function validate_input()
{
$error = false;
if (!(strlen($_POST['username']) > 3)) {
echo "<B><font color=red>Username must be at least 4 characters</font></B><BR>";
$error = true;
}
if (!(strlen($_POST['password1']) > 5)) {
echo "<B><font color=red>Password must be at least 6 characters</font></B><BR>";
$error = true;
}
if (!($_POST['password1'] == $_POST['password2'])) {
echo "<B><font color=red>Password fields must match</font></B><BR>";
$error = true;
}
if (!preg_match('/[a-z]/', strtolower($_POST['username']))) {
echo "<B><font color=red>Username must contain at least one letter</font></B><BR>";
$error = true;
}
if ($error) {
display_form();
} else {
check_account_exists();
}
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
include 'db-credentials.php';
$tbl_name = "Account";
// Table name
// Connect to server and select databse.
$link = new mysqli($servername, $username, $password, $dbname);
if ($link->connect_error) {
die("Connection failed: " . $link->connect_error);
}
// username and password and email sent from form
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
//check if a row is returned, meaning account username / email is taken
$usernametaken = check_account_exists("username", $username, $link);
$emailtaken = check_account_exists("email", $email, $link);
// if a row was returned for same email, display error message
if ($emailtaken == 1) {
$emailerror = "* An account exists with this email.";
} else {
if ($usernametaken == 1) {
$nameerror = "* Username is taken. Please choose another one.";
} else {
//ADD NEW ACCOUNT TO DATABASE
$sql = "INSERT INTO {$tbl_name} (email, username, password, isAdmin)\n VALUES ('{$email}', '{$username}', '{$password}', '0')";
if ($link->query($sql) != true) {
$emailerror = "ERROR: Could not able to execute {$sql}. " . $link->connect_error;
}
//start session, initialize session variables
session_start();
$_SESSION['loggedin'] = true;
