signup php

process-signup.php

@@ -0,0 +1,80 @@
+<?php
+
+// remove next 3 lines when you're done, so that errors don't show up in a browser
+ini_set("display_errors", "1");
+ini_set("display_startup_errors", "1");
+error_reporting(E_ALL);
+
+if (empty($_POST["nfc"])) {
+    die("hey, you forgot your nfc here ]]");
+}
+
+if (empty($_POST["name"])) {
+    die("Name is required");
+}
+
+if ( ! filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
+    die("are you sure this is an email? ]]");
+}
+
+if (strlen($_POST["password"]) < 8) {
+    die("password must be at least 8 characters");
+}
+
+if ( ! preg_match("/[a-z]/i", $_POST["password"])) {
+    die("password must contain at least one letter");
+}
+
+if ( ! preg_match("/[0-9]/", $_POST["password"])) {
+    die("password must contain at least one number");
+}
+
+if ($_POST["password"] !== $_POST["password_confirmation"]) {
+    die("passwords must match");
+}
+
+$password_hash = password_hash($_POST["password"], PASSWORD_DEFAULT);
+
+$mysqlinfc = require __DIR__ . "/database.php";
+
+$sqlnfc = sprintf("SELECT EXISTS (SELECT * FROM user WHERE nfc = '%d')",$mysqlinfc->real_escape_string($_POST["nfc"]));
+
+$result = $mysqlinfc->query($sqlnfc);
+$user = $result->fetch_row();
+print_r($user);
+print_r($user[0]);
+
+if ($user[0] > 0 ) {
+	$mysqli = require __DIR__ . "/database.php";
+
+	$sql = "INSERT INTO user (name, email, password_hash, nfc)
+	VALUES (?, ?, ?, ?)";
+
+	$stmt = $mysqli->stmt_init();
+
+	if ( ! $stmt->prepare($sql)) {
+    		die("SQL error: " . $mysqli->error);
+	}
+
+	$stmt->bind_param("ssss",
+		$_POST["name"],
+		$_POST["email"],
+		$password_hash,
+		$_POST["nfc"]);
+
+	if ($stmt->execute()) {
+		header("Location: signup-success.html");
+	    	exit;
+
+	} else {
+   		if ($mysqli->errno === 1062) {
+        	die("email already taken");
+    	} else {
+        	die($mysqli->error . " " . $mysqli->errno);
+    	}
+	}
+} else {
+	echo "no";
+}
+
+?>