-
Notifications
You must be signed in to change notification settings - Fork 0
/
register.php
211 lines (192 loc) · 9.32 KB
/
register.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
<?php
session_start();
require 'config.php';
// Generate CSRF token
if (empty($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
}
// Redirect to main.php if already logged in
if (isset($_SESSION['user_id']) || isset($_COOKIE['rememberMe'])) {
header('Location: main.php');
exit();
}
// Initialize PDO object if not already initialized
if (!isset($pdo) || !($pdo instanceof PDO)) {
$dsn = "mysql:host=$host;dbname=$dbname";
$options = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
];
try {
$pdo = new PDO($dsn, $db_username, $db_password, $options);
} catch (PDOException $e) {
// Log error and present a generic error message to the user
error_log($e->getMessage());
die("Database connection error. Please try again later.");
}
}
$message = '';
$successMessage = ''; // Initialize success message variable
// Check the user registration setting
$settingsStmt = $pdo->prepare("SELECT value FROM settings WHERE name = 'user_registration'");
$settingsStmt->execute();
$registrationEnabled = $settingsStmt->fetchColumn() === '1';
if (isset($_POST['register'], $_POST['csrf_token']) && $registrationEnabled) {
// CSRF token validation
if ($_SESSION['csrf_token'] !== $_POST['csrf_token']) {
$message = "CSRF token mismatch.";
} else {
// Honeypot field check
if (!empty($_POST['faxNumber'])) {
exit('No bots allowed!');
}
// Sanitize and validate input data
$name = trim(filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING));
$username = trim(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING));
$email = trim(filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL));
$password = trim(filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING));
$verifyPassword = trim(filter_input(INPUT_POST, 'verifyPassword', FILTER_SANITIZE_STRING));
$timezone = trim(filter_input(INPUT_POST, 'timezone', FILTER_SANITIZE_STRING));
if ($password !== $verifyPassword) {
$message = "The passwords do not match. Please try again.";
} elseif (!preg_match("/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$/", $password)) {
$message = "Password must meet the requirements.";
} else {
try {
$userCheckStmt = $pdo->prepare("SELECT * FROM users WHERE username = ? OR email = ?");
$userCheckStmt->execute([$username, $email]);
if ($userCheckStmt->fetch()) {
$message = "Username or Email already exists.";
} else {
$verificationToken = bin2hex(random_bytes(16));
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare("INSERT INTO users (name, username, email, password, role, verification_token, timezone) VALUES (?, ?, ?, ?, 'user', ?, ?)");
$stmt->execute([$name, $username, $email, $passwordHash, $verificationToken, $timezone]);
$verificationLink = $base_url . "verify.php?token=" . $verificationToken;
$subject = "Verify Your Email";
$emailMessage = "Hello $name,\n\nPlease click the following link to verify your email and activate your account:\n$verificationLink\n\nThank you!";
$headers = "From: " . $from_email;
if (mail($email, $subject, $emailMessage, $headers)) {
$successMessage = "Registration successful! Please check your email to verify your account.";
} else {
$message = "Registration completed, but the verification email could not be sent. Please check your server's email settings.";
}
}
} catch (PDOException $e) {
$message = "Registration failed: " . $e->getMessage();
}
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Register</title>
<link rel="stylesheet" href="stylesheet.css">
<script>
document.addEventListener('DOMContentLoaded', function() {
var form = document.querySelector('form');
var password = document.getElementById('password');
var verifyPassword = document.getElementById('verifyPassword');
var message = document.getElementById('passwordMessage');
var successMessage = "<?php echo $successMessage; ?>";
function validatePassword() {
if (successMessage !== "") {
message.innerHTML = '';
return;
}
var passwordValue = password.value;
var messages = [];
if (passwordValue.length < 8) {
messages.push("at least 8 characters");
}
if (!/(?=.*[a-z])/.test(passwordValue)) {
messages.push("one lowercase letter");
}
if (!/(?=.*[A-Z])/.test(passwordValue)) {
messages.push("one uppercase letter");
}
if (!/(?=.*\d)/.test(passwordValue)) {
messages.push("one number");
}
if (!/(?=.*[@$!%*?&])/.test(passwordValue)) {
messages.push("one special character (@, $, !, %, *, ?, or &)");
}
if (messages.length > 0) {
message.innerHTML = "Password must include " + messages.join(", ") + ".";
message.style.color = "#FF6347";
} else {
message.innerHTML = "Password meets all requirements.";
message.style.color = "#00FF00";
}
if (password.value === verifyPassword.value && password.value.length > 0) {
message.innerHTML += "<br>Passwords match.";
message.style.color = "#00FF00";
} else if (verifyPassword.value.length > 0) {
message.innerHTML += "<br>Passwords do not match.";
message.style.color = "#FF6347";
}
}
password.addEventListener('input', validatePassword);
verifyPassword.addEventListener('input', validatePassword);
});
</script>
</head>
<body>
<div class="container">
<h2>To Do Register</h2>
<?php if ($registrationEnabled): ?>
<form method="post">
<div style="display:none;">
<input type="text" name="faxNumber" id="faxNumber" placeholder="Leave this field empty">
</div>
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<input type="text" name="name" placeholder="Name" required>
<input type="text" name="username" placeholder="Username" required>
<input type="email" name="email" placeholder="Email" required>
<select name="timezone" required>
<!-- Timezone options -->
<option value="" disabled selected>Select Timezone</option>
<option value="America/New_York">Eastern Time (US & Canada)</option>
<option value="America/Chicago">Central Time (US & Canada)</option>
<option value="America/Denver">Mountain Time (US & Canada)</option>
<option value="America/Los_Angeles">Pacific Time (US & Canada)</option>
<option value="America/Anchorage">Alaska</option>
<option value="America/Halifax">Atlantic Time (Canada)</option>
<option value="America/Buenos_Aires">Buenos Aires</option>
<option value="America/Sao_Paulo">Sao Paulo</option>
<option value="America/Lima">Lima</option>
<option value="Pacific/Honolulu">Hawaii</option>
<option value="Europe/London">London</option>
<option value="Europe/Berlin">Berlin, Frankfurt, Paris, Rome, Madrid</option>
<option value="Europe/Athens">Athens, Istanbul, Minsk</option>
<option value="Europe/Moscow">Moscow, St. Petersburg, Volgograd</option>
<!-- Add more timezones as needed -->
</select>
<input type="password" id="password" name="password" placeholder="Password" required>
<input type="password" id="verifyPassword" name="verifyPassword" placeholder="Verify Password" required>
<div id="passwordMessage" class="message">Password requirements message</div>
<button type="submit" name="register">Register</button>
</form>
<?php else: ?>
<p class="message error">User Registration is closed at this time.</p>
<?php endif; ?>
<?php if ($message): ?>
<div class="message error">
<?php echo $message; ?>
</div>
<?php endif; ?>
<?php if ($successMessage): ?>
<div class="message success">
<?php echo $successMessage; ?>
</div>
<?php endif; ?>
<div style="margin-top: 20px;">
<a href="login.php" class="btn">Back to Login</a>
</div>
</div>
</body>
</html>