'', 'display_name' => '', 'email' => '']; if ($_SERVER['REQUEST_METHOD'] === 'POST') { $username = trim($_POST['username'] ?? ''); $display_name = trim($_POST['display_name'] ?? ''); $email = trim($_POST['email'] ?? ''); $password = $_POST['password'] ?? ''; $password_confirm = $_POST['password_confirm'] ?? ''; $fields = compact('username', 'display_name', 'email'); // Validate username if (!preg_match('/^[a-zA-Z0-9_]{3,30}$/', $username)) { $errors[] = 'Username must be 3-30 characters and contain only letters, numbers, and underscores.'; } // Validate email if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors[] = 'Please enter a valid email address.'; } // Validate password if (strlen($password) < 8) { $errors[] = 'Password must be at least 8 characters.'; } if ($password !== $password_confirm) { $errors[] = 'Passwords do not match.'; } if (empty($errors)) { $pdo = get_pdo(); // Check uniqueness $chk = $pdo->prepare('SELECT id FROM users WHERE username = ? OR email = ?'); $chk->execute([$username, $email]); $existing = $chk->fetchAll(); foreach ($existing as $row) { // Re-check which field conflicts } if (!empty($existing)) { $chk_u = $pdo->prepare('SELECT id FROM users WHERE username = ?'); $chk_u->execute([$username]); if ($chk_u->fetch()) $errors[] = 'That username is already taken.'; $chk_e = $pdo->prepare('SELECT id FROM users WHERE email = ?'); $chk_e->execute([$email]); if ($chk_e->fetch()) $errors[] = 'That email address is already registered.'; } } if (empty($errors)) { $pdo = get_pdo(); $smtp_host = get_setting('smtp_host'); $auto_confirm = ($smtp_host === ''); // No SMTP = skip email confirmation $hash = password_hash($password, PASSWORD_BCRYPT); $token = $auto_confirm ? null : bin2hex(random_bytes(32)); $pdo->prepare(" INSERT INTO users (username, email, password_hash, display_name, role, rosary_limit, email_confirmed, confirm_token) VALUES (?, ?, ?, ?, 'user', 1, ?, ?) ")->execute([$username, $email, $hash, $display_name ?: $username, $auto_confirm ? 1 : 0, $token]); if (!$auto_confirm && $token) { $site_url = rtrim(get_setting('site_url'), '/'); $link = $site_url . '/confirm?token=' . urlencode($token); $site_name = get_setting('site_name', APP_NAME); $body_html = "

Confirm your email

Hello, " . htmlspecialchars($display_name ?: $username) . "!

Thank you for registering with {$site_name}. Click the button below to confirm your email address:

Confirm Email

Or copy this link: " . htmlspecialchars($link) . "

If you did not register, ignore this email.

"; $html = email_template('Confirm your email — ' . $site_name, $body_html); send_email($email, $display_name ?: $username, 'Confirm your email — ' . $site_name, $html); } $success = true; $auto_confirmed = $auto_confirm; } } ?> Register — <?= htmlspecialchars(get_setting('site_name', APP_NAME)) ?>

Create Account

Account created! Sign in now.
Account created! Please check your email to confirm your address before logging in.

3-30 characters. Letters, numbers, underscores only.

Optional. Shown publicly.

At least 8 characters.

Already have an account? Sign in