<?

php
include("db.php");
include("functions.php");

if($_SERVER['REQUEST_METHOD'] == "POST")
{
//something was posted
$username = $_POST['username'];
$password = $_POST['password'];
$password_conf = $_POST['password_conf'];
// CHECK IF CONFIRMED PASSWORD IS THE SAME AS PASSWORD
if ($password == $password_conf) {
// CHECK IF INPUT IS NOT EMPTY AND USERNAME IS NOT NUMERIC
if(!empty($username) && !empty($password) && !is_numeric($username))
{
// $var = "SELECT count(*) FROM admin";
// $query = $con2-> query($var);

// CHECK IF USERNAME IS ALREADY TAKEN

$queryString = "SELECT count(*) as countusers FROM admin WHERE username =
'$username'";
$result = mysqli_query($con, $queryString);
while($row = mysqli_fetch_assoc($result))
{
//
if($row["countusers"] != 0)
{
$_SESSION['userexists'] = "Username Already Exists!";
header("location: register.php");
exit;
}
else {// ACTUAL PROCESS IF USER ARE NOT REGISTERED
$user_id = rand();

$password = password_hash($password, PASSWORD_DEFAULT);

$sql = "INSERT INTO admin (userid, username, password) VALUES ( '$user_id',
'$username', '$password')";
if (mysqli_query($con, $sql)) {
$_SESSION['regsuccess'] = "Admin Added!";
header("location: login.php");
exit;
}
else {
echo "Error: " . $sql . "<br>" . mysqli_error($con);
}
}
}