tlm/signup.php

<?php
  include "config.php";
  include "helper.php";

  if (is_logged_in()) {
    header("Location: index.php");
    exit();
  }

  $u = "";
  $p = "";

  if ($_SERVER["REQUEST_METHOD"] === "POST") {
    $u = strtolower(str_replace(" ", "", $_POST["username"]));
    $p = $_POST["password"];
    $v = $_POST["verify"];

    if ($v != $p) {
      $err = "Passwords don't match";
    } else if (!($u && $p && $v)) {
      $err = "Bad request, missing username, password, or verify parameter";
    } else if (strlen($u) > 64 || strlen($u) === 0) {
      $err = "Username must be 1-64 chars";
    } else if (!preg_match("/^[a-z0-9_-]{1,64}$/", $u)) {
      $err = "Username can only include a-z, 0-9, _, and -";
    } else {
      $query = "SELECT count(*) FROM users WHERE username='$u' LIMIT 1;";

      $response = pg_query($db, $query);
      $c = pg_fetch_array($response)["count"];

      if ($c === "0") {
        $user_id = generate_id();
        $pw_hash = password_hash($p, PASSWORD_DEFAULT);
        $user_parameters = array(
          "id" => $user_id,
          "username" => $u,
          "password_hash" => $pw_hash
        );

        pg_insert($db, "users", $user_parameters);
        
        foreach ($default_schema as $section_id => $section_data) {
          $section_id = generate_id();
          $section_parameters = array(
            "id" => $section_id,
            "users" => $user_id,
            "name" => $section_data["name"],
            "show_subtitle" => $section_data["show_subtitle"]
          );

          pg_insert($db, "section", $section_parameters);

          foreach ($section_data["items"] as $row_id => $row_data) {
            $row_id = generate_id();
            $row_parameters = array(
              "id" => $row_id,
              "section" => $section_id,
              "name" => $row_data["name"],
              "display_format" => $row_data["display_format"]
            );

            pg_insert($db, "row", $row_parameters);
          }
        }

        $token = get_token($u, $pw_hash);
        setcookie(
          "token",
          $token,
          time() + 60 * 60 * 24 * 30 * 265 // 1 year from now
        );
        header("Location: index.php");
        exit();
      } else {
        $err = "User '" . htmlspecialchars($u) . "' already exists";
      }
    }
  }

  $title = "Sign Up";
  include "boilerplate/head.php";
?>

<form method="POST">
  <div><input placeholder="Username" name="username" value="<?php echo htmlspecialchars($u); ?>" maxlength="64" required></div>
  <div><input placeholder="Password" name="password" type="password" value="<?php echo htmlspecialchars($p); ?>" required></div>
  <div><input placeholder="Verify Password" name="verify" type="password" required></div>
  <div><input type="submit" value="Sign Up"></div>
  <p><a href="login.php">Log in instead?</a></p>
</form>

<?php
  include "boilerplate/foot.php";
?>