From 2f3c8f73908a9df23a88e1014365a481973c2457 Mon Sep 17 00:00:00 2001
From: Krehan Tim <mail@timkrehan.de>
Date: Fri, 9 Nov 2018 15:58:00 +0100
Subject: [PATCH] installation add user via class

---
 cont/adduser.php     | 10 ++++++----
 install/adduser.php  | 10 ++++++----
 php/classes.user.php | 20 ++++++++++++++++++++
 php/edit-user.php    |  8 +++++++-
 4 files changed, 39 insertions(+), 9 deletions(-)

diff --git a/cont/adduser.php b/cont/adduser.php
index 7945db7..1934912 100644
--- a/cont/adduser.php
+++ b/cont/adduser.php
@@ -1,12 +1,14 @@
-<?php ?>
 <head>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <link rel="stylesheet" href="/style/master.css">
     <link rel="stylesheet" href="/style/adduser.css">
 </head>
 <h1>Benutzer hinzufügen</h1>
-<form class="adduser" action="/php/adduser_action.php" method="post">
-  <label for="text_user">Benutzername</label><input id="text_user" type="text" name="username" value="" placeholder="user1" required>
-  <label for="text_passwd">Passwort</label><input id="text_passwd" type="Password" name="passwd" value="" placeholder="********" required>
+<form class="adduser" action="/php/edit-user.php" method="post">
+  <label for="text_user">Benutzername</label><input id="text_user" type="text" name="username" placeholder="user" required>
+  <label for="text_passwd">Passwort</label><input id="text_passwd" type="password" name="passwd" placeholder="********" required>
+  <input type="text" name="function" value="new-user" hidden>
   <input id="button_newuser" class="button" type="submit" name="" value="Neuer Benutzer">
 </form>
+
+<!-- TODO: ADD JQUERY CALL TO EDIT-USER.PHP WITH FEEDBACK VIA JS FUNCTION INFOPOPUP() -->
diff --git a/install/adduser.php b/install/adduser.php
index 7945db7..1934912 100644
--- a/install/adduser.php
+++ b/install/adduser.php
@@ -1,12 +1,14 @@
-<?php ?>
 <head>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <link rel="stylesheet" href="/style/master.css">
     <link rel="stylesheet" href="/style/adduser.css">
 </head>
 <h1>Benutzer hinzufügen</h1>
-<form class="adduser" action="/php/adduser_action.php" method="post">
-  <label for="text_user">Benutzername</label><input id="text_user" type="text" name="username" value="" placeholder="user1" required>
-  <label for="text_passwd">Passwort</label><input id="text_passwd" type="Password" name="passwd" value="" placeholder="********" required>
+<form class="adduser" action="/php/edit-user.php" method="post">
+  <label for="text_user">Benutzername</label><input id="text_user" type="text" name="username" placeholder="user" required>
+  <label for="text_passwd">Passwort</label><input id="text_passwd" type="password" name="passwd" placeholder="********" required>
+  <input type="text" name="function" value="new-user" hidden>
   <input id="button_newuser" class="button" type="submit" name="" value="Neuer Benutzer">
 </form>
+
+<!-- TODO: ADD JQUERY CALL TO EDIT-USER.PHP WITH FEEDBACK VIA JS FUNCTION INFOPOPUP() -->
diff --git a/php/classes.user.php b/php/classes.user.php
index cd89b33..1391ca4 100644
--- a/php/classes.user.php
+++ b/php/classes.user.php
@@ -32,5 +32,25 @@
         print_r("1");
       }
     }
+
+    function new($uname, $password){
+      session_start();
+      include $_SESSION["docroot"].'/php/connect.php';
+      include $_SESSION["docroot"].'/php/hash.php';
+
+      $query = "SELECT `uid` FROM `users` WHERE `username` = '$uname'";
+      $result = $mysqli->query($query);
+      if($result->num_rows==0){
+        $salt = create_salt();
+        $passhash = hash_password($password, $salt);
+        $query = "INSERT INTO `users` (`username`, `password`, `salt`, `last_login`) VALUES ('$uname', '$passhash', '$salt', CURRENT_TIMESTAMP);";
+        $result = $mysqli->query($query);
+        unset($salt);
+        unset($password);
+        print_r(0);
+      }
+      else{print_r(1);}
+      $mysqli->close();
+    }
   }
 ?>
diff --git a/php/edit-user.php b/php/edit-user.php
index 48c4f5f..4729fee 100644
--- a/php/edit-user.php
+++ b/php/edit-user.php
@@ -2,13 +2,19 @@
   session_start();
   include $_SESSION["docroot"].'/php/classes.user.php';
   $user = new user;
-  $user->get_info($_COOKIE["token"]);
+  if($_POST["function"]!="new-user"){
+    $user->get_info($_COOKIE["token"]);
+  }
 
   switch ($_POST["function"]) {
     case 'change-pw':
       $user->change_password($_POST["current"], $_POST["new"]);
       break;
 
+    case 'new-user':
+      $user->new($_POST["username"], $_POST["passwd"]);
+      break;
+
     default:
       // code...
       break;