<?php
class AddUserAction implements IAction {
	public function execute() {
		if(!Authorize::isLoggedIn() || !Authorize::hasPermission()) {
			return array("error" => "Access not authorized");
		}

		$username = $_POST['username'];
		$displayName = $_POST['display_name'];
		$password = $_POST['password'];
		
		//TODO: scrub inputs

		$passwordHash = hash("sha256", $password);
		
		$sql = "INSERT INTO users (username, password, display_name)
		VALUES 
		(:username, :passwordhash, :display_name);";
		
		throw new NotImplementedException();

		//TODO: write record
		//$this->database->exec($sql);
	}
}