php_practice/exam135/register.php

<?php
require '/var/www/nikola/practice/exam110/connect.inc.php';
require 'core.inc.php';

// Nece da doda id !!! to pogledaj u ponedeljak

if (!loggedin()) {
    if (
        isset($_POST['username']) && isset($_POST['password']) && isset($_POST['password_again']) &&
        isset($_POST['firstname']) && isset($_POST['surname'])
    ) {
        $username = $_POST['username'];

        $password = $_POST['password'];
        $password_again = $_POST['password_again'];
        $password_hash = md5($password);

        $firstname = $_POST['firstname'];
        $surname = $_POST['surname'];

        if (
            !empty($username) && !empty($password) && !empty($password_again) &&
            !empty($firstname) && !empty($surname)
        ) {
            if(strlen($username) > 30 || strlen($firstname) > 40 || strlen($surname) > 40){
                echo 'Please ahear to maxlength of fields';
            }else{
                if ($password != $password_again) {
                    echo 'Passwords do not match';
                } else {
                    $query = "SELECT `username` FROM `users` WHERE `username` ='$username'";
                    $query_run = mysqli_query($con, $query);
                    if (mysqli_num_rows($query_run) == 1) {
                        echo 'The username ' . $username . 'already exists';
                    } else {
                        $query = "INSERT INTO `users` VALUES(NULL ,'" . mysqli_real_escape_string($con, $username) .
                            "','" . mysqli_real_escape_string($con, $password_hash) . "','" . mysqli_real_escape_string($con, $firstname) .
                            "','" . mysqli_real_escape_string($con, $surname) . "')";
                        if($query_run = mysqli_query($con,$query)){
                            header('Location: register_success.php');
                        } else {
                            echo 'We could not register you!';
                        }
                        
                    }
                }
            }
        } else {
            echo 'All fields are required';
        }
    }
?>

    <form action="register.php" method="POST">
        Username: <br> <input type="text" name="username" maxlength="30" value="<?php if(isset($username)) {echo $username; } ?>"><br><br>
        Password: <br> <input type="password" name="password"><br><br>
        Password again: <br> <input type="password" name="password_again"><br><br>
        Firstname: <br> <input type="text" name="firstname" maxlength="40" value="<?php if(isset($firstname)) {echo $firstname; }  ?>"><br><br>
        Surname: <br> <input type="text" name="surname" maxlength="40" value="<?php if(isset($surname)) {echo $surname; } ?>"><br><br>
        <input type="submit" value="Register">
    </form>

<?php

} else if (loggedin()) {
    echo 'You are already registered and logged in !';
}

?>