AddAccountAction.class.php 1.4 KB

123456789101112131415161718192021222324252627282930313233343536373839
  1. <?php
  2. class AddAccountAction implements IAction {
  3. public function execute() {
  4. if(!Authorize::isLoggedIn() || !Authorize::hasPermission()) {
  5. return array("error" => "Access not authorized");
  6. }
  7. $subdomain = $_POST['subdomain'] ?? $_GET['subdomain'] ?? "";
  8. $displayName = $_POST['display_name'] ?? $_GET['display_name'] ?? "";
  9. //TODO: scrub inputs
  10. if(empty($subdomain) || empty($displayName)) {
  11. return array("error" => "One or more required fields missing: subdomain, display_name");
  12. }
  13. $sql = "INSERT INTO accounts (subdomain, display_name)
  14. VALUES
  15. (:subdomain, :display_name);";
  16. $db = SqliteDatabase::getSingleton();
  17. $preparedQuery = $db->prepare($sql);
  18. $preparedQuery->bindValue(':subdomain', $subdomain);
  19. $preparedQuery->bindValue(':display_name', $displayName);
  20. try {
  21. $result = $preparedQuery->execute();
  22. $loggerData = array();
  23. $loggerData['display_name'] = $_SESSION['display_name'];
  24. $loggerData['user_id'] = $_SESSION['user_id'];
  25. $loggerData['account_display_name'] = $displayName;
  26. $loggerData['subdomain'] = $subdomain;
  27. SecurityLogger::action("create-account", $loggerData, time());
  28. return array("status" => "success", "message" => "Added new account '" . $subdomain . "'.");
  29. }
  30. catch(Exception $e) {
  31. return array("error" => "Error when adding account '" . $subdomain. "': possibly duplicate?" , "exception" => $e->getMessage());
  32. }
  33. }
  34. }