Rippchen/register.php

<?php
include 'db_connection.php';

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $vorname = sanitize_input($_POST['vorname']);
    $nachname = sanitize_input($_POST['nachname']);
    $username = sanitize_input($_POST['username']);
    $password = sanitize_input($_POST['password']);

    // Hash the password for security
    $hashed_password = password_hash($password, PASSWORD_DEFAULT);

    // Check if the username already exists
    $check_sql = "SELECT username FROM User WHERE username='$username'";
    $check_result = $conn->query($check_sql);

    if ($check_result->num_rows > 0) {
        $registration_error = "Username already exists. Please choose a different one.";
    } else {
        $sql = "INSERT INTO User (vorname, nachname, username, password) VALUES ('$vorname', '$nachname', '$username', '$hashed_password')";

        if ($conn->query($sql) === TRUE) {
            $registration_success = "Registration successful! You can now <a href='login.php'>login</a>.";
        } else {
            $registration_error = "Error: " . $sql . "<br>" . $conn->error;
        }
    }
}

$conn->close();
?>

<!DOCTYPE html>
<html>
<head>
    <title>Register</title>
</head>
<body>
    <h2>Register</h2>
    <?php if (isset($registration_error)): ?>
        <p style="color:red;"><?php echo $registration_error; ?></p>
    <?php endif; ?>
    <?php if (isset($registration_success)): ?>
        <p style="color:green;"><?php echo $registration_success; ?></p>
    <?php endif; ?>
    <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
        Vorname: <input type="text" name="vorname" required><br><br>
        Nachname: <input type="text" name="nachname" required><br><br>
        Username: <input type="text" name="username" required><br><br>
        Password: <input type="password" name="password" required><br><br>
        <input type="submit" value="Register">
    </form>
    <p>Already have an account? <a href="login.php">Login here</a></p>
</body>
</html>