82 lines
2.5 KiB
PHP
82 lines
2.5 KiB
PHP
<?php require "../../common/top.php"; ?>
|
|
|
|
<?php
|
|
|
|
if (isset($_POST['username']) AND isset($_POST['password'])) {
|
|
|
|
antiCSRF();
|
|
|
|
if (!checkPasswordFormat($_POST['password']))
|
|
exit("Le format du mot de passe n'est pas valide !");
|
|
|
|
if (!checkUsernameFormat($_POST['username']))
|
|
exit("Le format du nom du compte n'est pas valide !");
|
|
|
|
$username = $_POST['username'];
|
|
$userExist = userExist($username);
|
|
if (!$userExist) {
|
|
|
|
// Setup SFTP directory
|
|
umask(0002);
|
|
if (!mkdir("/srv/ht/" . $username, 0775))
|
|
exit("ERROR: Can't create directory");
|
|
exec(SUDO_PATH . " " . CHGRP_PATH . " sftpgo " . HT_PATH . "/" . $username, $stdout, $code);
|
|
if ($code !== 0)
|
|
exit("ERROR: Can't change group");
|
|
|
|
$password = hashPassword($_POST['password']);
|
|
|
|
$db = new PDO('sqlite:' . DB_PATH);
|
|
|
|
$stmt = $db->prepare("INSERT INTO users(username, password, sftp_enabled, registration_date) VALUES(:username, :password, 0, :registration_date)");
|
|
|
|
$time = date("Y-m-d H:i:s");
|
|
|
|
$stmt->bindParam(':username', $username);
|
|
$stmt->bindParam(':password', $password);
|
|
$stmt->bindParam(':registration_date', $time);
|
|
|
|
$stmt->execute();
|
|
|
|
$_SESSION['username'] = $username;
|
|
$_SESSION['sftp_enabled'] = false;
|
|
header('Location: ' . PREFIX . '/');
|
|
exit;
|
|
}
|
|
|
|
}
|
|
|
|
?>
|
|
|
|
<form method="post">
|
|
<label for="username">
|
|
<details>
|
|
<summary>Identifiant</summary>
|
|
Uniquement composé de lettres minuscules.
|
|
</details>
|
|
<input id="username" minlength="4" maxlength="32" pattern="<?= USERNAME_REGEX ?>" required="" name="username" type="text" placeholder="lain"><span></span><br>
|
|
</label>
|
|
<?php
|
|
if (isset($userExist) AND $userExist == true) {
|
|
echo "<br>Cet identifiant est déjà utilisé. Choisissez-en un autre.";
|
|
}
|
|
?>
|
|
<label for="password">
|
|
<details>
|
|
<summary>Clé de passe</summary>
|
|
Une clé de passe sécurisée est trop compliquée à deviner pour une attaque qui testerais automatiquement plein de clés de passe tout en connaissant d'autres informations et secrets sur vous.
|
|
<br>
|
|
Minimum 8 caractères si elle contient minuscule, majuscule et chiffre, ou minimum 10 caractères sinon.
|
|
</details>
|
|
|
|
<input autocomplete="new-password" id="password" minlength="8" maxlength="1024" pattern="<?= PASSWORD_REGEX ?>" required="" name="password" type="password" placeholder="************"><span title="Le format nest pas valide"></span><br>
|
|
|
|
</label>
|
|
|
|
<input type="submit">
|
|
</form>
|
|
|
|
Déjà un compte ? <a class="authButton" href="login">Se connecter</a>
|
|
|
|
<?php require "../../common/bottom.php"; ?>
|