diff --git a/api/user/create.php b/api/user/create.php index 13880ec..aba94d8 100644 --- a/api/user/create.php +++ b/api/user/create.php @@ -2,6 +2,7 @@ require_once("../_auth.php"); require_once("../_utils.php"); +require_once("./index.php"); @@ -12,8 +13,11 @@ function User_Create ($login, $password, $email = null, $invite_id = null, $avat $salt = GenerateRandomString(8); $pwd_hash = hash("sha256", $password . $salt, true); + // TODO: process invite + $s = $db->prepare("INSERT INTO users (login,email,password_hash,salt,avatar_path,role,invite_id) VALUES (?,?,?,?,?,?,?)"); - $s->bind_param("sssssss", $login, $email, $pwd_hash, $salt, $avatar_path, "newbie", $invite_id); + $role = "newbie"; + $s->bind_param("sssssss", $login, $email, $pwd_hash, $salt, $avatar_path, $role, $invite_id); return $s->execute() !== false; } @@ -33,25 +37,43 @@ if (ThisFileIsRequested(__FILE__)) { // If we have some POST data if (isset($_POST["login"]) && isset($_POST["password"])) { + $login = $_POST["login"]; + $password = $_POST["password"]; + $email = null; + $invite = null; + + // If password is too weak + if (strlen($password) < 8) + ReturnJSONError($Err_RDP_InvalidArgs, "password too weak"); + // If we need email but it isnt supplied - if ($Config["registration"]["need_email"] && !isset($_POST["email"])) + if ($Config["registration"]["need_email"] && !isset($_POST["email"])) { ReturnJSONError($Err_RDP_InvalidArgs, "email is necessary"); - elseif (isset($_POST["email"])) { + } elseif (isset($_POST["email"])) { // Validation of email if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) ReturnJSONError($Err_RDP_InvalidArgs, "email is invalid"); + $email = $_POST["email"]; } // If we need invite but it isnt supplied - if ($Config["registration"]["need_invite"] && !isset($_POST["invite_id"])) + if ($Config["registration"]["need_invite"] && !isset($_POST["invite_id"])) { ReturnJSONError($Err_RDP_InvalidArgs, "registrations are invite-only"); + } elseif (isset($_POST["invite_id"])) { + // TODO: check invite and reject if it invalid + //$invite = $_POST["invite_id"]; + } // Check login and password for pattern match $preg_str = "/[^" . $Config["registration"]["allowed_syms"] . "]/"; - if (preg_match($preg_str, $_POST["login"]) || preg_match($preg_str, $_POST["password"])) { + if (preg_match($preg_str, $login) || preg_match($preg_str, $password)) { ReturnJSONError($Err_RDP_InvalidArgs, "only allowed symbols are: " . $Config["registration"]["allowed_syms"]); } - // TODO + if (User_LoginExist($login)) + ReturnJSONError($Err_RDP_InvalidArgs, "login already exists"); + + $result = User_Create($login, $password, $email, $invite); + ReturnJSONData(["success" => $result]); } else { // Not enough arguments ReturnJSONError($Err_RDP_InvalidArgs, "not enough or no arguments were supplied"); }