Subversion Repositories portal2

Rev

Rev 690 | Blame | Compare with Previous | Last modification | View Log | RSS feed

<?php
/*  emg - Energy Monitoring & Graphing
*  Copyright (C) 2006-2012 Romain Lievin
*
*  This program is free software; you can redistribute it and/or modify
*  it under the terms of the GNU General Public License as published by
*  the Free Software Foundation; either version 3 of the License, or
*  (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software Foundation,
*  Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/

?>

<?php

$form_token = md5(uniqid('auth', true));
$_SESSION['form_token'] = $form_token;

//var_dump($_COOKIE);

$error = new Error();
$form_adduser_username = '';
$form_adduser_password = '';
$form_adduser_email    = '';

if(isset($_POST['form_adduser_submit']))
{
        if(!isset($_POST['form_adduser_username']))
        {
                $error->push(_('Username is empty.'));
        }
        elseif(strlen( $_POST['form_adduser_username']) > 20 || strlen($_POST['form_adduser_username']) < 4)
        {
                $error->push(_('Username must have [4-20] characters.'));
        }
        elseif(ctype_alnum($_POST['form_adduser_username']) != true)
        {
                $error->push(_('Username must be alpha numeric.'));
        }
        else
        {
                $form_adduser_username = filter_var($_POST['form_adduser_username'], FILTER_SANITIZE_STRING);
        }

        if(!isset($_POST['form_adduser_password']))
        {
                $error->push(_('Password is empty.'));
        }
        elseif(strlen( $_POST['form_adduser_password']) > 20 || strlen($_POST['form_adduser_password']) < 4)
        {
                $error->push(_('Password must have [4-20] characters.'));
        }
        elseif(ctype_alnum($_POST['form_adduser_password']) != true)
        {
                $error->push(_('Password must be alpha numeric.'));
        }
        else
        {
                $form_adduser_password = filter_var($_POST['form_adduser_password'], FILTER_SANITIZE_STRING);
        }

        if(!isset( $_POST['form_adduser_email']))
        {
                $error->push(_('E-mail address is empty.'));
        }
        elseif(!filter_var($_POST['form_adduser_email'], FILTER_VALIDATE_EMAIL))
        {
                $error->push(_('E-mail address is not valid.'));
        }
        else
        {
                $form_adduser_email = filter_var($_POST['form_adduser_email'],    FILTER_SANITIZE_EMAIL);
        }

        if(isset($form_adduser_username, $form_adduser_password, $form_adduser_email))
        {
                $form_adduser_username     = filter_var($_POST['form_adduser_username'], FILTER_SANITIZE_STRING);
                $form_adduser_password     = filter_var($_POST['form_adduser_password'], FILTER_SANITIZE_STRING);
                $form_adduser_email        = filter_var($_POST['form_adduser_email'],    FILTER_SANITIZE_EMAIL);

                $form_adduser_password_sha = sha1($form_adduser_password);

                if(file_exists('auth/login.txt'))
                {
                        $error->push(_('Account already exists.'));
                }
                else
                {
                        $handle = fopen('auth/login.txt', 'wt');
                        if($handle === false)
                        {
                                $error->push(_('Unable to open password database.'));
                        }
                        else
                        {
                                fprintf($handle, "%s\n", 1);
                                fprintf($handle, "%s\n", $form_adduser_username);
                                fprintf($handle, "%s\n", $form_adduser_password_sha);
                                fprintf($handle, "%s\n", $form_adduser_email);
                                fclose($handle);

                                unset( $_SESSION['form_token'] );                      
                               
                                $error->push(_('Account created.'));
                        }
                }
        }
}
else
{
        if(file_exists('auth/login.txt'))
        {
                $error->push(_('Account already exists.'));
        }
        else
        {
                $error->push('');
        }
}
?>

<div id="page_auth_adduser">
        <h1>
                <?php echo _('Create account'); ?>
        </h1>

        <?php
        $id = link_get_id_from_filename("auth_adduser.php");
        echo "<form action=\"index.php?id_page=$id\" method=\"post\">";
        ?>
        <fieldset>
                <legend>
                        <?php echo _('Information'); ?>
                </legend>

                <label for="form_adduser_username">
                        <?php echo _('Username'); ?>:
                </label>
                <input type="text" id="form_adduser_username" name="form_adduser_username" value="<?php echo $form_adduser_username; ?>" maxlength="20" />
                <br/>

                <label for="form_adduser_password">
                        <?php echo _('Password'); ?>:
                </label>
                <input type="text" id="form_adduser_password" name="form_adduser_password" value="<?php echo $form_adduser_password; ?>" maxlength="20" />
                <br/>

                <label for="form_adduser_email">
                        <?php echo _('E-mail'); ?>:
                </label>
                <input type="text" id="form_adduser_email" name="form_adduser_email" value="<?php echo $form_adduser_email; ?>" maxlength="30" />
                <br/>

                <hr/>
                <div class="buttons">
                        <input type="hidden" name="form_token" value="<?php echo $form_token; ?>" />
                        <input type="submit" name="form_adduser_submit" value=<?php echo _('Add'); ?> id="form_adduser_submit" alt="create" />
                </div>

        </fieldset>
        </form>

        <?php
                echo $error->display();
        ?>

</div>