Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         users
6
 * @author          WebsiteBaker Project
7
 * @copyright       Ryan Djurovich
8
 * @copyright       WebsiteBaker Org. e.V.
9
 * @link            http://websitebaker.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.3
12
 * @requirements    PHP 5.3.6 and higher
13
 * @version         $Id: add.php 2 2017-07-02 15:14:29Z Manuela $
14
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb/2.10.x/branches/main/admin/users/add.php $
15
 * @lastmodified    $Date: 2017-07-02 17:14:29 +0200 (Sun, 02 Jul 2017) $
16
 *
17
 */
18

    
19
// Print admin header
20
if ( !defined( 'WB_PATH' ) ){ require( dirname(dirname((__DIR__))).'/config.php' ); }
21
if ( !class_exists('admin', false) ) { require(WB_PATH.'/framework/class.admin.php'); }
22
// suppress to print the header, so no new FTAN will be set
23
$admin = new admin('Access', 'users_add',false);
24
$aErrorMessage = array();
25

    
26
$oTrans = Translate::getInstance();
27
$oTrans->enableAddon(ADMIN_DIRECTORY.'\\users');
28
// Create a javascript back link
29
$js_back = ADMIN_URL.'/users/index.php';
30

    
31
if( !$admin->checkFTAN() )
32
{
33
    $admin->print_header();
34
    $sInfo = strtoupper(basename(__DIR__).'_'.basename(__FILE__, ''.PAGE_EXTENSION).'::');
35
    $sDEBUG=(@DEBUG?$sInfo:'');
36
    $admin->print_error($sDEBUG.$oTrans->MESSAGE_GENERIC_SECURITY_ACCESS, $js_back );
37
}
38
// After check print the header
39
$admin->print_header();
40
/**
41

    
42
 * $sLanguagesAddonDefaultFile = WB_PATH.'/account/languages/EN.php';
43
 * if (is_readable($sLanguagesAddonDefaultFile)){include $sLanguagesAddonDefaultFile;}
44
 * $sLanguagesAddonFile = WB_PATH.'/account/languages/'.LANGUAGE.'.php';
45
 * if (is_readable($sLanguagesAddonFile)){include $sLanguagesAddonFile;}
46
 */
47
/*
48
print '<pre  class="mod-pre rounded">function <span>'.__FUNCTION__.'( '.''.' );</span>  filename: <span>'.basename(__FILE__).'</span>  line: '.__LINE__.' -> <br />';
49
print_r( $oTrans ); print '</pre>'; flush (); //  ob_flush();;sleep(10); die();
50
*/
51
$aInputs = array();
52
$aInputs = array_merge( $_POST );
53
// Get details entered
54
$groups_id = ( isset($aInputs['groups']) ? implode(",", $aInputs['groups']) : '');
55
$active = intval( is_array($aInputs['active'])  ?($aInputs['active'][0]):$aInputs['active']);
56
$username_fieldname = $admin->get_post('username_fieldname');
57
$username = strtolower($admin->get_post($username_fieldname));
58
$password = $admin->get_post('password');
59
$password2 = $admin->get_post('password2');
60
$display_name = $admin->StripCodeFromText($admin->get_post('display_name'));
61
$email = $admin->StripCodeFromText($admin->get_post('email'));
62
$home_folder = $admin->get_post('home_folder');
63
$default_language = DEFAULT_LANGUAGE;
64
$default_timezone = DEFAULT_TIMEZONE;
65
/*----------------------------------------------------------------------------------------------------*/
66
    // Check values
67
    // Check if username already exists
68
    $sql  = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` '
69
          . 'WHERE `username` = \''.$username.'\' ';
70
    if ($database->get_one($sql)) {
71
        $aErrorMessage[] = $oTrans->MESSAGE_USERS_USERNAME_TAKEN;
72
    }
73
    if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) {
74
        $aErrorMessage[] = $oTrans->MESSAGE_USERS_NAME_INVALID_CHARS.' / '
75
                         . $oTrans->MESSAGE_USERS_USERNAME_TOO_SHORT;
76
    }
77
    if(strlen($password) < 2) {
78
        $aErrorMessage[] = $oTrans->MESSAGE_USERS_PASSWORD_TOO_SHORT;
79
    }
80
    if($password != $password2) {
81
        $aErrorMessage[] = $oTrans->MESSAGE_USERS_PASSWORD_MISMATCH;
82
    }
83
    $sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
84
    $sql .= 'WHERE  `display_name` LIKE \''.$display_name.'\'';
85
    if ($database->get_one($sql) > 0) {
86
        $aErrorMessage[] = ( @$oTrans->MESSAGE_USERS_DISPLAYNAME_TAKEN?:$oTrans->MESSAGE_MEDIA_BLANK_NAME.' ('.$oTrans->TEXT_DISPLAY_NAME.')');
87
    }
88
    if($email != '')
89
    {
90
        // Check if the email already exists
91
        $sql  = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` '
92
              . 'WHERE `email` = \''.$email.'\' ';
93
        if ($database->get_one($sql))
94
        {
95
            if(isset($oTrans->MESSAGE_USERS_EMAIL_TAKEN))
96
            {
97
                $aErrorMessage[] = $oTrans->MESSAGE_USERS_EMAIL_TAKEN;
98
            }
99
            if($admin->validate_email($email) == false)
100
            {
101
                $aErrorMessage[] = $oTrans->MESSAGE_USERS_INVALID_EMAIL;
102
            }
103
        }
104
    } else { // e-mail must be present
105
        $aErrorMessage[] = $oTrans->MESSAGE_SIGNUP_NO_EMAIL;
106
    }
107
    if($groups_id == '') {
108
        $aErrorMessage[] = $oTrans->MESSAGE_USERS_NO_GROUP;
109
    }
110
/*----------------------------------------------------------------------------------------------------*/
111
// choose group_id from groups_id - workaround for still remaining calls to group_id (to be cleaned-up)
112
$gid_tmp = explode(',', $groups_id);
113
if(in_array('1', $gid_tmp)) $group_id = '1'; // if user is in administrator-group, get this group
114
else $group_id = $gid_tmp[0]; // else just get the first one
115
unset($gid_tmp);
116

    
117
if (!sizeof($aErrorMessage)) {
118
// MD5 supplied password
119
$md5_password = md5($password);
120
$now = time();
121
// Insert the user into the database
122
$sql = // add the Admin user
123
     'INSERT INTO `'.TABLE_PREFIX.'users` SET '
124
    .    '`group_id`='.intval($group_id).', '
125
    .    '`groups_id`=\''.$database->escapeString($groups_id).'\', '
126
    .    '`active`=\''.$database->escapeString($active).'\', '
127
    .    '`username`=\''.$database->escapeString($username).'\', '
128
    .    '`password`=\''.$database->escapeString($md5_password).'\', '
129
    .    '`remember_key`=\'\', '
130
    .    '`last_reset`=0, '
131
    .    '`display_name`=\''.$database->escapeString($display_name).'\', '
132
    .    '`email`=\''.$database->escapeString($email).'\', '
133
    .    '`timezone`=\''.$database->escapeString($default_timezone).'\', '
134
    .    '`date_format`=\''.DEFAULT_DATE_FORMAT.'\', '
135
    .    '`time_format`=\''.DEFAULT_TIME_FORMAT.'\', '
136
    .    '`language`=\''.$database->escapeString($default_language).'\', '
137
    .    '`home_folder`=\''.$database->escapeString($home_folder).'\', '
138
    .    '`login_when`=\''.time().'\', '
139
    .    '`login_ip`=\'\' '
140
    .    '';
141
    if (!$database->query($sql)) {
142
        if($database->is_error()) {
143
            $aErrorMessage[] = $database->get_error();
144
        }
145
    }
146
}
147
if (sizeof($aErrorMessage)) {
148
    $admin->print_error(implode('<br />', $aErrorMessage), $js_back);
149
} else {
150
    $admin->print_success($oTrans->MESSAGE_USERS_ADDED, $js_back);
151
}
152
// Print admin footer
153
$admin->print_footer();
(2-2/5)