Adds validation to registration form

2025-02-10 19:25:17 +02:00 · 2025-02-10 19:25:17 +02:00 · 6c37a082bf
parent d2a9280d7d
commit 6c37a082bf
3 changed files with 41 additions and 13 deletions
--- a/app/includes/sanitize.php
+++ b/app/includes/sanitize.php
@ -2,7 +2,7 @@

 // sanitize all input vars that may end up in URLs or forms

-$platform_id = htmlspecialchars($_REQUEST['platform']);
+$platform_id = htmlspecialchars($_REQUEST['platform'] ?? '');
 if (isset($_REQUEST['page'])) {
    $page = htmlspecialchars($_REQUEST['page']);
 } else {
--- a/app/pages/register.php
+++ b/app/pages/register.php
@ -17,6 +17,27 @@ if ($config['registration_enabled'] == true) {
        $dbWeb = connectDB($config);

        if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
+            require_once '../app/classes/validator.php';
+
+            $validator = new Validator($_POST);
+            $rules = [
+                'username' => [
+                    'required' => true,
+                    'min' => 3,
+                    'max' => 20
+                ],
+                'password' => [
+                    'required' => true,
+                    'min' => 8,
+                    'max' => 100
+                ],
+                'confirm_password' => [
+                    'required' => true,
+                    'matches' => 'password'
+                ]
+            ];
+
+            if ($validator->validate($rules)) {
                $username = $_POST['username'];
                $password = $_POST['password'];

@ -25,7 +46,7 @@ if ($config['registration_enabled'] == true) {

                // redirect to login
                if ($result === true) {
-                Messages::flash('NOTICE', 'DEFAULT', "Registration successful.<br />You can log in now.");
+                    Messages::flash('NOTICE', 'DEFAULT', "Registration successful. You can log in now.");
                    header('Location: ' . htmlspecialchars($app_root));
                    exit();
                // registration fail, redirect to login
@ -34,6 +55,11 @@ if ($config['registration_enabled'] == true) {
                    header('Location: ' . htmlspecialchars($app_root));
                    exit();
                }
+            } else {
+                Messages::flash('ERROR', 'DEFAULT', $validator->getFirstError());
+                header('Location: ' . htmlspecialchars($app_root . '?page=register'));
+                exit();
+            }
        }
    } catch (Exception $e) {
        Messages::flash('ERROR', 'DEFAULT', $e->getMessage());
--- a/app/templates/form-register.php
+++ b/app/templates/form-register.php
@ -7,6 +7,8 @@
                    <input type="text" name="username" placeholder="Username" required autofocus />
                    <br />
                    <input type="password" name="password" placeholder="Password" required />
+                    <br />
+                    <input type="password" name="confirm_password" placeholder="Confirm password" required />
                    <br />&nbsp;<br />
                    <input type="submit" class="btn btn-primary" value="Register" />
                </form>