Untitled

<?php
require('inc/config.inc.php');
require('inc/session.inc.php');
include('inc/functions.inc.php');
?>

<html>
<h1>Recover</h1>
<br />


<form action="recover.php" method="POST">
    Your name: <input type="text" name="username"><br />
    Password for this recover: <input type="password" name="password"><br />
    Your Message: <input type="text" name="message"><br />
    <input type="submit" name="submit"><br />
</form>

<?php
    if (!isset($_GET['recovery'])) {
        // Check if isset, also fixes the php notices error.
        if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['message'])) {
            // Created shortcuts for the POSTs we currently have.
            $username = $_POST['username'];
            $password = $_POST['password'];
            $message = $_POST['message'];
        }

        /* Error checking */
        // Filling up the errors array, if there's an error so you can call it after.

            $errors = array();

            if (empty($username)) {
                $errors[] = 'Username is empty';
            }
            else if (empty($password))
            {
                $errors[] = 'Password is empty';
            }
            else if (strlen($username) > 11)
            {
                $errors[] = 'Your username is more than 11 characters long';
            }

        // This checks if variabes are not empty, and if username is less than 11 characters long.
        if (!empty($username) && !empty($password) && !empty($message) && strlen($username) < 11) {

            // Shortcut for our ID generator function.
            $ID = generateID();

            // Now lets insert (register the account) these datas to our database.
            $insert = $connect->prepare(
            "INSERT INTO users (
                username,
                password,
                message,
                date,
                time,
                id
            ) VALUES (
                :username,
                :password,
                :message,
                CURDATE(),
                CURTIME(),
                :id
            )");

            // Executing in array, because if we binded all these variables, it would look very bad.
            if( !$insert->execute(array(
                ':username' => $username,
                ':password' => $password,
                ':message' => $message,
                ':id' => $ID)) ) {

                    // Let's see if there's an error.
                    print_r($insert->errorInfo());
            }
            // Let's store these into a session now.
            $_SESSION['user'] = $username;
            $_SESSION['pass'] = $password;

            //Now let's refresh the page, to a different header.
            header('Location: recover.php?recovery=success');
        }

        // Let's check if errors is not empty.
        else if (!empty($errors))
        {
            // Now let's use a loop to get all of the error messages set in the array.
            foreach ($errors as $error) {
                echo $error;
            }
        }
    else if (isset($_GET['recovery']) && $_GET['recovery'] == 'success')
    {
    echo $_SESSION['user'];

        /*

        ***REMOVED FOR TESTING***

        $fetch = $connect->query("SELECT * FROM users WHERE username = ':username' LIMIT 1");
        $fetch->bindValue(':username', $_SESSION['user']);
        $fetch->execute();

        while($row = $fetch->fetch( PDO::FETCH_ASSOC )) {
            echo $row['recover_id'];
        }
        */
    }
}
?>
</html>