("~chan - register");
<div style="
margin: auto;
width: 350px;
padding-top: 100px;
<form action="/register.php" method="post" class="input-form">
<input name="user" type="text">
<input name="pass" type="password">
<td><b>confirm password:</b></td>
<input name="confirm_pass" type="password">
<input name="email" type="email">
<td><b>confirm email:</b></td>
<input name="confirm_email" type="email">
<button type="Submit">submit</button>
if(isset($_GET['login_failed'])) {
echo "<br><br>";
echo "<div class=\"error\">";
echo $_GET['login_failed'];
echo "</div>";