"Access not authorized"); } $subdomain = $_POST['subdomain'] ?? $_GET['subdomain'] ?? ""; $displayName = $_POST['display_name'] ?? $_GET['display_name'] ?? ""; //TODO: scrub inputs if(empty($subdomain) || empty($displayName)) { return array("error" => "One or more required fields missing: subdomain, display_name"); } $sql = "INSERT INTO accounts (subdomain, display_name) VALUES (:subdomain, :display_name);"; $db = SqliteDatabase::getSingleton(); $preparedQuery = $db->prepare($sql); $preparedQuery->bindValue(':subdomain', $subdomain); $preparedQuery->bindValue(':display_name', $displayName); try { $result = $preparedQuery->execute(); $loggerData = array(); $loggerData['display_name'] = $_SESSION['display_name']; $loggerData['user_id'] = $_SESSION['user_id']; $loggerData['account_display_name'] = $displayName; $loggerData['subdomain'] = $subdomain; SecurityLogger::action("create-account", $loggerData, time()); return array("status" => "success", "message" => "Added new account '" . $subdomain . "'."); } catch(Exception $e) { return array("error" => "Error when adding account '" . $subdomain. "': possibly duplicate?" , "exception" => $e->getMessage()); } } }