diff --git a/register.php b/register.php index 3419cdb7b01bd10322f5d1b4ffea95b8369c7062..29f5da74c147d31fd80f2598c2f833b3c7c037a5 100644 --- a/register.php +++ b/register.php @@ -5,51 +5,48 @@ include 'components/connect.php'; if(isset($_POST['submit'])){ - $id = create_unique_id(); - $name = $_POST['name']; - $name = filter_var($name, FILTER_SANITIZE_STRING); - $email = $_POST['email']; - $email = filter_var($email, FILTER_SANITIZE_STRING); + $name = htmlspecialchars($_POST['name'], ENT_QUOTES, 'UTF-8'); + $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL); $pass = password_hash($_POST['pass'], PASSWORD_DEFAULT); - $pass = filter_var($pass, FILTER_SANITIZE_STRING); - $c_pass = password_verify($_POST['c_pass'], $pass); - $c_pass = filter_var($c_pass, FILTER_SANITIZE_STRING); - - $image = $_FILES['image']['name']; - $image = filter_var($image, FILTER_SANITIZE_STRING); - $ext = pathinfo($image, PATHINFO_EXTENSION); - $rename = create_unique_id().'.'.$ext; - $image_size = $_FILES['image']['size']; - $image_tmp_name = $_FILES['image']['tmp_name']; - $image_folder = 'uploaded_files/'.$rename; - - if(!empty($image)){ - if($image_size > 2000000){ - $warning_msg[] = 'Image size is too large!'; - }else{ - move_uploaded_file($image_tmp_name, $image_folder); + $c_pass = $_POST['c_pass']; // ใช้เปรียบเทียบตรง ๆ กับ $_POST['pass'] + + // ตรวจสอบว่ารหัสผ่านตรงกันหรือไม่ + if ($c_pass !== $_POST['pass']) { + $warning_msg[] = 'Confirm password not matched!'; + } else { + + // อัปโหลดรูปภาพ + $rename = NULL; // ตั้งค่าเริ่มต้นเป็น NULL + if (!empty($_FILES['image']['name'])) { + $image = $_FILES['image']['name']; + $ext = pathinfo($image, PATHINFO_EXTENSION); + $rename = uniqid().'.'.$ext; // ใช้ uniqid() แทน create_unique_id() + $image_size = $_FILES['image']['size']; + $image_tmp_name = $_FILES['image']['tmp_name']; + $image_folder = 'uploaded_files/'.$rename; + + if ($image_size > 2000000) { + $warning_msg[] = 'Image size is too large!'; + } else { + move_uploaded_file($image_tmp_name, $image_folder); + } } - }else{ - $rename = ''; - } - $verify_email = $conn->prepare("SELECT * FROM `users` WHERE email = ?"); - $verify_email->execute([$email]); + // ตรวจสอบว่าอีเมลซ้ำหรือไม่ + $verify_email = $conn->prepare("SELECT * FROM `users` WHERE email = ?"); + $verify_email->execute([$email]); + + if ($verify_email->rowCount() > 0) { + $warning_msg[] = 'Email already taken!'; + } else { + // เพิ่มข้อมูลลงฐานข้อมูล + $insert_user = $conn->prepare("INSERT INTO `users`(name, email, password, image) VALUES(?,?,?,?)"); + $insert_user->execute([$name, $email, $pass, $rename]); - if($verify_email->rowCount() > 0){ - $warning_msg[] = 'Email already taken!'; - }else{ - if($c_pass == 1){ - $insert_user = $conn->prepare("INSERT INTO `users`(id, name, email, password, image) VALUES(?,?,?,?,?)"); - $insert_user->execute([$id, $name, $email, $pass, $rename]); $success_msg[] = 'Registered successfully!'; - }else{ - $warning_msg[] = 'Confirm password not matched!'; } } - } - ?> <!DOCTYPE html>