daktylos/libs/AddAccountAction.class.php

<?php
class AddAccountAction implements IAction {
	public function execute() {
		if(!Authorize::isLoggedIn() || !Authorize::hasPermission()) {
			return array("error" => "Access not authorized");
		}

		$subdomain = $_POST['subdomain'] ?? $_GET['subdomain'] ?? "";
		$displayName = $_POST['display_name'] ?? $_GET['display_name'] ?? "";
		
		//TODO: scrub inputs
		if(empty($subdomain) || empty($displayName)) {
			return array("error" => "One or more required fields missing: subdomain, display_name");
		}

		$sql = "INSERT INTO accounts (subdomain, display_name)
		VALUES 
		(:subdomain, :display_name);";

		$db = SqliteDatabase::getSingleton();
		$preparedQuery = $db->prepare($sql);
		$preparedQuery->bindValue(':subdomain', $subdomain);
		$preparedQuery->bindValue(':display_name', $displayName);

		try {
			$result = $preparedQuery->execute();
			$loggerData = array();
			$loggerData['display_name'] = $_SESSION['display_name'];
			$loggerData['user_id'] = $_SESSION['user_id'];
			$loggerData['account_display_name'] = $displayName;
			$loggerData['subdomain'] = $subdomain;
			SecurityLogger::action("create-account", $loggerData, time());	
			return array("status" => "success", "message" => "Added new account '" . $subdomain . "'.");
		}
		catch(Exception $e) {
			return array("error" => "Error when adding account '" . $subdomain. "': possibly duplicate?" , "exception" => $e->getMessage());
		}
	}
}