Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if (isset($_POST['submit'])){
- require_once 'config.php';
- $errors = [];
- foreach($_POST as $field => $value){
- if(empty($value)){
- //failed
- $errors[] = "{$field} is required";
- }
- if(($field === 'email') && !filter_var($value, FILTER_VALIDATE_EMAIL)){//check valid email
- //failed
- $errors[] = "{$field} is invalid email";
- }
- if($field !== 'username' && !preg_match('/^[a-z]*$/i', $value)){
- //failed
- $errors[] = "{$field} has invalid characters";
- }
- if($field === 'username') {
- if (!preg_match('/^[a-zd_]{4,20}$/i', $value)) {
- $errors[] = "{$field} has invalid characters";
- } else {
- $escaped_username = mysqli_real_escape_string($connect, $_POST['username']);
- $sql = "SELECT * FROM users WHERE username='$escaped_username'";
- $result = mysqli_query($connect, $sql);
- $num_matching_usernames = mysqli_num_rows($result);
- if($num_matching_usernames > 0){
- $errors[] = "{$field} Username already taken";
- }
- }
- }
- }
- // no errors, lets save and send email
- if (count($errors) == 0) {
- $hashed_password = password_hash($_POST["password"], PASSWORD_DEFAULT);
- $fields = ['firstname', 'lastname', 'email', 'username'];
- $escaped_values = [];
- foreach ($fields as $field) {
- $escaped_values[$field] = mysqli_real_escape_string($connect, $_POST['$field']);
- }
- $sql = "INSERT INTO users (firstname, lastname, email, username, password) VALUES ('{$escaped_values["firstname"]}', '{$escaped_values["lastname"]}', '{$escaped_values["email"]}', '{$escaped_values["username"]}', '$hashed_password')";
- mysqli_query($connect, $sql);
- // send email
- $emailRecipient = $_POST["email"];
- $subject = 'Welcome';
- $message_body = 'You have successfully created an account ' . $_POST["username"] . '! Welcome.';
- mail($emailRecipient, $subject, $message_body);
- // TODO be wary about using relative urls on a redirect, its easy to redirect to the wrong page
- header("Location: ../index.php");
- exit;
- }
- }
- // display errors at top of page
- if (count($errors) > 0) {
- echo "Sorry but an error has occurred, please try again";
- echo "<ul>";
- foreach ($errors as $error) {
- echo "<li>" . htmlentities($error) . "</li>";
- }
- echo "</ul>";
- }
- ?>
- if($field !== 'username' && !preg_match('/^[a-z]*$/i', $value)){
- $errors[] = "{$field} has invalid characters";
- <?php
Add Comment
Please, Sign In to add comment