Beispiel #1
0
<?php

require 'dbadapter.php';
require 'validate.php';
if (isset($_POST['username'])) {
    // checks for errors in input fields
    $error = validateCreateUser();
    // add user to database
    if (!$error) {
        // validation successful
        $username = $_POST['username'];
        $email = $_POST['email'];
        $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
        $result = createUser($username, $password, $email);
        if ($result) {
            // user creation successful
            $message = "User Created Successfully";
            echo "<script type='text/javascript'>alert('{$message}'); window.location.href = 'http://localhost/mates/login.php';</script>";
        } else {
            // user creation unsuccessful
            $message = "Sorry, there was an unexpected error. Please try again.";
            echo "<script type='text/javascript'>alert('{$message}');</script>";
        }
    } else {
        // form invalid
        echo "<script type='text/javascript'>alert('{$error}');</script>";
    }
}
Beispiel #2
0
function restRequestSecurity($action, $email, $password, $confirm, $inviteCode)
{
    $securityMsgs = array("bad-invite-code" => "Invite code is missing, expired, or invalid.", "bad-credentials" => "The email address or password you entered is incorrect.", "invalid-email" => "Please enter a valid email address.", "mismatch" => "Passwords do not match.", "user-exists" => "That email address is already in use.", "create-fail" => "Cannot create user.");
    $email = strtolower(trim($email));
    $accountsDb = readAccountsDb();
    $user = array_key_exists($email, $accountsDb->users) ? $accountsDb->users->{$email} : null;
    if ($action === "login") {
        $msg = verifyPassword($user, $password) ? loginUser($email) : $securityMsgs["bad-credentials"];
    } elseif ($action === "create") {
        $msg = validateCreateUser($accountsDb, $email, $password, $confirm, $inviteCode, $securityMsgs);
    } else {
        $msg = "Invalid request.";
    }
    $success = is_null($msg);
    logEvent("security-request", $action, $success, $email, $msg);
    return array("authenticated" => $success, "email" => $email, "message" => $success ? "Success." : $msg);
}