Geizkragen/register.php

<?php
// register.php

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

session_start();

// 1) DB-Verbindung (einmal)
$servername = "localhost";
$port = 3306;
$username = "FSST";
$password = "L9wUNZZ9Qkbt";
$db = "FSST";

$conn = mysqli_connect($servername, $username, $password, $db, $port);
if (!$conn) {
    http_response_code(500);
    die("Datenbankfehler");
}

$errors = [];
$values = [
    'email' => '',
    'displayName' => ''
];

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $email = trim((string)(isset($_POST['email']) ? $_POST['email'] : ''));
    $displayName = trim((string)(isset($_POST['displayName']) ? $_POST['displayName'] : ''));
    $pw = (string)(isset($_POST['pw']) ? $_POST['pw'] : '');
    $pw2 = (string)(isset($_POST['pw2']) ? $_POST['pw2'] : '');

    $values['email'] = $email;
    $values['displayName'] = $displayName;

    // Validierung
    if ($email === '' || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $errors[] = 'Bitte eine gültige E-Mail-Adresse eingeben.';
    }

    if ($displayName === '' || mb_strlen($displayName) < 3 || mb_strlen($displayName) > 50) {
        $errors[] = 'Bitte einen Benutzernamen mit 3–50 Zeichen eingeben.';
    }

    if ($pw === '' || mb_strlen($pw) < 8) {
        $errors[] = 'Bitte ein Passwort mit mindestens 8 Zeichen wählen.';
    }

    if ($pw !== $pw2) {
        $errors[] = 'Die Passwörter stimmen nicht überein.';
    }

    // Duplicate-Checks
    if (!$errors) {
        $stmt = mysqli_prepare($conn, 'SELECT userID FROM users WHERE email = ? LIMIT 1');
        if (!$stmt) {
            $errors[] = 'Datenbankfehler.';
        } else {
            mysqli_stmt_bind_param($stmt, 's', $email);
            mysqli_stmt_execute($stmt);
            $result = mysqli_stmt_get_result($stmt);
            if ($result && mysqli_fetch_assoc($result)) {
                $errors[] = 'Diese E-Mail ist bereits registriert.';
            }
            mysqli_stmt_close($stmt);
        }
    }

    if (!$errors) {
        $stmt = mysqli_prepare($conn, 'SELECT userID FROM users WHERE displayName = ? LIMIT 1');
        if (!$stmt) {
            $errors[] = 'Datenbankfehler.';
        } else {
            mysqli_stmt_bind_param($stmt, 's', $displayName);
            mysqli_stmt_execute($stmt);
            $result = mysqli_stmt_get_result($stmt);
            if ($result && mysqli_fetch_assoc($result)) {
                $errors[] = 'Dieser Benutzername ist bereits vergeben.';
            }
            mysqli_stmt_close($stmt);
        }
    }

    // Insert
    if (!$errors) {
        $hash = password_hash($pw, PASSWORD_DEFAULT);
        $stmt = mysqli_prepare(
            $conn,
            'INSERT INTO users (email, passwordHash, displayName, isActive, createdAt) VALUES (?, ?, ?, 1, NOW())'
        );

        if (!$stmt) {
            $errors[] = 'Datenbankfehler.';
        } else {
            mysqli_stmt_bind_param($stmt, 'sss', $email, $hash, $displayName);
            $ok = mysqli_stmt_execute($stmt);
            mysqli_stmt_close($stmt);

            if ($ok) {
                mysqli_close($conn);
                header('Location: login.php?registered=1');
                exit;
            }

            $errors[] = 'Registrierung fehlgeschlagen.';
        }
    }
}

include 'header.php';
?>
<link rel="stylesheet" href="assets/css/login.css">

<main class="auth" role="main">
    <section class="auth__grid" aria-label="Registrierung Bereich">
        <div class="auth__card">
            <header class="auth__header">
                <h2 class="auth__title">Registrierung</h2>
                <p class="auth__subtitle">Erstelle einen Account, um deine Wunschliste zu verwalten und Deals schneller zu speichern.</p>
            </header>

            <?php if ($errors): ?>
                <div class="auth__alert" role="alert">
                    <ul>
                        <?php foreach ($errors as $e): ?>
                            <li><?php echo htmlspecialchars($e, ENT_QUOTES, 'UTF-8'); ?></li>
                        <?php endforeach; ?>
                    </ul>
                </div>
            <?php endif; ?>

            <form class="auth__form" action="register.php" method="POST" autocomplete="on">
                <div class="auth__field">
                    <label for="email">E-Mail</label>
                    <input type="email" id="email" name="email" autocomplete="email" required value="<?php echo htmlspecialchars($values['email'], ENT_QUOTES, 'UTF-8'); ?>">
                </div>

                <div class="auth__field">
                    <label for="displayName">Username</label>
                    <input type="text" id="displayName" name="displayName" inputmode="text" autocomplete="username" required value="<?php echo htmlspecialchars($values['displayName'], ENT_QUOTES, 'UTF-8'); ?>">
                </div>

                <div class="auth__field">
                    <label for="pw">Passwort</label>
                    <input type="password" id="pw" name="pw" autocomplete="new-password" required>
                </div>

                <div class="auth__field">
                    <label for="pw2">Passwort wiederholen</label>
                    <input type="password" id="pw2" name="pw2" autocomplete="new-password" required>
                </div>

                <div class="auth__actions">
                    <input class="auth__submit" type="submit" value="Registrieren">
                </div>
            </form>

            <div class="auth__links">
                <p class="auth__muted">Schon registriert? <a href="login.php">Einloggen</a></p>
                <p class="auth__muted"><a href="index.php">Zurück zur Startseite</a></p>
            </div>
        </div>
    </section>
</main>

<?php
mysqli_close($conn);
include 'footer.php';
?>