Untitled

<?php
session_start();

require_once 'config.php';

/**
 * Include ircmaxell's password_compat library.
 */
require '../lib/password.php';

if(isset($_POST['submit'])){
  //Retrieve the field values from our registration form.
  $username = !empty($_POST['username']) ? trim($_POST['username']) : null;
  $pass = !empty($_POST['password']) ? trim($_POST['password']) : null;

  //Now, we need to check if the supplied username already exists.
  $stmt = $pdo->prepare("SELECT COUNT(username) AS num FROM users_table WHERE username = :username");

  //Bind the provided username to our prepared statement.
  $stmt->bindValue(':username', $username);

  //Execute.
  $stmt->execute();

  //Fetch the row.
  $row = $stmt->fetch(PDO::FETCH_ASSOC);

  //If the provided username already exists - display error.
  //TO ADD - Your own method of handling this error. For example purposes,
  //I'm just going to kill the script completely, as error handling is outside
  //the scope of this tutorial.
  if($row['num'] > 0){
    echo '<script>alert("That username already exist!");</script>';
    header("Refresh: 0; URL = signup.php");
    die();
  }

  //Hash the password as we do NOT want to store our passwords in plain text.
  //$pas = hash('sha256', $pass);
  $pas = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));

  //Prepare our INSERT statement.
  //Remember: We are inserting a new row into our users table.
  $stmt = $pdo->prepare("INSERT INTO users_table (username, password) VALUES (:username, :password)");

  //Bind our variables.
  $stmt->bindValue(':username', $username);
  $stmt->bindValue(':password', $pas);

  //Execute the statement and insert the new account.
  $result = $stmt->execute();

  //If the signup process is successful.
  if($result){
    echo '<script>alert("Thank you for register! Now please sign in.");</script>';
    header("Refresh: 0; URL = ../signin.php");
  }
}
?>