register.php (11/23/2016)

1. <?php
2. // include common.inc.php
3. include 'core/common.inc.php';
4. // show header / add title
5. showHeader('Registration');
6. // protect page from users already logged in
7. protect();
8. // turn off error_reporting
9. error_reporting(0);
10. ?>
11.  
12. <center>
13.   <form enctype="multipart/form-data" action="" method="post" class="register_module">
14.  
15.     <h2 style="text-align:left;font-family:'Roboto',sans-serif;">Account Credentials<span style="font-size:12px;font-weight:400;"> (required)</span></h2>
16.  
17.     <div class="account_credentials">
18.       <input class="register_module protect_from_spaces" type="text" name="username" placeholder="choose a username*" maxlength="30" required><br />
19.       <input class="register_module protect_from_spaces" type="email" name="email" placeholder="email address*" required><br />
20.  
21.       <div class="row_inline">
22.         <input class="register_module input protect_from_spaces" type="password" name="password" placeholder="password*" maxlength="18" required>
23.         <input class="register_module input protect_from_spaces" type="password" name="cpassword" placeholder="confirm password*" maxlength="18" required><br />
24.       </div>
25.     </div>
26.       <br />
27.  
28.       <!-- here add user details section (name, avatar, birthday, etc...) -->
29.       <h2 style="text-align:left;font-family:'Roboto',sans-serif;">Account Details<span style="font-size:12px;font-weight:400;"> (optional)</span></h2>
30.  
31.       <br />
32.       <div class="account_details">
33.         <p style="text-align:left;font-family:'Roboto',sans-serif;font-weight:400;">Name:<span style="font-size:12px;font-weight:400;"> (required)</span></p>
34.         <input class="register_module_short protect_from_spaces" style="margin-right:1%;" type="text" name="first_name" placeholder="first name*" required />
35.         <input class="register_module_short protect_from_spaces" type="text" name="last_name" placeholder="last name" />
36.  
37.         <p style="text-align:left;font-family:'Roboto',sans-serif;font-weight:400;">Birthday:</p>
38.         <input style="margin-top:-10px;" class="register_module protect_from_spaces" type="date" name="birthday" />
39.  
40.         <p style="text-align:left;font-family:'Roboto',sans-serif;font-weight:400;">Social Link(s):</p>
41.         <input class="register_module protect_from_spaces" type="text" style="margin-top:-10px;" type="url" name="steam_profile" placeholder="steam profile (http://www.steamcommunity.com/id/lowheartrate/)" />
42.         <input class="register_module protect_from_spaces" type="text" name="twitter_profile" placeholder="twitter profile (https://twitter.com/lowheartrate)" />
43.         <input class="register_module protect_from_spaces" type="text" name="facebook_profile" placeholder="facebook profile (https://www.facebook.com/officiallowheartrate)" />
44.         <input class="register_module protect_from_spaces" type="text" name="instagram_profile" placeholder="instagram profile (https://instagram.com/lowheartrate)" />
45.  
46.         <!-- image upload for avatar... -->
47.         <div class="image_uploader">
48.           <h2 style="text-align:left;font-family:'Roboto',sans-serif;">✌ Avatar Uploader</h2><br />
49.  
50.           <p style="margin-top:-20px;font-size:12px;text-align:left;">Select image to upload:</p>
51.           <div style="text-align:left;font-size:12px;margin-top:-5px;margin-bottom:25px;">
52.             <input type="file" name="avatar" class="" />
53.           </div>
54.         </div>
55.       </div>
56.  
57.       <!-- check errors in registration -->
58.       <?php checkRegisterErrors(); ?>
59.  
60.       <br />
61.       <p class="pull-left" style="max-width:50%;">by signing up, you agree to our <a href="#">terms</a> and that you have read our <a href="#">privacy policy</a> and <a href="#">content policy</a>.</p>
62.       <div class="g-recaptcha pull-right" data-sitekey="6Levrg4TAAAAAN-pL6Xl2tndj3ZDn5nJ3PRUhMV-"></div><br />
63.  
64.       <br />
65.  
66.       <button type="submit" name="submit_registration" class="btn-register" style="margin-top:10px;">sign up</button>
67.   </form>
68. </center>
69.  
70. <?php
71. // checks registration errors...
72. function checkRegisterErrors() {
73.   if(isset($_POST['submit_registration'])){
74.       require 'findConflict.php';
75.       $username = $_POST['username'];
76.       $password = $_POST['password'];
77.       $cpassword = $_POST['cpassword'];
78.       $email = $_POST['email'];
79.       $hash = password_hash($password, PASSWORD_DEFAULT);
80.       $query = dbConnect()->prepare("SELECT email, username FROM users WHERE username = :username OR email = :email");
81.       $query->bindParam(':username', $username);
82.       $query->bindParam(':email', $email);
83.       $query->execute();
84.       $conflictingItems = [];
85.       while ( $result = $query->fetch( PDO::FETCH_ASSOC ) ) {
86.           $conflictingItems[] = $result;
87.       }
88.       // for checking checkGoogleCaptcha() function!!
89.       require_once 'core/recaptchalib.php';
90.       if(isset($_POST['g-recaptcha-response']))
91.       $captcha = $_POST['g-recaptcha-response'];
92.       $response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6Levrg4TAAAAAFmjcgKW8kDakmXTiBhmiCnUMchD&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']), true);
93.  
94.       if ( count ($conflictingItems) == 1 ) {
95.         switch ( getConflict($conflictingItems, $username, $email) ) {
96.             case 1:
97.             // username conflict
98.             echo "<p class='error'>username taken</p>";
99.             break;
100.             case 2:
101.             // Email conflict
102.             echo "<p class='error'>email already in use</p>";
103.             break;
104.             case 3:
105.             // email & username conflict
106.             echo '<p class="error">username & email in use</p>';
107.             break;
108.         }
109.       } elseif ( count($conflictingItems) == 2 ) {
110.         echo 'username & email already in use';
111.  
112.       // check if passwords match!
113.       } elseif ($password != $cpassword) {
114.         echo '<p class="error">passwords do not match</p>';
115.  
116.       // make sure password is between 8 - 16 characters
117.       } elseif (strlen($password) < 8 OR strlen($password) > 16) {
118.         echo '<p class="error">password must be between 8 & 16 characters</p>';
119.  
120.       // checks to make sure google recaptcha was posted!
121.       } elseif (!$captcha) {
122.         echo '<p class="error">please complete the captcha</p>';
123.       } elseif($response['success'] == false) {
124.         echo '<p class="error">you are a robot</p>';
125.  
126.  
127.       } else {
128.         // require config.php to get maximum file size --> $maximum_avatar_file_size = '125000';
129.         //                    to get avatars directory --> $avatars_directory = 'includes/uploads/avatars';
130.         require 'core/config.php';
131.  
132.         // need for file upload query & query to insert fields into database..
133.         $activation_id = uniqid(true);
134.  
135.         // file upload stuff... ONLY NEEDED FOR TESTING PURPOSES!
136.         // var_dump($_FILES);
137.  
138.         // move uploaded file to directory (includes/uploads/avatar)
139.         $upload_directory = $avatars_directory;
140.         // sets $image & gets image type, name, tmp_name
141.         $image = $_FILES['avatar'];
142.         $image_name = $_FILES['avatar']['name'];
143.         $image_tmp_name = $_FILES['avatar']['tmp_name'];
144.         $image_size = $_FILES['avatar']['size'];
145.         $image_type = $_FILES['avatar']['type'];
146.  
147.         // set file name (make it unique)
148.         $file_name = $activation_id . $image_name;
149.  
150.         // finds extension of file uploaded...
151.         $image_extension = strtolower(pathinfo($_FILES['avatar']['name'],PATHINFO_EXTENSION));
152.         // allowed extensions of file uploaded...
153.         $valid_image_extensions = array('jpeg', 'jpg', 'png', 'gif');
154.  
155.         // if image extension is a valid image extension...
156.         if (in_array($image_extension, $valid_image_extensions)) {
157.           if ($image_size > $maximum_avatar_file_size) {
158.             echo '<p class="error">error; file size is too large! Maximum file size is ' .$maximum_avatar_file_size. ' bytes. <a href="register.php">Retry Registration</a></p>';
159.             exit();
160.           } else {
161.             // move the file to desired directory ($upload_directory)
162.             move_uploaded_file($image_tmp_name, "$upload_directory/$file_name");
163.           }
164.         }
165.  
166.  
167.         // query to insert fields into database...
168.         //$activation_id = uniqid(true);
169.         $query = dbConnect()->prepare("INSERT INTO users (username, password, email, activated, activation_id, avatar) VALUES (:username, :password, :email, :activated, :activation_id, :avatar)");
170.         $query->bindParam(':username', $username);
171.         $query->bindParam(':email', $email);
172.         $query->bindParam(':password', $hash);
173.         $query->bindValue(':activated', "0");
174.         $query->bindValue(':activation_id', $activation_id);
175.         $query->bindValue(':avatar', $file_name);
176.         $query->execute();
177.  
178.         // set variables for optional fields...
179.         $firstName = $_POST['first_name'];
180.         $lastName = $_POST['last_name'];
181.         $birthday = $_POST['birthday'];
182.         $steam_profile = $_POST['steam_profile'];
183.         $twitter_profile = $_POST['twitter_profile'];
184.         $facebook_profile = $_POST['facebook_profile'];
185.         $instagram_profile = $_POST['instagram_profile'];
186.  
187.         // update user_details database
188.         $query2 = dbConnect()->prepare("INSERT INTO user_details (first_name, last_name, birthday, steam_profile, twitter_profile, facebook_profile, instagram_profile) VALUES (:firstName, :lastName, :birthday, :steam, :twitter, :facebook, :instagram)");
189.         $query2->bindParam(':firstName', $firstName);
190.         $query2->bindParam(':lastName', $lastName);
191.         $query2->bindParam(':birthday', $birthday);
192.         $query2->bindParam(':steam', $steam_profile);
193.         $query2->bindParam(':twitter', $twitter_profile);
194.         $query2->bindParam(':facebook', $facebook_profile);
195.         $query2->bindParam(':instagram', $instagram_profile);
196.         $query2->execute();
197.  
198.         // query to add image name to database to echo later on...
199.         /*
200.         $add_image_to_database = dbConnect()->prepare("INSERT INTO users (avatar) VALUES (:avatar)");
201.         $add_image_to_database->bindParam(':avatar', $file_name);
202.         $add_image_to_database->execute();
203.         */
204.  
205.         // send email verification
206.         require 'core/config.php';
207.         $subject = $url . 'Registration Confirmation';
208.         $link = 'http://' . $url. "/activate.php?activation_id=" . $activation_id;
209.         $message = 'Thanks for registering with us! Please verify your account at' . $link . ' so you can login.';
210.         $headers = 'From: ' .$contact_email;
211.         mail($email/* <-- Who its being sent to */, $subject, $message, $headers);
212.         echo '<p class="info">registration successful, please verify email before logging in.</p>';
213.  
214.         header('refresh:5;url=index.php');
215.  
216.         echo '<p class="info">if you are not redirected, try to <a href="index.php">refresh</a> your page.</p>';
217.       }
218.   }
219. }
220. ?>