-
Notifications
You must be signed in to change notification settings - Fork 0
/
create-account.php
157 lines (128 loc) · 4.32 KB
/
create-account.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<?php
$name = getenv('MYNAME');
session_start();
// redirect if user is already logged in
if(isset($_SESSION['username']) && isset($_SESSION['userID']) && isset($_SESSION['api_key'])) {
header("Location:index.php");
exit();
}
$username = $_POST['username'] ?? "";
$email = $_POST['email'] ?? "";
$passwordOne = $_POST['passwordOne'] ?? "";
$passwordTwo = $_POST['passwordTwo'] ?? "";
$error = '';
if(isset($_POST['submit'])){
// check for any invalid data provided by the user (because of you the html is setup only one error message will be shown at once)
if (empty($username)){ $error = 'no username given'; }
else if (empty($email)){ $error = 'no email given'; }
else if (empty($passwordOne)) { $error = 'no password given'; }
else if (strlen($passwordOne) < 8) { $error = 'password must be at least 8 characters long'; }
else if ($passwordOne != $passwordTwo) { $error = 'passwords dont match'; }
else if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $error = 'invalid email'; }
else {
//connect to the database
require './includes/library.php';
$pdo = connectdb();
//check if username already exists in database
$query = 'SELECT * FROM cois3430_users WHERE username = ?';
$stmt = $pdo->prepare($query);
$stmt->execute([$username]);
$results = $stmt->rowCount();
if ($results != 0) { $error = 'username taken'; }
else {
//check if email already exists in database
$query = 'SELECT * FROM cois3430_users WHERE email = ?';
$stmt = $pdo->prepare($query);
$stmt->execute([$email]);
$results = $stmt->rowCount();
if ($results != 0) { $error = 'email taken'; }
else {
//hash the password
$hash = password_hash($passwordOne, PASSWORD_DEFAULT);
//create an unique api key
$keyFound = false;
while (!$keyFound){
$bytes = random_bytes(32);
$base64ApiKey = base64_encode($bytes);
$query = 'SELECT * FROM cois3430_users WHERE api_key = ?';
$stmt = $pdo->prepare($query);
$stmt->execute([$base64ApiKey]);
$results = $stmt->rowCount();
if ($results == 0) { $keyFound = true; }
}
//save user data to the database
$query = 'insert into cois3430_users (username,email,password,api_key,api_date) values (?,?,?,?,NOW())';
$stmt = $pdo->prepare($query);
$stmt->execute([$username, $email, $hash,$base64ApiKey]);
//save relavent data to session
$_SESSION['userID'] = $pdo->lastInsertId();
$_SESSION['username'] = $username;
$_SESSION['api_key'] = $base64ApiKey;
//redirect user
header("Location:index.php");
exit();
}
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Create Account</title>
<link rel="stylesheet" href="./styles/login.css">
<link rel="stylesheet" href="./styles/main.css">
</head>
<body>
<?php include './components/nav.php'; ?>
<div class="loginForm">
<h1>Create Account</h1>
<form id="create-account" method="post" action="">
<div class="textInput">
<input
type="text"
name="username"
value="<?= $username ?>"
placeholder=' '
/>
<label for="username">Username</label>
</div>
<div class="textInput">
<input
type="text"
name="email"
value="<?= $email ?>"
placeholder=' '
/>
<label for="email">Email</label>
</div>
<div class="textInput">
<input
type="password"
name="passwordOne"
value="<?= $passwordOne ?>"
placeholder=' '
/>
<label for="password">Password</label>
</div>
<div class="textInput">
<input
type="password"
name="passwordTwo"
value="<?= $passwordTwo ?>"
placeholder=' '
/>
<label for="password">Confirm Password</label>
</div>
<input type="submit" name="submit" value="Create Account">
</form>
<?php if ($error != ''): ?>
<p class="error"> error: <?= $error ?> </p>
<?php endif ?>
<p>Already have an account?</p>
<a href='/~<?= $name ?>/3430/assn/cois-3430-2024su-a2-BigBeill/login'>account login</a>
</div>
</body>
</html>