summaryrefslogtreecommitdiff
path: root/register.php
blob: 99cb2d17c85f123872533f77adcdc9441a290ea8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<?php
namespace mcoop;
require_once("recaptcha/autoload.php");
require_once("vendor/autoload.php");
require_once("common/config.php");

// TODO: this should probably check if the user's already logged in and prompt to logout first

//var_dump($_POST);

$danger_alerts = array();
$success_alerts = array();

$reg_attempted = false;
if (isset($_POST["username"], $_POST["email"], $_POST["passwd"], $_POST["g-recaptcha-response"])) {
	$reg_attempted = true;
	$recaptcha = new \ReCaptcha\ReCaptcha($config->recaptcha_secret);
	$username = $_POST["username"];
	$email = $_POST["email"];
	$password = $_POST["passwd"];
	if (isset($_POST["fullname"])) {
		$full_name = $_POST["fullname"];
	} else {
		$full_name = null;
	}
	// TODO: we should really filter/validate g-recaptcha-response (still need to do)
	$recaptcha_resp = $_POST["g-recaptcha-response"];
	// XXX: one downside of this is it checks the captcha before validating all the other fields, might want to move captcha validation to register()
	$resp = $recaptcha->verify($recaptcha_resp);
	$captcha_valid = $resp->isSuccess();
	$reg_successful = false;
	if ($captcha_valid) {
		try {
			// TODO: validate_email (5th arg)
			$db->register($username, $email, $password, $full_name, true, $twig);
			$reg_successful = true;
			$success_alerts[] = 'Registration successful, <a href="/">Click here to return to the webapp</a>';
		} catch (RegistrationError $re) {
			$reg_successful = false;
			$error_text = $re->reason;
			$danger_alerts[] = $error_text;
			if ($db->conn->inTransaction())
				$db->conn->rollBack();
		}
	} else {
		$danger_alerts[] = "Captcha Invalid, please try again.";
	}
}

// TODO: move into a util file
echo $twig->render("register.tmpl", array(
	"danger_alerts" => $danger_alerts,
	"success_alerts" => $success_alerts,
	"sess_info" => $sess_info
));

?>