99 lines
3.4 KiB
PHP
99 lines
3.4 KiB
PHP
<?php
|
|
require_once 'db/config.php';
|
|
|
|
// Start session
|
|
if (session_status() === PHP_SESSION_NONE) {
|
|
session_start();
|
|
}
|
|
|
|
$errors = [];
|
|
$success = '';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$username = $_POST['username'] ?? '';
|
|
$email = $_POST['email'] ?? '';
|
|
$password = $_POST['password'] ?? '';
|
|
$password_confirm = $_POST['password_confirm'] ?? '';
|
|
|
|
if (empty($username)) {
|
|
$errors[] = 'Username is required';
|
|
}
|
|
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
|
$errors[] = 'Invalid email format';
|
|
}
|
|
if (empty($email)) {
|
|
$errors[] = 'Email is required';
|
|
}
|
|
if (strlen($password) < 8) {
|
|
$errors[] = 'Password must be at least 8 characters long';
|
|
}
|
|
if (empty($password)) {
|
|
$errors[] = 'Password is required';
|
|
}
|
|
if ($password !== $password_confirm) {
|
|
$errors[] = 'Passwords do not match';
|
|
}
|
|
|
|
if (empty($errors)) {
|
|
$pdo = db();
|
|
$stmt = $pdo->prepare("SELECT id FROM users WHERE username = ? OR email = ?");
|
|
$stmt->execute([$username, $email]);
|
|
if ($stmt->fetch()) {
|
|
$errors[] = 'Username or email already exists';
|
|
} else {
|
|
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
|
|
// For now, the first registered user will be an admin
|
|
$role = 'user';
|
|
$stmt_count = $pdo->query("SELECT COUNT(*) FROM users");
|
|
$user_count = $stmt_count->fetchColumn();
|
|
if ($user_count === 0) {
|
|
$role = 'admin';
|
|
}
|
|
|
|
$stmt = $pdo->prepare("INSERT INTO users (username, email, password, role) VALUES (?, ?, ?, ?)");
|
|
if ($stmt->execute([$username, $email, $hashed_password, $role])) {
|
|
$_SESSION['message'] = 'Registration successful! Please login.';
|
|
header('Location: login.php');
|
|
exit;
|
|
} else {
|
|
$errors[] = 'Failed to register user';
|
|
}
|
|
}
|
|
}
|
|
}
|
|
?>
|
|
<?php include 'auth_header.php'; ?>
|
|
|
|
<div class="form-container">
|
|
<h2>Register</h2>
|
|
<?php if (!empty($errors)): ?>
|
|
<div class="errors">
|
|
<?php foreach ($errors as $error): ?>
|
|
<p><?php echo htmlspecialchars($error); ?></p>
|
|
<?php endforeach; ?>
|
|
</div>
|
|
<?php endif; ?>
|
|
<form action="register.php" method="post" novalidate>
|
|
<div class="form-group">
|
|
<label for="username">Username</label>
|
|
<input type="text" name="username" id="username" value="<?php echo isset($_POST['username']) ? htmlspecialchars($_POST['username']) : ''; ?>" required>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="email">Email</label>
|
|
<input type="email" name="email" id="email" value="<?php echo isset($_POST['email']) ? htmlspecialchars($_POST['email']) : ''; ?>" required>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="password">Password</label>
|
|
<input type="password" name="password" id="password" required>
|
|
</div>
|
|
<div class="form-group">
|
|
<label for="password_confirm">Confirm Password</label>
|
|
<input type="password" name="password_confirm" id="password_confirm" required>
|
|
</div>
|
|
<button type="submit">Register</button>
|
|
</form>
|
|
<p>Already have an account? <a href="login.php">Login here</a>.</p>
|
|
</div>
|
|
|
|
<?php include 'auth_footer.php'; ?>
|