35032-vm/handle_register.php

<?php
header('Content-Type: application/json');

require_once __DIR__ . '/db/config.php';

// 1. Validation
$errors = [];
if (empty($_POST['firstName'])) { $errors[] = 'First name is required.'; }
if (empty($_POST['lastName'])) { $errors[] = 'Last name is required.'; }
if (empty($_POST['email'])) { $errors[] = 'Email is required.'; }
if (!empty($_POST['email']) && !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $errors[] = 'Invalid email format.'; }
if (empty($_POST['password'])) { $errors[] = 'Password is required.'; }
if (!empty($_POST['password']) && strlen($_POST['password']) < 8) { $errors[] = 'Password must be at least 8 characters long.'; }
if ($_POST['password'] !== $_POST['confirmPassword']) { $errors[] = 'Passwords do not match.'; }

if (!empty($errors)) {
    echo json_encode(['success' => false, 'error' => implode(' ', $errors)]);
    exit;
}

$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['email'];
$password = $_POST['password'];

try {
    $pdo = db();

    // 2. Check if user already exists
    $stmt = $pdo->prepare("SELECT id FROM User WHERE email = ?");
    $stmt->execute([$email]);
    if ($stmt->fetch()) {
        echo json_encode(['success' => false, 'error' => 'An account with this email already exists.']);
        exit;
    }

    // 3. Hash password
    $hashedPassword = password_hash($password, PASSWORD_DEFAULT);

    // 4. Insert new user with 'Rider' role
    $stmt = $pdo->prepare(
        "INSERT INTO User (firstName, lastName, email, password, role) VALUES (?, ?, ?, ?, ?)"
    );
    $stmt->execute([$firstName, $lastName, $email, $hashedPassword, 'Rider']);

    // 5. Return success
    echo json_encode(['success' => true]);

} catch (PDOException $e) {
    error_log('Registration Error: ' . $e->getMessage());
    echo json_encode(['success' => false, 'error' => 'A server error occurred during registration. Please try again later.']);
}