20) {
$error = "Username must be between 4-20 characters!";
} elseif (!preg_match("/^[a-zA-Z0-9_]+$/", $username)) {
$error = "Username can only contain letters, numbers, and underscores!";
} elseif ($password !== $confirm_password) {
$error = "Passwords do not match!";
} elseif (strlen($password) < 8) {
$error = "Password must be at least 8 characters long!";
} else {
// Check if username or email already exists
$stmt = $conn->prepare("SELECT id FROM users WHERE username = ? OR email = ?");
$stmt->bind_param("ss", $username, $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
$error = "Username or email is already taken!";
} else {
// Hash the password before storing
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
// Insert user into database
$stmt = $conn->prepare("INSERT INTO users (username, email, password) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $username, $email, $hashed_password);
if ($stmt->execute()) {
$_SESSION["registered"] = "Registration successful! Please log in.";
header("Location: login.php");
exit;
} else {
$error = "Something went wrong!";
}
}
$stmt->close();
}
}
?>
Register