59 lines
1.3 KiB
PHP
59 lines
1.3 KiB
PHP
<?php
|
|
|
|
use Nickyeoman\Validation;
|
|
|
|
$validate = new Validation\Validate();
|
|
$valid = true;
|
|
$p = $post->all();
|
|
|
|
// Check secure key
|
|
if (empty($p['secure_key']) || $p['secure_key'] !== $config['secure_key']) {
|
|
$valid = false;
|
|
}
|
|
|
|
// Username
|
|
$name = $validate->clean($p['username']);
|
|
if (!$validate->minLength($name, 1)) {
|
|
$valid = false;
|
|
}
|
|
|
|
// Email
|
|
if (empty($p['email'])) {
|
|
$valid = false;
|
|
} elseif (!$validate->isEmail($p['email'])) {
|
|
$valid = false;
|
|
}
|
|
|
|
// Password
|
|
if (empty($p['password'])) {
|
|
$valid = false;
|
|
} else {
|
|
// Use pepper + Argon2id
|
|
$peppered = hash_hmac('sha3-512', $p['password'], $config['secure_key']);
|
|
$hashed_password = password_hash($peppered, PASSWORD_ARGON2ID);
|
|
}
|
|
|
|
if ($valid) {
|
|
// Insert user
|
|
$query = <<<EOSQL
|
|
INSERT INTO `users`
|
|
(`username`, `password`, `email`, `validate`, `confirmationToken`, `reset`, `created`, `updated`, `confirmed`, `blocked`)
|
|
VALUES
|
|
(?, ?, ?, NULL, NULL, NULL, NOW(), NOW(), 1, 0);
|
|
EOSQL;
|
|
|
|
$params = [$name, $hashed_password, $p['email']];
|
|
$db->query($query, $params);
|
|
$userid = $db->lastid();
|
|
|
|
// Assign admin group
|
|
$groupInsertQuery = <<<EOSQL
|
|
INSERT INTO `user_groups` (`user_id`, `groupName`) VALUES (?, ?);
|
|
EOSQL;
|
|
|
|
$db->query($groupInsertQuery, [$userid, 'admin']);
|
|
}
|
|
|
|
// Always redirect at end
|
|
$redirect->url('/novaconium');
|