1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/partials.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/utils.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/config.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/lib/alert.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST['username'] ?? null;
$password = $_POST['password'] ?? null;
if (!isset($username, $password)) {
exit(create_alert('/register.php', 400, 'Username and password must be sent!', null));
}
$username = trim($username);
if (!preg_match(USERNAME_REGEX, $username)) {
exit(create_alert('/register.php', 400, 'Your username must contain only letters and numbers!', null));
}
$username_len = strlen($username);
if ($username_len < USERNAME_LENGTH[0] || $username_len > USERNAME_LENGTH[1]) {
exit(create_alert('/register.php', 400, sprintf('Your username must be between %d and %d characters long', USERNAME_LENGTH[0], USERNAME_LENGTH[1]), null));
}
if (strlen($password) < PASSWORD_LENGTH) {
exit(create_alert('/register.php', 400, sprintf('Your password must be at least %d characters long', PASSWORD_LENGTH), null));
}
$db = new PDO(DB_URL, DB_USER, DB_PASS);
// checking for already existing accounts
$stmt = $db->prepare('SELECT id FROM users WHERE username = ?');
$stmt->execute([$username]);
if ($stmt->rowCount() > 0) {
exit(create_alert('/register.php', 409, 'This username has been taken.', null));
}
$userid = 0;
do {
$userid = random_int(USERNAME_ID_RANGE[0], USERNAME_ID_RANGE[1]);
$stmt = $db->prepare('SELECT username FROM users WHERE id = ?');
$stmt->execute([$userid]);
} while ($stmt->rowCount() > 0);
$password = password_hash($password, PASSWORD_DEFAULT);
$db->prepare('INSERT INTO users(id, username, `password`) VALUES (?, ?, ?)')
->execute([$userid, $username, $password]);
$stmt = $db->prepare('SELECT id, username, joined_at FROM users WHERE id = ?');
$stmt->execute([$userid]);
$user = $stmt->fetch(PDO::FETCH_ASSOC) ?: null;
exit(create_alert('/login.php', 200, 'Registered! Now log in to your account.', $user));
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Register - id</title>
<link rel="stylesheet" href="/static/style.css">
</head>
<body>
<main>
<?php html_navbar(); ?>
<?php display_alert(); ?>
<form action="/register.php" method="post" class="column gap-16">
<h1>Register new ilt.su account</h1>
<div class="row">
<div class="box">
<div class="tab">
<p>Account credentials</p>
</div>
<div class="content column gap-8">
<div class="column">
<label for="username">Username</label>
<input type="text" name="username" id="username" placeholder="Username"
pattern="^[a-zA-Z0-9_]+$" required>
</div>
<div class="row gap-8">
<div class="column">
<label for="password">Password</label>
<input type="password" name="password" id="password" placeholder="Enter password"
required>
</div>
</div>
</div>
</div>
</div>
<div>
<input type="checkbox" name="tos" id="tos" required>
<label for="tos">I accept the <a href="/static/txt/TOS.txt" class="bold">TOS</a>, including <a
href="/static/txt/PRIVACY.txt" class="bold">Privacy Policy</a></label>
</div>
<div>
<button type="submit" class="fancy">Register</button>
</div>
</form>
</main>
</body>
</html>
|
