Project_BDE/www/profile/signup.php

<?php
		require_once '../lib/PHP/session/begin.php';
		require_once '../lib/PHP/session/continue.php';
		require_once '../lib/PHP/session/sessiontest.php';
		require_once '../lib/PHP/session/nosessiontest.php';
		require_once '../lib/PHP/output/sections.php';
	?>

<html>

<?php print_website_meta(1, 'Signup - Project BDEE'); ?>
<body>

<?php print_website_header(1); ?>


<body>
<main>
	<h1> Signup </h1> <hr>
	
	<?php
	
		// Assert that a form has been fully and correctly submited
		if(isset($_POST["uname"]) &&
		isset($_POST["password"]) &&
		isset($_POST["passwordconf"]) &&
		isset($_POST["email"])) 
		{
			$signup_submited = True;
			$signup_password = $_POST["password"];
			$signup_password_conf = $_POST["passwordconf"];
			if($signup_password == $signup_password_conf) $signup_correct_fields = True;
		}
	?>
	
	<?php
	
	
	if(!isset($signup_correct_fields))  // no fields => fields cannot be correct
	{
		if(isset($signup_submited))
		{
			echo <<< _END
	<h3> Your passwords do not match. </h3>
_END
		;}
	
	// THE user signup form. Should move it in another file here for convinience.
	echo <<< _END
	<form method="POST" action=signup.php>
	<dl>
		<dt> User name : </dt>
		<dd> <input type="text" name="uname" id="unamei" required='required' autofocus="focus" /> </dd>
		<dt> Display name :</dt>
		<dd> <input type="text" name="name" id="namei" /> </dd>
		<dt> email :</dt>
		<dd> <input type="text" name="email" id="emaili" required='required' /> </dd>
		<dt> Password :</dt>
		<dd> <input type="password" name="password" id="pwi" required='required' /> </dd>
		<dt> Confirm password :</dt>
		<dd> <input type="password" name="passwordconf" id="passwordconfi" required='required' /> </dd>
	</dl>
		<input type="submit" value="SIGNUP" />
	</form>
_END
	;}
	else
	{
		
		// == signup server-side sequence ==
		
		require_once '../lib/PHP/db_connection/human_ressources.php';
		require_once '../lib/PHP/db_queries/accounts/usermanagement.php';
		require_once '../lib/PHP/security/sanitize_inputs.php';
		
		// TODO: find a new database sanitization !
		// TODO: verify user does not exists !
		
		//$signup_password = sanitize_database_input($_POST["password"], $conn);
		//$signup_email = sanitize_database_input($_POST["email"], $conn);
		//$signup_username = sanitize_database_input($_POST["uname"], $conn);
		
		$signup_password = $_POST["password"];
		$signup_email = $_POST["email"];
		$signup_username = $_POST["uname"];
		if(isset($_POST["name"])) 
		{
			//$signup_name = sanitize_database_input($_POST["name"], $conn);
			$signup_name = $_POST["name"];
		}
		else
		{
			$signup_name = $signup_username;
		}
		$signup_name = sanitize_displayed_input($signup_name);
		$signup_username = sanitize_displayed_input($signup_username);
		$signup_email = sanitize_displayed_input($signup_email);
		
		$signup_hash = password_hash($signup_password, PASSWORD_DEFAULT);
		
		$is_signup_sucess = register_new_user_in_db($db_connection, $signup_email, $signup_hash, $signup_name, $signup_username);
		
		if(!$is_signup_sucess)  // Did the server mess up.
		{
			include '../lib/PHP/messages/generic_error.php';
			die();
		}
		else  // Redirection to the profile page.
		{
			// Start user session to avoid login over signup.
			start_new_session($signup_username, $signup_name, $signup_email, ACCOUNT_PRIV_USER); //Should a now signedup user have more priv.?
			echo '<meta http-equiv="Refresh" content="0; URL=view.php" />';
		}
	
	}
	?>
</main>
</body>
</html>