fix password related

2026-04-23 19:37:23 +08:00 · 2025-10-30 10:28:52 +07:00
parent f1cbb5c3da
commit 3d5e316275
7 changed files with 79 additions and 60 deletions
@@ -6,40 +6,52 @@ if (get_user_class() < UC_ADMINISTRATOR)
 stderr("Error", "Access denied.");
 if ($_SERVER["REQUEST_METHOD"] == "POST")
 {
-	if ($_POST["username"] == "" || $_POST["password"] == "" || $_POST["email"] == "")
-	stderr("Error", "Missing form data.");
-	if ($_POST["password"] != $_POST["password2"])
-	stderr("Error", "Passwords mismatch.");
-	$email = htmlspecialchars(trim($_POST["email"]));
-	$email = safe_email($email);
-	if (!check_email($email))
-	stderr("Error","Invalid email address!");
-	
-	$username = $_POST["username"];
-	
-	if (!validusername($username))
-		stderr("Error","Invalid username.");
-	$username = sqlesc($username);
-	$res = sql_query("SELECT id FROM users WHERE username=$username");
-	$arr = mysql_fetch_row($res);
-	if ($arr)
-		stderr("Error","Username already exists!");
-	$password = $_POST["password"];
-	$email = sqlesc($_POST["email"]);
-	$res = sql_query("SELECT id FROM users WHERE email=$email");
-	$arr = mysql_fetch_row($res);
-	if ($arr)
-		stderr("Error","The e-mail address is already in use.");
-	$secret = mksecret();
-	$passhash = sqlesc(md5($secret . $password . $secret));
-	$secret = sqlesc($secret);
+//	if ($_POST["username"] == "" || $_POST["password"] == "" || $_POST["email"] == "")
+//	stderr("Error", "Missing form data.");
+//	if ($_POST["password"] != $_POST["password2"])
+//	stderr("Error", "Passwords mismatch.");
+//	$email = htmlspecialchars(trim($_POST["email"]));
+//	$email = safe_email($email);
+//	if (!check_email($email))
+//	stderr("Error","Invalid email address!");
+//
+//	$username = $_POST["username"];
+//
+//	if (!validusername($username))
+//		stderr("Error","Invalid username.");
+//	$username = sqlesc($username);
+//	$res = sql_query("SELECT id FROM users WHERE username=$username");
+//	$arr = mysql_fetch_row($res);
+//	if ($arr)
+//		stderr("Error","Username already exists!");
+//	$password = $_POST["password"];
+//	$email = sqlesc($_POST["email"]);
+//	$res = sql_query("SELECT id FROM users WHERE email=$email");
+//	$arr = mysql_fetch_row($res);
+//	if ($arr)
+//		stderr("Error","The e-mail address is already in use.");
+//	$secret = mksecret();
+//	$passhash = sqlesc(md5($secret . $password . $secret));
+//	$secret = sqlesc($secret);
+//
+//	sql_query("INSERT INTO users (added, last_access, secret, username, passhash, status, stylesheet, class,email) VALUES(NOW(), NOW(), $secret, $username, $passhash, 'confirmed', ".$defcss.",".$defaultclass_class.",$email)") or sqlerr(__FILE__, __LINE__);
+//	$res = sql_query("SELECT id FROM users WHERE username=$username");
+//	$arr = mysql_fetch_row($res);
+//	if (!$arr)
+//	stderr("Error", "Unable to create the account. The user name is possibly already taken.");

-	sql_query("INSERT INTO users (added, last_access, secret, username, passhash, status, stylesheet, class,email) VALUES(NOW(), NOW(), $secret, $username, $passhash, 'confirmed', ".$defcss.",".$defaultclass_class.",$email)") or sqlerr(__FILE__, __LINE__);
-	$res = sql_query("SELECT id FROM users WHERE username=$username");
-	$arr = mysql_fetch_row($res);
-	if (!$arr)
-	stderr("Error", "Unable to create the account. The user name is possibly already taken.");
-	header("Location: " . get_protocol_prefix() . "$BASEURL/userdetails.php?id=".htmlspecialchars($arr[0]));
+    try {
+        $userRep = new \App\Repositories\UserRepository();
+        $newUser = $userRep->store([
+            'username' => $_POST['username'],
+            'email' => $_POST['email'],
+            'password' => $_POST['password'],
+            'password_confirmation' => $_POST['password2'],
+        ]);
+    } catch (\Exception $e) {
+        stderr("ERROR", $e->getMessage());
+    }
+	header("Location: " . get_protocol_prefix() . "$BASEURL/userdetails.php?id=".htmlspecialchars($newUser->id));
 	die;
 }
 stdhead("Add user");