"Access not authorized"); } $username = $_POST['username'] ?? $_GET['username'] ?? ""; $displayName = $_POST['display_name'] ?? $_GET['display_name'] ?? ""; $email = $_POST['email'] ?? $_GET['email'] ?? ""; $password = $_POST['password'] ?? $_GET['password'] ?? ""; //TODO: scrub inputs if(empty($username) || empty($displayName) || empty($password)) { return array("error" => "One or more required fields missing: username, display_name, password, email"); } $passwordHash = hash("sha256", $password); $sql = "INSERT INTO users (username, password, display_name, email) VALUES (:username, :passwordhash, :display_name, :email);"; $db = SqliteDatabase::getSingleton(); $preparedQuery = $db->prepare($sql); $preparedQuery->bindValue(':username', $username); $preparedQuery->bindValue(':passwordhash', $passwordHash); $preparedQuery->bindValue(':display_name', $displayName); $preparedQuery->bindValue(':email', $email); try { $result = $preparedQuery->execute(); $loggerData = array(); $loggerData['user_added'] = $username; $loggerData['admin_display_name'] = $_SESSION['display_name']; $loggerData['admin_user_id'] = $_SESSION['user_id']; SecurityLogger::action("add-user", $loggerData, time()); return array("status" => "success", "message" => "Added new user '" . $username . "'."); } catch(Exception $e) { return array("error" => "Error when adding user '" . $username. "': possibly duplicate?" , "exception" => $e->getMessage()); } } }