WIP: capture password on registration (configurable)

config.sample.php

@@ -14,6 +14,9 @@ $config = [
     // optional: Do you have a place where howTo's are located? If not leave this value out
     "howToURL" => "https://my-url-for-storing-howTos.net",
 
+    // When you want to collect the password on registration set this to true
+    "getPasswordOnRegistration" => false,
+
     // to define where the data should be stored:
     "databaseURI" => "sqlite:" . dirname(__FILE__) . "/db_file.sqlite",
     // credentials for sqlite not used

public/index.php

@@ -31,6 +31,10 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
 		if (ctype_alnum($_POST['username']) != true) {
 			throw new Exception($language["USERNAME_NOT_ALNUM"]);
 		}
+		if (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"] &&
+			$_POST["password"] != $_POST["password_confirm"]) {
+			throw new Exception($language["PASSWORD_NOT_MATCH"]);
+		}
 		if (isset($_POST["note"]) && strlen($_POST["note"]) > 50) {
 			throw new Exception($language["NOTE_LENGTH_EXEEDED"]);
 		}
@@ -44,10 +48,10 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
 			throw new Exception($language["SIRNAME_INVALID_FORMAT"]);
 		}
 
-		// check valid password
 		$first_name = filter_var($_POST["first_name"], FILTER_SANITIZE_STRING);
 		$last_name = filter_var($_POST["last_name"], FILTER_SANITIZE_STRING);
 		$username = filter_var($_POST["username"], FILTER_SANITIZE_STRING);
+		$password  = filter_var($_POST["password"], FILTER_SANITIZE_STRING);
 		$note   = filter_var($_POST["note"], FILTER_SANITIZE_STRING);
 		$email  = filter_var($_POST["email"], FILTER_VALIDATE_EMAIL);
 
@@ -140,24 +144,22 @@ body{
 
 								<div class="form-group">
 									<input type="text" name="username" id="username" class="form-control input-sm"
-							  placeholder="Nutzername (für den Login)"
-	 pattern="[a-z1-9]{3,20}"
-  required>
+										placeholder="Nutzername (für den Login)" pattern="[a-z1-9]{3,20}" required>
 								</div>
-<?php /**
-<div class="row">
-<div class="col-xs-6 col-sm-6 col-md-6">
-<div class="form-group">
-<input type="password" name="password" id="password" class="form-control input-sm" placeholder="Passwort" required>
-</div>
-</div>
-<div class="col-xs-6 col-sm-6 col-md-6">
-<div class="form-group">
-<input type="password" name="password_confirm" id="password_confirm" class="form-control input-sm" placeholder="Passwort bestätigen" required>
-</div>
-</div>
-</div>
- */ ?>
+<?php if (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"]) { ?>
+								<div class="row">
+									<div class="col-xs-6 col-sm-6 col-md-6">
+										<div class="form-group">
+											<input type="password" name="password" id="password" class="form-control input-sm" placeholder="Passwort" required>
+										</div>
+									</div>
+									<div class="col-xs-6 col-sm-6 col-md-6">
+										<div class="form-group">
+											<input type="password" name="password_confirm" id="password_confirm" class="form-control input-sm" placeholder="Passwort bestätigen" required>
+										</div>
+									</div>
+								</div>
+<?php } ?>
 								<input type="hidden" name="token" id="token" value="<?php echo $_SESSION["token"]; ?>">
 								<input type="submit" value="Registrieren" class="btn btn-info btn-block">
 
@@ -195,7 +197,20 @@ body{
 	user_name.onkeyup = function (event) {
 		event.target.setCustomValidity("");
 	}
-	</script>
+<?php	if (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"]) { ?>
+	var password = document.getElementById("password")
+		, confirm_password = document.getElementById("password_confirm");
+	function validatePassword(){
+		if(password.value != confirm_password.value) {
+			confirm_password.setCustomValidity("Passwörter stimmen nicht überein");
+		} else {
+			confirm_password.setCustomValidity('');
+		}
+	}
+	password.onchange = validatePassword;
+	confirm_password.onkeyup = validatePassword;
+<?php	} ?>
+</script>
 		<?php } ?>
 	</body>
 </html>