-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadduser.php
60 lines (52 loc) · 2.12 KB
/
adduser.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?php
include_once "user.php";
include_once "dbconnection.php";
// HANDLING CREATE ACCOUNT FORM
// Create table if it does not exists
$query = "CREATE TABLE IF NOT EXISTS Users(
ID INT NOT NULL AUTO_INCREMENT,
username VARCHAR(20) NOT NULL,
pswd VARCHAR(64) NOT NULL,
PRIMARY KEY (ID),
UNIQUE (username)
)";
$result = mysqli_query($link, $query);
if (!$result) die("Could not create datatable");
// 1. Check correct form
$new_status = '';
$valid = false;
$current = new NewUser();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$current->set_username($link, $_POST['reg_name']);
$current->set_pswd($link, hash("sha256", $_POST['psw']));
$current->set_pswd_repeat($link, hash("sha256", $_POST['psw-repeat']));
// Cheking all required fields. If they are empty is because they are not valid
if (empty($current->get_username()) or empty($current->get_pswd()) or empty($current->get_pswd_repeat())) {
$new_status = "<span style=\"color:red\">Invalid form. Please check all the fields</span>";
$valid = false;
} else {
if ($current->get_pswd() !== $current->get_pswd_repeat()) {
$new_status = "<span style=\"color:red\">Invalid form. Please make sure that passwords match</span>";
$valid = false;
} else $valid = true;
}
// 2. Check the username doesn´t exists
// Fails later on if it already exists since username is set to be unique in the definition of the datatable
}
// 3. Add to database
if ($valid) {
$query = mysqli_prepare($link, "INSERT INTO Users
(username, pswd)
VALUES (?,?)");
mysqli_stmt_bind_param($query, "ss",$current->get_username(), $current->get_pswd());
$result = mysqli_stmt_execute($query);
// 4. Prompt success message
if ($result){
$new_status = "<span style=\"color:green\">Succesfully created account</span>" .
"<script>newAccountSuccess()</script>";
} else {
$new_status = "<span style=\"color:red\">Username already exists.".$current->get_pswd()."</span>";
}
}
mysqli_close($link);
?>