more changes ig

pages/login.html

@@ -10,7 +10,7 @@
     <h2>Login</h2>
     <form action="../login.php" method="post">
         <input type="email" name="email" id="email-field" placeholder="E-Mail" required>
-        <input type="password" name="password" id="password-field" placeholder="Password" required>
+        <input type="password" name="password" id="password-field" pattern="\w{8,128}" placeholder="Password" required>
         <input type="submit" value="Login">
     </form>
 </body>

pages/register.html

@@ -9,9 +9,9 @@
 <body>
     <h2>Register</h2>
     <form action="../register.php" method="post">
-        <input type="text" name="username" id="username-field" placeholder="Username" required>
+        <input type="text" name="username" id="username-field" pattern="\w{3,32}" placeholder="Username" required>
         <input type="email" name="email" id="email-field" placeholder="E-Mail" required>
-        <input type="password" name="password" id="password-field" placeholder="Password" required>
+        <input type="password" name="password" id="password-field" pattern="\w{8,128}" placeholder="Password" required>
         <input type="submit" value="Register">
     </form>
 </body>

register.php

@@ -12,16 +12,36 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
         $email = $_POST['email'];
         $password = $_POST['password'];
 
+        // Validate username length
+        if (strlen($username) < 3 || strlen($username) > 32) {
+            echo "Username must be between 3 and 32 characters.";
+        } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+            // Validate email format
+            echo "Invalid email format.";
+        } elseif (strlen($password) < 8 || strlen($password) > 128) {
+            // Validate password length
+            echo "Password must be between 8 and 128 characters.";
+        } else {
+            // Check if the username or email already exists
+            $checkQuery = "SELECT id FROM users WHERE username = ? OR email = ?";
+            $checkStmt = $mysqli->prepare($checkQuery);
+            $checkStmt->bind_param("ss", $username, $email);
+            $checkStmt->execute();
+            $checkStmt->store_result();
+
+            if ($checkStmt->num_rows > 0) {
+                echo "Username or email already exists. Please choose a different one.";
+            } else {
                 // Hash the password
                 $hashed_password = password_hash($password, PASSWORD_DEFAULT);
 
                 // Prepare and execute the SQL query using prepared statements
-        $query = "INSERT INTO users (username, email, password) VALUES (?, ?, ?)";
+                $insertQuery = "INSERT INTO users (username, email, password) VALUES (?, ?, ?)";
-        $stmt = $mysqli->prepare($query);
+                $insertStmt = $mysqli->prepare($insertQuery);
-        $stmt->bind_param("sss", $username, $email, $hashed_password);
+                $insertStmt->bind_param("sss", $username, $email, $hashed_password);
 
                 // Execute the statement
-        $result = $stmt->execute();
+                $result = $insertStmt->execute();
 
                 if ($result) {
                     echo "Registration successful. <a href='pages/login.html'>Login here</a>.";
@@ -29,8 +49,13 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
                     echo "Error: " . $mysqli->error;
                 }
 
-        // Close the statement
+                // Close the statements
-        $stmt->close();
+                $insertStmt->close();
+            }
+
+            // Close the statement for checking existing username or email
+            $checkStmt->close();
+        }
     }
 }
 ?>