function createUser($userType, $email, $password, $confirmPassword, $firstname, $lastname)
{
$return = returnValue();
// check for empty fields
if (empty($firstname) || empty($lastname)) {
$return->value = false;
$return->msg = "Firstname or lastname is empty";
return $return;
}
//Whitelist name/surname fields
if (!cleanInput($firstname)) {
$return->value = false;
$return->msg = "Invalid First Name";
return $return;
}
if (!cleanInput($lastname)) {
$return->value = false;
$return->msg = "Invalid Last Name";
return $return;
}
// check password meets complexity requirement
if (!checkPasswordComplexity($password)) {
$return->value = false;
$return->msg = "Password must be between 8-20 chars, have upper and lower case, as well as digit";
return $return;
}
// validate email format
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$return->value = false;
$return->msg = "Invalid email format";
return $return;
}
// check if usertype is among valid values
if ($userType !== "E" && $userType !== "C") {
$return->value = false;
$return->msg = "Invalid user type";
return $return;
}
// check if passwords match
if ($password !== $confirmPassword) {
$return->value = false;
$return->msg = "Passwords do not match";
return $return;
}
$password = hash('sha256', $password);
getDBCredentials('R');
$insert = insertUser($userType, $email, $password, $firstname, $lastname);
// check if db operation failed
if (!$insert) {
$return->value = false;
$return->msg = "DB insert operation failed";
return $return;
}
$return->value = true;
$return->msg = "Registration successful";
return $return;
}
function checkChangePassword($element, $value)
{
if (!empty($value)) {
return checkPasswordComplexity($element, $value);
} else {
return true;
}
}
