-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathchecksignup.php
60 lines (51 loc) · 2.26 KB
/
checksignup.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<!--
/*
Purpose: This file is used to check if the username or email already exists in the database.
If it does, the user will be redirected back to the signup page.
If it doesn't, the user will be inserted into the database and redirected to
the signin page.
Project: Kirito website
Author: Vuong Khang Minh,Nghiem Tuan Linh, Nguyen Cuong Nhat, Dang Nguyen Duc Anh, Phan Huy Quang
Last Updated: 2023-4-7
*/
-->
<?php
require_once "settings.php";
if (!isset($_SERVER['HTTP_REFERER'])) {
header("location: index.php");
exit;
}
$conn = @mysqli_connect($host, $user, $pwd, $sql_db);
if (!$conn) { echo "<p>Database connection failure.</p>"; exit(); }
$sql_table = "assign2_users";
$username = hash("sha512", $_POST["user_name"]);
// Why hash, why sha512? We apply things called "zero trust".
// Which mean we don't trust users
// We don't trust manager either. Absolute zero trust
// You are the one who have to remember username and password
// No one can get your private infomation
// - Kirito -
$email = hash("sha512", $_POST["email"]);
$user_pass = hash("sha512", $_POST["password"]);
// Check if the username or email already exists
$sql_check_username_email = "SELECT username FROM $sql_table WHERE username = '$username' OR email = '$email'";
$result = mysqli_query($conn, $sql_check_username_email);
if (mysqli_num_rows($result) > 0) {
// The username already exists
header("refresh:3;url=signup.php");
echo "<p>Username or email already exists. This website will redirect you back to signup page, thank you.</p>";
} else {
// The username doesn't exist, so insert the new user
$sql_insert_user = "INSERT INTO $sql_table (username, user_pass, email) VALUES ('$username', '$user_pass', '$email')";
if (mysqli_query($conn, $sql_insert_user)) {
// The user was successfully inserted
header("refresh:1;url=signin.php");
echo "<p>User created successfully</p>";
} else {
// An error occurred while inserting the user
header("refresh:3;url=signup.php");
echo "<p>Error creating user: " . mysqli_error($conn) . ". This website will redirect you back to signup page, thank you.</p>";
}
}
mysqli_close($conn);
?>