diff --git a/config.sample.php b/config.sample.php
index b7c1f28..9717915 100644
--- a/config.sample.php
+++ b/config.sample.php
@@ -14,6 +14,9 @@ $config = [
// optional: Do you have a place where howTo's are located? If not leave this value out
"howToURL" => "https://my-url-for-storing-howTos.net",
+ // When you want to collect the password on registration set this to true
+ "getPasswordOnRegistration" => false,
+
// to define where the data should be stored:
"databaseURI" => "sqlite:" . dirname(__FILE__) . "/db_file.sqlite",
// credentials for sqlite not used
diff --git a/public/index.php b/public/index.php
index 5807e1e..c36eb2e 100644
--- a/public/index.php
+++ b/public/index.php
@@ -31,6 +31,10 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (ctype_alnum($_POST['username']) != true) {
throw new Exception($language["USERNAME_NOT_ALNUM"]);
}
+ if (isset($config["getPasswordOnRegistration"]) && $config["getPasswordOnRegistration"] &&
+ $_POST["password"] != $_POST["password_confirm"]) {
+ throw new Exception($language["PASSWORD_NOT_MATCH"]);
+ }
if (isset($_POST["note"]) && strlen($_POST["note"]) > 50) {
throw new Exception($language["NOTE_LENGTH_EXEEDED"]);
}
@@ -44,10 +48,10 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
throw new Exception($language["SIRNAME_INVALID_FORMAT"]);
}
- // check valid password
$first_name = filter_var($_POST["first_name"], FILTER_SANITIZE_STRING);
$last_name = filter_var($_POST["last_name"], FILTER_SANITIZE_STRING);
$username = filter_var($_POST["username"], FILTER_SANITIZE_STRING);
+ $password = filter_var($_POST["password"], FILTER_SANITIZE_STRING);
$note = filter_var($_POST["note"], FILTER_SANITIZE_STRING);
$email = filter_var($_POST["email"], FILTER_VALIDATE_EMAIL);
@@ -140,24 +144,22 @@ body{
+ placeholder="Nutzername (für den Login)" pattern="[a-z1-9]{3,20}" required>