//this is where email is suppose to be post
<?php
require 'config/db.php';
$username = "";
$email = "";
// if user clicks on the sign up button
if (isset($_POST ['signup-btn'])) {
$username= $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$passwordConf = $_POST["passwordConf"];
}
//validation
$errors['username'] = 'Username required';
}
$errors['email'] = 'Email required';
}
$errors['email'] = 'Email address is invalid';
}
$errors['password'] = 'Password required';
}
if (isset($password) && isset($passwordConf) && $password !== $passwordConf) {
$errors['password'] = "The two password do not match";
}
$emailQuery = "SELECT * FROM users WHERE email=? LIMIT 1";
$stmt = $conn->prepare($emailQuery);
$stmt->bind_param('s', $email);
$stmt->execute();
$result = $stmt->get_result();
$userCount = $result->num_rows;
$stmt->close();
if ($userCount > 0) {
$errors['email'] = "Email already esists";
}
if (count($errors) === 0) {
$password = password_hash($passord, PASSWORD_DEFAULT);
$token = bin2hex(random_bytes
(50));
$verified = false;
$sql = "INSERT INTO users (username, email, verified, token, password) VALUES (?, ?, ?, ?, ?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param('ssbss', $username, $email, $verified, $token, $password);
if ($stmt->excute()){
//login user
$user_id = $conn->insert_id;
$_SESSION['id'] = $user_id;
$_SESSION ['username'] = $username;
$_SESSION ['email'] = $email;
$_SESSION ['verified'] = $verified;
// set flash message
$_SESSION['message'] = "You are now logged in! Continue with your upload";
$_SESSION['alert-class'] = "alert-success";
header('location: profilepage.php');
}
else {
$errors['db_error'] = "Database error: failed to register";
}
}
// if user clicks on the login button
if (isset($_POST ['login-btn'])) {
$username= $_POST['username'];
$password = $_POST['password'];
//validation
$errors['username'] = 'Username required';
}
$errors['password'] = 'Password required';
}
$sql = "SELECT * FROM users WHERE email=? OR username=? LIMIT 1";
$stmt = $conn->prepare($sql);
$stmt->bind_param('ss', $username, $username);
$stmt->execute();
$result = $stmt->get_result();
$user = $result->fetch_assoc();
if (password_verify($password, $user['password'])) {
//login sucess
$_SESSION['id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['email'] = $user['email'];
$_SESSION['verified'] = $user['verified'];
// set flash message
$_SESSION['message'] = "You are now logged in! Continue with your upload";
$_SESSION['alert-class'] = "alert-success";
header('location: profilepage.php');
}
else {
$errors['login_fail'] = "Wrong credentials";
}
}
}
// logout user
if (isset($_GET['logout'])){
unset($_SESSION['username']);
unset($_SESSION['email']);
unset($_SESSION['verified']);
}