diff --git a/include/class-PageRegister.php b/include/class-PageRegister.php index a596a92..d7c8721 100644 --- a/include/class-PageRegister.php +++ b/include/class-PageRegister.php @@ -1,170 +1,174 @@ registrationErrorMessage ); } /** * Check if the registration was OK * * @return boolean */ public function isRegistrationSuccess() { return $this->success; } /** * Get the registration error message (if any) * * @return string */ public function getRegistrationErrorMessage() { return $this->registrationErrorMessage; } /** * Prepare the registration page * * This function is automatically called when you create a Page. * * @override */ protected function prepare() { try { // try to register $this->tryRegistration(); } catch( Exception $e ) { // if fail, save the error message $this->registrationErrorMessage = $e->getMessage(); } } /** * Get the username sent via POST (if any) * * @return string */ public function getPOSTUsername() { $username = $_POST['user_uid'] ?? null; if( !$username || !is_string( $username ) ) { $username = null; } return $username; } /** * Try to register the user * * Note that this function may fail with an exception */ private function tryRegistration() { // check if the user submitted the registration form if( is_action( 'try-register' ) ) { // retrieve the information obtained from the login form $username = $this->getPOSTUsername(); $password = $_POST['user_password'] ?? null; $i_want_weak_password = $_POST['weak_password'] ?? null; // avoid whitespaces $username = trim( $username ); $password = trim( $password ); if( !$username || !is_string( $username ) ) { throw new Exception( "bad username" ); } if( !$password || !is_string( $password) ) { throw new Exception( "bad password" ); } // eventually force about a stronger password (but the user may want it) if( strlen( $password ) < 12 ) { if( !$i_want_weak_password ) { throw new Exception( __( "Your password is too short" ) ); } } // eventually force a short username if( strlen( $username ) > 64 ) { throw new Exception( __( "Your username is too long" ) ); } // check if the username already exist $already_existing_user = ( new Query() ) ->from( 'user' ) ->whereStr( 'user_uid', $username ) ->queryRow(); // check if the username already exist // NOTE: this message may be a privacy problem if your "username" is the private email if( $already_existing_user ) { throw new Exception( __( "Sorry but this user already exist" ) ); } // encrypt the password $password_encrypted = Sessionuser::encryptPassword( $password ); // insert a new line in the 'user' database table and fill its columns insert_row( 'user', [ // column of the login identifier (email, name.surname, who knows) 'user_uid' => $username, // column of the password 'user_password' => $password_encrypted, // displayed username (boh! something) 'user_name' => "Mr. $username", + // the default minimum user role + // see load-post.php to declare your roles + 'user_role' => 'user', + /** * As default, create an active user * * In the real world you should create inactive users, * and send a confirmation e-mail. */ 'user_active' => 1, ] ); // I may do something with this $user_ID = last_inserted_ID(); // well done! $this->success = true; } } }