Project-Management/CreateUser.php at master · xyious/Project-Management · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
<?php
session_start();
if (!isset($_SESSION['IP'])) {	$_SESSION['IP'] = $_SERVER['REMOTE_ADDR']; }
if (!isset($_SESSION['Logged_In'])) { $_SESSION['Logged_In'] = 0; }
?>
<!doctype html>
<head>
<title>Neuen Benutzer Erstellen</title>
<link rel="stylesheet" href="include/body.css" type="text/css">
</head>
<body>
<?php
include "include/PDOConnect.php";
include "include/pbkdf2.php";

$Error = 1;
if (isset($_POST['submitted']) && $_POST['submitted'] == 1) {
	$Error = 0;
	if (!($_SESSION['Logged_In'] && ($_SESSION['IP'] == $_SERVER['REMOTE_ADDR']))) {
		echo "Sie sind nicht eingeloggt!<br><a href='/Project/Login.php?previous=" . $_SERVER['PHP_SELF'] . "'>Login</a>";
	} else {
		if (!(preg_match("/^[a-zA-Z]/", $_POST['Username']) == 1)) {
			echo "Benutzername muss mit Buchstaben anfangen!<br>";
			$Error++;
		}
		if (!(preg_match("/[a-zA-Z]/", $_POST['Displayname']) == 1)) {
			echo "Name muss Text sein!<br>";
			$Error++;
		}
		if ($Error == 0) {
			$Password = create_hash($_POST['Password'], $_POST['Username']);
			$query = $connection->prepare("INSERT INTO users (username, displayname, email, password) VALUES (:username, :displayname, :email, :password)");
			$query->bindParam(':username', $_POST['Username'], PDO::PARAM_STR);
			$query->bindParam(':displayname', $_POST['Displayname'], PDO::PARAM_STR);
			$query->bindParam(':email', $_POST['Email'], PDO::PARAM_STR);
			$query->bindParam(':password', $Password, PDO::PARAM_STR);
			$query->execute();
			if ($connection->lastInsertId() > 0) {
				echo "Benutzer wurde erstellt, Name: " . $_POST['Displayname'] . "<br>Benutzername: " . $_POST['Usernrame'] . "<br>Passwort Hash: " . $Password . "<br>";
			}
		}
	}
}
if ($Error > 0) {
	include "include/CreateUserForm.php";
}
?>
</body>
</html>