signup_handler

1. <?php
2. //Declaring variables to prevent errors
3. $firstname = ""; //First name
4. $lastname = "";
5. $qualification="";
6. $specialist="";
7. $experience="";
8. $clinic_address="";
9. $clinic_contact="";
10. $personal_contact="";
11. $email = ""; //email
12. $licensekey="";
13. $recognition="";
14. $description="";
15. $password = ""; //password
16. $salt = ""; //password 2
17. $flag=0;
18.  $error_array = array(); //Holds error messages
19.  
20. if(isset($_POST['register_button'])){
21.  
22.     //Registration form values
23.  
24.     //First name
25.     $fname = strip_tags($_POST['firstname']); //Remove html tags
26.     $fname = str_replace(' ', '', $firstname); //remove spaces
27.     $fname = ucfirst(strtolower($firstname)); //Uppercase first letter
28.     $_SESSION['firstname'] = $firstname; //Stores first name into session variable
29.  
30.     //Last name
31.     $lname = strip_tags($_POST['lastname']); //Remove html tags
32.     $lname = str_replace(' ', '', $lastname); //remove spaces
33.     $lname = ucfirst(strtolower($lastname)); //Uppercase first letter
34.     $_SESSION['lastname'] = $lastname; //Stores last name into session variable
35.  
36.     //qualification
37.     $lname = strip_tags($_POST['qualification']); //Remove html tags
38.     $lname = str_replace(' ', '', $qualification); //remove spaces
39.     $lname = ucfirst(strtolower($qualification)); //Uppercase first letter
40.     $_SESSION['qualification'] = $qualification;
41.  
42.     //experience
43.     $lname = strip_tags($_POST['experience']); //Remove html tags
44.     $lname = str_replace(' ', '', $experience); //remove spaces
45.     $_SESSION['experience'] = $experience;
46.  
47.    
48.  
49.     //clinic address
50.     $lname = strip_tags($_POST['clinic_address']); //Remove html tags
51.     $lname = ucfirst(strtolower($clinic_address)); //Uppercase first letter
52.     $_SESSION['clinic_address'] = $clinic_address;
53.  
54.     //clinic contact
55.  
56.     $lname = strip_tags($_POST['clinic_contact']); //Remove html tags
57.     $lname = str_replace(' ', '', $clinic_contact); //remove spaces
58.     $_SESSION['clinic_contact'] = $clinic_contact;
59.  
60.      // personal contact
61.  
62.     $lname = strip_tags($_POST['personal_contact']); //Remove html tags
63.     $lname = str_replace(' ', '', $personal_contact); //remove spaces
64.     $_SESSION['personal_contact'] = $personal_contact; //
65.  
66.     //email
67.     $em = strip_tags($_POST['email']); //Remove html tags
68.     $em = str_replace(' ', '', $email); //remove spaces
69.     $em = ucfirst(strtolower($email)); //Uppercase first letter
70.     $_SESSION['reg_email'] = $em; //Stores email into session variable
71.  
72.     //license key
73.     $lname = strip_tags($_POST['licensekey']); //Remove html tags
74.     $lname = str_replace(' ', '', $licensekey); //remove spaces
75.     $_SESSION['personal_contact'] = $licensekey;  
76.  
77.     //Description
78.     $lname = strip_tags($_POST['description']); //Remove html tags
79.     $lname = str_replace(' ', '', $description); //remove spaces
80.     $_SESSION['personal_contact'] = $description; //
81.  
82.  
83.  
84.     //Password
85.     $password = strip_tags($_POST['reg_password']); //Remove html tags
86.    
87.  
88.    
89.  
90.    
91.         //Check if email is in valid format
92.         if(filter_var($email, FILTER_VALIDATE_EMAIL)) {
93.  
94.             $email = filter_var($email, FILTER_VALIDATE_EMAIL);
95.  
96.             //Check if email already exists
97.             $e_check = mysqli_query($con, "SELECT email FROM users WHERE email='$email'");
98.  
99.             //Count the number of rows returned
100.             $num_rows = mysqli_num_rows($e_check);
101.  
102.             if($num_rows > 0) {
103.                 array_push($error_array, "Email already in use<br>");
104.             }
105.  
106.         }
107.         else {
108.             array_push($error_array, "Invalid email format<br>");
109.         }
110.  
111.  
112.     }
113.    
114.  
115.     if(strlen($firstname) > 25 || strlen($firstname) < 2) {
116.         array_push($error_array, "Your first name must be between 2 and 25 characters<br>");
117.     }
118.  
119.     if(strlen($lastname) > 25 || strlen($lastname) < 2) {
120.         array_push($error_array,  "Your last name must be between 2 and 25 characters<br>");
121.     }
122.     if(strlen($qualification) > 150 || strlen($firstname) < 2) {
123.         array_push($error_array, "Your qualification must be between 2 and 150 characters(including spaces)<br>");
124.     }
125.     if(strlen($) < 150 || strlen($specialist) > 2) {
126.         array_push($error_array, "Your specialisation must be between 2 and 150 characters(including spaces)<br>");
127.     }
128.     if(strlen($experience) > 3 || strlen($experience) < 0 ) {
129.         array_push($error_array, "Your experience must be in years and it can not be greater than 2 digits<br>");
130.     }
131.     if(strlen($clinic_address) > 50  {
132.         array_push($error_array, "Your address can not be more than 50 words<br>");
133.  
134.     }
135.     if(strlen($clinic_contact) != 10) {
136.         array_push($error_array, "Invalid clinic contact<br>");
137.     }
138.     if(strlen($personal_contact) != 10 {
139.         array_push($error_array, "Invalid personal contact<br>");
140.     }
141.     if(strlen($licensekey) > 25 || strlen($licensekey) < 2) {
142.         array_push($error_array, "Your licensekey must be between 2 and 25 characters<br>");
143.     }
144.     if(strlen($description) > 250 || strlen($description) < 15) {
145.         array_push($error_array, "Your description must be between 15 and 250 characters<br>");
146.     }
147.    
148.    
149.  
150.     if($password != $confirm_password) {
151.         array_push($error_array,  "Your passwords do not match<br>");
152.     }
153.     else {
154.         <script> function validate(form) {
155.   var e = form.elements;
156.   var decimal=  /^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])(?!.*\s).{8,25}$/;  
157.  
158.   if(e['password'].value.match(decimal)){
159.   alert('Right...!')
160.   $flag =1;  
161.   return true;
162. }
163. else
164. {
165.   alert('wrong')
166.     return false;
167. }}</script>
168. if($flag == 1){
169. $escapedPW = mysqli_real_escape_string($conn,$_REQUEST['password']);
170.  
171. # generate a random salt to use for this account
172. $salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
173. $saltedPW =  $escapedPW . $salt;
174. ///sha256 is a hashing algorithm
175. $hashedPW = hash('sha256', $saltedPW);}
176.         //Generate username by concatenating first name and last name
177.         $username = strtolower($firstname . "_" . $lastname);
178.         $check_username_query = mysqli_query($con, "SELECT username FROM users WHERE username='$username'");
179.  
180.  
181.         $i = 0;
182.         //if username exists add number to username
183.         while(mysqli_num_rows($check_username_query) != 0) {
184.             $i++; //Add 1 to i
185.             $username = $username . "_" . $i;
186.             $check_username_query = mysqli_query($con, "SELECT username FROM users WHERE username='$username'");
187.         }
188.  
189.         //Profile picture assignment
190.        
191.  
192.         $query = mysqli_query($con, "INSERT INTO users ('firstname','lastname','username','password','salt')VALUES ('$firstname','lastname','username','password','hashedPW')");
193.  
194.         array_push($error_array, "<span style='color: #14C800;'>You're all set! Goahead and login!</span><br>");
195.  
196.         //Clear session variables
197.         $_SESSION['firstname'] = "";
198.         $_SESSION['lastname'] = "";
199.         $_SESSION['email'] = "";
200.         $_SESSION['description'] = "";
201.     }
202.  
203. }
204. ?>