<?php
require 'dbadapter.php';
require 'validate.php';
if (isset($_POST['username'])) {
// checks for errors in input fields
$error = validateCreateUser();
// add user to database
if (!$error) {
// validation successful
$username = $_POST['username'];
$email = $_POST['email'];
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$result = createUser($username, $password, $email);
if ($result) {
// user creation successful
$message = "User Created Successfully";
echo "<script type='text/javascript'>alert('{$message}'); window.location.href = 'http://localhost/mates/login.php';</script>";
} else {
// user creation unsuccessful
$message = "Sorry, there was an unexpected error. Please try again.";
echo "<script type='text/javascript'>alert('{$message}');</script>";
}
} else {
// form invalid
echo "<script type='text/javascript'>alert('{$error}');</script>";
}
}
function restRequestSecurity($action, $email, $password, $confirm, $inviteCode)
{
$securityMsgs = array("bad-invite-code" => "Invite code is missing, expired, or invalid.", "bad-credentials" => "The email address or password you entered is incorrect.", "invalid-email" => "Please enter a valid email address.", "mismatch" => "Passwords do not match.", "user-exists" => "That email address is already in use.", "create-fail" => "Cannot create user.");
$email = strtolower(trim($email));
$accountsDb = readAccountsDb();
$user = array_key_exists($email, $accountsDb->users) ? $accountsDb->users->{$email} : null;
if ($action === "login") {
$msg = verifyPassword($user, $password) ? loginUser($email) : $securityMsgs["bad-credentials"];
} elseif ($action === "create") {
$msg = validateCreateUser($accountsDb, $email, $password, $confirm, $inviteCode, $securityMsgs);
} else {
$msg = "Invalid request.";
}
$success = is_null($msg);
logEvent("security-request", $action, $success, $email, $msg);
return array("authenticated" => $success, "email" => $email, "message" => $success ? "Success." : $msg);
}
