From daba18d1d001296a81e8502b0f479f010530def5 Mon Sep 17 00:00:00 2001
From: BodgeMaster <>
Date: Wed, 19 Feb 2020 16:10:06 +0100
Subject: [PATCH] started implementation of signup

---
 threadr/signup/index.html   |  2 +-
 threadr/signup/redirect.php | 51 +++++++++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+), 1 deletion(-)

diff --git a/threadr/signup/index.html b/threadr/signup/index.html
index b04d583..e6a8e54 100644
--- a/threadr/signup/index.html
+++ b/threadr/signup/index.html
@@ -23,7 +23,7 @@
       <div class="item-2 round-border">
         <p>Sign Up:</p>
         <form action="%CONTENT_DIR%/signup/redirect.php" method="post">
-          <p>Benutzername: <input type="text" name="user" placeholder="Benutzername"/> </p>
+          <p>Benutzername: <input type="text" name="username" placeholder="Benutzername"/> </p>
           <p>E-Mail: <input type="text" name="email" placeholder="yeet@example.com"/> </p>
           <p>Passwort: <input type="password" name="password" placeholder="Passwort"/> </p>
           <p>Passwort best&auml;tigen: <input type="password" name="pass" placeholder="Passwort best&auml;tigen"/> </p>
diff --git a/threadr/signup/redirect.php b/threadr/signup/redirect.php
index e69de29..adbd8cf 100644
--- a/threadr/signup/redirect.php
+++ b/threadr/signup/redirect.php
@@ -0,0 +1,51 @@
+<?php
+  //permitted chars for password salt
+  $permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ&/()[]$:?_';
+
+  //generates password salt
+  function generate_salt($input, $strength = 5) {
+    $input_length = strlen($input);
+    $random_string = '';
+    for($i = 0; $i < $strength; $i++) {
+      $random_character = $input[random_int(0, $input_length - 1)];
+      $random_string .= $random_character;
+    }
+    return $random_string;
+  }
+
+  $random_salt = generate_salt($permitted_chars);
+  $password_hash_method = "sha256";
+
+  $pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+  //TODO: Add check for existing users
+  //$query = "SELECT name FROM users WHERE name = :username;"; ← Do NOT use.
+
+  //error indicator for later use
+  $error = false;
+
+  $error_message = "";
+  if ($_POST['username']=='' || $_POST['password']=='' || $_POST['password_confirmation']=='') {
+    $error = true;
+    //TODO: Return redirect header, change index to php for handling highlighting of affected boxes
+    $error_message = "Error: Not all values populated.";
+  }
+  if ($_POST['password'] != $_POST['password_confirmation']) {
+    $error = true;
+    //TODO: see above
+    $error_message = "Error: How much does password?"; //Sorry, I *had* to do it.
+  }
+  //run only after basic user sanity checks
+  if (!$error) {
+    //add user
+    $statement = $pdo->prepare('INSERT INTO users (name, authentication_string, authentication_salt, authentication_algorithm) VALUES (:name, :authentication_string, :authentication_salt, :authentication_algorithm)');
+    $result = $statement->execute(array('name' => $_POST['name'], 'authentication_string' => hash($password_hash_method, $_POST['password'] . $random_salt), 'authentication_salt' => $random_salt, 'authentication_algorithm' => $password_hash_method));
+    if (!$result) {
+      $error_message = "Error: SQL error.\n" . $statement->queryString . "\n" . $statement->errorInfo()[2];
+    }
+  }
+  //You know, just in case... (To be removed after proper error handling is in place)
+  echo $error_message;
+?>
+    </form>
+  </body>
+</html>