-
Notifications
You must be signed in to change notification settings - Fork 0
/
signup.php
106 lines (95 loc) · 4.24 KB
/
signup.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<?php
require_once 'config.php';
require_once __DIR__ . '/config.php';
require_once __DIR__ . '/includes/csrf_functions.php';
// Rest of your signup code...
$error = '';
$success = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!verify_csrf_token($_POST['csrf_token'])) {
die("CSRF token validation failed");
}
$fullname = filter_input(INPUT_POST, 'fullname', FILTER_SANITIZE_STRING);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
if (empty($fullname) || empty($email) || empty($password) || empty($confirm_password)) {
$error = "Please fill in all fields.";
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error = "Invalid email format.";
} elseif ($password !== $confirm_password) {
$error = "Passwords do not match.";
} elseif (strlen($password) < 8) {
$error = "Password must be at least 8 characters long.";
} else {
$stmt = $conn->prepare("SELECT id FROM users WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$error = "Email already exists.";
} else {
$hashed_password = password_hash($password . PASSWORD_PEPPER, PASSWORD_DEFAULT);
$verification_code = bin2hex(random_bytes(16));
$stmt = $conn->prepare("INSERT INTO users (fullname, email, password, verification_code) VALUES (?, ?, ?, ?)");
$stmt->bind_param("ssss", $fullname, $email, $hashed_password, $verification_code);
if ($stmt->execute()) {
$user_id = $stmt->insert_id;
// Send verification email
$to = $email;
$subject = "Verify Your Account - " . APP_NAME;
$message = "Hello $fullname,\n\nPlease click the following link to verify your account:\n\n";
$message .= APP_URL . "/verify.php?code=$verification_code&email=" . urlencode($email);
$headers = "From: noreply@" . $_SERVER['HTTP_HOST'];
if (mail($to, $subject, $message, $headers)) {
$success = "Registration successful. Please check your email to verify your account.";
} else {
$error = "Registration successful, but failed to send verification email. Please contact support.";
}
} else {
$error = "Error occurred. Please try again.";
}
}
$stmt->close();
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Sign Up - <?php echo APP_NAME; ?></title>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<div class="container">
<h1>Sign Up for <?php echo APP_NAME; ?></h1>
<?php
if ($error) echo "<p class='error'>$error</p>";
if ($success) echo "<p class='success'>$success</p>";
?>
<form method="POST" action="">
<input type="hidden" name="csrf_token" value="<?php echo generate_csrf_token(); ?>">
<div class="form-group">
<label for="fullname">Full Name:</label>
<input type="text" id="fullname" name="fullname" required>
</div>
<div class="form-group">
<label for="email">Email:</label>
<input type="email" id="email" name="email" required>
</div>
<div class="form-group">
<label for="password">Password:</label>
<input type="password" id="password" name="password" required>
</div>
<div class="form-group">
<label for="confirm_password">Confirm Password:</label>
<input type="password" id="confirm_password" name="confirm_password" required>
</div>
<button type="submit">Sign Up</button>
</form>
<p>Already have an account? <a href="login.php">Login</a></p>
</div>
</body>
</html>