Untitled

<?php require('includes/global.php');
include ('includes/header.php');

//if logged in redirect to members page
if( $user->is_logged_in() ){ header('Location: memberpage.php'); }

//if form has been submitted process it
if(isset($_POST['submit'])){

    //very basic validation
    if(strlen($_POST['username']) < 3){
        $error[] = 'Username is too short.';
    } else {
        $stmt = $db->prepare('SELECT username FROM members WHERE username = :username');
        $stmt->execute(array(':username' => $_POST['username']));
        $row = $stmt->fetch(PDO::FETCH_ASSOC);
        if(!empty($row['username'])){
            $error[] = 'Username provided is already in use.';
        }
    }
    if(strlen($_POST['password']) < 1){
        $error[] = 'Password is too short.';
    }
    if(strlen($_POST['passwordConfirm']) < 1){
        $error[] = 'Confirm password is too short.';
    }
    if($_POST['password'] !== $_POST['passwordConfirm']){
        $error[] = 'Passwords do not match.';
    }

    //email validation
    if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
        $error[] = 'Please enter a valid email address';
    } else {
        $stmt = $db->prepare('SELECT email FROM members WHERE email = :email');
        $stmt->execute(array(':email' => $_POST['email']));
        $row = $stmt->fetch(PDO::FETCH_ASSOC);
        if(!empty($row['email'])){
            $error[] = 'Email provided is already in use.';
        }
    }

    //if no errors have been created carry on
    if(!isset($error)){

        //hash the password
        $hashedpassword = $user->password_hash($_POST['password'], PASSWORD_BCRYPT);

        //create the activasion code
        $activasion = md5(uniqid(rand(),true));
        try {

            //insert into database with a prepared statement
            $stmt = $db->prepare('INSERT INTO members (username,password,email,active) VALUES (:username, :password, :email, :active)');
            $stmt->execute(array(
                ':username' => $_POST['username'],
                ':password' => $hashedpassword,
                ':email' => $_POST['email'],
                ':active' => $activasion
            ));
            $id = $db->lastInsertId('memberID');

            //send email
            $to = $_POST['email'];
            $subject = "Registration Confirmation";
            $body = "<p>Thank you for registering at Elcro Development.</p>
            <p>To activate your account, please click on this link: <a href='".DIR."activate.php?x=$id&y=$activasion'>".DIR."activate.php?x=$id&y=$activasion</a></p>
            <p>Elcro</p>";
            $mail = new Mail();
            $mail->setFrom(SITEEMAIL);
            $mail->addAddress($to);
            $mail->subject($subject);
            $mail->body($body);
            $mail->send();

            //redirect to index page
            header('Location: index.php?action=joined');
            exit;

        //else catch the exception and show the error.
        } catch(PDOException $e) {
            $error[] = $e->getMessage();
        }
    }
}

?>

<div id="bodyWrapper">
    <div class="global-form" id="registerform">
        <div class="container">
            <div class="col-xs-12 col-sm-8 col-md-6 col-sm-offset-2 col-md-offset-3">
                <form action="register.php" method="POST" role="form" autocomplete="off">
                    <?php
                    //check for any errors
                    if(isset($error)){
                        foreach($error as $error){
                            echo '<p class="alert alert-danger">'.$error.'</p>';
                        }
                    }
                    //if action is joined show sucess
                    if(isset($_GET['action']) && $_GET['action'] == 'joined'){
                        echo "<h2 class='alert alert-success'>Registration successful, please check your email to activate your account.</h2>";
                    }
                ?>
                    <img src="https://elcrodevelopment.com/checkout/assets/imgs/logo.png" alt="Logo" width="250" style="padding-bottom: 10px;text-align:center;">
                    <p class="form-intro" style="font-size:22px;color:#000;">Register on Elcro Development</p>
                    <p style="color:#000;"><?= $message ?></p>
                    <fieldset class="form-group">
                        <input type="text" class="form-control" name="username" placeholder="Username" value="<?php if(isset($error)){ echo $_POST['username']; } ?>" required>
                    </fieldset>
                    <fieldset class="form-group">
                        <input type="text" class="form-control" name="email" placeholder="Email" value="<?php if(isset($error)){ echo $_POST['email']; } ?>" required>
                    </fieldset>
                    <fieldset class="form-group">
                        <div class="col-xs-6 col-sm-6 col-md-6">
                            <input type="password" class="form-control" name="password" placeholder="Password" required>
                        </div>
                        <div class="col-xs-6 col-sm-6 col-md-6">
                            <input type="password" class="form-control" name="confirmpass" placeholder="Confirm Password" required>
                        </div>
                    </fieldset>
                    <fieldset class="form-group">
                        <div class="checkbox">
                            <label><input type="checkbox" name="terms" value="accept">I accept the <a href="https://elcrodevelopment.com/terms.php" target="_blank">Terms & Conditions</a>.</label>
                        </div>
                        <p style="text-align: center;">Already have an account? <a href="login.php">Go to login</a></p>
                    </fieldset>
                    <button type="submit" name="submit" id="clientbutton" value="Register" class="col-xs-12 col-sm-8 col-md-6 col-sm-offset-2 col-md-offset-3 btn btn-primary">Register</button>
                </form>
            </div>
        </div>
    </div>
</div>