123456789101112131415161718192021222324252627282930313233343536373839 |
- <?php
- class AddAccountAction implements IAction {
- public function execute() {
- if(!Authorize::isLoggedIn() || !Authorize::hasPermission()) {
- return array("error" => "Access not authorized");
- }
- $subdomain = $_POST['subdomain'] ?? $_GET['subdomain'] ?? "";
- $displayName = $_POST['display_name'] ?? $_GET['display_name'] ?? "";
-
- //TODO: scrub inputs
- if(empty($subdomain) || empty($displayName)) {
- return array("error" => "One or more required fields missing: subdomain, display_name");
- }
- $sql = "INSERT INTO accounts (subdomain, display_name)
- VALUES
- (:subdomain, :display_name);";
- $db = SqliteDatabase::getSingleton();
- $preparedQuery = $db->prepare($sql);
- $preparedQuery->bindValue(':subdomain', $subdomain);
- $preparedQuery->bindValue(':display_name', $displayName);
- try {
- $result = $preparedQuery->execute();
- $loggerData = array();
- $loggerData['display_name'] = $_SESSION['display_name'];
- $loggerData['user_id'] = $_SESSION['user_id'];
- $loggerData['account_display_name'] = $displayName;
- $loggerData['subdomain'] = $subdomain;
- SecurityLogger::action("create-account", $loggerData, time());
- return array("status" => "success", "message" => "Added new account '" . $subdomain . "'.");
- }
- catch(Exception $e) {
- return array("error" => "Error when adding account '" . $subdomain. "': possibly duplicate?" , "exception" => $e->getMessage());
- }
- }
- }
|