first pass at registration

src/webserver/auth/register.php

@@ -0,0 +1,86 @@
+<?php
+    $db_path = realpath(dirname(__FILE__) . '/../config/db.php');
+    require_once($db_path);
+    require_once(realpath(dirname(__FILE__) . '/../header.php'));
+?>
+
+<h1>All Whomst Wander</h1>
+
+<h2>Register</h2>
+
+<?php
+    if (!isset($_POST['nickname'])) {
+	// display registration form
+	regForm();
+?>
+
+<?php
+    } else {
+	// process registration
+	$errors = [];
+        // ensure nickname
+	if (!isset($_POST['nickname']) || trim($_POST['nickname']) === "") {
+	    array_push($errors, "Your nickname is needed to log you in and share your progress with your friends.");
+	}
+	// ensure email address
+	if (!isset($_POST['email']) || trim($_POST['email']) === "") {
+	    array_push($errors, "Your email address is needed in case you need to reset your password in the future.");
+	}
+	// ensure password and confirmation match
+	if (!isset($_POST['password']) || !isset($_POST['confirm_password']) || trim($_POST['password']) === ""  || $_POST['password'] !== $_POST['confirm_password']) {
+	    array_push($errors, "You need to provide a password and confirm the same password a second time in order to register.");
+	}
+        // check nickname uniqueness
+	$stmt = $conn->prepare('SELECT id FROM Players WHERE nickname = :nickname');
+	if ($stmt) {
+	    $stmt->bindValue(':nickname', $_POST['nickname']);
+	    $result = $stmt->execute();
+	    if ($result && is_array($result->fetchArray())) {
+	        array_push($errors, "That nickname is already taken. Please choose another.");
+	    }
+	}
+
+	if (sizeof($errors) > 0) {
+	    foreach ($errors as $e) {
+	        echo "<p>" . $e . "</p>";
+	    }
+	    regForm();
+	} else {
+	    $add_stmt = $conn->prepare('INSERT INTO Players (nickname, is_active) VALUES (:nickname, 1)');
+	    if ($add_stmt) {
+	        $add_stmt->bindValue(':nickname', $_POST['nickname']);
+		$add_result = $add_stmt->execute();
+		$player_id = false;
+		if ($add_result) {
+		    $player_id = $conn->lastInsertRowID();
+		    if ($player_id) {
+		        $credentials_stmt = $conn->prepare('INSERT INTO PlayerAuth (player_id, email, hashed_pw, is_active, is_email_verified) VALUES (:player_id, :email, :hashed_pw, 1, 0)');
+			if ($credentials_stmt) {
+			    $credentials_stmt->bindParam(':player_id', $player_id);
+			    $credentials_stmt->bindParam(':email', $_POST['email']);
+			    $credentials_stmt->bindParam(':hashed_pw', password_hash($_POST['password'], PASSWORD_DEFAULT, ['cost' => 12]));
+			    $credentials_result = $credentials_stmt->execute();
+			    if ($credentials_result) {
+			      echo "<p>Your account has been created. You can now <a href='login.php'>log in and start playing</a>!</p>";
+			    }
+			}
+		    }
+		}
+	    }
+	}
+    }
+
+    require_once(realpath(dirname(__FILE__) . '/../footer.php'));
+
+    function regForm() {
+?>
+    <form method="POST" action="register.php" />
+        <p><label for="nickname">Your username: </label><input type="text" name="nickname" id="nickname" /></p>
+        <p><label for="email">Your email address: </label><input type="text" name="email" id="email" /></p>
+        <p><label for="password">Your password: </label><input type="password" name="password" id="password" /></p>
+        <p><label for="confirm_password">Confirm password: </label><input type="password" name="confirm_password" id="confirm_password" /></p>
+        <p><input type="submit" value="Register!" /></p>
+    </form>
+<?php
+    }
+?>