-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsignup.php
154 lines (110 loc) · 4.19 KB
/
signup.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
<?php
//start session
session_start();
//logout
include("logout.php");
//Connecct to the database
include('connection.php');
//check user input
// define error message
$missingUsername='<p>please enter a username</p>';
$missingEmail='<p>please enter an email</p>';
$invalidEmail='<p>invalid email</p>';
$missingPassword='<p>please enter a password</p>';
$invalidPassword='<p>your password should be at leasllt 6 characteers long and include one capital letter and one number in it!</p>';
$differentPassword='<p>password dont match</p>';
$missingPassword2='<p>please confirm your password </p>';
//get username email and password and password2
//get username
if(empty($_POST["username"])){
$errors.=$missingUsername;
}else{
$username = filter_var($_POST["username"],FILTER_SANITIZE_STRING);
}
//get email
if(empty($_POST["email"])){
$errors.=$missingEmail;
}else{
$email=filter_var($_POST["email"],FILTER_SANITIZE_EMAIL);
if(!filter_var($email,FILTER_VALIDATE_EMAIL)){
$errors.=$invalidEmail;
}
}
//get password
if(empty($_POST["password"])){
$errors.=$missingPassword;
}
elseif(strlen($_POST["password"])<6 && !preg_match('/[A-Z]/',$_POST["password"]) && !preg_match('/[0-9]/', $_POST["password"])){
$errors.=$invalidPassword;
}
else{
$password=filter_var($_POST["password"],FILTER_SANITIZE_STRING);
if(empty($_POST["password2"])){
$errors.=$missingPassword2;
}else{
$password2=filter_var($_POST["password2"],FILTER_SANITIZE_STRING);
if($password !== $password2){
$errors.=$differentPassword;
}
}
}
//if there are any errors print the errors
if($errors){
$resultMessage='<div class="alert alert-danger">'.$errors.'</div>';
echo $resultMessage;
exit;
}
//no errors
//prepare varialbles for the queries
$username=mysqli_real_escape_string($link,$username);
$email=mysqli_real_escape_string($link,$email);
$password=mysqli_real_escape_string($link,$password);
//$password=md5($password);
$password=hash('sha256', $password);
//256 bits
//if username exists in the user table print error
$sql="SELECT * FROM users WHERE username='$username'";
$result=mysqli_query($link,$sql);
if(!$result){
echo '<div class="alert alaert-danger" >error running the query</div>';
exit;
}
$results= mysqli_num_rows($result);
if($results){
echo '<div class="alert alaert-danger" >That username already exists. Do you want to login?</div>';exit;
}
//if email exists in the user table print error
$sql="SELECT * FROM users WHERE email='$email'";
$result=mysqli_query($link,$sql);
if(!$result){
echo '<div class="alert alaert-danger" >error running the query</div>';
exit;
}
$results= mysqli_num_rows($result);
if($results){
echo '<div class="alert alaert-danger" >That email already exists. Do you want to login?</div>';exit;
}
//create a unique activation code
$activationKey=bin2hex(openssl_random_pseudo_bytes(16));
//byte: unit of data
//bit: 0 or 1
//16 byte=16*8=128 bits
//(2*2*2*2)*2*2*2*2*
//32 characters
//Insert user details and activation code in the users table
$sql= "INSERT INTO users (username, email, password, activation) VALUES ('$username', '$email', '$password', '$activationKey')";
$result = mysqli_query($link, $sql);
if(!$result){
echo'<div class="alert alert-danger">there was an error in inserting the user details in database</div>';
exit;
}
//send user an email with a link to activate.php with their email and activation
$message = "<p>Please click on this link to activate your account:\n\n</p>";
$message .="http://firstwebapplication.host20.uk/notesapp3/activate.php?email=".urlencode($email)."&key=$activationKey";
$from="[email protected]";
$header="From: the sender <[email protected]>\r\n";
$header.="Content-type:text/html\r\n";
if(mail($email, 'Confirm your Reistration',$message,$header)){
echo"<div class='alert alert-success'>Thank you for registering. a confirmation link has been sent to your email: $email. click on the link to activate your account.</div>";
}
?>