Updated user create functions and signuppage

classes/alter.class.php

@@ -61,8 +61,27 @@ class Alter {
         header('Location: ' . Config::$sys_url . '?page=eventadmin');
         die("Error, please enable browser redirects.");
     }
-
-    public static function addUser($username, $password, $realname, $mail, $level) {
+    
+    public static function addUser($username, $password, $realname, $mail, $level) {  
+        if (Get::checkExists($username)) { // check if user exists
+            // ERROR USER EXISTS
+            die();
+        }
+        
+        // lets check the variables
+        
+        if (strlen($username) < 3) { die(); }
+        elseif (strlen($password) < 5) { die(); }
+        elseif (strlen($realname) < 5) { die(); }
+        elseif (strlen($mail) < 5) { die(); }
+        // Now we know everything contains something.
+        // Time to sanitize!
+        
+        $username = filter_var($username, FILTER_SANITIZE_STRING);
+        $realname = filter_var($realname, FILTER_SANITIZE_STRING);
+        $mail = filter_var($mail, FILTER_SANITIZE_EMAIL);
+        // Gr8, we are sanitized. We dont sanitize password, as we hash it anyway using argon2
+        
         $db = new DBClass();
         $sql = "INSERT INTO `users` (`id`, `realname`, `username`, `password`, `email`, `level`) VALUES (NULL, '$realname', '$username', '" . User::hashPass($password) . "', '$mail', '$level');";
         return $db->query($sql);

classes/get.class.php

@@ -78,5 +78,15 @@ class Get {
         $sql = "SELECT * FROM `events` ORDER BY `id` DESC LIMIT 5";
         return $db->fetchAll($db->query($sql));
     }
+    
+    
+    /* Login and user functions */
 
+    public static function checkExists($name) {
+        // Checks if username already is in db, if not return false, if it exists return true
+        $db = new DBClass();
+        $sql = "SELECT * FROM `" . Config::$db_tableusers . "` WHERE `username` = '$name'";
+        if ($db->numRows($db->query($sql)) != 1) { return false; } else { return true; }
+    }
+    
 }

content/signup.php

@@ -6,6 +6,10 @@ $setup['keywords'] = "opret,bruger,signup";
 $setup['description'] = "Opret dig som bruger hos Odense Track";
 
 Design::header($setup, 0);
+
+if (isset($_POST['username'])) {
+    Alter::addUser($_POST['username'],$_POST['password'],$_POST['realname'],$_POST['mail'],25);
+}
 ?>
 
 <div class="page">
@@ -14,10 +18,10 @@ Design::header($setup, 0);
     <br />
 
     <div class="contactform">
-        <form method="POST" action="?page=contact">
+        <form method="POST" action="?page=signup">
             <div class="form-control">
                 <label>Brugernavn: </label>
-                <input class="inputfield"  type="text" name="name" placeholder="Brugernavn" required minlength="5" />
+                <input class="inputfield"  type="text" name="username" placeholder="Brugernavn" required minlength="3" />
             </div>
             <div class="form-control">
                 <label>Password: </label>
@@ -25,7 +29,7 @@ Design::header($setup, 0);
             </div>
             <div class="form-control">
                 <label>Fuldt navn: </label>
-                <input class="inputfield"  type="password" name="fullname" placeholder="Fuldt navn" required minlength="5" />
+                <input class="inputfield"  type="text" name="realname" placeholder="Fuldt navn" required minlength="5" />
             </div>
             
             <div class="form-control">