<?php
function register($db){

	$name = $_POST["name"];
        $cleartext_password = $_POST["pswd"];
        $second_password = $_POST["2ndpswd"];
        $email = $_POST["email"];

        /* checking for empty password etc. */

        if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){
		return REGISTER_PASSWORD;
	}   

	if(!empty($email)){
		if(!preg_match("/[^.+@.+]/", $email)){
			return REGISTER_EMAIL;
		}   
	} else {
		$email = "";
	}

        $safe_name =  SQLite3::escapeString(htmlentities($name));
        $safe_email =  SQLite3::escapeString(htmlentities($email));

        /*Checks the validation of the registration attempt*/

	$doubleusername_db = $db->query("SELECT 1 FROM user WHERE name='" . $safe_name . "';");
	$doubleusername_ar = $doubleusername_db->fetchArray(SQLITE3_NUM);

	if($doubleusername_ar[0] == 1){
		return REGISTER_USERNAME;
	}

        /*Generates the encrypted password and the database transaction*/

	$pepper = file_get_contents("../database/pepper.txt");
	$password = $cleartext_password . $pepper;

	$hash_password = password_hash($password, PASSWORD_DEFAULT);

        if($db->exec("
		BEGIN TRANSACTION;
		INSERT INTO user (id, name, password, email, status, register) VALUES (NULL, '".$safe_name."', '".$hash_password."', '".$safe_email."', 1, (SELECT strftime('%s', 'now')));
		INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $safe_name. "'), (SELECT strftime('%s', 'now')));
                COMMIT;")
	){

		$userid = user_id($db, $safe_name);

        	$_SESSION["login"] = true;
                $_SESSION["username"] = $safe_name;
		$_SESSION["userid"] = $userid;

		return REGISTER_SUCCESSFULL;

	} else {
		return REGISTER_DATABASE;
	}

}