User creation almost done
This commit is contained in:
parent
d4b7a03802
commit
32b5aa4238
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
require_once("../_auth.php");
|
require_once("../_auth.php");
|
||||||
require_once("../_utils.php");
|
require_once("../_utils.php");
|
||||||
|
require_once("./index.php");
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -12,8 +13,11 @@ function User_Create ($login, $password, $email = null, $invite_id = null, $avat
|
|||||||
$salt = GenerateRandomString(8);
|
$salt = GenerateRandomString(8);
|
||||||
$pwd_hash = hash("sha256", $password . $salt, true);
|
$pwd_hash = hash("sha256", $password . $salt, true);
|
||||||
|
|
||||||
|
// TODO: process invite
|
||||||
|
|
||||||
$s = $db->prepare("INSERT INTO users (login,email,password_hash,salt,avatar_path,role,invite_id) VALUES (?,?,?,?,?,?,?)");
|
$s = $db->prepare("INSERT INTO users (login,email,password_hash,salt,avatar_path,role,invite_id) VALUES (?,?,?,?,?,?,?)");
|
||||||
$s->bind_param("sssssss", $login, $email, $pwd_hash, $salt, $avatar_path, "newbie", $invite_id);
|
$role = "newbie";
|
||||||
|
$s->bind_param("sssssss", $login, $email, $pwd_hash, $salt, $avatar_path, $role, $invite_id);
|
||||||
return $s->execute() !== false;
|
return $s->execute() !== false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -33,25 +37,43 @@ if (ThisFileIsRequested(__FILE__)) {
|
|||||||
|
|
||||||
// If we have some POST data
|
// If we have some POST data
|
||||||
if (isset($_POST["login"]) && isset($_POST["password"])) {
|
if (isset($_POST["login"]) && isset($_POST["password"])) {
|
||||||
|
$login = $_POST["login"];
|
||||||
|
$password = $_POST["password"];
|
||||||
|
$email = null;
|
||||||
|
$invite = null;
|
||||||
|
|
||||||
|
// If password is too weak
|
||||||
|
if (strlen($password) < 8)
|
||||||
|
ReturnJSONError($Err_RDP_InvalidArgs, "password too weak");
|
||||||
|
|
||||||
// If we need email but it isnt supplied
|
// If we need email but it isnt supplied
|
||||||
if ($Config["registration"]["need_email"] && !isset($_POST["email"]))
|
if ($Config["registration"]["need_email"] && !isset($_POST["email"])) {
|
||||||
ReturnJSONError($Err_RDP_InvalidArgs, "email is necessary");
|
ReturnJSONError($Err_RDP_InvalidArgs, "email is necessary");
|
||||||
elseif (isset($_POST["email"])) {
|
} elseif (isset($_POST["email"])) {
|
||||||
// Validation of email
|
// Validation of email
|
||||||
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL))
|
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL))
|
||||||
ReturnJSONError($Err_RDP_InvalidArgs, "email is invalid");
|
ReturnJSONError($Err_RDP_InvalidArgs, "email is invalid");
|
||||||
|
$email = $_POST["email"];
|
||||||
}
|
}
|
||||||
// If we need invite but it isnt supplied
|
// If we need invite but it isnt supplied
|
||||||
if ($Config["registration"]["need_invite"] && !isset($_POST["invite_id"]))
|
if ($Config["registration"]["need_invite"] && !isset($_POST["invite_id"])) {
|
||||||
ReturnJSONError($Err_RDP_InvalidArgs, "registrations are invite-only");
|
ReturnJSONError($Err_RDP_InvalidArgs, "registrations are invite-only");
|
||||||
|
} elseif (isset($_POST["invite_id"])) {
|
||||||
|
// TODO: check invite and reject if it invalid
|
||||||
|
//$invite = $_POST["invite_id"];
|
||||||
|
}
|
||||||
|
|
||||||
// Check login and password for pattern match
|
// Check login and password for pattern match
|
||||||
$preg_str = "/[^" . $Config["registration"]["allowed_syms"] . "]/";
|
$preg_str = "/[^" . $Config["registration"]["allowed_syms"] . "]/";
|
||||||
if (preg_match($preg_str, $_POST["login"]) || preg_match($preg_str, $_POST["password"])) {
|
if (preg_match($preg_str, $login) || preg_match($preg_str, $password)) {
|
||||||
ReturnJSONError($Err_RDP_InvalidArgs, "only allowed symbols are: " . $Config["registration"]["allowed_syms"]);
|
ReturnJSONError($Err_RDP_InvalidArgs, "only allowed symbols are: " . $Config["registration"]["allowed_syms"]);
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO
|
if (User_LoginExist($login))
|
||||||
|
ReturnJSONError($Err_RDP_InvalidArgs, "login already exists");
|
||||||
|
|
||||||
|
$result = User_Create($login, $password, $email, $invite);
|
||||||
|
ReturnJSONData(["success" => $result]);
|
||||||
} else { // Not enough arguments
|
} else { // Not enough arguments
|
||||||
ReturnJSONError($Err_RDP_InvalidArgs, "not enough or no arguments were supplied");
|
ReturnJSONError($Err_RDP_InvalidArgs, "not enough or no arguments were supplied");
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user