From 8635dd1c7ca4ec7042ec70f98e36299ba9b4626e Mon Sep 17 00:00:00 2001
From: lub <git@lubiland.de>
Date: Mon, 28 Jul 2025 12:58:24 +0200
Subject: [PATCH] start implementing the actual API calls

untested unfinished
---
 index.php | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/index.php b/index.php
index 75726aa..87b3db2 100644
--- a/index.php
+++ b/index.php
@@ -6,11 +6,13 @@
 <?php
 define('ACCESS_TOKEN', 'at_bsef');
 define('REGISTRATION_PASSWORD', 'asef');
+define('REGISTRATION_API_URL', 'http://synapse:8008/_synapse/admin/v1/register');
 if ($_GET['secret'] === REGISTRATION_PASSWORD) {
 ?>
 
 <form action="" method="post">
     <input type="hidden" name="secret" value="<?php echo REGISTRATION_PASSWORD ?>">
+    <input type="hiddeN" name="nonce" value="<?php echo filter_var(file_get_contents(REGISTRATION_API_URL), FILTER_SANITIZE_FULL_SPECIAL_CHARS) ?>">
 
     Username:<br>
     <input type="text" name="username"><br>
@@ -57,15 +59,29 @@ Also consider using a password manager.<br>
 <?php
     }
 
+    $content = [
+        nonce => $_POST['nonce'],
+        username => $_POST['username'],
+        password => $_POST['password']
+        admin = false
+    ];
+    $content->mac = hash_hmac('sha1', $content->nonce."\s".$content->username."\s".$content->password."\s".$content->admin
+
     $options = [
         'http' => [
             'method' => 'POST',
             'header' => 'authorization: Bearer '.ACCESS_TOKEN,
-                        'content-type: application/json'
+                        'content-type: application/json',
+            'content' => json_encode($content);
         ]
     ];
     $context = stream_context_create($options);
-    file_get_contents($url, false, $context);
+    $result = file_get_contents(REGISTRATION_API_URL, false, $context);
+    if ($result === FALSE) {
+        # something with errors
+    } else {
+        # success
+    }
 } else {
     echo 'Invalid URL';
 }