made register secure (hopefuly) and added the actual forms

This commit is contained in:
Richard Mikloš 2024-01-20 17:15:31 +01:00
parent 607c307dc5
commit f2bec5f92d
3 changed files with 31 additions and 23 deletions

@ -9,7 +9,8 @@
<body> <body>
<h2>Login</h2> <h2>Login</h2>
<form action="../login.php" method="post"> <form action="../login.php" method="post">
<!-- Add your login form fields here (e.g., username, password) --> <input type="email" name="email" id="email-field" required>
<input type="password" name="password" id="password-field" required>
<input type="submit" value="Login"> <input type="submit" value="Login">
</form> </form>
</body> </body>

@ -9,7 +9,9 @@
<body> <body>
<h2>Register</h2> <h2>Register</h2>
<form action="../register.php" method="post"> <form action="../register.php" method="post">
<!-- Add your registration form fields here (e.g., username, email, password) --> <input type="text" name="username" id="username-field" required>
<input type="email" name="email" id="email-field" required>
<input type="password" name="password" id="password-field" required>
<input type="submit" value="Register"> <input type="submit" value="Register">
</form> </form>
</body> </body>

@ -4,28 +4,33 @@ require_once 'config.php';
// Handle registration form submission // Handle registration form submission
if ($_SERVER["REQUEST_METHOD"] == "POST") { if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST['username']; // Validate that required fields are provided
$email = $_POST['email']; if (empty($_POST['username']) || empty($_POST['email']) || empty($_POST['password'])) {
$password = $_POST['password']; echo "Please provide all required fields (username, email, and password).";
// Hash the password
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
// Prepare and execute the SQL query using prepared statements
$query = "INSERT INTO users (username, email, password) VALUES (?, ?, ?)";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("sss", $username, $email, $hashed_password);
// Execute the statement
$result = $stmt->execute();
if ($result) {
echo "Registration successful. <a href='login.html'>Login here</a>.";
} else { } else {
echo "Error: " . $mysqli->error; $username = $_POST['username'];
} $email = $_POST['email'];
$password = $_POST['password'];
// Close the statement // Hash the password
$stmt->close(); $hashed_password = password_hash($password, PASSWORD_DEFAULT);
// Prepare and execute the SQL query using prepared statements
$query = "INSERT INTO users (username, email, password) VALUES (?, ?, ?)";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("sss", $username, $email, $hashed_password);
// Execute the statement
$result = $stmt->execute();
if ($result) {
echo "Registration successful. <a href='login.html'>Login here</a>.";
} else {
echo "Error: " . $mysqli->error;
}
// Close the statement
$stmt->close();
}
} }
?> ?>