cwsvJudo/homepage/redesign2018/markdownExperiment/wkParticipo/admin/register.php

<?php
	require('../local/db.php.inc');
	require_once('../local/wkParticipoConf.php.inc');
	
	$message = array();
	
	if (!empty($_POST)){
		if ( empty($_POST['f']['username']) ){
			$message['error'] = "Es muss ein Benutzername angegeben werden!";
		}
		else{
			if ($_POST['f']['password'] != $_POST['f']['password_again']) {
				$message['error'] = "Die eingegebenen Passwörter stimmen nicht überein.";
			}
			else{
				$mysqli = @new mysqli($db_server, $db_user, $db_password, $db_name);
				if ($mysqli->connect_error) {
					$message['error'] = "Datenbankverbindung fehlgeschlagen: " . $mysqli->connect_error;
				}
				
				// Hinzufügen eines Users ohne Passwort
				$query = sprintf(
					"INSERT INTO wkParticipo_Users (loginName)
					SELECT * FROM (SELECT '%s') as new_user
					WHERE NOT EXISTS (
						SELECT loginName FROM wkParticipo_Users WHERE loginName = '%s'
					) LIMIT 1;",
					$mysqli->real_escape_string($_POST['f']['username']),
					$mysqli->real_escape_string($_POST['f']['username'])
				);
				
				if( !empty($_POST['f']['password']) ){
					unset($_POST['f']['password_again']);
					$_POST['f']['password'] = 
						password_hash( $_POST['f']['password'], PASSWORD_DEFAULT);
					$query = sprintf(
						"INSERT INTO wkParticipo_Users (loginName, pwHash)
						SELECT * FROM (SELECT '%s', '%s') as new_user
						WHERE NOT EXISTS (
							SELECT loginName FROM wkParticipo_Users WHERE loginName = '%s'
						) LIMIT 1;",
						$mysqli->real_escape_string($_POST['f']['username']),
						$mysqli->real_escape_string($_POST['f']['password']),
						$mysqli->real_escape_string($_POST['f']['username'])
					);
				}
				
				$result = $mysqli->query($query);
				if ($mysqli->affected_rows == 1) {
					$message['success'] = "Neuer Benutzer (" . htmlspecialchars($_POST['f']['username']) . ") wurde angelegt, <a href=\"login.php\">weiter zur Anmeldung</a>.";
					header("Location: http://" . $_SERVER['HTTP_HOST'] . $wkParticipoConf['rootDir'] . "/login.php");
				}
				else{
					$message['error'] = "Der Benutzername ist bereits vergeben.";
				}
				$mysqli->close();
			}
		}
	}
	else{
		$message['notice'] = "Übermitteln Sie das ausgefüllte Formular um ein neues Benutzerkonto zu erstellen.";
	}
?><!DOCTYPE html>
<html>
	<head>
		<meta charset="utf-8" />
		<title>loginsystem - register.php</title>
	</head>
	<body>
		<form action="./register.php" method="post">
<?php if (isset($message['error'])): ?>
			<fieldset class="error"><legend>Fehler</legend><?php echo $message['error'] ?></fieldset>
<?php endif;
	if (isset($message['success'])): ?>
			<fieldset class="success"><legend>Erfolg</legend><?php echo $message['success'] ?></fieldset>
<?php endif;
	if (isset($message['notice'])): ?>
			<fieldset class="notice"><legend>Hinweis</legend><?php echo $message['notice'] ?></fieldset>
<?php endif; ?>
			<fieldset>
				<legend>Benutzerdaten</legend>
				<div><label for="username">Benutzername</label> <input type="text" name="f[username]" id="username"<?php echo isset($_POST['f']['username']) ? ' value="' . htmlspecialchars($_POST['f']['username']) . '"' : '' ?> /></div>
				<div><label for="password">Kennwort</label> <input type="password" name="f[password]" id="password" /></div>
				<div><label for="password_again">Kennwort wiederholen</label> <input type="password" name="f[password_again]" id="password_again" /></div>
			</fieldset>
			<fieldset>
				<div><input type="submit" name="submit" value="Registrieren" /></div>
			</fieldset>
		</form>
	</body>
</html>