-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsignup-auth.php
82 lines (74 loc) · 2.48 KB
/
signup-auth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php
/*
* signup-auth.php
* Script to authenticate and add new user account to the database.
* Checks are done to make sure that the username and the email entered
* by the user does not exist in the database. Appropriate error message
* is produced if either of them already exists in the database.
* Error message will also be produced if the password and the confirmation password do not match.
* Password is hashed using md5 before storing in the database.
*/
include_once('db_connect.php');
session_start();
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
//$referer = $_POST['referer'];
$redirect = null;
$append = null;
if($_POST['location'] != '') {
$redirect = $_POST['location'];
}
if ($_POST['append'] != '') {
$append = $_POST['append'];
}
if ($password != $confirm_password) {
$_SESSION['signup_failed'] = true;
$_SESSION['password_mismatch'] = true;
}
$result = $db->prepare("Select * FROM user WHERE username=?;");
$result->execute(array($username));
if ($result->rowCount() > 0) {
$_SESSION['signup_failed'] = true;
$_SESSION['invalid_username'] = true;
}
$result = $db->prepare("Select * FROM user WHERE email=?;");
$result->execute(array($email));
if ($result->rowCount() > 0) {
$_SESSION['signup_failed'] = true;
$_SESSION['invalid_email'] = true;
}
if (array_key_exists('signup_failed', $_SESSION)) {
header('Location:signup.php'.$append);
} else {
unset($_SESSION['signup_failed']);
unset($_SESSION['invalid_username']);
unset($_SESSION['invalid_email']);
$password = md5($password);
$result = $db->prepare("INSERT INTO user VALUES(DEFAULT, ?, ?, ?, ?, ?, 'USER');");
$result->execute(array($username, $password, $fname, $lname, $email));
if ($result) {
$result = $db->prepare("SELECT * FROM user WHERE username=? AND password=?;");
$result->execute(array($username, $password));
$user = $result->fetch();
$_SESSION['username'] = $username;
$_SESSION['user_id'] = $user['id'];
$_SESSION['users_name'] = $fname . " " . $lname;
if ($redirect == null) {
header('Location:index.php');
} else {
header('Location:login.php' . $append);
}
} else {
header('Location:signup.php' . $append);
}
}
?>
<html>
<head>
<script type="text/javascript"> sessionStorage.clear()</script>
</head>
</html>