pguzman/Rosary
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
663fde390953aec7644b528909c5f4959c43b9c1
Rosary/register.php
T
pguzman 663fde3909 Initial commit — Rosary Presenter App 
Full source for loveandrosary.com: slide-based Rosary/novena/Divine Mercy
Chaplet presentation tool with multi-user roles, SVG bead ring, audio uploads,
donate strip, and public session profiles.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 18:44:08 -07:00

178 lines
7.7 KiB
PHP
Raw Blame History

<?php
require_once __DIR__ . '/config/db.php';
require_once __DIR__ . '/includes/auth.php';
require_once __DIR__ . '/includes/mailer.php';
_auth_start();
// Already logged in
if (!empty($_SESSION['user_id'])) {
header('Location: ' . BASE_URL . '/admin/');
exit;
}
$errors = [];
$success = false;
$fields = ['username' => '', 'display_name' => '', 'email' => ''];
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = trim($_POST['username'] ?? '');
$display_name = trim($_POST['display_name'] ?? '');
$email = trim($_POST['email'] ?? '');
$password = $_POST['password'] ?? '';
$password_confirm = $_POST['password_confirm'] ?? '';
$fields = compact('username', 'display_name', 'email');
// Validate username
if (!preg_match('/^[a-zA-Z0-9_]{3,30}$/', $username)) {
$errors[] = 'Username must be 3-30 characters and contain only letters, numbers, and underscores.';
}
// Validate email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors[] = 'Please enter a valid email address.';
}
// Validate password
if (strlen($password) < 8) {
$errors[] = 'Password must be at least 8 characters.';
}
if ($password !== $password_confirm) {
$errors[] = 'Passwords do not match.';
}
if (empty($errors)) {
$pdo = get_pdo();
// Check uniqueness
$chk = $pdo->prepare('SELECT id FROM users WHERE username = ? OR email = ?');
$chk->execute([$username, $email]);
$existing = $chk->fetchAll();
foreach ($existing as $row) {
// Re-check which field conflicts
}
if (!empty($existing)) {
$chk_u = $pdo->prepare('SELECT id FROM users WHERE username = ?');
$chk_u->execute([$username]);
if ($chk_u->fetch()) $errors[] = 'That username is already taken.';
$chk_e = $pdo->prepare('SELECT id FROM users WHERE email = ?');
$chk_e->execute([$email]);
if ($chk_e->fetch()) $errors[] = 'That email address is already registered.';
}
}
if (empty($errors)) {
$pdo = get_pdo();
$smtp_host = get_setting('smtp_host');
$auto_confirm = ($smtp_host === ''); // No SMTP = skip email confirmation
$hash = password_hash($password, PASSWORD_BCRYPT);
$token = $auto_confirm ? null : bin2hex(random_bytes(32));
$pdo->prepare("
INSERT INTO users (username, email, password_hash, display_name, role, rosary_limit, email_confirmed, confirm_token)
VALUES (?, ?, ?, ?, 'user', 1, ?, ?)
")->execute([$username, $email, $hash, $display_name ?: $username, $auto_confirm ? 1 : 0, $token]);
if (!$auto_confirm && $token) {
$site_url = rtrim(get_setting('site_url'), '/');
$link = $site_url . '/confirm?token=' . urlencode($token);
$site_name = get_setting('site_name', APP_NAME);
$body_html = "
<h2 style='margin-top:0;color:#1e3a5f'>Confirm your email</h2>
<p>Hello, <strong>" . htmlspecialchars($display_name ?: $username) . "</strong>!</p>
<p>Thank you for registering with {$site_name}. Click the button below to confirm your email address:</p>
<p style='text-align:center;margin:28px 0'>
<a href='" . htmlspecialchars($link) . "' style='display:inline-block;background:#1e3a5f;color:#fff;padding:12px 28px;border-radius:6px;text-decoration:none;font-weight:600'>Confirm Email</a>
</p>
<p style='color:#6b7280;font-size:13px'>Or copy this link: " . htmlspecialchars($link) . "</p>
<p style='color:#6b7280;font-size:13px'>If you did not register, ignore this email.</p>
";
$html = email_template('Confirm your email — ' . $site_name, $body_html);
send_email($email, $display_name ?: $username, 'Confirm your email — ' . $site_name, $html);
}
$success = true;
$auto_confirmed = $auto_confirm;
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="icon" type="image/svg+xml" href="<?= BASE_URL ?>/favicon.svg">
<title>Register — <?= htmlspecialchars(get_setting('site_name', APP_NAME)) ?></title>
<link rel="stylesheet" href="<?= BASE_URL ?>/assets/css/setup.css">
</head>
<body class="login-page">
<div class="login-box" style="max-width:460px">
<h1>&#x271D; <?= htmlspecialchars(get_setting('site_name', APP_NAME)) ?></h1>
<h2>Create Account</h2>
<?php if ($success): ?>
<?php if ($auto_confirmed ?? false): ?>
<div class="alert alert-success">
Account created! <a href="<?= BASE_URL ?>/login">Sign in now</a>.
</div>
<?php else: ?>
<div class="alert alert-success">
Account created! Please check your email to confirm your address before logging in.
</div>
<?php endif; ?>
<?php else: ?>
<?php if (!empty($errors)): ?>
<div class="alert alert-error">
<?php foreach ($errors as $err): ?>
<div><?= htmlspecialchars($err) ?></div>
<?php endforeach; ?>
</div>
<?php endif; ?>
<form method="post" action="<?= BASE_URL ?>/register">
<div class="form-group">
<label for="username">Username <span class="required">*</span></label>
<input type="text" id="username" name="username"
value="<?= htmlspecialchars($fields['username']) ?>"
pattern="[a-zA-Z0-9_]{3,30}" title="3-30 letters, numbers, or underscores"
autocomplete="username" autofocus required>
<p class="help-text">3-30 characters. Letters, numbers, underscores only.</p>
</div>
<div class="form-group">
<label for="display_name">Display Name</label>
<input type="text" id="display_name" name="display_name"
value="<?= htmlspecialchars($fields['display_name']) ?>"
maxlength="100" autocomplete="name">
<p class="help-text">Optional. Shown publicly.</p>
</div>
<div class="form-group">
<label for="email">Email <span class="required">*</span></label>
<input type="email" id="email" name="email"
value="<?= htmlspecialchars($fields['email']) ?>"
autocomplete="email" required>
</div>
<div class="form-group">
<label for="password">Password <span class="required">*</span></label>
<input type="password" id="password" name="password"
minlength="8" autocomplete="new-password" required>
<p class="help-text">At least 8 characters.</p>
</div>
<div class="form-group">
<label for="password_confirm">Confirm Password <span class="required">*</span></label>
<input type="password" id="password_confirm" name="password_confirm"
minlength="8" autocomplete="new-password" required>
</div>
<button type="submit" class="btn btn-primary btn-full">Create Account</button>
</form>
<div style="margin-top:20px;text-align:center;font-size:14px;color:#6b7280">
Already have an account? <a href="<?= BASE_URL ?>/login" style="color:#1e3a5f">Sign in</a>
</div>
<?php endif; ?>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink