Develop a Registration Form and Implement User Registration with Password Hashing (Validation Inclusive)

[andrew21-mch]

Description:

This task involves creating the registration feature for the portfolio website, allowing new users to sign up by providing their details. The registration form must capture essential user information, validate the inputs, and securely store the user’s password using hashing techniques. Proper input validation and security measures will ensure a robust and secure registration process.

Steps to Complete:

1. Design the Registration Form:

   • Create a PHP file (e.g., register.php) within the public/ directory to serve as the registration page.
   • The form should capture the following user details:
     • Username
     • Email
     • Password
     • Confirm Password
     • Name (optional)
     • Profile Picture (optional)

2. Implement Client-Side Validation:

   • Use HTML5 form attributes and JavaScript to perform basic client-side validation:
     • Ensure the username and email are not empty and are in the correct format.
     • Validate that the password meets complexity requirements (e.g., minimum length, inclusion of numbers or special characters).
     • Ensure that the "Confirm Password" field matches the "Password" field.
     • If a profile picture is uploaded, validate the file type and size.

3. Handle Form Submission:

   • Upon form submission, process the form data in the same register.php file or another PHP script included via a POST request.
   • Sanitize the input data using PHP’s built-in functions to prevent SQL injection and cross-site scripting (XSS).
   • Check if the username or email already exists in the users table to prevent duplicates.

4. Implement Server-Side Validation:

   • Validate all inputs on the server side, replicating or enhancing client-side checks.
   • Ensure the email is in the correct format using filter_var() with FILTER_VALIDATE_EMAIL.
   • Check that the password meets the complexity requirements server-side.
   • Confirm that both password fields match.

5. Hash the Password:

   • Use PHP’s password_hash() function to securely hash the user’s password before storing it in the database.
   • Example:

     $hashedPassword = password_hash($password, PASSWORD_DEFAULT);

6. Insert User Data into the Database:

   • Prepare a SQL statement to insert the new user’s data into the users table, ensuring the use of prepared statements to prevent SQL injection.
   • Store the hashed password, along with other user information (e.g., username, email, name).

7. Provide Feedback and Redirection:

   • After successful registration, redirect the user to the login page or a welcome page with a success message.
   • If there are errors (e.g., validation failure or duplicate email), provide user-friendly error messages and prompt the user to correct their input.

8. Test the Registration Process:

   • Thoroughly test the registration process by submitting various inputs, including edge cases (e.g., very long usernames, invalid emails, weak passwords).
   • Verify that passwords are hashed in the database and that no sensitive data is stored in plain text.

Acceptance Criteria:

• The registration form is fully functional, with both client-side and server-side validation.
• User passwords are securely hashed using PHP’s password_hash() function before being stored in the database.
• Appropriate feedback is provided for successful registrations and validation errors.
• The registration process is secure, preventing SQL injection, XSS, and duplicate user registrations.

[KewirJewel]

pardon me sir ,are we backend with php together creating a branch for each issue assigned

[andrew21-mch]

a task should be assigned to you,

On Mon, 19 Aug 2024 at 08:32, Kewir Jewel @.***> wrote:

pardon me sir ,are we backend with php together creating a branch for each issue assigned

— Reply to this email directly, view it on GitHub https://github.com/skye8-tech/openFolio-v1-functional/issues/3#issuecomment-2295860274, or unsubscribe https://github.com/notifications/unsubscribe-auth/AOBYN7U6UZVAQOYYROYFBYDZSGNRJAVCNFSM6AAAAABMUEKTYKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEOJVHA3DAMRXGQ . You are receiving this because you authored the thread.Message ID: @.***>

[andrew21-mch]

@KewirJewel