-
Notifications
You must be signed in to change notification settings - Fork 0
/
sign_up.php
executable file
·200 lines (168 loc) · 7.01 KB
/
sign_up.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
<?php
// Things to notice:
// The main job of this script is to execute an INSERT statement to add the submitted username, password and email address
// However, the assignment specification tells you that you need more fields than this for each user.
// So you will need to amend this script to include them. Don't forget to update your database (create_data.php) in tandem so they match
// This script does client-side validation using "password","text" inputs and "required","maxlength" attributes (but we can't rely on it happening!)
// we sanitise the user's credentials - see helper.php (included via header.php) for the sanitisation function
// we validate the user's credentials - see helper.php (included via header.php) for the validation functions
// the validation functions all follow the same rule: return an empty string if the data is valid...
// ... otherwise return a help message saying what is wrong with the data.
// if validation of any field fails then we display the help messages (see previous) when re-displaying the form
// execute the header script:
require_once "header.php";
require_once "credentials.php";
$username = "";
$password = "";
$email = "";
$firstname = "";
$lastname = "";
$telephone = "";
$dob = "";
$currentDate = date ("Y-m-d");
// some styling for the tables
echo <<<_END
<style>
table {
font-family: arial, sans-serif;
border-collapse: collapse;
width: 100%;
}
td, th {
border: 2px solid #dddddd;
text-align: left;
padding: 4px;
}
</style>
_END;
// strings to hold any validation error messages:
$username_errors = "";
$password_errors = "";
$email_errors = "";
$firstname_errors = "";
$lastname_errors = "";
$telephone_errors = "";
$dob_errors = "";
$username_errors = $password_errors = $firstname_errors = $lastname_errors = $email_errors = $dob_errors = $telephone_errors = $errors = "";
$message = "";
// should we show the signup form?:
$show_signup_form = false;
// message to output to user:
$message = "";
if (isset($_SESSION['loggedInSkeleton']))
{
echo <<<_END
<div class="loginDialog"><fieldset><legend><h2>Already Logged In</h2></legend>
<table align="center" border="0" cellpadding="2"><tr><td>
<br>You are already logged in, please <a href="signout.php">log out</a> first.<br><br><br>
</td></tr></table></fieldset></div>
_END;
echo "<br>";
}
elseif (isset($_POST['username']))
{
// user just tried to sign up:
$username = $_POST['username'];
$password = $_POST['password'];
$firstName = $_POST['firstname'];
$lastName = $_POST['lastname'];
$dob = $_POST['DOB'];
$email = $_POST['email'];
$telephone = $_POST['telephone'];
// connect directly to our database (notice 4th argument) we need the connection for sanitisation:
$connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
// if the connection fails, we need to know, so allow this exit:
if (!$connection)
{
die("Connection failed: " . $mysqli_connect_error);
}
// SANITISATION (see helper.php for the function definition)
// take copies of the credentials the user submitted, and sanitise (clean) them:
$username = sanitise($_POST['username'], $connection);
$password = sanitise($_POST['password'], $connection);
$email = sanitise($_POST['email'], $connection);
$firstname = sanitise($_POST['firstname'], $connection);
$lastname = sanitise($_POST['lastname'], $connection);
$telephone = sanitise($_POST['telephone'], $connection);
$dob = sanitise($_POST['DOB'], $connection);
// VALIDATION (see helper.php for the function definitions)
$username_errors = validateString($username, 1, 32);
$password_errors = validateString($password, 1, 16);
$firstname_errors = validateString($firstname, 1, 32);
$lastname_errors = validateString($lastname, 1, 64);
$telephone_errors = validateString($telephone, 1, 25);
$email_errors = validateEmail($email, 1, 70);
$dob_errors = validateDOB($dob, 10, 10);
// now validate the data (both strings must be between 1 and 16 characters long):
// (reasons: we don't want empty credentials, and we used VARCHAR(16) in the database table for username and password)
// concatenate all the validation results together ($errors will only be empty if ALL the data is valid):
$errors = $username_errors . $password_errors . $firstname_errors . $lastname_errors . $telephone_errors . $email_errors . $dob_errors;
// check that all the validation tests passed before going to the database:
if ($errors == "")
{
// try to insert the new details:
$query = "INSERT INTO users (username, password, firstname, lastname, email, telephone, DOB)
VALUES('$username', '$password', '$firstName', '$lastName', '$email', '$telephone', '$dob')";
//////////////////////////////////////////////////////////////////
$result = mysqli_query($connection, $query);
// no data returned, we just test for true(success)/false(failure):
if ($result)
{
// show a successful signup message:
echo <<<_END
<div class="generalInfo"><fieldset><legend><h2>Sign-up Successful</h2></legend>
<br>Your account has been created. <br>Please <a href="sign_in.php">sign-in</a> to use the site.<br><br><br>
</fieldset></div>
_END;
}
else
{
// show the form:
$show_signup_form = true;
// show an unsuccessful signup message:
$message = "Sign up failed, please try again<br>";
}
}
else
{
// validation failed, show the form again with guidance:
$show_signup_form = true;
// show an unsuccessful signin message:
$message = "Sign up failed, please check the errors shown above and try again<br>";
}
// we're finished with the database, close the connection:
mysqli_close($connection);
}
else
{
// just a normal visit to the page, show the signup form:
$show_signup_form = true;
}
if ($show_signup_form)
{
echo <<<_END
<form action="sign_up.php" method="post">
Please choose a username and password:<br>
Username: <input type="text" name="username" maxlength="16" value="$username" required> $username_errors
<br>
Password: <input type="password" name="password" maxlength="16" value="$password" required> $password_errors
<br>
Email: <input type="email" name="email" maxlength="64" value="$email" required> $email_errors
<br>
firstname: <input type="text" name="firstname" maxlength="16" value="$username" required> $firstname_errors
<br>
lastname: <input type="text" name="lastname" maxlength="16" value="$lastname" required> $lastname_errors
<br>
telephone: <input type="number" name="telephone" maxlength="16" value="$telephone" required> $telephone_errors
<br>
D.O.B: <input type="DATE" name="DOB" value="$dob" max = "$currentDate" required> $dob_errors
<br>
<input type="submit" value="Submit">
</form>
_END;
}
// display our message to the user:
echo $message;
// finish off the HTML for this page:
require_once "footer.php";
?>