database.php

@@ -3,8 +3,6 @@ require_once("config.php");
 if (!isset($config["databaseURI"])) {
 	throw new Exception ("malformed configuration: databaseURI not defined");
 }
-$db_input = "sqlite:" . dirname(__FILE__) . "/db_file.sqlite";
-$db_input = $config["databaseURI"];
 
 abstract class RegisterState
 {
@@ -45,7 +43,7 @@ class mxDatabase
 		$this->db = new PDO($db_input, $user, $password);
 		$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 		$this->db->exec("CREATE TABLE IF NOT EXISTS registrations(
-			id INTEGER PRIMARY KEY AUTOINCREMENT,
+			id SERIAL PRIMARY KEY,
 			state INT DEFAULT 0,
 			first_name TEXT,
 			last_name TEXT,
@@ -57,7 +55,7 @@ class mxDatabase
 			admin_token TEXT,
 			request_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP)");
 		$this->db->exec("CREATE TABLE IF NOT EXISTS logins (
-			id INTEGER PRIMARY KEY AUTOINCREMENT,
+			id SERIAL PRIMARY KEY,
 			active INT DEFAULT 1,
 			first_name TEXT,
 			last_name TEXT,
@@ -100,28 +98,28 @@ class mxDatabase
 
 	function setRegistrationStateVerify($state, $token) {
 		$sql = "UPDATE registrations SET state = " . $state
-			. ' WHERE verify_token = "' . $token . '";';
+			. " WHERE verify_token = '" . $token . "';";
 
 		return $this->db->exec($sql);
 	}
 
 	function setRegistrationStateById($state, $id) {
 		$sql = "UPDATE registrations SET state = " . $state
-			. ' WHERE id = "' . $id . '";';
+			. " WHERE id = '" . $id . "';";
 
 		return $this->db->exec($sql);
 	}
 
 	function setRegistrationStateAdmin($state, $token) {
 		$sql = "UPDATE registrations SET state = " . $state
-			. ' WHERE admin_token = "' . $token . '";';
+			. " WHERE admin_token = '" . $token . "';";
 
 		return $this->db->exec($sql);
 	}
 
 	function setRegistrationState($state, $token) {
 		$sql = "UPDATE registrations SET state = " . $state
-			. " WHERE verify_token = \"" . $token . '" OR admin_token = "' . $token . '";';
+			. " WHERE verify_token = '" . $token . "' OR admin_token = '" . $token . "';";
 
 		return $this->db->exec($sql);
 	}
@@ -168,10 +166,10 @@ class mxDatabase
 		$verify_token = bin2hex(random_bytes(16));
 		$admin_token = bin2hex(random_bytes(16));
 
-		$this->db->exec('INSERT INTO registrations
+		$this->db->exec("INSERT INTO registrations
 			(first_name, last_name, username, note, email, verify_token, admin_token)
-			VALUES ("' . $first_name.'","' . $last_name . '","' . $username . '","'	. $note . '","'
-			. $email.'","'	.$verify_token.'","'	.$admin_token.'")');
+			VALUES ('" . $first_name."','" . $last_name . "','" . $username . "','"	. $note . "','"
+			. $email."','"	.$verify_token."','"	.$admin_token."')");
 
 		return [
 			"verify_token"=> $verify_token,
@@ -270,8 +268,8 @@ class mxDatabase
 		$password_hash = password_hash($password, PASSWORD_BCRYPT, ["cost"=>12]);
 
 		$sql = "INSERT INTO logins (first_name, last_name, localpart, password_hash, email) VALUES "
-			. '("' . $first_name.'","' . $last_name . '","' . $username . '","'
-			. $password_hash . '","' . $email . '")';
+			. "('" . $first_name."','" . $last_name . "','" . $username . "','"
+			. $password_hash . "','" . $email . "');";
 
 		if ($this->db->exec($sql)) {
 			return $password;
@@ -280,5 +278,7 @@ class mxDatabase
 	}
 }
 
-$mx_db = new mxDatabase($db_input);
+if (!isset($mx_db)) {
+	$mx_db = new mxDatabase($config["databaseURI"], $config["databaseUser"], $config["databasePass"]);
+}
 ?>

public/index.php

@@ -51,7 +51,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
 		$first_name = filter_var($_POST["first_name"], FILTER_SANITIZE_STRING);
 		$last_name = filter_var($_POST["last_name"], FILTER_SANITIZE_STRING);
 		$username = filter_var($_POST["username"], FILTER_SANITIZE_STRING);
-		$password  = filter_var($_POST["password"], FILTER_SANITIZE_STRING);
+		if (isset($_POST["password"])) {
+			$password  = filter_var($_POST["password"], FILTER_SANITIZE_STRING);
+		}
 		$note   = filter_var($_POST["note"], FILTER_SANITIZE_STRING);
 		$email  = filter_var($_POST["email"], FILTER_VALIDATE_EMAIL);