started implementation of signup

2020-02-19 16:10:06 +01:00 · 2020-02-19 16:10:06 +01:00 · daba18d1d0
parent e86f6cc59b
commit daba18d1d0
2 changed files with 52 additions and 1 deletions
--- a/threadr/signup/index.html
+++ b/threadr/signup/index.html
@ -23,7 +23,7 @@
      <div class="item-2 round-border">
        <p>Sign Up:</p>
        <form action="%CONTENT_DIR%/signup/redirect.php" method="post">
-          <p>Benutzername: <input type="text" name="user" placeholder="Benutzername"/> </p>
+          <p>Benutzername: <input type="text" name="username" placeholder="Benutzername"/> </p>
          <p>E-Mail: <input type="text" name="email" placeholder="yeet@example.com"/> </p>
          <p>Passwort: <input type="password" name="password" placeholder="Passwort"/> </p>
          <p>Passwort best&auml;tigen: <input type="password" name="pass" placeholder="Passwort best&auml;tigen"/> </p>
--- a/threadr/signup/redirect.php
+++ b/threadr/signup/redirect.php
@ -0,0 +1,51 @@
+<?php
+  //permitted chars for password salt
+  $permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ&/()[]$:?_';
+
+  //generates password salt
+  function generate_salt($input, $strength = 5) {
+    $input_length = strlen($input);
+    $random_string = '';
+    for($i = 0; $i < $strength; $i++) {
+      $random_character = $input[random_int(0, $input_length - 1)];
+      $random_string .= $random_character;
+    }
+    return $random_string;
+  }
+
+  $random_salt = generate_salt($permitted_chars);
+  $password_hash_method = "sha256";
+
+  $pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+  //TODO: Add check for existing users
+  //$query = "SELECT name FROM users WHERE name = :username;"; ← Do NOT use.
+
+  //error indicator for later use
+  $error = false;
+
+  $error_message = "";
+  if ($_POST['username']=='' || $_POST['password']=='' || $_POST['password_confirmation']=='') {
+    $error = true;
+    //TODO: Return redirect header, change index to php for handling highlighting of affected boxes
+    $error_message = "Error: Not all values populated.";
+  }
+  if ($_POST['password'] != $_POST['password_confirmation']) {
+    $error = true;
+    //TODO: see above
+    $error_message = "Error: How much does password?"; //Sorry, I *had* to do it.
+  }
+  //run only after basic user sanity checks
+  if (!$error) {
+    //add user
+    $statement = $pdo->prepare('INSERT INTO users (name, authentication_string, authentication_salt, authentication_algorithm) VALUES (:name, :authentication_string, :authentication_salt, :authentication_algorithm)');
+    $result = $statement->execute(array('name' => $_POST['name'], 'authentication_string' => hash($password_hash_method, $_POST['password'] . $random_salt), 'authentication_salt' => $random_salt, 'authentication_algorithm' => $password_hash_method));
+    if (!$result) {
+      $error_message = "Error: SQL error.\n" . $statement->queryString . "\n" . $statement->errorInfo()[2];
+    }
+  }
+  //You know, just in case... (To be removed after proper error handling is in place)
+  echo $error_message;
+?>
+    </form>
+  </body>
+</html>