Lots of stuff

register.php

@@ -1,5 +1,11 @@
 <?php
-$con = mysqli_connect("192.168.1.2:3306", "social_dev", "Ellie-521890@", "social");
+session_start();
+$env = parse_ini_file('.env');
+$host = $env['DB_HOST'];
+$user = $env['DB_USER'];
+$pass = $env['DB_PASS'];
+$db = $env['DB_NAME'];
+$con = mysqli_connect($host, $user, $pass, $db);
 
 if(mysqli_connect_errno()) {
     echo "Failed to connect to database: " . mysqli_connect_errno();
@@ -13,7 +19,7 @@ $email_conf = "";
 $pass = ""; 
 $pass_conf = ""; 
 $date = ""; // Registration Date
-$errors = ""; // Used to hold any errors.
+$errors = array(); // Used to hold any errors.
 
 if(isset($_POST['register_but'])) {
     // Variable Assignments 
@@ -22,18 +28,22 @@ if(isset($_POST['register_but'])) {
     $fname = strip_tags($_POST['reg_fname']); //Sets the value from the forum.
     $fname = str_replace(' ', '', $fname); // Removes any spaces.
     $fname = ucfirst(strtolower($fname)); // Capitalizes first letter, lowercases the rest.
+    $_SESSION['reg_fname'] = $fname; // Stores values into session variable.
 
     $lname = strip_tags($_POST['reg_lname']);
     $lname = str_replace(' ', '', $lname); 
     $lname = ucfirst(strtolower($lname));
+    $_SESSION['reg_lname'] = $lname;
 
     $email = strip_tags($_POST['reg_email']); 
     $email = str_replace(' ', '', $email);
     $email = strtolower($email);
+    $_SESSION['reg_email'] = $email;
 
     $email_conf = strip_tags($_POST['reg_email_conf']); 
     $email_conf = str_replace(' ', '', $email_conf); 
     $email_conf = strtolower($email_conf);
+    $_SESSION['reg_email_conf'] = $email_conf;
 
     $pass = strip_tags($_POST['reg_pass']); 
     $pass = str_replace(' ', '', $pass); 
@@ -41,17 +51,119 @@ if(isset($_POST['register_but'])) {
     $pass_conf = strip_tags($_POST['reg_pass_conf']); 
     $pass_conf = str_replace(' ', '', $pass_conf);
 
-    $date = date(Y-m-d); // Sets the registration date.
+    $date = date("Y-m-d"); // Sets the registration date.
 
     if ($email == $email_conf) {
         if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
             $email = filter_var($email, FILTER_VALIDATE_EMAIL);
+            $e_check = mysqli_query($con, "SELECT email FROM users WHERE email='$email'");
+            $num_rows = mysqli_num_rows($e_check);
+            if ($num_rows > 0) {
+                array_push($errors, "email_exists");
+            }
         } else {
-            echo "invalid format";
+            array_push($errors, "email_invalid");
         }
     } else {
-        echo "The email's do not match.";
+        array_push($errors, "email_mismatch");
     }
+
+    if (strlen($fname) > 25 || strlen($fname) < 2) {
+        array_push($errors, "fname_invalid");
+    }
+    
+    if (strlen($lname) > 25 || strlen($lname) < 2) {
+        array_push($errors, "lname_invalid");
+    }
+
+    if ($pass != $pass_conf) {
+        array_push($errors, "pass_mismatch");
+    } else {
+        if(preg_match('/[^A-Za-z0-9]/', $pass)) {
+            array_push($errors, "pass_invalid_char");
+        } else {
+            if (strlen($pass) > 30 || strlen($pass) < 5) {
+                array_push($errors, "pass_invalid_length");
+            }
+        }
+    }
+
+    if (empty($errors)) {
+        $pass = password_hash($pass, PASSWORD_BCRYPT); // Encrypts password
+        $username = strtolower($fname . "." . $lname);
+        $check_username_query = mysqli_query($con, "SELECT username FROM users WHERE username='$username'");
+
+        $i = 0;
+        $temp = $username;
+        while (mysqli_num_rows($check_username_query) != 0) {
+            $i++;
+            $temp = $username . $i;
+            $check_username_query = mysqli_query($con, "SELECT username FROM users WHERE username='$temp'");
+        }
+        if ($i > 0) {
+            $username = $username . $i;
+        }
+
+        $rand = rand(1,16);
+        $profile_pic = random_profile_pic($rand);
+        
+        $query = mysqli_query($con, "INSERT INTO users VALUES (NULL,'$fname','$lname','$username','$email','$pass','$date','$profile_pic','0','0','0',',')");
+    }
+}
+
+function random_profile_pic($rand) {
+    $profile_pic = "assets/profile_pics/defaults/";
+    switch ($rand) {
+        case 1:
+            $profile_pic = $profile_pic . "head_alizarin.png";
+            break;
+        case 2:
+            $profile_pic = $profile_pic . "head_amethyst.png";
+            break;
+        case 3:
+            $profile_pic = $profile_pic . "head_belize_hole.png";
+            break;
+        case 4:
+            $profile_pic = $profile_pic . "head_carrot.png";
+            break;
+        case 5:
+            $profile_pic = $profile_pic . "head_deep_blue.png";
+            break;
+        case 6:
+            $profile_pic = $profile_pic . "head_emerald.png";
+            break;
+        case 7:
+            $profile_pic = $profile_pic . "head_green_sea.png";
+            break;
+        case 8:
+            $profile_pic = $profile_pic . "head_nephritis.png";
+            break;
+        case 9:
+            $profile_pic = $profile_pic . "head_pete_river.png";
+            break;
+        case 10:
+            $profile_pic = $profile_pic . "head_pomegranate.png";
+            break;
+        case 11:
+            $profile_pic = $profile_pic . "head_pumpkin.png";
+            break;
+        case 12:
+            $profile_pic = $profile_pic . "head_red.png";
+            break;
+        case 13:
+            $profile_pic = $profile_pic . "head_sun_flower.png";
+            break;
+        case 14:
+            $profile_pic = $profile_pic . "head_turqoise.png";
+            break;
+        case 15:
+            $profile_pic = $profile_pic . "head_wet_asphalt.png";
+            break;
+        case 16:
+            $profile_pic = $profile_pic . "head_wistera.png";
+            break;
+    }
+    return $profile_pic;
 }
 
 ?>
@@ -64,18 +176,56 @@ if(isset($_POST['register_but'])) {
 
 <body>
     <form action="register.php" method="POST">
-        <input type="text" name="reg_fname" placeholder="First Name" required>
+        <input type="text" name="reg_fname" placeholder="First Name" 
+            value ="<?php if(isset($_SESSION['reg_fname'])) {
+                echo $_SESSION['reg_fname'];
+            } ?>" required>
         <br>
-        <input type="text" name="reg_lname" placeholder="Last Name" required>
+
+        <?php if(in_array("fname_invalid", $errors))
+                echo "Your first name must be between 2 and 25 characters.<br>"; ?>
+
+        <input type="text" name="reg_lname" placeholder="Last Name"
+            value ="<?php if(isset($_SESSION['reg_lname'])) {
+                echo $_SESSION['reg_lname'];
+            } ?>" required>
         <br>
-        <input type="email" name="reg_email" placeholder="Email" required>
+
+        <?php if(in_array("lname_invalid", $errors))
+                echo "Your last name must be between 2 and 25 characters.<br>"; ?>
+        
+        <input type="email" name="reg_email" placeholder="Email" 
+            value ="<?php if(isset($_SESSION['reg_email'])) {
+                echo $_SESSION['reg_email'];
+            } ?>" required>
         <br>
-        <input type="email" name="reg_email_conf" placeholder="Confirm Email" required>
+        <input type="email" name="reg_email_conf" placeholder="Confirm Email" 
+            value ="<?php if(isset($_SESSION['reg_email_conf'])) {
+                echo $_SESSION['reg_email_conf'];
+            } ?>" required>
         <br>
+
+        <?php 
+        if(in_array("email_exists", $errors))
+                echo "Email already exists.<br>";
+        else if(in_array("email_invalid", $errors))
+                echo "Invalid format<br>";
+        else if(in_array("email_mismatch", $errors))
+                echo "The email's do not match.<br>"; 
+        ?>
+
         <input type="password" name="reg_pass" placeholder="Password" required>
         <br>
         <input type="password" name="reg_pass_conf" placeholder="Confirm Password" required>
         <br>
+
+        <?php if(in_array("pass_mismatch", $errors))
+                echo "Your passwords do not match.<br>";
+        else if(in_array("pass_invalid_char", $errors))
+                echo "Your password can only contain english characters or numbers.<br>";
+        else if(in_array("pass_invalid_length", $errors))
+                echo "Your password must be between 5 and 30 characters.<br>"; ?>
+
         <input type="submit" name="register_but" value="Register">
     </form>
 </body>