forked from root/threadr.lostcave.ddnss.de
started implementation of signup
parent
e86f6cc59b
commit
daba18d1d0
|
@ -23,7 +23,7 @@
|
||||||
<div class="item-2 round-border">
|
<div class="item-2 round-border">
|
||||||
<p>Sign Up:</p>
|
<p>Sign Up:</p>
|
||||||
<form action="%CONTENT_DIR%/signup/redirect.php" method="post">
|
<form action="%CONTENT_DIR%/signup/redirect.php" method="post">
|
||||||
<p>Benutzername: <input type="text" name="user" placeholder="Benutzername"/> </p>
|
<p>Benutzername: <input type="text" name="username" placeholder="Benutzername"/> </p>
|
||||||
<p>E-Mail: <input type="text" name="email" placeholder="yeet@example.com"/> </p>
|
<p>E-Mail: <input type="text" name="email" placeholder="yeet@example.com"/> </p>
|
||||||
<p>Passwort: <input type="password" name="password" placeholder="Passwort"/> </p>
|
<p>Passwort: <input type="password" name="password" placeholder="Passwort"/> </p>
|
||||||
<p>Passwort bestätigen: <input type="password" name="pass" placeholder="Passwort bestätigen"/> </p>
|
<p>Passwort bestätigen: <input type="password" name="pass" placeholder="Passwort bestätigen"/> </p>
|
||||||
|
|
|
@ -0,0 +1,51 @@
|
||||||
|
<?php
|
||||||
|
//permitted chars for password salt
|
||||||
|
$permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ&/()[]$:?_';
|
||||||
|
|
||||||
|
//generates password salt
|
||||||
|
function generate_salt($input, $strength = 5) {
|
||||||
|
$input_length = strlen($input);
|
||||||
|
$random_string = '';
|
||||||
|
for($i = 0; $i < $strength; $i++) {
|
||||||
|
$random_character = $input[random_int(0, $input_length - 1)];
|
||||||
|
$random_string .= $random_character;
|
||||||
|
}
|
||||||
|
return $random_string;
|
||||||
|
}
|
||||||
|
|
||||||
|
$random_salt = generate_salt($permitted_chars);
|
||||||
|
$password_hash_method = "sha256";
|
||||||
|
|
||||||
|
$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
|
||||||
|
//TODO: Add check for existing users
|
||||||
|
//$query = "SELECT name FROM users WHERE name = :username;"; ← Do NOT use.
|
||||||
|
|
||||||
|
//error indicator for later use
|
||||||
|
$error = false;
|
||||||
|
|
||||||
|
$error_message = "";
|
||||||
|
if ($_POST['username']=='' || $_POST['password']=='' || $_POST['password_confirmation']=='') {
|
||||||
|
$error = true;
|
||||||
|
//TODO: Return redirect header, change index to php for handling highlighting of affected boxes
|
||||||
|
$error_message = "Error: Not all values populated.";
|
||||||
|
}
|
||||||
|
if ($_POST['password'] != $_POST['password_confirmation']) {
|
||||||
|
$error = true;
|
||||||
|
//TODO: see above
|
||||||
|
$error_message = "Error: How much does password?"; //Sorry, I *had* to do it.
|
||||||
|
}
|
||||||
|
//run only after basic user sanity checks
|
||||||
|
if (!$error) {
|
||||||
|
//add user
|
||||||
|
$statement = $pdo->prepare('INSERT INTO users (name, authentication_string, authentication_salt, authentication_algorithm) VALUES (:name, :authentication_string, :authentication_salt, :authentication_algorithm)');
|
||||||
|
$result = $statement->execute(array('name' => $_POST['name'], 'authentication_string' => hash($password_hash_method, $_POST['password'] . $random_salt), 'authentication_salt' => $random_salt, 'authentication_algorithm' => $password_hash_method));
|
||||||
|
if (!$result) {
|
||||||
|
$error_message = "Error: SQL error.\n" . $statement->queryString . "\n" . $statement->errorInfo()[2];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
//You know, just in case... (To be removed after proper error handling is in place)
|
||||||
|
echo $error_message;
|
||||||
|
?>
|
||||||
|
</form>
|
||||||
|
</body>
|
||||||
|
</html>
|
Loading…
Reference in New Issue