e949/api/user/create.php

84 lines
2.7 KiB
PHP
Raw Normal View History

2023-08-19 23:45:47 +05:30
<?php // Creating account
2023-08-12 04:09:17 +05:30
2023-08-19 23:45:47 +05:30
require_once("../_auth.php");
require_once("../_utils.php");
2023-08-23 06:14:40 +05:30
require_once("./index.php");
2023-08-19 23:45:47 +05:30
// Create new user account
function User_Create ($login, $password, $email = null, $invite_id = null, $avatar_path = null): bool {
global $db;
$salt = GenerateRandomString(8);
$pwd_hash = hash("sha256", $password . $salt, true);
2023-08-23 06:14:40 +05:30
// TODO: process invite
2023-08-19 23:45:47 +05:30
$s = $db->prepare("INSERT INTO users (login,email,password_hash,salt,avatar_path,role,invite_id) VALUES (?,?,?,?,?,?,?)");
2023-08-23 06:14:40 +05:30
$role = "newbie";
$s->bind_param("sssssss", $login, $email, $pwd_hash, $salt, $avatar_path, $role, $invite_id);
2023-08-19 23:45:47 +05:30
return $s->execute() !== false;
}
if (ThisFileIsRequested(__FILE__)) {
require_once("../_json.php");
// If registration turned off
if (!$Config["registration"]["active"]) {
ReturnJSONError($Err_DP_RegClosed, "registrations are closed");
}
// If user is logged in, then we should not allow creation of account
if ($LOGGED_IN)
ReturnJSONError($Err_DP_AlreadyLoggedIn, "you are already logged in");
// If we have some POST data
if (isset($_POST["login"]) && isset($_POST["password"])) {
2023-08-23 06:14:40 +05:30
$login = $_POST["login"];
$password = $_POST["password"];
$email = null;
$invite = null;
// If password is too weak
if (strlen($password) < 8)
ReturnJSONError($Err_RDP_InvalidArgs, "password too weak");
2023-08-19 23:45:47 +05:30
// If we need email but it isnt supplied
2023-08-23 06:14:40 +05:30
if ($Config["registration"]["need_email"] && !isset($_POST["email"])) {
2023-08-19 23:45:47 +05:30
ReturnJSONError($Err_RDP_InvalidArgs, "email is necessary");
2023-08-23 06:14:40 +05:30
} elseif (isset($_POST["email"])) {
2023-08-19 23:45:47 +05:30
// Validation of email
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL))
ReturnJSONError($Err_RDP_InvalidArgs, "email is invalid");
2023-08-23 06:14:40 +05:30
$email = $_POST["email"];
2023-08-19 23:45:47 +05:30
}
// If we need invite but it isnt supplied
2023-08-23 06:14:40 +05:30
if ($Config["registration"]["need_invite"] && !isset($_POST["invite_id"])) {
2023-08-19 23:45:47 +05:30
ReturnJSONError($Err_RDP_InvalidArgs, "registrations are invite-only");
2023-08-23 06:14:40 +05:30
} elseif (isset($_POST["invite_id"])) {
// TODO: check invite and reject if it invalid
//$invite = $_POST["invite_id"];
}
2023-08-19 23:45:47 +05:30
// Check login and password for pattern match
$preg_str = "/[^" . $Config["registration"]["allowed_syms"] . "]/";
2023-08-23 06:14:40 +05:30
if (preg_match($preg_str, $login) || preg_match($preg_str, $password)) {
2023-08-19 23:45:47 +05:30
ReturnJSONError($Err_RDP_InvalidArgs, "only allowed symbols are: " . $Config["registration"]["allowed_syms"]);
}
2023-08-30 07:11:13 +05:30
// Check if login already exists
2023-08-23 06:14:40 +05:30
if (User_LoginExist($login))
ReturnJSONError($Err_RDP_InvalidArgs, "login already exists");
2023-08-30 07:11:13 +05:30
// Create account
2023-08-23 06:14:40 +05:30
$result = User_Create($login, $password, $email, $invite);
ReturnJSONData(["success" => $result]);
2023-08-19 23:45:47 +05:30
} else { // Not enough arguments
ReturnJSONError($Err_RDP_InvalidArgs, "not enough or no arguments were supplied");
}
}
2023-08-12 04:09:17 +05:30
?>