get("Username contains disallowed characters. Please use letters and numbers only.", false), "ERROR"); } if (strlen($username) > $username_max) { sendJsonResp($Strings->get("Username is too long.", false), "ERROR"); } if ($database->has("accounts", ["username" => $username])) { sendJsonResp($Strings->get("Username already taken.", false), "ERROR"); } if (strlen($VARS["password"]) < $password_min) { sendJsonResp($Strings->get("Password too short, it must be at least 8 characters long.", false), "ERROR"); } // Check HaveIBeenPwned $pwsha1 = strtoupper(hash("sha1", $VARS["password"])); $pwned = file_get_contents("https://api.pwnedpasswords.com/range/" . substr($pwsha1, 0, 5)); if (strpos($pwned, substr($pwsha1, 5)) !== FALSE) { sendJsonResp($Strings->get("Your chosen password has been leaked in a data breach and is no longer secure. Choose another.", false), "ERROR"); } // Generate public ID code do { $publicid = substr(hash("sha256", random_bytes(100)), 0, 10); } while ($database->has("accounts", ["publicid" => $publicid])); $database->insert("accounts", [ "publicid" => $publicid, "username" => $username, "password" => password_hash($VARS["password"], PASSWORD_DEFAULT), "type" => ($VARS["accttype"] == "giver" ? 1 : 2), "balance" => 0.0 ]); sendJsonResp();