servnest/public/auth/register.php

<?php require "../../common/top.php"; ?>

<?php

if (isset($_POST['username']) AND isset($_POST['password'])) {

	antiCSRF();

	checkPasswordFormat($_POST['password']);

	checkUsernameFormat($_POST['username']);

	$userExist = userExist($_POST['username']);

	if (!$userExist) {

		// Setup SFTP directory
		umask(0002);
		if (mkdir(CONF['ht']['ht_path'] . "/" . $_POST['username'], 0775) !== true)
			serverError("Can't create user directory.");
		exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'], $stdout, $code);
		if ($code !== 0)
			serverError("Can't change user directory group.");

		$password = hashPassword($_POST['password']);

		$db = new PDO('sqlite:' . DB_PATH);

		$stmt = $db->prepare("INSERT INTO users(username, password, registration_date) VALUES(:username, :password, :registration_date)");

		$time = date("Y-m-d H:i:s");

		$stmt->bindParam(':username', $_POST['username']);
		$stmt->bindParam(':password', $password);
		$stmt->bindParam(':registration_date', $time);

		$stmt->execute();

		$_SESSION['username'] = $_POST['username'];

		header('Location: ' . CONF['common']['prefix'] . '/');
		exit;
	}

}

?>

<form method="post">
	<label for="username">
		<details>
			<summary>Identifiant</summary>
			Uniquement composé de lettres minuscules.
		</details>
		<input id="username" minlength="4" maxlength="32" pattern="<?= USERNAME_REGEX ?>" required="" name="username" type="text" placeholder="lain"><span></span><br>
	</label>
	<?php
	if (isset($userExist) AND $userExist === true) {
		echo "<br>Cet identifiant est déjà utilisé. Choisissez-en un autre.";
	}
	?>
	<label for="password">
		<details>
			<summary>Clé de passe</summary>
			Une clé de passe sécurisée est trop compliquée à deviner pour une attaque qui testerais automatiquement plein de clés de passe tout en connaissant d'autres informations et secrets sur vous.
			<br>
			Minimum 8 caractères si elle contient minuscule, majuscule et chiffre, ou minimum 10 caractères sinon.
		</details>

		<input autocomplete="new-password" id="password" minlength="8" maxlength="1024" pattern="<?= PASSWORD_REGEX ?>" required="" name="password" type="password" placeholder="************"><span title="Le format nest pas valide"></span><br>

	</label>

	<input type="submit">
</form>

Déjà un compte ? <a class="authButton" href="login">Se connecter</a>

<?php require "../../common/bottom.php"; ?>