feat: registration page

1 files changed, 105 insertions, 0 deletions

diff --git a/register.php b/register.php
new file mode 100644
index 0000000..0804d3d
--- /dev/null
+++ b/register.php
@@ -0,0 +1,105 @@
+<?php
+include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/partials.php';
+include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/utils.php';
+include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/config.php';
+
+if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+    $username = $_POST['username'] ?? null;
+    $password = $_POST['password'] ?? null;
+
+    if (!isset($username, $password)) {
+        exit(json_response(400, 'Username and password must be sent!', null));
+    }
+
+    $username = trim($username);
+
+    if (!preg_match('/^[a-zA-Z0-9_]+$/', $username)) {
+        exit(json_response(400, 'Your username must contain only letters and numbers!', null));
+    }
+
+    $username_len = strlen($username);
+
+    if ($username_len < 4 || $username_len > 20) {
+        exit(json_response(400, 'Your username must be between 4 and 20 characters long', null));
+    }
+
+    if (strlen($password) < 8) {
+        exit(json_response(400, 'Your password must be at least 8 characters long', null));
+    }
+
+    $db = new PDO(DB_URL, DB_USER, DB_PASS);
+
+    // checking for already existing accounts
+    $stmt = $db->prepare('SELECT id FROM users WHERE username = ?');
+    $stmt->execute([$username]);
+    if ($stmt->rowCount() > 0) {
+        exit(json_response(409, 'This username has been taken.', null));
+    }
+
+    $userid = 0;
+    do {
+        $userid = random_int(90_000_000_000_000_000, 99_000_000_000_000_000);
+        $stmt = $db->prepare('SELECT username FROM users WHERE id = ?');
+        $stmt->execute([$userid]);
+    } while ($stmt->rowCount() > 0);
+
+    $password = password_hash($password, PASSWORD_DEFAULT);
+    $db->prepare('INSERT INTO users(id, username, `password`) VALUES (?, ?, ?)')
+        ->execute([$userid, $username, $password]);
+
+    $stmt = $db->prepare('SELECT id, username, joined_at FROM users WHERE id = ?');
+    $stmt->execute([$userid]);
+    $user = $stmt->fetch(PDO::FETCH_ASSOC) ?: null;
+
+    exit(json_response(200, null, $user));
+}
+?>
+<!DOCTYPE html>
+<html>
+
+<head>
+    <title>Register - id</title>
+    <link rel="stylesheet" href="/static/style.css">
+</head>
+
+<body>
+    <main>
+        <?php html_navbar(); ?>
+
+        <form action="/register.php" method="post" class="column gap-16">
+            <h1>Register new ilt.su account</h1>
+
+            <div class="row">
+                <div class="box">
+                    <div class="tab">
+                        <p>Account credentials</p>
+                    </div>
+                    <div class="content column gap-8">
+                        <div class="column">
+                            <label for="username">Username</label>
+                            <input type="text" name="username" id="username" placeholder="Username"
+                                pattern="^[a-zA-Z0-9_]+$" required>
+                        </div>
+                        <div class="row gap-8">
+                            <div class="column">
+                                <label for="password">Password</label>
+                                <input type="password" name="password" id="password" placeholder="Enter password"
+                                    required>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+            <div>
+                <input type="checkbox" name="tos" id="tos" required>
+                <label for="tos">I accept the <a href="/static/txt/TOS.txt">TOS</a>, including <a
+                        href="/static/txt/PRIVACY.txt">Privacy Policy</a></label>
+            </div>
+            <div>
+                <button type="submit">Register</button>
+            </div>
+        </form>
+    </main>
+</body>
+
+</html>
\ No newline at end of file