trinkey/tlm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tlm/signup.php
trinkey d8c35856de admin page + invite codes
2025-03-27 13:06:13 -04:00

131 lines
4.3 KiB
PHP
Raw Permalink Blame History

<?php
include "config.php";
include "helper.php";
if ($signups === false) {
http_response_code(404);
exit();
}
if (is_logged_in()) {
header("Location: index.php");
exit();
}
$u = "";
$p = "";
if ($_SERVER["REQUEST_METHOD"] === "POST") {
$u = strtolower(str_replace(" ", "", $_POST["username"]));
$p = $_POST["password"];
$v = $_POST["verify"];
if ($v != $p) {
$err = $lang["account"]["errors"]["password_match"];
} else if (!($u && $p && $v)) {
$err = $lang["account"]["errors"]["bad_request"];
} else if (strlen($u) > 64 || strlen($u) === 0) {
$err = $lang["account"]["errors"]["username_length"];
} else if (!preg_match("/^[a-z0-9_-]{1,64}$/", $u)) {
$err = $lang["account"]["errors"]["username_characters"];
} else {
$query = "SELECT count(*) FROM users WHERE username='$u' LIMIT 1;";
$response = pg_query($db, $query);
$c = pg_fetch_array($response)["count"];
if ($c === "0") {
$allow_signup = true;
if ($signups === "invite") {
$invite_code = $_POST["invite"];
if (strlen($invite_code) !== 64 || !preg_match("/^[a-f0-9]{64}$/", $invite_code)) {
$allow_signup = false;
$err = $lang["account"]["errors"]["invalid_invite"];
} else {
$q = "SELECT count(*) FROM invites WHERE id='$invite_code' LIMIT 1;";
$invite_valid = pg_fetch_array(pg_query($db, $q))["count"] === "1";
echo json_encode(pg_fetch_array(pg_query($db, $q)));
if (!$invite_valid) {
$allow_signup = false;
$err = $lang["account"]["errors"]["invalid_invite"];
} else {
$q = "DELETE FROM invites WHERE id='$invite_code';";
pg_query($db, $q);
}
}
}
if ($allow_signup) {
$user_id = generate_id();
$pw_hash = password_hash($p, PASSWORD_DEFAULT);
$user_parameters = array(
"id" => $user_id,
"username" => $u,
"password_hash" => $pw_hash,
"enable_colors" => true,
"yellow_threshold" => 2,
"gray_threshold" => 60
);
pg_insert($db, "users", $user_parameters);
foreach ($default_schema as $section_id => $section_data) {
$section_id = generate_id();
$section_parameters = array(
"id" => $section_id,
"users" => $user_id,
"name" => $section_data["name"],
"show_subtitle" => $section_data["show_subtitle"]
);
pg_insert($db, "section", $section_parameters);
foreach ($section_data["items"] as $row_id => $row_data) {
$row_id = generate_id();
$row_parameters = array(
"id" => $row_id,
"section" => $section_id,
"name" => $row_data["name"],
"display_format" => $row_data["display_format"]
);
pg_insert($db, "row", $row_parameters);
}
}
$token = get_token($u, $pw_hash);
setcookie(
"token", $token,
time() + 60 * 60 * 24 * 365 // 1 year from now
);
header("Location: index.php");
exit();
}
} else {
$err = str_replace("%u", htmlspecialchars($u), $lang["account"]["errors"]["user_exists"]);
}
}
}
$title = $lang["account"]["sign_up"];
include "boilerplate/head.php";
?>
<form method="POST">
<div><input placeholder="<?php echo $lang["account"]["username"]; ?>" name="username" value="<?php echo htmlspecialchars($u); ?>" maxlength="64" required></div>
<div><input placeholder="<?php echo $lang["account"]["password"]; ?>" name="password" type="password" value="<?php echo htmlspecialchars($p); ?>" required></div>
<div><input placeholder="<?php echo $lang["account"]["verify"]; ?>" name="verify" type="password" required></div>
<?php
if ($signups === "invite") {
echo "<div><input placeholder=\"{$lang['account']['invite']}\" name=\"invite\" type=\"password\" maxlength=\"64\" required></div>";
}
?>
<div><input type="submit" value="<?php echo $lang["account"]["sign_up"]; ?>"></div>
<p><a href="login.php"><?php echo $lang["account"]["log_in_instead"]; ?></a></p>
</form>
<?php
include "boilerplate/foot.php";
?>
Reference in a new issue View git blame Copy permalink