Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Develop a Registration Form and Implement User Registration with Password Hashing (Validation Inclusive) #3

Open
andrew21-mch opened this issue Aug 16, 2024 · 3 comments
Open

Develop a Registration Form and Implement User Registration with Password Hashing (Validation Inclusive) #3

andrew21-mch opened this issue Aug 16, 2024 · 3 comments
Labels
feature

Comments

@andrew21-mch
Copy link
Contributor

andrew21-mch commented Aug 16, 2024
edited
Loading

Description:

This task involves creating the registration feature for the portfolio website, allowing new users to sign up by providing their details. The registration form must capture essential user information, validate the inputs, and securely store the user’s password using hashing techniques. Proper input validation and security measures will ensure a robust and secure registration process.

Steps to Complete:

  1. Design the Registration Form:

    • Create a PHP file (e.g., register.php) within the public/ directory to serve as the registration page.
    • The form should capture the following user details:
      • Username
      • Email
      • Password
      • Confirm Password
      • Name (optional)
      • Profile Picture (optional)

  2. Implement Client-Side Validation:

    • Use HTML5 form attributes and JavaScript to perform basic client-side validation:
      • Ensure the username and email are not empty and are in the correct format.
      • Validate that the password meets complexity requirements (e.g., minimum length, inclusion of numbers or special characters).
      • Ensure that the "Confirm Password" field matches the "Password" field.
      • If a profile picture is uploaded, validate the file type and size.

  3. Handle Form Submission:

    • Upon form submission, process the form data in the same register.php file or another PHP script included via a POST request.
    • Sanitize the input data using PHP’s built-in functions to prevent SQL injection and cross-site scripting (XSS).
    • Check if the username or email already exists in the users table to prevent duplicates.

  4. Implement Server-Side Validation:

    • Validate all inputs on the server side, replicating or enhancing client-side checks.
    • Ensure the email is in the correct format using filter_var() with FILTER_VALIDATE_EMAIL.
    • Check that the password meets the complexity requirements server-side.
    • Confirm that both password fields match.

  5. Hash the Password:

    • Use PHP’s password_hash() function to securely hash the user’s password before storing it in the database.
    • Example: 
      $hashedPassword = password_hash($password, PASSWORD_DEFAULT);

  6. Insert User Data into the Database:

    • Prepare a SQL statement to insert the new user’s data into the users table, ensuring the use of prepared statements to prevent SQL injection.
    • Store the hashed password, along with other user information (e.g., username, email, name).

  7. Provide Feedback and Redirection:

    • After successful registration, redirect the user to the login page or a welcome page with a success message.
    • If there are errors (e.g., validation failure or duplicate email), provide user-friendly error messages and prompt the user to correct their input.

  8. Test the Registration Process:

    • Thoroughly test the registration process by submitting various inputs, including edge cases (e.g., very long usernames, invalid emails, weak passwords).
    • Verify that passwords are hashed in the database and that no sensitive data is stored in plain text.

Acceptance Criteria:

  • The registration form is fully functional, with both client-side and server-side validation.
  • User passwords are securely hashed using PHP’s password_hash() function before being stored in the database.
  • Appropriate feedback is provided for successful registrations and validation errors.
  • The registration process is secure, preventing SQL injection, XSS, and duplicate user registrations.
@andrew21-mch andrew21-mch changed the title User Registration Develop a Registration Form and Implement User Registration with Password Hashing (Validation Inclusive) Aug 16, 2024
@KewirJewel
Copy link
Contributor

pardon me sir ,are we backend with php together creating a branch for each issue assigned

@andrew21-mch
Copy link
Contributor Author

andrew21-mch commented Aug 19, 2024 via email

@andrew21-mch
Copy link
Contributor Author

@KewirJewel

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
OpenFolio-V1
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andrew21-mch @KewirJewel