Social-Network/register.php

<?php
session_start();
$env = parse_ini_file('.env');
$host = $env['DB_HOST'];
$user = $env['DB_USER'];
$pass = $env['DB_PASS'];
$db = $env['DB_NAME'];
$con = mysqli_connect($host, $user, $pass, $db);

if(mysqli_connect_errno()) {
    echo "Failed to connect to database: " . mysqli_connect_errno();
}

// Variables declaration to prevent errors
$fname = "";
$lname = "";
$email = "";
$email_conf = "";
$pass = ""; 
$pass_conf = ""; 
$date = ""; // Registration Date
$errors = array(); // Used to hold any errors.

if(isset($_POST['register_but'])) {
    // Variable Assignments 

    //  *** strip_tags() is used to prevent html injection. *** //
    $fname = strip_tags($_POST['reg_fname']); //Sets the value from the forum.
    $fname = str_replace(' ', '', $fname); // Removes any spaces.
    $fname = ucfirst(strtolower($fname)); // Capitalizes first letter, lowercases the rest.
    $_SESSION['reg_fname'] = $fname; // Stores values into session variable.

    $lname = strip_tags($_POST['reg_lname']);
    $lname = str_replace(' ', '', $lname); 
    $lname = ucfirst(strtolower($lname));
    $_SESSION['reg_lname'] = $lname;

    $email = strip_tags($_POST['reg_email']); 
    $email = str_replace(' ', '', $email);
    $email = strtolower($email);
    $_SESSION['reg_email'] = $email;

    $email_conf = strip_tags($_POST['reg_email_conf']); 
    $email_conf = str_replace(' ', '', $email_conf); 
    $email_conf = strtolower($email_conf);
    $_SESSION['reg_email_conf'] = $email_conf;

    $pass = strip_tags($_POST['reg_pass']); 
    $pass = str_replace(' ', '', $pass); 

    $pass_conf = strip_tags($_POST['reg_pass_conf']); 
    $pass_conf = str_replace(' ', '', $pass_conf);

    $date = date("Y-m-d"); // Sets the registration date.

    if ($email == $email_conf) {
        if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
            $email = filter_var($email, FILTER_VALIDATE_EMAIL);
            $e_check = mysqli_query($con, "SELECT email FROM users WHERE email='$email'");
            $num_rows = mysqli_num_rows($e_check);
            if ($num_rows > 0) {
                array_push($errors, "email_exists");
            }
        } else {
            array_push($errors, "email_invalid");
        }
    } else {
        array_push($errors, "email_mismatch");
    }

    if (strlen($fname) > 25 || strlen($fname) < 2) {
        array_push($errors, "fname_invalid");
    }
    
    if (strlen($lname) > 25 || strlen($lname) < 2) {
        array_push($errors, "lname_invalid");
    }

    if ($pass != $pass_conf) {
        array_push($errors, "pass_mismatch");
    } else {
        if(preg_match('/[^A-Za-z0-9]/', $pass)) {
            array_push($errors, "pass_invalid_char");
        } else {
            if (strlen($pass) > 30 || strlen($pass) < 5) {
                array_push($errors, "pass_invalid_length");
            }
        }
    }

    if (empty($errors)) {
        $pass = password_hash($pass, PASSWORD_BCRYPT); // Encrypts password
        $username = strtolower($fname . "." . $lname);
        $check_username_query = mysqli_query($con, "SELECT username FROM users WHERE username='$username'");

        $i = 0;
        $temp = $username;
        while (mysqli_num_rows($check_username_query) != 0) {
            $i++;
            $temp = $username . $i;
            $check_username_query = mysqli_query($con, "SELECT username FROM users WHERE username='$temp'");
        }
        if ($i > 0) {
            $username = $username . $i;
        }

        $rand = rand(1,16);
        $profile_pic = random_profile_pic($rand);
        
        $query = mysqli_query($con, "INSERT INTO users VALUES (NULL,'$fname','$lname','$username','$email','$pass','$date','$profile_pic','0','0','0',',')");
    }
}

function random_profile_pic($rand) {
    $profile_pic = "assets/profile_pics/defaults/";
    switch ($rand) {
        case 1:
            $profile_pic = $profile_pic . "head_alizarin.png";
            break;
        case 2:
            $profile_pic = $profile_pic . "head_amethyst.png";
            break;
        case 3:
            $profile_pic = $profile_pic . "head_belize_hole.png";
            break;
        case 4:
            $profile_pic = $profile_pic . "head_carrot.png";
            break;
        case 5:
            $profile_pic = $profile_pic . "head_deep_blue.png";
            break;
        case 6:
            $profile_pic = $profile_pic . "head_emerald.png";
            break;
        case 7:
            $profile_pic = $profile_pic . "head_green_sea.png";
            break;
        case 8:
            $profile_pic = $profile_pic . "head_nephritis.png";
            break;
        case 9:
            $profile_pic = $profile_pic . "head_pete_river.png";
            break;
        case 10:
            $profile_pic = $profile_pic . "head_pomegranate.png";
            break;
        case 11:
            $profile_pic = $profile_pic . "head_pumpkin.png";
            break;
        case 12:
            $profile_pic = $profile_pic . "head_red.png";
            break;
        case 13:
            $profile_pic = $profile_pic . "head_sun_flower.png";
            break;
        case 14:
            $profile_pic = $profile_pic . "head_turqoise.png";
            break;
        case 15:
            $profile_pic = $profile_pic . "head_wet_asphalt.png";
            break;
        case 16:
            $profile_pic = $profile_pic . "head_wistera.png";
            break;
    }
    return $profile_pic;
}

?>


<html>
<head>
    <title>Meme Machine</title>
</head>

<body>
    <form action="register.php" method="POST">
        <input type="text" name="reg_fname" placeholder="First Name" 
            value ="<?php if(isset($_SESSION['reg_fname'])) {
                echo $_SESSION['reg_fname'];
            } ?>" required>
        <br>

        <?php if(in_array("fname_invalid", $errors))
                echo "Your first name must be between 2 and 25 characters.<br>"; ?>

        <input type="text" name="reg_lname" placeholder="Last Name"
            value ="<?php if(isset($_SESSION['reg_lname'])) {
                echo $_SESSION['reg_lname'];
            } ?>" required>
        <br>

        <?php if(in_array("lname_invalid", $errors))
                echo "Your last name must be between 2 and 25 characters.<br>"; ?>
        
        <input type="email" name="reg_email" placeholder="Email" 
            value ="<?php if(isset($_SESSION['reg_email'])) {
                echo $_SESSION['reg_email'];
            } ?>" required>
        <br>
        <input type="email" name="reg_email_conf" placeholder="Confirm Email" 
            value ="<?php if(isset($_SESSION['reg_email_conf'])) {
                echo $_SESSION['reg_email_conf'];
            } ?>" required>
        <br>

        <?php 
        if(in_array("email_exists", $errors))
                echo "Email already exists.<br>";
        else if(in_array("email_invalid", $errors))
                echo "Invalid format<br>";
        else if(in_array("email_mismatch", $errors))
                echo "The email's do not match.<br>"; 
        ?>

        <input type="password" name="reg_pass" placeholder="Password" required>
        <br>
        <input type="password" name="reg_pass_conf" placeholder="Confirm Password" required>
        <br>

        <?php if(in_array("pass_mismatch", $errors))
                echo "Your passwords do not match.<br>";
        else if(in_array("pass_invalid_char", $errors))
                echo "Your password can only contain english characters or numbers.<br>";
        else if(in_array("pass_invalid_length", $errors))
                echo "Your password must be between 5 and 30 characters.<br>"; ?>

        <input type="submit" name="register_but" value="Register">
    </form>
</body>
</html>