2022-04-23 01:57:43 +02:00
< ? php require " ../../common/top.php " ; ?>
2021-01-22 21:58:46 +01:00
2021-02-12 15:32:48 +01:00
< ? php
2021-01-22 21:58:46 +01:00
2021-02-12 15:32:48 +01:00
if ( isset ( $_POST [ 'username' ]) AND isset ( $_POST [ 'password' ])) {
2021-01-22 21:58:46 +01:00
2022-04-18 16:05:00 +02:00
antiCSRF ();
2021-08-05 14:04:33 +02:00
2022-04-18 16:05:00 +02:00
if ( ! checkPasswordFormat ( $_POST [ 'password' ]))
exit ( " Le format du mot de passe n'est pas valide ! " );
2021-01-22 21:58:46 +01:00
2022-04-18 16:05:00 +02:00
if ( ! checkUsernameFormat ( $_POST [ 'username' ]))
exit ( " Le format du nom du compte n'est pas valide ! " );
2021-01-25 13:39:31 +01:00
2022-04-18 16:05:00 +02:00
$username = $_POST [ 'username' ];
$userExist = userExist ( $username );
if ( ! $userExist ) {
2021-01-22 21:58:46 +01:00
2022-05-05 23:40:36 +02:00
// Setup SFTP directory
umask ( 0002 );
2022-05-20 00:56:04 +02:00
if ( ! mkdir ( CONF [ 'ht' ][ 'ht_path' ] . " / " . $username , 0775 ))
2022-05-05 23:40:36 +02:00
exit ( " ERROR: Can't create directory " );
2022-05-20 00:56:04 +02:00
exec ( CONF [ 'ht' ][ 'sudo_path' ] . " " . CONF [ 'ht' ][ 'chgrp_path' ] . " " . CONF [ 'ht' ][ 'sftpgo_group' ] . " " . CONF [ 'ht' ][ 'ht_path' ] . " / " . $username , $stdout , $code );
2022-05-05 23:40:36 +02:00
if ( $code !== 0 )
exit ( " ERROR: Can't change group " );
2022-04-18 16:05:00 +02:00
$password = hashPassword ( $_POST [ 'password' ]);
2021-01-22 21:58:46 +01:00
2022-04-18 16:05:00 +02:00
$db = new PDO ( 'sqlite:' . DB_PATH );
2021-01-22 21:58:46 +01:00
2022-04-18 16:05:00 +02:00
$stmt = $db -> prepare ( " INSERT INTO users(username, password, sftp_enabled, registration_date) VALUES(:username, :password, 0, :registration_date) " );
2021-01-22 21:58:46 +01:00
2022-04-18 16:05:00 +02:00
$time = date ( " Y-m-d H:i:s " );
2021-01-22 21:58:46 +01:00
2022-04-18 16:05:00 +02:00
$stmt -> bindParam ( ':username' , $username );
$stmt -> bindParam ( ':password' , $password );
$stmt -> bindParam ( ':registration_date' , $time );
2021-01-22 21:58:46 +01:00
2022-04-18 16:05:00 +02:00
$stmt -> execute ();
2021-01-22 21:58:46 +01:00
2022-04-18 16:05:00 +02:00
$_SESSION [ 'username' ] = $username ;
$_SESSION [ 'sftp_enabled' ] = false ;
header ( 'Location: ' . PREFIX . '/' );
exit ;
}
2021-02-12 15:32:48 +01:00
}
2021-01-22 21:58:46 +01:00
?>
2021-02-12 15:32:48 +01:00
< form method = " post " >
2022-04-18 16:05:00 +02:00
< label for = " username " >
< details >
< summary > Identifiant </ summary >
Uniquement composé de lettres minuscules .
</ details >
< input id = " username " minlength = " 4 " maxlength = " 32 " pattern = " <?= USERNAME_REGEX ?> " required = " " name = " username " type = " text " placeholder = " lain " >< span ></ span >< br >
</ label >
< ? php
if ( isset ( $userExist ) AND $userExist == true ) {
echo " <br>Cet identifiant est déjà utilisé. Choisissez-en un autre. " ;
}
?>
< label for = " password " >
< details >
< summary > Clé de passe </ summary >
Une clé de passe sécurisée est trop compliquée à deviner pour une attaque qui testerais automatiquement plein de clés de passe tout en connaissant d ' autres informations et secrets sur vous .
< br >
Minimum 8 caractères si elle contient minuscule , majuscule et chiffre , ou minimum 10 caractères sinon .
</ details >
< input autocomplete = " new-password " id = " password " minlength = " 8 " maxlength = " 1024 " pattern = " <?= PASSWORD_REGEX ?> " required = " " name = " password " type = " password " placeholder = " ************ " >< span title = " Le format nest pas valide " ></ span >< br >
</ label >
< input type = " submit " >
2021-02-12 15:32:48 +01:00
</ form >
Déjà un compte ? < a class = " authButton " href = " login " > Se connecter </ a >
2022-04-23 01:57:43 +02:00
< ? php require " ../../common/bottom.php " ; ?>