tee /var/www/bluewave/app/header.php > /dev/null <<'PHP'
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1">
  <title>BlueWave App</title>
  <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
  <style>
    :root{--t:#e9f1ff;--m:#b6c7f5;--b:rgba(255,255,255,.18)}
    *{box-sizing:border-box}
    body{margin:0;font-family:Inter,system-ui,Segoe UI,Roboto,Arial,sans-serif;color:var(--t);
      background: radial-gradient(1200px 800px at 20% -10%, #1e2566 0%, transparent 60%),
                 radial-gradient(900px 900px at 110% 10%, #0f1b5f 0%, transparent 60%),
                 linear-gradient(180deg,#0b0f2e 0%,#070a1f 100%);}
    a{color:#8cc5ff;text-decoration:none}
    .glass{background:linear-gradient(180deg,rgba(255,255,255,.14),rgba(255,255,255,.06));
      border:1px solid var(--b);backdrop-filter:blur(18px);border-radius:18px;box-shadow:0 10px 40px rgba(0,0,0,.35)}
    header{position:sticky;top:0;padding:14px 20px;border-bottom:1px solid rgba(255,255,255,.1);backdrop-filter:blur(12px)}
    .wrap{max-width:1000px;margin:0 auto}
    .row{display:flex;gap:12px;align-items:center;justify-content:space-between}
    .btn{display:inline-flex;gap:8px;align-items:center;padding:10px 14px;border-radius:12px;border:1px solid var(--b);
      background:linear-gradient(180deg,rgba(255,255,255,.12),rgba(255,255,255,.04));color:var(--t)}
    main{max-width:900px;margin:40px auto;padding:0 20px}
    .auth{max-width:520px;margin:40px auto;padding:26px}
    label{font-weight:600}
    input,textarea{width:100%;padding:12px;border-radius:12px;border:1px solid var(--b);
      background:rgba(0,0,0,.2);color:var(--t)}
    form{display:grid;gap:14px}
  </style>
</head>
<body>
<header class="glass"><div class="wrap"><div class="row">
  <strong>BlueWave App</strong>
  <nav>
          <a class="btn" href="/">Home</a>
      <a class="btn" href="/app/login.php">Login</a>
      <a class="btn" href="/app/register.php">Register</a>
      </nav>
</div></div></header>
<main>
PHP

require __DIR__ . '/config.php';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    check_csrf();

    $email = trim(strtolower($_POST['email'] ?? ''));
    $pass  = $_POST['password'] ?? '';

    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $error = 'Invalid email address';
    } elseif (strlen($pass) < 8) {
        $error = 'Password must be at least 8 characters long';
    } else {
        $hash = password_hash($pass, PASSWORD_DEFAULT);
        try {
            $pdo->prepare('INSERT INTO users(email,password_hash) VALUES(?,?)')
                ->execute([$email, $hash]);
            header('Location: /app/login.php?registered=1');
            exit;
        } catch (Throwable $e) {
            $error = 'Email is already registered';
        }
    }
}

include __DIR__ . '/header.php';
?>
<div class="glass" style="padding:20px">
  <h2>Create account</h2>
    <form method="post">
    <input type="hidden" name="csrf" value="6d26a15824ffd69150d2aae7e6c0c297d01d515ab25995867ce84668291ecc3a">    <label>Email
      <input type="email" name="email" required>
    </label>
    <label>Password
      <input type="password" name="password" required>
    </label>
    <button class="btn" type="submit">Register</button>
  </form>
</div>