bigly-chat/docs/register.php

<?php
    require("../libs/page.php");
    
    function post_handler() {
        global $db;
        
        // there is 100% a better way to do this but i need to test
        if (!array_key_exists('pass',$_POST) || !array_key_exists('user',$_POST) || !array_key_exists('pass2',$_POST)) {
            return '';   
        }
        
        $user = $_POST['user'];
        $pass = $_POST['pass'];
        $pass2 = $_POST['pass2'];
        
        preg_match("/[^A-Za-z0-9\-\_]/",$user,$matches);
        
        if ($pass != $pass2) {
            return 'Passwords are not the same.';
        }
         
        if (isset($matches) && count($matches) > 0) {
            return 'Username contains invalid characters.';
        }
        
        if (strlen($user) < 1 || strlen($user) > 32) {
            return 'Username is too long or short.';
        }
        
        $stmt = $db->prepare("SELECT username FROM auth WHERE UPPER(username) LIKE UPPER(?)");
        $stmt->execute([$user]);
        
        $result = $stmt->fetch(PDO::FETCH_ASSOC);
        
        if ($result) return 'Username is taken.';
        
        $hashed = password_hash($pass, PASSWORD_DEFAULT);
        
        $stmt = $db->prepare("INSERT INTO auth (username, password) VALUES (?, ?)");
        $stmt->execute([$user,$hashed]);
    
        header("Location: /");
        die();
    }

    page_header();
        
    $form_message = post_handler();
    
    // TODO: form builder. this is lazy for testing purposes
?>

<form class='form' enctype="multipart/form-data" method="POST">
    <h1 class="form-heading">
        Join
    </h1>
    <span class='form-message'>
        <?php echo $form_message ?>
    </span>
    <span class='form-key'>
        Username
    </span>
    <input class='form-input' type="text" name="user" value="">
    <span class='form-key'>
        Password
    </span>
    <input class='form-input' type="password" name="pass" value="">
    <span class='form-key'>
        Password (again)
    </span>
    <input class='form-input' type="password" name="pass2" value="">
    <input class='form-button' type="Submit" name="Submit">
</form>

<?php
    page_footer();
?>