forked from TDR-1000/KeyAuth-Source-Code
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaccount.php
More file actions
51 lines (40 loc) · 1.5 KB
/
account.php
File metadata and controls
51 lines (40 loc) · 1.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<?php
namespace misc\account;
use misc\etc;
use misc\mysql;
function addAccount($username, $role, $email, $password, $keyLevels, $owner, $name, $permissions)
{
$username = etc\sanitize($username);
$role = etc\sanitize($role);
$email = etc\sanitize($email);
$password = etc\sanitize($password);
$keyLevels = etc\sanitize($keyLevels) ?? "N/A";
$owner = etc\sanitize($owner);
$name = etc\sanitize($name);
$permissions = etc\sanitize($permissions);
if (!in_array($role, array("Manager", "Reseller"))) {
return 'invalid_role';
}
if (is_null($email)) {
return 'invalid_email';
}
$pass_encrypted = password_hash($password, PASSWORD_BCRYPT);
$user_check = mysql\query("SELECT `username` FROM `accounts` WHERE `username` = ?", [$username]);
if ($user_check->num_rows > 0) {
return 'username_taken';
}
$email_check = mysql\query("SELECT `username` FROM `accounts` WHERE `email` = SHA1(?)", [$email]);
if ($email_check->num_rows > 0) {
return 'email_taken';
}
if ($permissions <= 0 || !is_numeric($permissions)) { // Manager users must have access to at least one page
return 'invalid_perms';
}
$permissions = decbin($permissions);
$query = mysql\query("INSERT INTO `accounts` (`username`, `email`, `password`, `role`, `app`, `owner`, `balance`, `keylevels`, `permissions`) VALUES (?, SHA1(?), ?, ?, ?, ?, '0|0|0|0|0|0', ?, b'$permissions')", [$username, $email, $pass_encrypted, $role, $name, $owner, $keyLevels]);
if ($query->affected_rows > 0) {
return 'success';
} else {
return 'failure';
}
}