File Manager

Editing: register.php

<?php
// Enable error reporting for debugging
 ini_set('display_errors', 1);
 ini_set('display_startup_errors', 1);
 error_reporting(E_ALL);

require_once 'google-config.php';
$login_url = $client->createAuthUrl();

$host = "127.0.0.1:3306"; 
$username = "u404542307_dacotywebsites"; 
$password = "daCotywebs1te5"; 
$database = "u404542307_eizon";

try {
    // Establish database connection
    $pdo = new PDO("mysql:host=$host;dbname=$database", $username, $password);
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
    die("Could not connect to the database: " . $e->getMessage());
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    try {
        // Capture and sanitize form inputs
        $username = trim($_POST['username'] ?? '');
        $username = preg_replace('/[^a-zA-Z0-9 _-]/', '', $username); // only allow letters, numbers, space, _ and -
        $username = trim($username); // remove leading/trailing spaces again
        
        if (empty($username)) {
            throw new Exception('Invalid or empty username.');
        }

$email = trim(filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL));
        $password = trim($_POST['password']);

// Basic input validation (STRICTER CHECKS)
        if (empty($username) || ctype_space($username)) {
            throw new Exception('Username cannot be empty or just spaces.');
        }
        if (empty($email)) {
            throw new Exception('Email cannot be empty.');
        }
        if (empty($password)) {
            throw new Exception('Password cannot be empty.');
        }
        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
            throw new Exception('Invalid email format.');
        }
        if (!preg_match('/^[a-zA-Z0-9 _-]+$/', $username)) {
            throw new Exception('Invalid username. Only letters, numbers, underscores, and hyphens are allowed.');
        }
        if (strlen($password) < 6) {
            throw new Exception('Password must be at least 6 characters long.');
        }

// Hash the password securely
        $hashed_password = password_hash($password, PASSWORD_BCRYPT);

// Check if username exists (in profiles table)
        $checkUsernameQuery = "SELECT COUNT(*) FROM profiles WHERE username = :username";
        $stmt = $pdo->prepare($checkUsernameQuery);
        $stmt->bindParam(':username', $username, PDO::PARAM_STR);
        $stmt->execute();
        if ($stmt->fetchColumn() > 0) {
            throw new Exception('Username is already registered. Please use a different username.');
        }

// Check if email exists (in users table)
        $checkEmailQuery = "SELECT COUNT(*) FROM users WHERE email = :email";
        $stmt = $pdo->prepare($checkEmailQuery);
        $stmt->bindParam(':email', $email, PDO::PARAM_STR);
        $stmt->execute();
        if ($stmt->fetchColumn() > 0) {
            throw new Exception('Email is already registered. Please use a different email.');
        }

// Insert into users table
       // $insertQuery = "INSERT INTO users (email, password) VALUES (:email, :password)";
        $insertQuery = "INSERT INTO users (username, email, password) VALUES (:username, :email, :password)";

$stmt = $pdo->prepare($insertQuery);
        $stmt->bindParam(':username', $username, PDO::PARAM_STR);
        $stmt->bindParam(':email', $email, PDO::PARAM_STR);
        $stmt->bindParam(':password', $hashed_password, PDO::PARAM_STR);

if ($stmt->execute()) {
            $userId = $pdo->lastInsertId();

// DEBUG: Check username before insertion
            error_log("Inserting username: " . $username);

// Store user info in session
            $_SESSION['user_id'] = $userId;
            $_SESSION['username'] = $username;
            $_SESSION['email'] = $email;

// Redirect to edit_profile.php
            header("Location: edit_profile.php");
            exit;
        } else {
            throw new Exception('Failed to register user. Please try again.');
        }
    } catch (Exception $e) {
        echo "<script>alert('" . addslashes($e->getMessage()) . "'); window.location.href='register.php';</script>";
        exit;
    }
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    
    <script async src="https://www.googletagmanager.com/gtag/js?id=G-Z6RR2PMZW4"></script>
    <script>
        window.dataLayer = window.dataLayer || [];
        function gtag(){dataLayer.push(arguments);}
        gtag('js', new Date());
        gtag('config', 'G-Z6RR2PMZW4');
    </script>

const usernameRegex = /^[a-zA-Z0-9 _-]+$/;

if (!username || !email || !password) {
                alert("All fields are required.");
                e.preventDefault();
            } else if (!usernameRegex.test(username)) {
                alert("Invalid username. Only letters, numbers, spaces, underscores, and hyphens are allowed.");
                e.preventDefault();
            } else if (!/\S+@\S+\.\S+/.test(email)) {
                alert("Invalid email format.");
                e.preventDefault();
            } else if (password.length < 6) {
                alert("Password must be at least 6 characters long.");
                e.preventDefault();
            }
        });
    </script>
</body>
</html>

⬅ Back