Home Esplora Aiuto
Registrati Accedi
CopperWire
/
daktylos
4
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Ramo (Branch): master
Rami (Branch) Tag
daktylos
/
libs
/
AddUserAction.class.php

AddUserAction.class.php 1.7 KB
Permalink Cronologia Originale

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 
  1. <?php
    2. 

  2. class AddUserAction implements IAction {
    3. 

  3. 	public function execute() {
    4. 

  4. 		if(!Authorize::isLoggedIn() || !Authorize::hasPermission()) {
    5. 

  5. 			return array("error" => "Access not authorized");
    6. 

  6. 		}
    7. 

  7. 

  8. 		$username = $_POST['username'] ?? $_GET['username'] ?? "";
    9. 

  9. 		$displayName = $_POST['display_name'] ?? $_GET['display_name'] ?? "";
    10. 

  10. 		$email = $_POST['email'] ?? $_GET['email'] ?? "";
    11. 

  11. 		$password = $_POST['password'] ?? $_GET['password'] ?? "";
    12. 

  12. 		
    13. 

  13. 		//TODO: scrub inputs
    14. 

  14. 		if(empty($username) || empty($displayName) || empty($password)) {
    15. 

  15. 			return array("error" => "One or more required fields missing: username, display_name, password, email");
    16. 

  16. 		}
    17. 

  17. 

  18. 		$passwordHash = hash("sha256", $password);
    19. 

  19. 		
    20. 

  20. 		$sql = "INSERT INTO users (username, password, display_name, email)
    21. 

  21. 		VALUES 
    22. 

  22. 		(:username, :passwordhash, :display_name, :email);";
    23. 

  23. 

  24. 		$db = SqliteDatabase::getSingleton();
    25. 

  25. 		$preparedQuery = $db->prepare($sql);
    26. 

  26. 		$preparedQuery->bindValue(':username', $username);
    27. 

  27. 		$preparedQuery->bindValue(':passwordhash', $passwordHash);
    28. 

  28. 		$preparedQuery->bindValue(':display_name', $displayName);
    29. 

  29. 		$preparedQuery->bindValue(':email', $email);
    30. 

  30. 

  31. 		try {
    32. 

  32. 			$result = $preparedQuery->execute();
    33. 

  33. 

  34. 			$loggerData = array();
    35. 

  35. 			$loggerData['user_added'] = $username;
    36. 

  36. 			$loggerData['admin_display_name'] = $_SESSION['display_name'];
    37. 

  37. 			$loggerData['admin_user_id'] = $_SESSION['user_id'];
    38. 

  38. 			SecurityLogger::action("add-user", $loggerData, time());
    39. 

  39. 			
    40. 

  40. 			return array("status" => "success", "message" => "Added new user '" . $username . "'.");
    41. 

  41. 		}
    42. 

  42. 		catch(Exception $e) {
    43. 

  43. 			return array("error" => "Error when adding user '" . $username. "': possibly duplicate?" , "exception" => $e->getMessage());
    44. 

  44. 		}
    45. 

  45. 		
    46. 

  46. 	}
    47. 

  47. }
    48.