User creation almost done

api/user/create.php

@@ -2,6 +2,7 @@
 
 require_once("../_auth.php");
 require_once("../_utils.php");
+require_once("./index.php");
 
 
 
@@ -12,8 +13,11 @@ function User_Create ($login, $password, $email = null, $invite_id = null, $avat
 	$salt = GenerateRandomString(8);
 	$pwd_hash = hash("sha256", $password . $salt, true);
 
+	// TODO: process invite
+
 	$s = $db->prepare("INSERT INTO users (login,email,password_hash,salt,avatar_path,role,invite_id) VALUES (?,?,?,?,?,?,?)");
-	$s->bind_param("sssssss", $login, $email, $pwd_hash, $salt, $avatar_path, "newbie", $invite_id);
+	$role = "newbie";
+	$s->bind_param("sssssss", $login, $email, $pwd_hash, $salt, $avatar_path, $role, $invite_id);
 	return $s->execute() !== false;
 }
 
@@ -33,25 +37,43 @@ if (ThisFileIsRequested(__FILE__)) {
 
 	// If we have some POST data
 	if (isset($_POST["login"]) && isset($_POST["password"])) {
+		$login = $_POST["login"];
+		$password = $_POST["password"];
+		$email = null;
+		$invite = null;
+
+		// If password is too weak
+		if (strlen($password) < 8)
+			ReturnJSONError($Err_RDP_InvalidArgs, "password too weak");
+
 		// If we need email but it isnt supplied
-		if ($Config["registration"]["need_email"] && !isset($_POST["email"]))
+		if ($Config["registration"]["need_email"] && !isset($_POST["email"])) {
 			ReturnJSONError($Err_RDP_InvalidArgs, "email is necessary");
-		elseif (isset($_POST["email"])) {
+		} elseif (isset($_POST["email"])) {
 			// Validation of email
 			if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL))
 				ReturnJSONError($Err_RDP_InvalidArgs, "email is invalid");
+			$email = $_POST["email"];
 		}
 		// If we need invite but it isnt supplied
-		if ($Config["registration"]["need_invite"] && !isset($_POST["invite_id"]))
+		if ($Config["registration"]["need_invite"] && !isset($_POST["invite_id"])) {
 			ReturnJSONError($Err_RDP_InvalidArgs, "registrations are invite-only");
+		} elseif (isset($_POST["invite_id"])) {
+			// TODO: check invite and reject if it invalid
+			//$invite = $_POST["invite_id"];
+		}
 
 		// Check login and password for pattern match
 		$preg_str = "/[^" . $Config["registration"]["allowed_syms"] . "]/";
-		if (preg_match($preg_str, $_POST["login"]) || preg_match($preg_str, $_POST["password"])) {
+		if (preg_match($preg_str, $login) || preg_match($preg_str, $password)) {
 			ReturnJSONError($Err_RDP_InvalidArgs, "only allowed symbols are: " . $Config["registration"]["allowed_syms"]);
 		}
 
-		// TODO
+		if (User_LoginExist($login))
+			ReturnJSONError($Err_RDP_InvalidArgs, "login already exists");
+
+		$result = User_Create($login, $password, $email, $invite);
+		ReturnJSONData(["success" => $result]);
 	} else { // Not enough arguments
 		ReturnJSONError($Err_RDP_InvalidArgs, "not enough or no arguments were supplied");
 	}