action.php

1. <?php
2.  
3. // Open connection to DB by including conn.php
4. include_once "conn.php";
5. // Connection is On.
6.  
7. /* Functions */
8. function email_is_persent($con,$email)
9. {
10. $temp = $email;
11. $conn = $con;
12. $sql = "SELECT user_email FROM users WHERE user_email = ? ;";
13.  
14. $stmt = mysqli_stmt_init($conn);
15. mysqli_stmt_prepare($stmt,$sql);
16. mysqli_stmt_bind_param($stmt,'s',$temp);
17.  
18. if(!mysqli_stmt_execute($stmt)){
19. echo "Error on executing stmt of email function";
20. exit();
21. }else{
22. $result = mysqli_stmt_get_result($stmt);
23. if(mysqli_num_rows($result) <= 0){
24. return false;
25. }else{
26. return true;
27. }
28. }
29. mysqli_stmt_close($stmt);
30. }
31.  
32. function username_is_persent($con,$user)
33. {
34. $temp = $user;
35. $conn = $con;
36. $sql = "SELECT user_uid FROM users WHERE user_uid = ? ;";
37.  
38. $stmt = mysqli_stmt_init($conn);
39. mysqli_stmt_prepare($stmt,$sql);
40. mysqli_stmt_bind_param($stmt,'s',$temp);
41.  
42. if(!mysqli_stmt_execute($stmt)){
43. echo "Error on executing stmt of username function";
44. exit();
45. }else{
46. $result = mysqli_stmt_get_result($stmt);
47. if(mysqli_num_rows($result) <= 0){
48. return false;
49. }else{
50. return true;
51. }
52. }
53. mysqli_stmt_close($stmt);
54. }
55.  
56. function password_is_strong($password)
57. {
58. $temp = $password;
59. $isStrong = true;
60.  
61. if( strlen($temp) < 8 || !preg_match("/[A-Z]+/", $temp))
62. {
63. $isStrong = false;
64. }
65.  
66.  
67. return $isStrong;
68. }
69.  
70. function Signup_InsertData($con,$var_firstname,$var_lastname,$var_email,$var_phone,$var_username,$var_password)
71. {
72. $first = $var_firstname;
73. $last =$var_lastname;
74. $email = $var_email;
75. $phone = $var_phone;
76. $username = $var_username;
77. $password = $var_password;
78. $conn = $con;
79.  
80. // Hashing Password For Security
81. $password = password_hash($password, PASSWORD_DEFAULT);
82.  
83. $sql = "INSERT INTO users (user_first,user_last,user_email,user_phone,user_uid,user_pwd) VALUES (?,?,?,?,?,?);";
84. $stmt = mysqli_stmt_init($conn);
85. mysqli_stmt_prepare($stmt,$sql);
86. mysqli_stmt_bind_param($stmt,'ssssss',$first,$last,$email,$phone,$username,$password);
87.  
88. if( !mysqli_stmt_execute($stmt) )
89. {
90. return false;
91. }
92. else
93. {
94. return true;
95. }
96.  
97. mysqli_stmt_close($stmt);
98. }
99. /* Functions */
100.  
101. // Handles if accessing page without submit clicking
102. if(!isset($_POST['SignUpSubmit'])){
103. header("Location: index.php?Error=InvalidPage");
104. exit();
105. }
106. else // If user click Submit else works
107. {
108.  
109. // Storing user inputs and escaping them to aviod speical characters using mysqli_real function
110. $firstname = mysqli_real_escape_string($conn,$_POST['FirstName']);
111. $lastname = mysqli_real_escape_string($conn,$_POST['LastName']);
112. $email = mysqli_real_escape_string($conn,$_POST['Email']);
113. $phone = mysqli_real_escape_string($conn,$_POST['Phone']);
114. $username = mysqli_real_escape_string($conn,$_POST['UserName']);
115. $password = mysqli_real_escape_string($conn,$_POST['Password']);
116.  
117.  
118. // Checking if all fields are filled
119. if( empty($firstname) or empty($lastname) or empty($email) or empty($phone) or empty($username) or empty($password) )
120. {
121. // Including all inputs (except for password) , back on the URL to retrieve them using $_GET[] at index.php
122. header("Location: index.php?Error=EmptyField&firstname=$firstname&lastname=$lastname&email=$email&phone=$phone&username=$username");
123. exit();
124. }
125. else // if all fields arn't empty else works
126. {
127.  
128. if( !preg_match("/^[A-Za-z]+$/", $firstname) or !preg_match("/^[A-Za-z]+$/", $lastname) ) // Validating FirstName and LastName Formats
129. {
130. header("Location: index.php?Error=InvalidName&firstname=$firstname&lastname=$lastname&email=$email&phone=$phone&username=$username");
131. exit();
132. }
133. else // if FirstName and LastName are valid else works
134. {
135.  
136. if( !filter_var($email,FILTER_VALIDATE_EMAIL) ) // Validate Email Format
137. {
138. header("Location: index.php?Error=InvalidEmail&firstname=$firstname&lastname=$lastname&email=&phone=$phone&username=$username");
139. exit();
140. }
141. else // if Email is valid format else works
142. {
143.  
144. if( email_is_persent($conn,$email)) // Check if email is already persent on DB
145. {
146. header("Location: index.php?Error=PersentEmail&firstname=$firstname&lastname=$lastname&email=&phone=$phone&username=$username");
147. exit();
148. }
149. else // if Email is not persent at DB else works
150. {
151.  
152. if( !preg_match("/^01[0-9]{8}$/", $phone) ) // Checks if phone format is valid
153. {
154. header("Location: index.php?Error=InvalidPhone&firstname=$firstname&lastname=$lastname&email=$email&phone=&username=$username");
155. exit();
156. }
157. else // if phone format is valid else works
158. {
159.  
160. if( username_is_persent($conn,$username) ) // Checks if username is already persent on DB
161. {
162. header("Location: index.php?Error=PersentUsername&firstname=$firstname&lastname=$lastname&email=$email&phone=$phone&username=");
163. exit();
164. }
165. else // if username is not persent at DB else works
166. {
167.  
168. if( !password_is_strong($password) ) // Check password Strength
169. {
170. header("Location: index.php?Error=WeakPassword&firstname=$firstname&lastname=$lastname&email=$email&phone=$phone&username=$username");
171. exit();
172. }
173. else // if password is strong else works
174. {
175.  
176. if( !Signup_InsertData($conn,$firstname,$lastname,$email,$phone,$username,$password) ) // Function to Complete Signup
177. {
178. header("Location: index.php?Error=Signup&firstname=$firstname&lastname=$lastname&email=$email&phone=$phone&username=$username");
179. exit();
180. }
181. else // if Signup is successfull else works
182. {
183. echo "Your Signed Up Successfully!";
184. mysql_close($conn);
185. }
186.  
187. }
188. }
189. }
190. }
191. }
192. }
193. }
194. }