web-base/core/Api/User/Create.class.php

78 lines
2.3 KiB
PHP
Raw Normal View History

2020-06-17 14:30:37 +02:00
<?php
namespace Api\User;
use Api\Parameter\StringType;
use \Api\Request;
2020-06-17 19:32:30 +02:00
use Driver\SQL\Condition\Compare;
2020-06-17 14:30:37 +02:00
class Create extends Request {
public function __construct($user, $externalCall = false) {
parent::__construct($user, $externalCall, array(
'username' => new StringType('username', 32),
'email' => new StringType('email', 64, true),
'password' => new StringType('password'),
'confirmPassword' => new StringType('confirmPassword'),
));
$this->csrfTokenRequired = true;
$this->loginRequired = true;
$this->requiredGroup = USER_GROUP_ADMIN;
}
public function execute($values = array()) {
2020-06-17 20:20:31 +02:00
if (!parent::execute($values)) {
2020-06-17 14:30:37 +02:00
return false;
}
2020-06-17 19:32:30 +02:00
$username = $this->getParam('username');
$email = $this->getParam('email');
2020-06-17 20:20:31 +02:00
if (!$this->userExists($username, $email) || !$this->success) {
return false;
2020-06-17 19:32:30 +02:00
}
$password = $this->getParam('password');
$confirmPassword = $this->getParam('confirmPassword');
2020-06-17 20:20:31 +02:00
if ($password !== $confirmPassword) {
2020-06-17 20:26:47 +02:00
return $this->createError("The given passwords do not match.");
2020-06-17 19:32:30 +02:00
}
$this->success = $this->createUser($username, $email, $password);
2020-06-17 14:30:37 +02:00
return $this->success;
}
2020-06-17 19:32:30 +02:00
2020-06-17 20:20:31 +02:00
private function userExists($username, $email) {
$sql = $this->user->getSQL();
$res = $sql->select("User.name", "User.email")
->from("User")
->where(new Compare("User.name", $username), new Compare("User.email", $email))
->execute();
$this->success = ($res !== FALSE);
$this->lastError = $sql->getLastError();
2020-06-17 20:26:47 +02:00
if ($this->success && !empty($res)) {
2020-06-17 20:20:31 +02:00
$row = $res[0];
if (strcasecmp($username, $row['name']) === 0) {
2020-06-17 20:26:47 +02:00
return $this->createError("This username is already taken.");
2020-06-17 20:20:31 +02:00
} else if (strcasecmp($username, $row['email']) === 0) {
2020-06-17 20:26:47 +02:00
return $this->createError("This email address is already in use.");
2020-06-17 20:06:36 +02:00
}
2020-06-17 20:20:31 +02:00
}
2020-06-17 20:06:36 +02:00
2020-06-17 20:20:31 +02:00
return $this->success;
2020-06-17 19:32:30 +02:00
}
2020-06-17 20:20:31 +02:00
private function createUser($username, $email, $password) {
$sql = $this->user->getSQL();
$salt = generateRandomString(16);
$hash = hash('sha256', $password . $salt);
2020-06-17 20:26:47 +02:00
$res = $sql->insert("User", array("name", "password", "salt", "email"))
->addRow($username, $hash, $salt, $email)
->execute();
2020-06-17 20:20:31 +02:00
$this->lastError = $sql->getLastError();
2020-06-17 20:26:47 +02:00
$this->success = ($res !== FALSE);
return $this->success;
2020-06-17 19:32:30 +02:00
}
2020-06-17 14:30:37 +02:00
}