From 6beeb5f6b5ed72ba97efabee3d2f6c61202a6691 Mon Sep 17 00:00:00 2001
From: AkisYTB3 <akisytbsteamy@gmail.com>
Date: Sat, 20 Jan 2024 17:26:43 +0100
Subject: [PATCH] more changes ig

---
 pages/login.html    |  2 +-
 pages/register.html |  4 +--
 register.php        | 59 ++++++++++++++++++++++++++++++++-------------
 3 files changed, 45 insertions(+), 20 deletions(-)

diff --git a/pages/login.html b/pages/login.html
index 214f13c..eab8244 100644
--- a/pages/login.html
+++ b/pages/login.html
@@ -10,7 +10,7 @@
     <h2>Login</h2>
     <form action="../login.php" method="post">
         <input type="email" name="email" id="email-field" placeholder="E-Mail" required>
-        <input type="password" name="password" id="password-field" placeholder="Password" required>
+        <input type="password" name="password" id="password-field" pattern="\w{8,128}" placeholder="Password" required>
         <input type="submit" value="Login">
     </form>
 </body>
diff --git a/pages/register.html b/pages/register.html
index c074a13..aa3dc18 100644
--- a/pages/register.html
+++ b/pages/register.html
@@ -9,9 +9,9 @@
 <body>
     <h2>Register</h2>
     <form action="../register.php" method="post">
-        <input type="text" name="username" id="username-field" placeholder="Username" required>
+        <input type="text" name="username" id="username-field" pattern="\w{3,32}" placeholder="Username" required>
         <input type="email" name="email" id="email-field" placeholder="E-Mail" required>
-        <input type="password" name="password" id="password-field" placeholder="Password" required>
+        <input type="password" name="password" id="password-field" pattern="\w{8,128}" placeholder="Password" required>
         <input type="submit" value="Register">
     </form>
 </body>
diff --git a/register.php b/register.php
index 06ff591..7167341 100644
--- a/register.php
+++ b/register.php
@@ -12,25 +12,50 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
         $email = $_POST['email'];
         $password = $_POST['password'];
 
-        // Hash the password
-        $hashed_password = password_hash($password, PASSWORD_DEFAULT);
-
-        // Prepare and execute the SQL query using prepared statements
-        $query = "INSERT INTO users (username, email, password) VALUES (?, ?, ?)";
-        $stmt = $mysqli->prepare($query);
-        $stmt->bind_param("sss", $username, $email, $hashed_password);
-
-        // Execute the statement
-        $result = $stmt->execute();
-
-        if ($result) {
-            echo "Registration successful. <a href='pages/login.html'>Login here</a>.";
+        // Validate username length
+        if (strlen($username) < 3 || strlen($username) > 32) {
+            echo "Username must be between 3 and 32 characters.";
+        } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+            // Validate email format
+            echo "Invalid email format.";
+        } elseif (strlen($password) < 8 || strlen($password) > 128) {
+            // Validate password length
+            echo "Password must be between 8 and 128 characters.";
         } else {
-            echo "Error: " . $mysqli->error;
-        }
+            // Check if the username or email already exists
+            $checkQuery = "SELECT id FROM users WHERE username = ? OR email = ?";
+            $checkStmt = $mysqli->prepare($checkQuery);
+            $checkStmt->bind_param("ss", $username, $email);
+            $checkStmt->execute();
+            $checkStmt->store_result();
 
-        // Close the statement
-        $stmt->close();
+            if ($checkStmt->num_rows > 0) {
+                echo "Username or email already exists. Please choose a different one.";
+            } else {
+                // Hash the password
+                $hashed_password = password_hash($password, PASSWORD_DEFAULT);
+
+                // Prepare and execute the SQL query using prepared statements
+                $insertQuery = "INSERT INTO users (username, email, password) VALUES (?, ?, ?)";
+                $insertStmt = $mysqli->prepare($insertQuery);
+                $insertStmt->bind_param("sss", $username, $email, $hashed_password);
+
+                // Execute the statement
+                $result = $insertStmt->execute();
+
+                if ($result) {
+                    echo "Registration successful. <a href='pages/login.html'>Login here</a>.";
+                } else {
+                    echo "Error: " . $mysqli->error;
+                }
+
+                // Close the statements
+                $insertStmt->close();
+            }
+
+            // Close the statement for checking existing username or email
+            $checkStmt->close();
+        }
     }
 }
 ?>