<?phpif(isset($_POST['signup-submit'])){ require 'dbh.inc.php'; $usernam

1. <?php
2. if(isset($_POST['signup-submit'])){
3. require 'dbh.inc.php';
4.  
5. $username = $_POST['uid'];
6. $email= $_POST['mail'];
7. $password= $_POST['pwd'];
8. $password_rpt= $_POST['rp-pwd'];
9. $gender = $_POST['gender'];
10. $targetDir = "uploads/";
11. $targetDirCV= "uploads/cv/";
12. $fileName = basename($_FILES["file"]["name"]);
13. $cv=basename($_FILES["cv"]["name"]);
14. $cvpath=$targetDirCV . $cv;
15. $targetFilePath = $targetDir . $fileName;
16. $fileType = pathinfo($targetFilePath,PATHINFO_EXTENSION);
17. $cvtype = pathinfo($cvpath,PATHINFO_EXTENSION);
18.  
19.  
20.  
21.  
22. if (empty($username)|| empty($email)||empty($password)||empty($password_rpt)) {
23.  
24. header("Location: ../signup.php?error=emptyfields&uid=".$username."&mail=".$email);
25. exit();
26. }
27. else if(!filter_var($email,FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/",$username)){
28. header("Location: ../signup.php?error=invalidmailuid");
29. exit();
30. }
31. else if(!filter_var($email,FILTER_VALIDATE_EMAIL)){
32. header("Location: ../signup.php?error=invalidmail&uid=".$username);
33. exit();
34. }
35. else if (!preg_match("/^[a-zA-Z0-9]*$/",$username)){
36. header("Location: ../signup.php?error=invaliduid&mail=".$email);
37. exit();
38. }
39. else if($password !== $password_rpt){
40. header("Location: ../signup.php?error=passwordcheck&uid=".$username."&mail=".$email);
41. exit();
42. }
43.  
44. else{
45.  
46. $sql = "SELECT uidusers FROM users WHERE uidusers=?";
47. $stmt = mysqli_stmt_init($conn);
48. if (!mysqli_stmt_prepare($stmt,$sql)) {
49. header("Location:../signup.php?error=sqlerror");
50. exit();
51. }
52.  
53. else{
54. mysqli_stmt_bind_param($stmt,"s",$username);
55. mysqli_stmt_execute($stmt);
56. mysqli_stmt_store_result($stmt);
57. $resultCheck = mysqli_stmt_num_rows($stmt);
58.  
59. if($resultCheck>0){
60. header("Location:../signup.php?error=usertaken&mail=".$email);
61. exit();
62. }
63. else{
64. if(!empty($_FILES["file"]["name"]) && !empty($_FILES["cv"]["name"])){
65. $allowTypes = array('jpg','png','jpeg','gif');
66. $allowTypesCV=array('pdf');
67. if(in_array($fileType, $allowTypes) && in_array($cvtype, $allowTypesCV)){
68. if(move_uploaded_file($_FILES["file"]["tmp_name"], $targetFilePath) && move_uploaded_file($_FILES["cv"]["tmp_name"], $cvpath)){
69. $sql = "INSERT INTO users (uidusers,emailusers,pwdusers,gender,file_name,cv) VALUES(?,?,?,?,?,?)";
70. $stmt = mysqli_stmt_init($conn);
71. if (!mysqli_stmt_prepare($stmt,$sql)) {
72. header("Location:../signup.php?error=sqlerror");
73. exit();
74. }
75. else{
76. $hash=password_hash($password, PASSWORD_DEFAULT);
77. mysqli_stmt_bind_param($stmt,"ssssss",$username,$email,$hash,$gender,$fileName,$cv);
78. mysqli_stmt_execute($stmt);
79. header("Location:../signup.php?signup=success");
80. }
81.  
82. }
83. }
84. }
85. }
86. }
87. }
88.  
89.  
90.  
91. //file upload script
92.  
93.  
94.  
95. mysqli_stmt_close($stmt);
96. mysqli_close($conn);
97.  
98. }
99. else{
100. header("Location:../signup.php");
101. exit();
102.  
103. }