Untitled

<?php
// required headers
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");

// include database and object files
include_once '../config/database.php';

// instantiate database and product object
$database = new Database();
$conn = $database->getConnection();

// Get post variables
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];

// Init error variables & flag
$usernameError = $passwordError = $emailError = '';
$generalError = '';
$error = false;

if(isset($username) && isset($password) && isset($email)) {

    // Convert username and email to lowercase only as well as test the input
    // also escape strings
    $username = $conn->real_escape_string(strtolower(test_input($username)));
    $email = $conn->real_escape_string(strtolower(test_input($email)));
    $password = $conn->real_escape_string(test_input($password));

    /*
        Test username
    */
    // Test username for whitespaces
    if (preg_match("/\s/", $username)) {
        $error = true;
        $usernameError = "username can not contain any spaces";
    }
    // Test username for letters and number only
    else if(!ctype_alnum($username)){
        $error = true;
        $usernameError = "username can only contain a-z, A-Z, 0-9";
    }
    // Check if username is taken
    else {
        $sql = "SELECT USERNAME FROM users WHERE USERNAME = '$username'";           # <- Change to prepared statement if wanted... Not rly needed tho
        $result = $conn->query($sql);
        if ($result->num_rows > 0) {
            $error = true;
            $usernameError = "this username is taken";
        }
    }

    /*
        Test password
    */
    if(strlen($password) < 8) {
        $error = true;
        $passwordError = "password must contain at least 8 characters";
    }

    /*
        Test email
    */
    // check if e-mail address is well-formed
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $error = true;
        $emailError = "wrong email format";
    }
    //Check if email is busy
    else {
        $sql = "SELECT EMAIL FROM users WHERE EMAIL = '$email'";                    # <- Change to prepared statement if wanted... Not rly needed tho
        $result = $conn->query($sql);
        if ($result->num_rows > 0) {
            $error = true;
            $emailError = "there already exist a user with this email";
        }
    }

    // Add user to database if everything is ok
    if(!$error && empty($usernameError) && empty($passwordError) && empty($emailError)) {

        $stmt = $conn->prepare("INSERT INTO users (ACTIVE, TIER, USERNAME, PASSWORD, EMAIL, IP) VALUES (?, ?, ?, ?, ?, ?)");
        $stmt->bind_param("iissss", $active, $tier, $sqlUsername, $sqlPassword, $sqlEmail, $ip);

        // Set this values to new users
        $active = '1';
        $tier = '1';
        $sqlUsername = $username;
        $sqlPassword = password_hash($password, PASSWORD_BCRYPT, array('cost' => 12));
        $sqlEmail = $email;
        $ip = $conn->real_escape_string($_SERVER["REMOTE_ADDR"]);

        if ($stmt->execute() === TRUE) {

            //Close register statement
            $stmt->close();

            //Query out user ID and create users own image folder
            $stmt = $conn->prepare("SELECT ID FROM users WHERE USERNAME = ?");
            $stmt->bind_param("s", $username);
            $username = $username;
            if(($stmt->execute()) && ($stmt->bind_result($ul_folder)) && ($stmt->fetch())){

                //Close statement
                $stmt->close();

                //Also create this upload folder
                mkdir('../../../uploads/'.$ul_folder);

                //Update upload_stats table
                $stat_sql = "UPDATE upload_stats SET USERS = USERS +1 WHERE ID=1";
                $conn->query($stat_sql);

                // Set response code to 201 and echo json response
                http_response_code(201);
                $response=array(
                    "status" => "created",
                    "id" => $ul_folder
                );
                echo json_encode($response);
            }
            else {
                $error = true;
                $generalError = "error when creating folder for user, please contact support";
            }
        }
        else {
            $error = true;
            $generalError = "something went wrong in the sql query, please try again";
        }
    }
}
else {
    $error = true;
    $generalError = "POST variables username, password and email required";
}

/*
    Error response
*/
// If an error occurred above, respond with it here
if($error) {
    $response=array(
        "status" => "error"
    );
    if(strlen($generalError) > 0) {
        $response['general-error'] = $generalError;
    }
    if(strlen($usernameError) > 0) {
        $response['username-error'] = $usernameError;
    }
    if(strlen($passwordError) > 0) {
        $response['password-error'] = $passwordError;
    }
    if(strlen($emailError) > 0) {
        $response['email-error'] = $emailError;
    }
    // Set response code to 400 and echo json response
    http_response_code(400);
    echo json_encode($response);
}

//Function to block input data from running server scripts etc.
function test_input($data) {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
  }
?>