made register secure (hopefuly) and added the actual forms

2024-01-20 17:15:31 +01:00 · 2024-01-20 17:15:31 +01:00 · f2bec5f92d
commit f2bec5f92d
parent 607c307dc5
3 changed files with 31 additions and 23 deletions
--- a/pages/login.html
+++ b/pages/login.html
@ -9,7 +9,8 @@
 <body>
    <h2>Login</h2>
    <form action="../login.php" method="post">
-        <!-- Add your login form fields here (e.g., username, password) -->
+        <input type="email" name="email" id="email-field" required>
+        <input type="password" name="password" id="password-field" required>
        <input type="submit" value="Login">
    </form>
 </body>
--- a/pages/register.html
+++ b/pages/register.html
@ -9,7 +9,9 @@
 <body>
    <h2>Register</h2>
    <form action="../register.php" method="post">
-        <!-- Add your registration form fields here (e.g., username, email, password) -->
+        <input type="text" name="username" id="username-field" required>
+        <input type="email" name="email" id="email-field" required>
+        <input type="password" name="password" id="password-field" required>
        <input type="submit" value="Register">
    </form>
 </body>
--- a/register.php
+++ b/register.php
@ -4,28 +4,33 @@ require_once 'config.php';

 // Handle registration form submission
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
-    $username = $_POST['username'];
-    $email = $_POST['email'];
-    $password = $_POST['password'];
-
-    // Hash the password
-    $hashed_password = password_hash($password, PASSWORD_DEFAULT);
-
-    // Prepare and execute the SQL query using prepared statements
-    $query = "INSERT INTO users (username, email, password) VALUES (?, ?, ?)";
-    $stmt = $mysqli->prepare($query);
-    $stmt->bind_param("sss", $username, $email, $hashed_password);
-
-    // Execute the statement
-    $result = $stmt->execute();
-
-    if ($result) {
-        echo "Registration successful. <a href='login.html'>Login here</a>.";
+    // Validate that required fields are provided
+    if (empty($_POST['username']) || empty($_POST['email']) || empty($_POST['password'])) {
+        echo "Please provide all required fields (username, email, and password).";
    } else {
-        echo "Error: " . $mysqli->error;
-    }
+        $username = $_POST['username'];
+        $email = $_POST['email'];
+        $password = $_POST['password'];

-    // Close the statement
-    $stmt->close();
+        // Hash the password
+        $hashed_password = password_hash($password, PASSWORD_DEFAULT);
+
+        // Prepare and execute the SQL query using prepared statements
+        $query = "INSERT INTO users (username, email, password) VALUES (?, ?, ?)";
+        $stmt = $mysqli->prepare($query);
+        $stmt->bind_param("sss", $username, $email, $hashed_password);
+
+        // Execute the statement
+        $result = $stmt->execute();
+
+        if ($result) {
+            echo "Registration successful. <a href='login.html'>Login here</a>.";
+        } else {
+            echo "Error: " . $mysqli->error;
+        }
+
+        // Close the statement
+        $stmt->close();
+    }
 }
 ?>