app.sixfold.org/www/signup.php

<?php

function validate_fields($data)
{
    global $db;
    $errors = [];

    $stmt = $db["data"]->prepare("SELECT COUNT(*) FROM members WHERE LOWER(email) = LOWER(:email)");
    $stmt->execute([
        "email" => $data["email"],
    ]);
    if ($stmt->fetch(PDO::FETCH_COLUMN) > 0) {
        $errors["email"] = "That email address is already in use.";
    }

    $stmt = $db["data"]->prepare("SELECT COUNT(*) FROM members WHERE LOWER(handle) = LOWER(:handle)");
    $stmt->execute([
        "handle" => $data["handle"],
    ]);
    if ($stmt->fetch(PDO::FETCH_COLUMN) > 0) {
        $errors["handle"] = "That handle is taken.";
    }

    if (!isset($data['terms-privacy'])) {
        $errors["terms-privacy"] = "Please agree to the terms.";
    }

    if (preg_match('/[^A-Za-z0-9-_]/', $_POST['handle'])) {
        $errors["handle"] = "Please only use allowed characters.";
    }

    return $errors;
}

$description = "Sign up to submit your work to Sixfold.";
$title = "Sign Up";

if ($_SERVER["REQUEST_METHOD"] === "POST"):
    $errors = validate_fields($_POST);

    if (count($errors) === 0) {
        $stmt = $db["data"]
            ->prepare('INSERT INTO members (name, handle, email, password, account_type, created_at, last_access)
    VALUES (:name, :handle, :email, :password, :account_type, :created_at, :last_access)
    RETURNING id');

        $stmt->execute([
            "name" => $_POST["name"],
            "handle" => $_POST["handle"],
            "email" => $_POST["email"],
            "password" => password_hash($_POST['password'], PASSWORD_ARGON2ID),
            "account_type" => 1,
            "created_at" => date("Y-m-dTH:i:s"),
            "last_access" => date("Y-m-dTH:i:s"),
        ]);

        $stmt = $db['data']->query('SELECT * FROM members WHERE LOWER(email) = LOWER(:email)');
        $stmt->execute([
        'email' => $_POST['email'],
        ]);

        $_SESSION['account'] = $stmt->fetch(PDO::FETCH_OBJ);
    } else {
        http_response_code(400);
    }
endif;

if (isset($_SESSION["account"])) {
    http_response_code(303);
    header("Location: /");
    die();
}

include "partials/head.php";
?>
    <body>
        <?php include "partials/header.php"; ?>
    <main id="main" class="flow">
    <header>
        <h1><?= $title ?></h1>
    </header>
    <?php if (!COOKIES_ENABLED && $_SERVER["REQUEST_METHOD"] === "POST") { ?>
        <p>Your browser is not set to accept cookies. You cannot login or use certain portions of the site unless your browser accepts cookies. Please change your browser settings to accept cookies and try again. Thanks.</p>
        <?php } ?>
    <?php if (http_response_code() === 400) { ?>
        <aside class='alert'>
            <p>We found <?= count($errors) ?> error(s) with your submission. Please correct the errors provided by each field.</p>
        </aside>
    <?php } ?>
    <?php if (http_response_code() === 500) { ?><p>We encounterred an issue when processing your request; please try again.</p><?php } ?>
    <form action="<?= $_SERVER["REQUEST_URI"] ?>" method="post" class="flow">
        <p><b>All fields are required.</b> Pseudonyms are welcome.</p>
        <label>
            <span>Name <small>(A. M. Barnard)</small></span>
            <input type="text" name="name" value="<?= $_POST["name"] ??
                "" ?>" required/>
        </label>
        <label>
            <span>Handle <small>(lm_alcott)</small><br/><span>A to Z, 0 to 9, dashes, underscores</span></span>
            <?php if (isset($errors) && isset($errors['handle'])) { ?><span><mark><?= $errors['handle'] ?></mark></span><?php } ?>
            <input type="text" name="handle" value="<?= $_POST["handle"] ??
                "" ?>" required/>
        </label>
        <label>
            <span>Email address <small>(email@example.com)</small></span>
            <?php if (isset($errors) && isset($errors['email'])) { ?><span><mark><?= $errors['email'] ?></mark></span><?php } ?>
            <input type="text" name="email" value="<?= $_POST["email"] ??
                "" ?>" required/>
        </label>
        <label>
            <span>Password</span>
            <?php if (isset($errors) && isset($errors['password'])) { ?><span><mark><?= $errors['password'] ?></mark></span><?php } ?>
            <input type="password" name="password" value="<?= $_POST["email"] ??
                "" ?>" required/>
        </label>
        <label>
            <input type="checkbox" name="terms-privacy" value="1" required <?= isset($_POST["terms-privacy"]) ? 'checked' : '' ?>/>
            <?php if (isset($errors) && isset($errors['terms-privacy'])) { ?><span><mark><?= $errors['terms-privacy'] ?></mark></span><?php } ?>
            <span>I agree to the <a href='/terms-and-conditions'>Terms & Conditions</a> and <a href='/privacy'>Privacy Policy</a></span>
        </label>
        <button type="submit">Sign Up</button>
    </form>
    <p><a href="/login">Log in to an existing account</a></p>
        </main>
    <?php include "partials/footer.php"; ?>