From 12534ee183a38bd1c952f40838d656ab53840bc6 Mon Sep 17 00:00:00 2001
From: Miraty <miraty@antopie.org>
Date: Sat, 21 May 2022 19:41:46 +0200
Subject: [PATCH] Fix autologin when creating accounts

---
 common/top.php           |  2 +-
 public/auth/register.php | 17 +++++++++--------
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/common/top.php b/common/top.php
index d706e25..eddf8d4 100644
--- a/common/top.php
+++ b/common/top.php
@@ -12,7 +12,7 @@ if (
 		isset($_COOKIE['niver']) // Resume session
 	OR
 		(SERVICE === "auth" // Create new session
-		AND PAGE === "login"
+		AND (PAGE === "login" OR PAGE === "register")
 		AND isset($_POST['username']))
 	) {
 	session_start([
diff --git a/public/auth/register.php b/public/auth/register.php
index 8a96fc4..f32e6d6 100644
--- a/public/auth/register.php
+++ b/public/auth/register.php
@@ -10,15 +10,15 @@ if (isset($_POST['username']) AND isset($_POST['password'])) {
 
 	checkUsernameFormat($_POST['username']);
 
-	$username = $_POST['username'];
-	$userExist = userExist($username);
+	$userExist = userExist($_POST['username']);
+
 	if (!$userExist) {
 
 		// Setup SFTP directory
 		umask(0002);
-		if (mkdir(CONF['ht']['ht_path'] . "/" . $username, 0775) !== true)
+		if (mkdir(CONF['ht']['ht_path'] . "/" . $_POST['username'], 0775) !== true)
 			serverError("Can't create user directory.");
-		exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $username, $stdout, $code);
+		exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'], $stdout, $code);
 		if ($code !== 0)
 			serverError("Can't change user directory group.");
 
@@ -30,13 +30,14 @@ if (isset($_POST['username']) AND isset($_POST['password'])) {
 
 		$time = date("Y-m-d H:i:s");
 
-		$stmt->bindParam(':username', $username);
+		$stmt->bindParam(':username', $_POST['username']);
 		$stmt->bindParam(':password', $password);
 		$stmt->bindParam(':registration_date', $time);
 
 		$stmt->execute();
 
-		$_SESSION['username'] = $username;
+		$_SESSION['username'] = $_POST['username'];
+
 		header('Location: ' . CONF['common']['prefix'] . '/');
 		exit;
 	}
@@ -54,10 +55,10 @@ if (isset($_POST['username']) AND isset($_POST['password'])) {
 		<input id="username" minlength="4" maxlength="32" pattern="<?= USERNAME_REGEX ?>" required="" name="username" type="text" placeholder="lain"><span></span><br>
 	</label>
 	<?php
-	if (isset($userExist) AND $userExist == true) {
+	if (isset($userExist) AND $userExist === true) {
 		echo "<br>Cet identifiant est déjà utilisé. Choisissez-en un autre.";
 	}
-	 ?>
+	?>
 	<label for="password">
 		<details>
 			<summary>Clé de passe</summary>