Ideone.com

fork download

copy

<?php
// register_demo_w3.php
// Single-file demo suitable for W3Schools PHP compiler.
// Intent: Demonstrate secure registration flow (CSRF, validation, password_hash) in an environment
//         where persistent DB is unavailable. Data is kept in session only for demonstration.
 
session_start();
 
// CSRF token for the session
if (empty($_SESSION['csrf_token'])) {
    $_SESSION['csrf_token'] = bin2hex(random_bytes(16));
}
$csrf = $_SESSION['csrf_token'];
 
$errors = [];
$success = null;
 
// Handle POST submission in same file
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $posted_csrf = $_POST['csrf'] ?? '';
    if (empty($posted_csrf) || !hash_equals($csrf, $posted_csrf)) {
        $errors[] = 'Invalid CSRF token. Reload and try again.';
    } else {
        // Normalize inputs
        $username = trim((string)($_POST['username'] ?? ''));
        $email    = trim((string)($_POST['email'] ?? ''));
        $password = (string)($_POST['password'] ?? '');
        $confirm  = (string)($_POST['confirm_password'] ?? '');
 
        if ($username === '') $errors[] = 'Username is required.';
        if ($email === '')    $errors[] = 'Email is required.';
        if ($password === '') $errors[] = 'Password is required.';
        if ($confirm === '')  $errors[] = 'Please confirm password.';
 
        if ($email !== '' && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
            $errors[] = 'Invalid email format.';
        }
 
        if (mb_strlen($username) < 3 || mb_strlen($username) > 50) {
            $errors[] = 'Username must be 3–50 characters.';
        }
 
        // Password policy
        $pw_ok = true;
        if (strlen($password) < 8) $pw_ok = false;
        if (!preg_match('/[A-Z]/', $password)) $pw_ok = false;
        if (!preg_match('/[a-z]/', $password)) $pw_ok = false;
        if (!preg_match('/[0-9]/', $password)) $pw_ok = false;
        if (!preg_match('/[\W_]/', $password)) $pw_ok = false;
        if (!$pw_ok) $errors[] = 'Password must be 8+ chars and include upper, lower, number and symbol.';
 
        if ($password !== $confirm) $errors[] = 'Passwords do not match.';
 
        // If valid, "save" into session demo storage
        if (empty($errors)) {
            if (!isset($_SESSION['demo_users'])) $_SESSION['demo_users'] = [];
 
            $email_norm = strtolower($email);
            foreach ($_SESSION['demo_users'] as $u) {
                if ($u['email'] === $email_norm) {
                    $errors[] = 'An account with this email already exists (demo).';
                    break;
                }
            }
            if (empty($errors)) {
                $hash = password_hash($password, PASSWORD_DEFAULT);
                $_SESSION['demo_users'][] = [
                    'id' => uniqid('u', true),
                    'username' => $username,
                    'email' => $email_norm,
                    'password_hash' => $hash,
                    'created_at' => date(DATE_ATOM)
                ];
                $success = 'Registration successful (demo users saved to session).';
                // rotate token to reduce replay risk
                $_SESSION['csrf_token'] = bin2hex(random_bytes(16));
                $csrf = $_SESSION['csrf_token'];
                // clear posted values for sticky UI
                $_POST = [];
            }
        }
    }
}
 
// Helper
function h($s){ return htmlspecialchars((string)$s, ENT_QUOTES, 'UTF-8'); }
?>
<!doctype html>
<html lang="en">
<head><meta charset="utf-8"><title>Register Demo</title></head>
<body>
  <h1>Register (W3Schools Demo)</h1>
 
  <?php if (!empty($errors)): ?>
    <div style="color:darkred;"><ul><?php foreach ($errors as $e): ?><li><?php echo h($e); ?></li><?php endforeach; ?></ul></div>
  <?php endif; ?>
 
  <?php if ($success): ?>
    <div style="color:green"><?php echo h($success); ?></div>
  <?php endif; ?>
 
  <form method="post" action="">
    <input type="hidden" name="csrf" value="<?php echo h($csrf); ?>">
    <label>Username:<br><input type="text" name="username" required maxlength="50" value="<?php echo isset($_POST['username'])?h($_POST['username']):''; ?>"></label><br><br>
    <label>Email:<br><input type="email" name="email" required value="<?php echo isset($_POST['email'])?h($_POST['email']):''; ?>"></label><br><br>
    <label>Password:<br><input type="password" name="password" required></label><br><br>
    <label>Confirm Password:<br><input type="password" name="confirm_password" required></label><br><br>
    <button type="submit">Register</button>
  </form>
 
  <hr>
  <h2>Demo: Registered users (session)</h2>
  <?php if (!empty($_SESSION['demo_users'])): ?>
    <ul>
      <?php foreach ($_SESSION['demo_users'] as $u): ?>
        <li><?php echo h($u['username']); ?> — <?php echo h($u['email']); ?> — <?php echo h($u['created_at']); ?></li>
      <?php endforeach; ?>
    </ul>
  <?php else: ?>
    <p>No demo users yet.</p>
  <?php endif; ?>
 
  <p><small>Note: This demo stores users in session only. Use a database and stronger infrastructure for production.</small></p>
</body>
</html>

PD9waHAKLy8gcmVnaXN0ZXJfZGVtb193My5waHAKLy8gU2luZ2xlLWZpbGUgZGVtbyBzdWl0YWJsZSBmb3IgVzNTY2hvb2xzIFBIUCBjb21waWxlci4KLy8gSW50ZW50OiBEZW1vbnN0cmF0ZSBzZWN1cmUgcmVnaXN0cmF0aW9uIGZsb3cgKENTUkYsIHZhbGlkYXRpb24sIHBhc3N3b3JkX2hhc2gpIGluIGFuIGVudmlyb25tZW50Ci8vICAgICAgICAgd2hlcmUgcGVyc2lzdGVudCBEQiBpcyB1bmF2YWlsYWJsZS4gRGF0YSBpcyBrZXB0IGluIHNlc3Npb24gb25seSBmb3IgZGVtb25zdHJhdGlvbi4KCnNlc3Npb25fc3RhcnQoKTsKCi8vIENTUkYgdG9rZW4gZm9yIHRoZSBzZXNzaW9uCmlmIChlbXB0eSgkX1NFU1NJT05bJ2NzcmZfdG9rZW4nXSkpIHsKICAgICRfU0VTU0lPTlsnY3NyZl90b2tlbiddID0gYmluMmhleChyYW5kb21fYnl0ZXMoMTYpKTsKfQokY3NyZiA9ICRfU0VTU0lPTlsnY3NyZl90b2tlbiddOwoKJGVycm9ycyA9IFtdOwokc3VjY2VzcyA9IG51bGw7CgovLyBIYW5kbGUgUE9TVCBzdWJtaXNzaW9uIGluIHNhbWUgZmlsZQppZiAoJF9TRVJWRVJbJ1JFUVVFU1RfTUVUSE9EJ10gPT09ICdQT1NUJykgewogICAgJHBvc3RlZF9jc3JmID0gJF9QT1NUWydjc3JmJ10gPz8gJyc7CiAgICBpZiAoZW1wdHkoJHBvc3RlZF9jc3JmKSB8fCAhaGFzaF9lcXVhbHMoJGNzcmYsICRwb3N0ZWRfY3NyZikpIHsKICAgICAgICAkZXJyb3JzW10gPSAnSW52YWxpZCBDU1JGIHRva2VuLiBSZWxvYWQgYW5kIHRyeSBhZ2Fpbi4nOwogICAgfSBlbHNlIHsKICAgICAgICAvLyBOb3JtYWxpemUgaW5wdXRzCiAgICAgICAgJHVzZXJuYW1lID0gdHJpbSgoc3RyaW5nKSgkX1BPU1RbJ3VzZXJuYW1lJ10gPz8gJycpKTsKICAgICAgICAkZW1haWwgICAgPSB0cmltKChzdHJpbmcpKCRfUE9TVFsnZW1haWwnXSA/PyAnJykpOwogICAgICAgICRwYXNzd29yZCA9IChzdHJpbmcpKCRfUE9TVFsncGFzc3dvcmQnXSA/PyAnJyk7CiAgICAgICAgJGNvbmZpcm0gID0gKHN0cmluZykoJF9QT1NUWydjb25maXJtX3Bhc3N3b3JkJ10gPz8gJycpOwoKICAgICAgICBpZiAoJHVzZXJuYW1lID09PSAnJykgJGVycm9yc1tdID0gJ1VzZXJuYW1lIGlzIHJlcXVpcmVkLic7CiAgICAgICAgaWYgKCRlbWFpbCA9PT0gJycpICAgICRlcnJvcnNbXSA9ICdFbWFpbCBpcyByZXF1aXJlZC4nOwogICAgICAgIGlmICgkcGFzc3dvcmQgPT09ICcnKSAkZXJyb3JzW10gPSAnUGFzc3dvcmQgaXMgcmVxdWlyZWQuJzsKICAgICAgICBpZiAoJGNvbmZpcm0gPT09ICcnKSAgJGVycm9yc1tdID0gJ1BsZWFzZSBjb25maXJtIHBhc3N3b3JkLic7CgogICAgICAgIGlmICgkZW1haWwgIT09ICcnICYmICFmaWx0ZXJfdmFyKCRlbWFpbCwgRklMVEVSX1ZBTElEQVRFX0VNQUlMKSkgewogICAgICAgICAgICAkZXJyb3JzW10gPSAnSW52YWxpZCBlbWFpbCBmb3JtYXQuJzsKICAgICAgICB9CgogICAgICAgIGlmIChtYl9zdHJsZW4oJHVzZXJuYW1lKSA8IDMgfHwgbWJfc3RybGVuKCR1c2VybmFtZSkgPiA1MCkgewogICAgICAgICAgICAkZXJyb3JzW10gPSAnVXNlcm5hbWUgbXVzdCBiZSAz4oCTNTAgY2hhcmFjdGVycy4nOwogICAgICAgIH0KCiAgICAgICAgLy8gUGFzc3dvcmQgcG9saWN5CiAgICAgICAgJHB3X29rID0gdHJ1ZTsKICAgICAgICBpZiAoc3RybGVuKCRwYXNzd29yZCkgPCA4KSAkcHdfb2sgPSBmYWxzZTsKICAgICAgICBpZiAoIXByZWdfbWF0Y2goJy9bQS1aXS8nLCAkcGFzc3dvcmQpKSAkcHdfb2sgPSBmYWxzZTsKICAgICAgICBpZiAoIXByZWdfbWF0Y2goJy9bYS16XS8nLCAkcGFzc3dvcmQpKSAkcHdfb2sgPSBmYWxzZTsKICAgICAgICBpZiAoIXByZWdfbWF0Y2goJy9bMC05XS8nLCAkcGFzc3dvcmQpKSAkcHdfb2sgPSBmYWxzZTsKICAgICAgICBpZiAoIXByZWdfbWF0Y2goJy9bXFdfXS8nLCAkcGFzc3dvcmQpKSAkcHdfb2sgPSBmYWxzZTsKICAgICAgICBpZiAoISRwd19vaykgJGVycm9yc1tdID0gJ1Bhc3N3b3JkIG11c3QgYmUgOCsgY2hhcnMgYW5kIGluY2x1ZGUgdXBwZXIsIGxvd2VyLCBudW1iZXIgYW5kIHN5bWJvbC4nOwoKICAgICAgICBpZiAoJHBhc3N3b3JkICE9PSAkY29uZmlybSkgJGVycm9yc1tdID0gJ1Bhc3N3b3JkcyBkbyBub3QgbWF0Y2guJzsKCiAgICAgICAgLy8gSWYgdmFsaWQsICJzYXZlIiBpbnRvIHNlc3Npb24gZGVtbyBzdG9yYWdlCiAgICAgICAgaWYgKGVtcHR5KCRlcnJvcnMpKSB7CiAgICAgICAgICAgIGlmICghaXNzZXQoJF9TRVNTSU9OWydkZW1vX3VzZXJzJ10pKSAkX1NFU1NJT05bJ2RlbW9fdXNlcnMnXSA9IFtdOwoKICAgICAgICAgICAgJGVtYWlsX25vcm0gPSBzdHJ0b2xvd2VyKCRlbWFpbCk7CiAgICAgICAgICAgIGZvcmVhY2ggKCRfU0VTU0lPTlsnZGVtb191c2VycyddIGFzICR1KSB7CiAgICAgICAgICAgICAgICBpZiAoJHVbJ2VtYWlsJ10gPT09ICRlbWFpbF9ub3JtKSB7CiAgICAgICAgICAgICAgICAgICAgJGVycm9yc1tdID0gJ0FuIGFjY291bnQgd2l0aCB0aGlzIGVtYWlsIGFscmVhZHkgZXhpc3RzIChkZW1vKS4nOwogICAgICAgICAgICAgICAgICAgIGJyZWFrOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGlmIChlbXB0eSgkZXJyb3JzKSkgewogICAgICAgICAgICAgICAgJGhhc2ggPSBwYXNzd29yZF9oYXNoKCRwYXNzd29yZCwgUEFTU1dPUkRfREVGQVVMVCk7CiAgICAgICAgICAgICAgICAkX1NFU1NJT05bJ2RlbW9fdXNlcnMnXVtdID0gWwogICAgICAgICAgICAgICAgICAgICdpZCcgPT4gdW5pcWlkKCd1JywgdHJ1ZSksCiAgICAgICAgICAgICAgICAgICAgJ3VzZXJuYW1lJyA9PiAkdXNlcm5hbWUsCiAgICAgICAgICAgICAgICAgICAgJ2VtYWlsJyA9PiAkZW1haWxfbm9ybSwKICAgICAgICAgICAgICAgICAgICAncGFzc3dvcmRfaGFzaCcgPT4gJGhhc2gsCiAgICAgICAgICAgICAgICAgICAgJ2NyZWF0ZWRfYXQnID0+IGRhdGUoREFURV9BVE9NKQogICAgICAgICAgICAgICAgXTsKICAgICAgICAgICAgICAgICRzdWNjZXNzID0gJ1JlZ2lzdHJhdGlvbiBzdWNjZXNzZnVsIChkZW1vIHVzZXJzIHNhdmVkIHRvIHNlc3Npb24pLic7CiAgICAgICAgICAgICAgICAvLyByb3RhdGUgdG9rZW4gdG8gcmVkdWNlIHJlcGxheSByaXNrCiAgICAgICAgICAgICAgICAkX1NFU1NJT05bJ2NzcmZfdG9rZW4nXSA9IGJpbjJoZXgocmFuZG9tX2J5dGVzKDE2KSk7CiAgICAgICAgICAgICAgICAkY3NyZiA9ICRfU0VTU0lPTlsnY3NyZl90b2tlbiddOwogICAgICAgICAgICAgICAgLy8gY2xlYXIgcG9zdGVkIHZhbHVlcyBmb3Igc3RpY2t5IFVJCiAgICAgICAgICAgICAgICAkX1BPU1QgPSBbXTsKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KfQoKLy8gSGVscGVyCmZ1bmN0aW9uIGgoJHMpeyByZXR1cm4gaHRtbHNwZWNpYWxjaGFycygoc3RyaW5nKSRzLCBFTlRfUVVPVEVTLCAnVVRGLTgnKTsgfQo/Pgo8IWRvY3R5cGUgaHRtbD4KPGh0bWwgbGFuZz0iZW4iPgo8aGVhZD48bWV0YSBjaGFyc2V0PSJ1dGYtOCI+PHRpdGxlPlJlZ2lzdGVyIERlbW88L3RpdGxlPjwvaGVhZD4KPGJvZHk+CiAgPGgxPlJlZ2lzdGVyIChXM1NjaG9vbHMgRGVtbyk8L2gxPgoKICA8P3BocCBpZiAoIWVtcHR5KCRlcnJvcnMpKTogPz4KICAgIDxkaXYgc3R5bGU9ImNvbG9yOmRhcmtyZWQ7Ij48dWw+PD9waHAgZm9yZWFjaCAoJGVycm9ycyBhcyAkZSk6ID8+PGxpPjw/cGhwIGVjaG8gaCgkZSk7ID8+PC9saT48P3BocCBlbmRmb3JlYWNoOyA/PjwvdWw+PC9kaXY+CiAgPD9waHAgZW5kaWY7ID8+CgogIDw/cGhwIGlmICgkc3VjY2Vzcyk6ID8+CiAgICA8ZGl2IHN0eWxlPSJjb2xvcjpncmVlbiI+PD9waHAgZWNobyBoKCRzdWNjZXNzKTsgPz48L2Rpdj4KICA8P3BocCBlbmRpZjsgPz4KCiAgPGZvcm0gbWV0aG9kPSJwb3N0IiBhY3Rpb249IiI+CiAgICA8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJjc3JmIiB2YWx1ZT0iPD9waHAgZWNobyBoKCRjc3JmKTsgPz4iPgogICAgPGxhYmVsPlVzZXJuYW1lOjxicj48aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0idXNlcm5hbWUiIHJlcXVpcmVkIG1heGxlbmd0aD0iNTAiIHZhbHVlPSI8P3BocCBlY2hvIGlzc2V0KCRfUE9TVFsndXNlcm5hbWUnXSk/aCgkX1BPU1RbJ3VzZXJuYW1lJ10pOicnOyA/PiI+PC9sYWJlbD48YnI+PGJyPgogICAgPGxhYmVsPkVtYWlsOjxicj48aW5wdXQgdHlwZT0iZW1haWwiIG5hbWU9ImVtYWlsIiByZXF1aXJlZCB2YWx1ZT0iPD9waHAgZWNobyBpc3NldCgkX1BPU1RbJ2VtYWlsJ10pP2goJF9QT1NUWydlbWFpbCddKTonJzsgPz4iPjwvbGFiZWw+PGJyPjxicj4KICAgIDxsYWJlbD5QYXNzd29yZDo8YnI+PGlucHV0IHR5cGU9InBhc3N3b3JkIiBuYW1lPSJwYXNzd29yZCIgcmVxdWlyZWQ+PC9sYWJlbD48YnI+PGJyPgogICAgPGxhYmVsPkNvbmZpcm0gUGFzc3dvcmQ6PGJyPjxpbnB1dCB0eXBlPSJwYXNzd29yZCIgbmFtZT0iY29uZmlybV9wYXNzd29yZCIgcmVxdWlyZWQ+PC9sYWJlbD48YnI+PGJyPgogICAgPGJ1dHRvbiB0eXBlPSJzdWJtaXQiPlJlZ2lzdGVyPC9idXR0b24+CiAgPC9mb3JtPgoKICA8aHI+CiAgPGgyPkRlbW86IFJlZ2lzdGVyZWQgdXNlcnMgKHNlc3Npb24pPC9oMj4KICA8P3BocCBpZiAoIWVtcHR5KCRfU0VTU0lPTlsnZGVtb191c2VycyddKSk6ID8+CiAgICA8dWw+CiAgICAgIDw/cGhwIGZvcmVhY2ggKCRfU0VTU0lPTlsnZGVtb191c2VycyddIGFzICR1KTogPz4KICAgICAgICA8bGk+PD9waHAgZWNobyBoKCR1Wyd1c2VybmFtZSddKTsgPz4g4oCUIDw/cGhwIGVjaG8gaCgkdVsnZW1haWwnXSk7ID8+IOKAlCA8P3BocCBlY2hvIGgoJHVbJ2NyZWF0ZWRfYXQnXSk7ID8+PC9saT4KICAgICAgPD9waHAgZW5kZm9yZWFjaDsgPz4KICAgIDwvdWw+CiAgPD9waHAgZWxzZTogPz4KICAgIDxwPk5vIGRlbW8gdXNlcnMgeWV0LjwvcD4KICA8P3BocCBlbmRpZjsgPz4KCiAgPHA+PHNtYWxsPk5vdGU6IFRoaXMgZGVtbyBzdG9yZXMgdXNlcnMgaW4gc2Vzc2lvbiBvbmx5LiBVc2UgYSBkYXRhYmFzZSBhbmQgc3Ryb25nZXIgaW5mcmFzdHJ1Y3R1cmUgZm9yIHByb2R1Y3Rpb24uPC9zbWFsbD48L3A+CjwvYm9keT4KPC9odG1sPgo=

Success #stdin #stdout #stderr 0.03s 26208KB

stdin

copy

Standard input is empty

stdout

copy

<!doctype html>
<html lang="en">
<head><meta charset="utf-8"><title>Register Demo</title></head>
<body>
  <h1>Register (W3Schools Demo)</h1>

  
  
  <form method="post" action="">
    <input type="hidden" name="csrf" value="dc17516decdcee5b221bbbfca1cd80ea">
    <label>Username:<br><input type="text" name="username" required maxlength="50" value=""></label><br><br>
    <label>Email:<br><input type="email" name="email" required value=""></label><br><br>
    <label>Password:<br><input type="password" name="password" required></label><br><br>
    <label>Confirm Password:<br><input type="password" name="confirm_password" required></label><br><br>
    <button type="submit">Register</button>
  </form>

  <hr>
  <h2>Demo: Registered users (session)</h2>
      <p>No demo users yet.</p>
  
  <p><small>Note: This demo stores users in session only. Use a database and stronger infrastructure for production.</small></p>
</body>
</html>

stderr

copy

PHP Notice:  Undefined index: REQUEST_METHOD in /home/Ssc5S6/prog.php on line 19

https://ideone.com/DJYsjF

language:

PHP (php 7.3.5)

created:

visibility:

public

Share or Embed source code

Discover > Sphere Engine API

The brand new service which powers Ideone!

Discover > IDE Widget

Widget for compiling and running the source code in a web browser!

Discover > Sphere Engine API

Discover > IDE Widget

Choose your language