| 1 | <?php
|
|---|
| 2 | session_start();
|
|---|
| 3 |
|
|---|
| 4 | if ($_SERVER["REQUEST_METHOD"] !== "POST") {
|
|---|
| 5 | header("Location: /Sign&Log.php");
|
|---|
| 6 | exit();
|
|---|
| 7 | }
|
|---|
| 8 |
|
|---|
| 9 | // Basic input validation
|
|---|
| 10 | if (empty($_POST['email'])) {
|
|---|
| 11 | header("Location: /Sign&Log.php?error=INVALID_EMAIL");
|
|---|
| 12 | exit();
|
|---|
| 13 | }
|
|---|
| 14 | if (empty($_POST['username'])) {
|
|---|
| 15 | header("Location: /Sign&Log.php?error=INVALID_USERNAME&email=" . urlencode($_POST['email']));
|
|---|
| 16 | exit();
|
|---|
| 17 | }
|
|---|
| 18 | if (empty($_POST["password"])) {
|
|---|
| 19 | header("Location: /Sign&Log.php?error=INVALID_PASSWORD&email=" . urlencode($_POST['email']) . "&username=" . urlencode($_POST['username']));
|
|---|
| 20 | exit();
|
|---|
| 21 | }
|
|---|
| 22 |
|
|---|
| 23 | // Sanitize and validate inputs
|
|---|
| 24 | $input_name = trim(htmlspecialchars($_POST['username']));
|
|---|
| 25 | $input_email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
|
|---|
| 26 | $input_password = $_POST['password'];
|
|---|
| 27 | $role = 'Member';
|
|---|
| 28 |
|
|---|
| 29 | // Additional validation
|
|---|
| 30 | if (!$input_email) {
|
|---|
| 31 | header("Location: /Sign&Log.php?error=INVALID_EMAIL");
|
|---|
| 32 | exit();
|
|---|
| 33 | }
|
|---|
| 34 |
|
|---|
| 35 | // Password strength validation
|
|---|
| 36 | if (strlen($input_password) < 8) {
|
|---|
| 37 | header("Location: /Sign&Log.php?error=WEAK_PASSWORD&email=" . urlencode($_POST['email']) . "&username=" . urlencode($input_name));
|
|---|
| 38 | exit();
|
|---|
| 39 | }
|
|---|
| 40 |
|
|---|
| 41 | // Username validation (alphanumeric and underscore only)
|
|---|
| 42 | if (!preg_match('/^[a-zA-Z0-9_]+$/', $input_name)) {
|
|---|
| 43 | header("Location: /Sign&Log.php?error=INVALID_USERNAME_FORMAT&email=" . urlencode($_POST['email']));
|
|---|
| 44 | exit();
|
|---|
| 45 | }
|
|---|
| 46 |
|
|---|
| 47 | try {
|
|---|
| 48 | require 'connect.php';
|
|---|
| 49 |
|
|---|
| 50 | // Begin a transaction
|
|---|
| 51 | $conn->beginTransaction();
|
|---|
| 52 |
|
|---|
| 53 | // Check for existing username
|
|---|
| 54 | $stmt = $conn->prepare("CALL register_user(:username, :email, :password, :role)");
|
|---|
| 55 | // Hash password
|
|---|
| 56 | $hashed_password = password_hash($input_password, PASSWORD_ARGON2ID, [
|
|---|
| 57 | 'memory_cost' => 65536,
|
|---|
| 58 | 'time_cost' => 4,
|
|---|
| 59 | 'threads' => 3
|
|---|
| 60 | ]);
|
|---|
| 61 |
|
|---|
| 62 | $stmt->bindParam(':username', $input_name, PDO::PARAM_STR);
|
|---|
| 63 | $stmt->bindParam(':email', $input_email, PDO::PARAM_STR);
|
|---|
| 64 | $stmt->bindParam(':password', $hashed_password, PDO::PARAM_STR);
|
|---|
| 65 | $stmt->bindParam(':role', $role, PDO::PARAM_STR);
|
|---|
| 66 |
|
|---|
| 67 | $stmt->execute();
|
|---|
| 68 |
|
|---|
| 69 | // Commit the transaction
|
|---|
| 70 | $conn->commit();
|
|---|
| 71 |
|
|---|
| 72 | // Set session variables for automatic login
|
|---|
| 73 | session_regenerate_id(true);
|
|---|
| 74 | $_SESSION['username'] = $input_name;
|
|---|
| 75 | $_SESSION['userid'] = $conn->lastInsertId();
|
|---|
| 76 | $_SESSION['role'] = $role;
|
|---|
| 77 | $_SESSION['last_activity'] = time();
|
|---|
| 78 | $_SESSION['ip_address'] = $_SERVER['REMOTE_ADDR'];
|
|---|
| 79 |
|
|---|
| 80 | // Redirect to homepage after successful registration
|
|---|
| 81 | header("Location: ./HomePage.php");
|
|---|
| 82 | exit();
|
|---|
| 83 |
|
|---|
| 84 | } catch (PDOException $e) {
|
|---|
| 85 | // Roll back the transaction if something failed
|
|---|
| 86 | $conn->rollBack();
|
|---|
| 87 | error_log("Registration error: " . $e->getMessage());
|
|---|
| 88 | header("Location: /Sign&Log.php?error=SERVER_ERROR");
|
|---|
| 89 | exit();
|
|---|
| 90 | }
|
|---|
| 91 |
|
|---|
| 92 |
|
|---|
| 93 | ?> |
|---|
