-
Notifications
You must be signed in to change notification settings - Fork 0
/
create-account.php
63 lines (56 loc) · 1.69 KB
/
create-account.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<?php
require_once("util/ALD.php");
require_once("util/db.php");
require_once("modules/HttpException/HttpException.php");
require_once("config/constants.php");
try
{
# check if required data present
if (empty($_POST["user"]) || empty($_POST["mail"]) || empty($_POST["id"]))
{
throw new HttpException(400, NULL, "data missing");
}
$db_connection = db_ensure_connection();
# check if account exists
$db_query = "SELECT * FROM $db_table_user_profile WHERE mail = '$mail' OR id = UNHEX('$id')";
$db_result = mysql_query($db_query, $db_connection);
if (!$db_result)
{
throw new HttpException(500, NULL, mysql_error());
}
if (mysql_num_rows($db_result) > 0)
{
throw new HttpException(409, NULL, "Account already exists");
}
# check if user is correct
$api = new ALD( API_URL );
try
{
$user = $api->getUserById($_POST["id"]);
}
catch (HttpException $e)
{
throw new HttpException(404, NULL, "User not found in backend: '{$e->getMessage()}'.");
}
if ($user["name"] != $_POST["user"] || $user["mail"] != md5($_POST["mail"]))
{
throw new HttpException(400, NULL, "data invalid");
}
# create account
$id = mysql_real_escape_string($_POST["id"]);
$mail = mysql_real_escape_string($_POST["mail"]);
$db_query = "INSERT INTO $db_table_user_profile (id, mail) VALUES (UNHEX('$id'), '$mail')";
$db_result = mysql_query($db_query, $db_connection);
if (!$db_result)
{
throw new HttpException(500, NULL, mysql_error());
}
header("HTTP/1.1 204 " . HttpException::getStatusMessage(204));
exit;
}
catch (HttpException $e)
{
header("HTTP/1.1 {$e->getCode()} " . HttpException::getStatusMessage($e->getCode()));
echo $e->getMessage();
}
?>