Reference input on bedrock form

index.php

@@ -29,6 +29,7 @@ class db {
       discord VARCHAR(32) NOT NULL,
       username VARCHAR(32) NOT NULL,
       birthdate DATE NOT NULL,
+      reference VARCHAR(32) NULL,
       submittime VARCHAR(20) NOT NULL
       ) COLLATE utf8mb4_unicode_ci
     ");
@@ -336,6 +337,10 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
     $errors[] = "Invalid date of birth. Format must be YYYY-MM-DD.";
     $birthDate = false;
   }
+  $reference = verifyInput("username", $_POST["reference"]);
+  if ($reference === false) {
+      $errors[] = "Invalid reference.";
+  }
 
   if (empty($errors)) {
     $conn = new db($config["mysql"]["host"], $config["mysql"]["user"], $config["mysql"]["password"], $config["mysql"]["database"]);
@@ -343,8 +348,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
     $discordUsername = $conn->escapeString($discordUsername);
     $username = $conn->escapeString($username);
     $birthDate = $conn->escapeString($birthDate);
+    $reference = $conn->escapeString($reference);
     $submitTime = $conn->escapeString(date("Y-m-d\TH:i:s"));
-    if ($conn->query("INSERT INTO empyreanrealm (nickname, discord, username, birthdate, submittime) VALUES (?,?,?,?,?)", $nickname, $discordUsername, $username, $birthDate, $submitTime)->affectedRows() === 1) {
+    if ($conn->query("INSERT INTO empyreanrealm (nickname, discord, username, birthdate, reference, submittime) VALUES (?,?,?,?,?,?)", $nickname, $discordUsername, $username, $birthDate, $reference, $submitTime)->affectedRows() === 1) {
       $message = json_encode([
           "username" => "Bedrock Applications",
           "avatar_url" => $config["siteUrl"]."/source/logo.png",
@@ -376,6 +382,11 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
                   "name" => "Birth Date",
                   "value" => "$birthDate",
                   "inline" => false
+                ],
+                [
+                  "name" => "Reference",
+                  "value" => "$reference",
+                  "inline" => false
                 ]
               ]
           ]
@@ -414,9 +425,6 @@ $page = preg_replace("/\?.+/", "", $page);
       <h1>Bedrock Server Application</h1>
       <p>Hurray! We recived your submission and we will review it as soon as possible, hold on tight!</p>
     </div>
-    <script>
-      console.log("Nickname: <?= $nickname ?>\nDiscord Username: <?= $discordUsername ?>\nUsername: <?= $username ?>\nBirth Date: <?= $birthDate ?>\n");
-    </script>
     <?php } else if (!isset($_SESSION["loggedIn"],$_GET["code"]) && stristr($page, "/login/redirect")) { 
       $authResult = getDiscordAuthInfoFromCode($_GET["code"]);
       if ($authResult !== false) {
@@ -445,6 +453,7 @@ $page = preg_replace("/\?.+/", "", $page);
                 <td>Discord</td>
                 <td>Username</td>
                 <td>Birth Date</td>
+                <td>Reference</td>
                 <td>Submission Date</td>
                 <td>Delete</td>
               </tr>
@@ -458,6 +467,7 @@ $page = preg_replace("/\?.+/", "", $page);
               <td><?= $player["discord"] ?></td>
               <td><?= $player["username"] ?></td>
               <td><?= $player["birthdate"] ?></td>
+              <td><?= $player["reference"] ?></td>
               <td><?= $player["submittime"] ?></td>
               <td>
                 <form action="" method="post" onsubmit="return confirm('Irreversible action! Are you sure you want to delete this application?');">
@@ -474,7 +484,9 @@ $page = preg_replace("/\?.+/", "", $page);
         </table>
       </div>
     </div>
-    <?php } else if (stristr($page, "/bedrock")) { ?>
+    <?php } else if (!isset($_SESSION["loggedIn"]) && stristr($page, "/applications")) {
+        header("Location: /login");
+    } else if (stristr($page, "/bedrock")) { ?>
     <div>
       <img src="source/logo.png" alt="logo" id="logo">
       <h1>Bedrock Server Application</h1>
@@ -496,6 +508,9 @@ $page = preg_replace("/\?.+/", "", $page);
         <label for="birthDate" required>Date of birth: *</label><br>
         <input type="date" id="birthDate" name="birthDate" title="Your date of birth. Will be used to to check if you are over 13 to comply with our rules." <?= ($birthDate != "" && $birthDate != false) ? "value=\"$birthDate\"" : "" ?> required>
         <br>
+        <label for="reference">Reference: *</label><br>
+        <input type="text" id="reference" name="reference" placeholder="Your reference" pattern="(?=.*[a-zA-Z0-9])^[a-zA-Z0-9-_ ]{3,32}$" title="Your reference, a player currently on the whitelist that invited you to apply." <?= ($reference != "" && $reference != false) ? "value=\"$reference\"" : "" ?> required>
+        <br>
         <br>
         <input type="submit" value="Submit">
       </form>