1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
<?php
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/accounts.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/alert.php";
if (authorize_user()) {
header("Location: /account");
exit;
}
if (!CONFIG['account']['registration']) {
generate_alert("/404.php", "Account registration is disabled", 403);
exit;
}
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/partials.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/config.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/utils.php";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (!isset($_POST["username"], $_POST["password"])) {
generate_alert("/account/register.php", "Not enough POST fields");
exit;
}
$username = $_POST["username"];
$username_length = strlen($username);
if (CONFIG['account']['minusernamelength'] > $username_length || $username_length > CONFIG['account']['maxusernamelength']) {
generate_alert("/account/register.php", sprintf("Username must be between %d-%d characters long", CONFIG['account']['minusernamelength'], CONFIG['account']['maxusernamelength']));
exit;
}
if (!preg_match(CONFIG['account']['regex'], $username)) {
generate_alert("/account/register.php", "Bad username");
exit;
}
$password = $_POST["password"];
if (CONFIG['account']['minpasswordlength'] > strlen($password)) {
generate_alert("/account/register.php", "Password must be at least " . CONFIG['account']['minpasswordlength'] . " characters");
exit;
}
$db = new PDO(CONFIG['database']['url'], CONFIG['database']['user'], CONFIG['database']['pass']);
$stmt = $db->prepare("SELECT id FROM users WHERE username = ?");
$stmt->execute([$username]);
if ($stmt->rowCount() != 0) {
generate_alert("/account/register.php", "The username has already been taken");
exit;
}
$secret_key = generate_random_string(CONFIG['account']['secretkeylength']);
$password = password_hash($password, PASSWORD_DEFAULT);
$id = bin2hex(random_bytes(16));
$stmt = $db->prepare("INSERT INTO users(id, username, password, secret_key) VALUES (?, ?, ?, ?)");
$stmt->execute([$id, $username, $password, $secret_key]);
setcookie("secret_key", $secret_key, time() + CONFIG['account']['maxcookielifetime'], "/");
header("Location: /account");
exit;
}
?>
<html>
<head>
<title>Register an account - <?= CONFIG['instance']['name'] ?></title>
<link rel="stylesheet" href="/static/style.css">
<link rel="shortcut icon" href="/static/favicon.ico" type="image/x-icon">
</head>
<body>
<div class="container">
<div class="wrapper">
<?php html_navigation_bar(); ?>
<section class="content" style="width: 400px;">
<?php display_alert() ?>
<section class="box">
<div class="box navtab">
<p>Register an account in <?= CONFIG['instance']['name'] ?></p>
</div>
<div class="box content">
<form action="/account/register.php" method="post">
<div>
<label for="username">Username</label>
<input type="text" name="username" id="form-username" required>
</div>
<div>
<label for="password">Password</label>
<input type="password" name="password" id="form-password" required>
</div>
<div>
<button type="submit">Register</button>
</div>
</form>
<p style="font-size: 12px;">
Since <?= CONFIG['instance']['name'] ?> doesn't require email and password reset via
email is
not supported, please remember your passwords!
</p>
</div>
</section>
</section>
</div>
</div>
</body>
</html>
|
