Fixed admin panel user registration.

Now including start.sh to start a php server using the router.php so no webserver is needed.
2025-12-03 08:10:38 +01:00
parent 3a99bd6683
commit 1a30c45d62
9 changed files with 49 additions and 94 deletions
--- a/application/model/LoginModel.php
+++ b/application/model/LoginModel.php
@@ -379,15 +379,4 @@ class LoginModel
    {
        return Session::userIsLoggedIn();
    }
-
-    /**
-     * Check if the logged-in user is an admin
-     *
-     * @return bool True if the user is an admin, false otherwise
-     */
-    public static function isAdmin()
-    {
-        $user_role = Session::get('user_role'); // Assuming user role is stored in session
-        return $user_role === 'admin';
-    }
 }
--- a/application/model/RegistrationModel.php
+++ b/application/model/RegistrationModel.php
@@ -19,28 +19,35 @@ class RegistrationModel
        $user_name = strip_tags(Request::post('user_name'));
        $user_email = strip_tags(Request::post('user_email'));
        // Use 'user_password' if provided (admin registration), otherwise 'user_password_new'
-        $user_password_new = $isAdmin ? Request::post('user_password') : Request::post('user_password_new');
+        $user_password_new = $isAdmin ? Request::post('user_password_new') : Request::post('user_password_new');
+        $user_password_repeat = $user_password_new; // no repeat field

-        // validate input (skip captcha validation)
-        $validation_result = self::registrationInputValidation($user_name, $user_password_new, $user_email);
-        if (!$validation_result) {
-            return false;
-        }
+        // validate using existing validators and messages
+        $valid = true;
+        if (!self::validateUserName($user_name)) { $valid = false; }
+        if (!self::validateUserEmail($user_email, $user_email)) { $valid = false; }
+        if (!self::validateUserPassword($user_password_new, $user_password_repeat)) { $valid = false; }
+        if (!$valid) { return false; }

        // hash the password
        $user_password_hash = password_hash($user_password_new, PASSWORD_DEFAULT);

-        // check if username or email already exists
-        if (UserModel::doesUsernameAlreadyExist($user_name) || UserModel::doesEmailAlreadyExist($user_email)) {
-            Session::add('feedback_negative', Text::get('FEEDBACK_USERNAME_OR_EMAIL_TAKEN'));
-            return false;
+        $return = true;
+        if (UserModel::doesUsernameAlreadyExist($user_name)) {
+            Session::add('feedback_negative', Text::get('FEEDBACK_USERNAME_ALREADY_TAKEN'));
+            $return = false;
        }
+        if (UserModel::doesEmailAlreadyExist($user_email)) {
+            Session::add('feedback_negative', Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN'));
+            $return = false;
+        }
+        if (!$return) return false;

-        // directly activate user (skip email verification)
-        $user_active = 1;
+        // directly activate user: set empty activation hash
+        $user_activation_hash = null;

        // write user data to database
-        if (!self::writeNewUserToDatabase($user_name, $user_password_hash, $user_email, time(), $user_active)) {
+        if (!self::writeNewUserToDatabase($user_name, $user_password_hash, $user_email, time(), $user_activation_hash)) {
            Session::add('feedback_negative', Text::get('FEEDBACK_ACCOUNT_CREATION_FAILED'));
            return false;
        }
@@ -141,11 +148,7 @@ class RegistrationModel
            return false;
        }

-        if (strlen($user_password_new) < 6) {
-            Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_TOO_SHORT'));
-            return false;
-        }
-
+        // no minimum length restriction
        return true;
    }

@@ -164,9 +167,9 @@ class RegistrationModel
    {
        $database = DatabaseFactory::getFactory()->getConnection();

-        // write new users data into database
-        $sql = "INSERT INTO users (user_name, user_password_hash, user_email, user_creation_timestamp, user_activation_hash, user_provider_type)
-                    VALUES (:user_name, :user_password_hash, :user_email, :user_creation_timestamp, :user_activation_hash, :user_provider_type)";
+        // write new users data into database; set user_active=1 and user_activation_hash to provided value (can be null)
+        $sql = "INSERT INTO users (user_name, user_password_hash, user_email, user_creation_timestamp, user_activation_hash, user_provider_type, user_active)
+                    VALUES (:user_name, :user_password_hash, :user_email, :user_creation_timestamp, :user_activation_hash, :user_provider_type, 1)";
        $query = $database->prepare($sql);
        try {
            $query->execute(array(
@@ -178,8 +181,7 @@ class RegistrationModel
                ':user_provider_type' => 'DEFAULT'
            ));
        } catch (PDOException $e) {
-            error_log("Database error during user creation: " . $e->getMessage());
-            Session::add('feedback_negative', "Database error: " . $e->getMessage());
+            // only one feedback message on failure
            return false;
        }
        $count =  $query->rowCount();