/** * create a user * @param array $post your post-variable <br /> * it must contain<br /> * password<br /> * password2<br /> * username<br /> * role<br /> * name<br /> * @param unknown_type $connection */ public static function registerUser($post, $connection) { if (!empty($post) && $GLOBALS['registration']) { if ($post['registerPassword'] == $post['registerPassword2'] && !empty($post['registerEmail']) && usertools::passwordRequirements($post['registerPassword'], $GLOBALS["min_password_length"], $GLOBALS["password_need_specialchars"])) { if (!usertools::userExists($post['registerUsername'], $connection)) { try { $password = hash($GLOBALS["password_hash"], $post['registerPassword']); // TODO check for specialchars! $datetime = new DateTime($GLOBALS["timezone"]); $connection->exec("INSERT INTO user (`username`, `password`, `lastlogin`, `lastip`) VALUES ('" . $post['registerUsername'] . "', '" . $password . "', '" . $datetime->format('Y-m-d ') . "', '" . getenv('REMOTE_ADDR') . "');"); $userid = $connection->lastInsertId(); $connection->exec("INSERT INTO user_customfields (`cf_uid`, `cf_key`, `cf_value`) VALUES ('" . $userid . "', 'E-Mail', '" . $post[registerEmail] . "');"); if (!empty($GLOBALS["defaultRole"])) { $roleid = usertools::getIdFromRole($GLOBALS["defaultRole"], $connection); $connection->exec("INSERT INTO user_role (`ur_uid`, `ur_rid`) VALUES ('" . $userid . "', '" . $roleid . "');"); } return "0"; } catch (Exception $e) { return "Error is happend: " . $e; } } else { return "User does already exist"; } } else { return "Something is strange with your password. Remember: <br /> It needs at least " . $GLOBALS["min_password_length"] . " signs<br />You should type two passwords which are the same (to confirm)"; } } else { return "Corrupt post-data or registration is disabled. Do you try to hack? Fool!"; } }