<?php
  // attach to session
  session_start();

  // verify that parameters exist
  if (empty($_POST['userid']) || empty($_POST['password']) ) {
    $_SESSION['message'] = "Userid and Password are required";
    require('register.php');
  }
  else {
    $userid = $_POST['userid'];
    $password = $_POST['password'];

    $db = new SQLite3('user.db');

    // check that primary key userid doesn't already exist in db
    $query = "SELECT userid FROM user WHERE userid='" . $userid . "'";
    $result = $db->query($query);
    if ($result->fetchArray()[0] != null) {
       // userid already in database
       $db->close();
       $_SESSION['message'] = "Userid already exists!";
       require('register.php');
       return;
    }

    // generate password hash
    $hash = password_hash($password, PASSWORD_DEFAULT);

    // add to database
    $command = "INSERT INTO user VALUES('" . $userid . "', '" . $hash . "')";
    $result = $db->exec($command);

    if ($result) {
      // registration success
      $_SESSION['message'] = "New user registered";
      require('index.php');
    } else {
      $_SESSION['message'] = "Registration failed";
      require('register.php');
    }
    
  }

?>