text0Nly/main/register.php

<?php
session_start();
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
header('X-XSS-Protection: 1; mode=block');
header('Content-Security-Policy: default-src \'self\'');

$db = new PDO('mysql:host=localhost;dbname=messenger', 'root', '');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$error = '';
$success = '';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
    $password = $_POST['password'] ?? '';
    $pgp_key = $_POST['pgp_key'] ?? '';
    $ip = $_SERVER['REMOTE_ADDR'];

    if ($username && $password) {
        if (strlen($username) > 50 || strlen($password) < 8) {
            $error = 'Invalid data';
        } else {
            $stmt = $db->prepare('SELECT COUNT(*) FROM registrations WHERE ip = ? AND created_at > DATE_SUB(NOW(), INTERVAL 1 HOUR)');
            $stmt->execute([$ip]);
            $count = $stmt->fetchColumn();

            if ($count >= 5) {
                $error = 'Registration limit exceeded for your IP';
            } else {
                try {
                    $stmt = $db->prepare('INSERT INTO users (username, password, pgp_key) VALUES (?, ?, ?)');
                    $stmt->execute([$username, password_hash($password, PASSWORD_DEFAULT), $pgp_key]);
                    
                    $stmt = $db->prepare('INSERT INTO registrations (ip) VALUES (?)');
                    $stmt->execute([$ip]);
                    
                    $success = 'Registration successful';
                } catch (PDOException $e) {
                    $error = 'Username already exists';
                }
            }
        }
    }
}
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <title>Text0Nly - Registration</title>
    <style>
        body { font-family: Arial, sans-serif; max-width: 400px; margin: 20px auto; padding: 20px; }
        .form-group { margin: 10px 0; }
        input, textarea { width: 100%; padding: 8px; margin: 5px 0; }
        textarea { height: 100px; }
        button { width: 100%; padding: 10px; background: #2196F3; color: white; border: none; cursor: pointer; }
        .error { color: red; }
        .success { color: green; }
    </style>
</head>
<body>
    <h2>Registration</h2>
    <?php if ($error): ?>
        <div class="error"><?= htmlspecialchars($error) ?></div>
    <?php endif; ?>
    <?php if ($success): ?>
        <div class="success"><?= htmlspecialchars($success) ?></div>
    <?php endif; ?>
    
    <form method="post">
        <div class="form-group">
            <input type="text" name="username" placeholder="Username" required maxlength="50">
        </div>
        <div class="form-group">
            <input type="password" name="password" placeholder="Password (min 8 characters)" required minlength="8">
        </div>
        <div class="form-group">
            <textarea name="pgp_key" placeholder="PGP key (optional)"></textarea>
        </div>
        <button type="submit">Register</button>
    </form>
    <p><a href="index.php">Back to chat</a></p>
</body>
</html>