| Version 7 (modified by , 10 months ago) ( diff ) |
|---|
Регистрација на нов член
Актери
- Нов корисник
Чекор 1
Новиот корисник треба да ја пополни регистрацијата со внесување на лични податоци како што се username, email и password
<?php
session_start();
if ($_SERVER["REQUEST_METHOD"] !== "POST") {
header("Location: /Sign&Log.php");
exit();
}
// Basic input validation
if (empty($_POST['email'])) {
header("Location: /Sign&Log.php?error=INVALID_EMAIL");
exit();
}
if (empty($_POST['username'])) {
header("Location: /Sign&Log.php?error=INVALID_USERNAME&email=" . urlencode($_POST['email']));
exit();
}
if (empty($_POST["password"])) {
header("Location: /Sign&Log.php?error=INVALID_PASSWORD&email=" . urlencode($_POST['email']) . "&username=" . urlencode($_POST['username']));
exit();
}
$input_name = trim(htmlspecialchars($_POST['username']));
$input_email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
$input_password = $_POST['password'];
$role = 'Member';
// Additional validation
if (!$input_email) {
header("Location: /Sign&Log.php?error=INVALID_EMAIL");
exit();
}
// Password strength validation
if (strlen($input_password) < 8) {
header("Location: /Sign&Log.php?error=WEAK_PASSWORD&email=" . urlencode($_POST['email']) . "&username=" . urlencode($input_name));
exit();
}
// Username validation (alphanumeric and underscore only)
if (!preg_match('/^[a-zA-Z0-9_]+$/', $input_name)) {
header("Location: /Sign&Log.php?error=INVALID_USERNAME_FORMAT&email=" . urlencode($_POST['email']));
exit();
}
try {
require 'connect.php';
// Check for existing username
$stmt = $conn->prepare("SELECT COUNT(*) FROM Users WHERE username = :username");
$stmt->bindParam(':username', $input_name, PDO::PARAM_STR);
$stmt->execute();
if ($stmt->fetchColumn() > 0) {
header("Location: /Sign&Log.php?error=USERNAME_TAKEN&email=" . urlencode($_POST['email']));
exit();
}
// Check for existing email
$stmt = $conn->prepare("SELECT COUNT(*) FROM Users WHERE email = :email");
$stmt->bindParam(':email', $input_email, PDO::PARAM_STR);
$stmt->execute();
if ($stmt->fetchColumn() > 0) {
header("Location: /Sign&Log.php?error=EMAIL_TAKEN&username=" . urlencode($input_name));
exit();
}
// Hash password
$hashed_password = password_hash($input_password, PASSWORD_ARGON2ID, [
'memory_cost' => 65536,
'time_cost' => 4,
'threads' => 3
]);
// Insert new user
$stmt = $conn->prepare('
INSERT INTO Users (username, email, password, role)
VALUES (:username, :email, :password, :role)
');
$stmt->bindParam(':username', $input_name, PDO::PARAM_STR);
$stmt->bindParam(':email', $input_email, PDO::PARAM_STR);
$stmt->bindParam(':password', $hashed_password, PDO::PARAM_STR);
$stmt->bindParam(':role', $role, PDO::PARAM_STR);
$stmt->execute();
session_regenerate_id(true);
$_SESSION['username'] = $input_name;
$_SESSION['userid'] = $conn->lastInsertId();
$_SESSION['role'] = $role;
$_SESSION['last_activity'] = time();
$_SESSION['ip_address'] = $_SERVER['REMOTE_ADDR'];
// Redirect to homepage after successful registration
header("Location: ./HomePage.php");
exit();
} catch (PDOException $e) {
error_log("Registration error: " . $e->getMessage());
header("Location: /Sign&Log.php?error=SERVER_ERROR");
exit();
}
Чекор 2
По успешна регистрација корисникот се најавува со своето корисничко име и лозинка за да да пристапи до платформата.
<?php
session_start();
session_regenerate_id(true);
// Rate limiting check
if (isset($_SESSION['login_attempts']) && $_SESSION['login_attempts'] > 5) {
$timeout = 300; // 5 minutes timeout
if (time() - $_SESSION['last_attempt'] < $timeout) {
header("Location: /Sign&Log.php?error=TOO_MANY_ATTEMPTS");
exit();
} else {
$_SESSION['login_attempts'] = 0;
}
}
// Input validation
if (empty($_POST['username']) || empty($_POST['password'])) {
header("Location: /Sign&Log.php?error=INVALID_CREDENTIALS");
exit();
}
require 'connect.php';
try {
$username = trim(htmlspecialchars($_POST['username']));
$sql = "SELECT * FROM Users WHERE username = :username";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$stmt->execute();
if ($stmt->rowCount() <= 0) {
$_SESSION['login_attempts'] = isset($_SESSION['login_attempts']) ? $_SESSION['login_attempts'] + 1 : 1;
$_SESSION['last_attempt'] = time();
header("Location: /Sign&Log.php?error=INVALID_CREDENTIALS");
exit();
}
$res = $stmt->fetch(PDO::FETCH_ASSOC);
if (!password_verify($_POST['password'], $res['password'])) {
$_SESSION['login_attempts'] = isset($_SESSION['login_attempts']) ? $_SESSION['login_attempts'] + 1 : 1;
$_SESSION['last_attempt'] = time();
header("Location: /Sign&Log.php?error=INVALID_CREDENTIALS");
exit();
}
$_SESSION['username'] = $username;
$_SESSION['userid'] = $res['userid'];
$_SESSION['role'] = $res['role'];
$_SESSION['last_activity'] = time();
$_SESSION['ip_address'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['login_attempts'] = 0;
// Redirect based on role
if ($res['role'] == 'Admin') {
header("Location: ./Admin.php");
} else {
header("Location: ./HomePage.php");
}
} catch (PDOException $e) {
error_log("Login error: " . $e->getMessage());
header("Location: /Sign&Log.php?error=SERVER_ERROR");
exit();
}
Чекор 3
Преглед на успешен Чекор 2
Attachments (5)
- BT-1.png (143.1 KB ) - added by 10 months ago.
- BT-2.png (153.8 KB ) - added by 10 months ago.
- BT-3.1.png (127.4 KB ) - added by 10 months ago.
- BT-Sign-Up.png (146.7 KB ) - added by 10 months ago.
- BT-Sign-In.png (143.4 KB ) - added by 10 months ago.
Download all attachments as: .zip
Note:
See TracWiki
for help on using the wiki.
