diff --git a/var/www/signup.php b/var/www/signup.php
index eb829b0..4f71aa0 100644
--- a/var/www/signup.php
+++ b/var/www/signup.php
@@ -3,31 +3,36 @@
unset($_SESSION['loggedInUser']);
try{
- if($_POST['signup_username'] != '' && $_POST['signup_password'] != ''){
+ if($_POST['signup_username'] != '' && $_POST['signup_fname'] != '' && $_POST['signup_lname'] != '' && $_POST['signup_password'] != ''){
// username and password must be 4 <= length <= 25
if(4 <= strlen($_POST['signup_username']) && strlen($_POST['signup_username']) <= 25){
if(4 <= strlen($_POST['signup_password']) && strlen($_POST['signup_password']) <= 25){
- // Make sure no special characters are present
- if(ctype_alnum($_POST['signup_username']) && ctype_alnum($_POST['signup_password'])){
- // Need to first check if a user with the desired username already esists
- $db_check_statement = $db_connection->prepare("SELECT COUNT(*) FROM login WHERE username = '".$_POST["signup_username"]."'");
- $db_check_statement->execute();
- $db_check_statement->setFetchMode(PDO::FETCH_ASSOC);
- $db_check_returned = $db_check_statement->fetchAll();
- $existingUsers = $db_check_returned[0]['COUNT(*)'];
- if($existingUsers == 0){
- $db_connection->exec("INSERT INTO login (username, pword) VALUES ('".$_POST["signup_username"]."','".$_POST["signup_password"]."')");
- $_SESSION["loginError"] = "Your account has been created and can now login";
- unset($_SESSION['signupError']);
- header('Location: /login.php');
- }else{$_SESSION["signupError"] = "Another user with that username already exists, please choose another name";}
- }else{$_SESSION["signupError"] = "Special characters are not allowed";}
+ if(1 <= strlen($_POST['signup_fname']) && strlen($_POST['signup_fname']) <= 25){
+ if(1 <= strlen($_POST['signup_lname']) && strlen($_POST['signup_lname']) <= 25){
+ // Make sure no special characters are present
+ if(ctype_alnum($_POST['signup_username']) && ctype_alnum($_POST['signup_password'])){
+ // Need to first check if a user with the desired username already esists
+ $db_check_statement = $db_connection->prepare("SELECT COUNT(*) FROM login WHERE username = '".$_POST["signup_username"]."'");
+ $db_check_statement->execute();
+ $db_check_statement->setFetchMode(PDO::FETCH_ASSOC);
+ $db_check_returned = $db_check_statement->fetchAll();
+ $existingUsers = $db_check_returned[0]['COUNT(*)'];
+ if($existingUsers == 0){
+ $db_connection->exec("INSERT INTO login (username, pword) VALUES ('".$_POST["signup_username"]."','".$_POST["signup_password"]."')");
+ $db_connection->exec("INSERT INTO contacts (username, fname, lname) VALUES ('".$_POST["signup_username"]."','".$_POST["signup_fname"]."','".$_POST["signup_lname"]."')");
+ $_SESSION["loginError"] = "Your account has been created and can now login";
+ unset($_SESSION['signupError']);
+ header('Location: /login.php');
+ }else{$_SESSION["signupError"] = "Another user with that username already exists, please choose another name";}
+ }else{$_SESSION["signupError"] = "Special characters are not allowed";}
+ }else{$_SESSION["signupError"] = "Last Name must be at least 1 character and at most 25 characters";}
+ }else{$_SESSION["signupError"] = "First Name must be at least 1 character and at most 25 characters";}
}else{$_SESSION["signupError"] = "Password must be at least 4 characters and at most 25 characters";}
}else{$_SESSION["signupError"] = "Username must be at least 4 characters and at most 25 characters";}
}else{
// If user submitted form wihout actually filling it out completely, send user an error message
if(!empty($_POST)){
- $_SESSION["signupError"] = "Username and Password are required, please try again";
+ $_SESSION["signupError"] = "All fields are required, please try again";
}
}
}catch(PDOException $e){echo "PDOException: ".$e->getMessage();
@@ -48,9 +53,11 @@
And you are...?
- Username and password both can be up to 25 alphanumeric characters
+ All fields allow up to 25 alphanumeric characters