Revision 2098
Added by darkviper almost 11 years ago
| add.php | ||
|---|---|---|
| 23 | 23 |
} |
| 24 | 24 |
/* -------------------------------------------------------- */ |
| 25 | 25 |
|
| 26 |
function add_user($admin, &$aActionRequest)
|
|
| 26 |
function add_user($admin, $aActionRequest) |
|
| 27 | 27 |
{
|
| 28 |
$database = WbDatabase::getInstance(); |
|
| 29 |
$mLang = Translate::getInstance(); |
|
| 28 |
$oDb = WbDatabase::getInstance(); |
|
| 29 |
$oTrans = Translate::getInstance(); |
|
| 30 |
$oTrans->enableAddon('admin\\users');
|
|
| 30 | 31 |
$bRetVal = false; |
| 31 | 32 |
$iMinPassLength = 6; |
| 32 | 33 |
|
| 33 | 34 |
if( !$admin->checkFTAN() ) |
| 34 | 35 |
{
|
| 35 | 36 |
// $admin->print_header(); |
| 36 |
msgQueue::add($mLang->MESSAGE_GENERIC_SECURITY_ACCESS);
|
|
| 37 |
msgQueue::add($oTrans->MESSAGE_GENERIC_SECURITY_ACCESS);
|
|
| 37 | 38 |
return $bRetVal; |
| 38 | 39 |
} |
| 39 | 40 |
|
| ... | ... | |
| 63 | 64 |
// Check values |
| 64 | 65 |
// Check values |
| 65 | 66 |
if($groups_id == "") {
|
| 66 |
msgQueue::add($mLang->MESSAGE_USERS_NO_GROUP);
|
|
| 67 |
msgQueue::add($oTrans->MESSAGE_USERS_NO_GROUP);
|
|
| 67 | 68 |
} else {
|
| 68 | 69 |
$aGroups_id = explode(',', $groups_id);
|
| 69 | 70 |
//if user is in administrator-group, get this group else just get the first one |
| ... | ... | |
| 71 | 72 |
} |
| 72 | 73 |
|
| 73 | 74 |
if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) {
|
| 74 |
msgQueue::add( $mLang->MESSAGE_USERS_NAME_INVALID_CHARS);
|
|
| 75 |
msgQueue::add($oTrans->MESSAGE_USERS_NAME_INVALID_CHARS);
|
|
| 75 | 76 |
} |
| 76 | 77 |
|
| 77 |
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '.
|
|
| 78 |
$sql = 'SELECT COUNT(*) FROM `'.$oDb->TablePrefix.'users` '.
|
|
| 78 | 79 |
'WHERE `username` LIKE \''.$username.'\' '; |
| 79 | 80 |
// Check if username already exists |
| 80 |
if( ($iFoundUser = $database->get_one($sql)) != null ) {
|
|
| 81 |
if( ($iFoundUser = $oDb->getOne($sql)) != null ) {
|
|
| 81 | 82 |
if($iFoundUser) {
|
| 82 |
msgQueue::add($mLang->MESSAGE_USERS_USERNAME_TAKEN);
|
|
| 83 |
msgQueue::add($oTrans->MESSAGE_USERS_USERNAME_TAKEN);
|
|
| 83 | 84 |
} |
| 84 | 85 |
} |
| 85 | 86 |
|
| 86 | 87 |
if(strlen($password) < $iMinPassLength ) {
|
| 87 |
msgQueue::add($mLang->MESSAGE_USERS_PASSWORD_TOO_SHORT);
|
|
| 88 |
msgQueue::add($oTrans->MESSAGE_USERS_PASSWORD_TOO_SHORT);
|
|
| 88 | 89 |
} |
| 89 | 90 |
|
| 90 | 91 |
$pattern = '/[^'.$admin->password_chars.']/'; |
| 91 | 92 |
if (preg_match($pattern, $password)) {
|
| 92 |
msgQueue::add($mLang->MESSAGE_PREFERENCES_INVALID_CHARS);
|
|
| 93 |
msgQueue::add($oTrans->MESSAGE_PREFERENCES_INVALID_CHARS);
|
|
| 93 | 94 |
} |
| 94 | 95 |
|
| 95 | 96 |
if(($password != $password2) ) {
|
| 96 |
msgQueue::add($mLang->MESSAGE__USERS_PASSWORD_MISMATCH);
|
|
| 97 |
msgQueue::add($oTrans->MESSAGE__USERS_PASSWORD_MISMATCH);
|
|
| 97 | 98 |
} |
| 98 | 99 |
|
| 99 | 100 |
// |
| 100 | 101 |
// check that display_name is unique in whoole system (prevents from User-faking) |
| 101 |
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
|
|
| 102 |
$sql = 'SELECT COUNT(*) FROM `'.$oDb->TablePrefix.'users` ';
|
|
| 102 | 103 |
$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$display_name.'"'; |
| 103 |
if( ($iFoundUser = intval($database->get_one($sql))) > 0 ){
|
|
| 104 |
msgQueue::add($mLang->MESSAGE_USERS_USERNAME_TAKEN.' ('.$mLang->TEXT_DISPLAY_NAME.')');
|
|
| 104 |
if( ($iFoundUser = intval($oDb->getOne($sql))) > 0 ){
|
|
| 105 |
msgQueue::add($oTrans->MESSAGE_USERS_USERNAME_TAKEN.' ('.$oTrans->TEXT_DISPLAY_NAME.')');
|
|
| 105 | 106 |
} else {
|
| 106 | 107 |
if($display_name == '') {
|
| 107 |
msgQueue::add($mLang->MESSAGE_GENERIC_FILL_IN_ALL.' ('.$mLang->TEXT_DISPLAY_NAME.')');
|
|
| 108 |
msgQueue::add($oTrans->MESSAGE_GENERIC_FILL_IN_ALL.' ('.$oTrans->TEXT_DISPLAY_NAME.')');
|
|
| 108 | 109 |
} |
| 109 | 110 |
} |
| 110 | 111 |
|
| 111 | 112 |
if(findStringInFileList($display_name, dirname(__FILE__).'/disallowedNames')) {
|
| 112 |
msgQueue::add( $mLang->TEXT_ERROR.' '.$mLang->TEXT_DISPLAY_NAME.' ('.$display_name.')' );
|
|
| 113 |
msgQueue::add( $oTrans->TEXT_ERROR.' '.$oTrans->TEXT_DISPLAY_NAME.' ('.$display_name.')' );
|
|
| 113 | 114 |
} |
| 114 | 115 |
|
| 115 | 116 |
if($email != "") |
| 116 | 117 |
{
|
| 117 | 118 |
if($admin->validate_email($email) == false) |
| 118 | 119 |
{
|
| 119 |
msgQueue::add($mLang->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
|
|
| 120 |
msgQueue::add($oTrans->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
|
|
| 120 | 121 |
} |
| 121 | 122 |
} else { // e-mail must be present
|
| 122 |
msgQueue::add($mLang->MESSAGE_SIGNUP_NO_EMAIL);
|
|
| 123 |
msgQueue::add($oTrans->MESSAGE_SIGNUP_NO_EMAIL);
|
|
| 123 | 124 |
} |
| 124 | 125 |
|
| 125 |
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '.
|
|
| 126 |
$sql = 'SELECT COUNT(*) FROM `'.$oDb->TablePrefix.'users` '.
|
|
| 126 | 127 |
'WHERE `email` LIKE \''.$email.'\' '; |
| 127 | 128 |
|
| 128 | 129 |
// Check if the email already exists |
| 129 |
if( ($iFoundUser = $database->get_one($sql)) != null ) {
|
|
| 130 |
if( ($iFoundUser = $oDb->getOne($sql)) != null ) {
|
|
| 130 | 131 |
if($iFoundUser) {
|
| 131 |
if(isset($mLang->MESSAGE_USERS_EMAIL_TAKEN))
|
|
| 132 |
if(isset($oTrans->MESSAGE_USERS_EMAIL_TAKEN))
|
|
| 132 | 133 |
{
|
| 133 |
msgQueue::add($mLang->MESSAGE_USERS_EMAIL_TAKEN.' ('.$email.')');
|
|
| 134 |
msgQueue::add($oTrans->MESSAGE_USERS_EMAIL_TAKEN.' ('.$email.')');
|
|
| 134 | 135 |
} else {
|
| 135 |
msgQueue::add($mLang->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
|
|
| 136 |
msgQueue::add($oTrans->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
|
|
| 136 | 137 |
} |
| 137 | 138 |
} |
| 138 | 139 |
} |
| ... | ... | |
| 150 | 151 |
$sHomeFolder = WB_PATH.MEDIA_DIRECTORY.'/home/'.( media_filename($username) ); |
| 151 | 152 |
if ( sizeof(createFolderProtectFile( $sHomeFolder )) ) |
| 152 | 153 |
{
|
| 153 |
msgQueue::add($mLang->MESSAGE_MEDIA_DIR_NOT_MADE.' ('.basename($sHomeFolder).') ' );
|
|
| 154 |
msgQueue::add($oTrans->MESSAGE_MEDIA_DIR_NOT_MADE.' ('.basename($sHomeFolder).') ' );
|
|
| 154 | 155 |
} |
| 155 | 156 |
} |
| 156 | 157 |
// Inser the user into the database |
| 157 |
$sql = 'INSERT INTO `'.TABLE_PREFIX.'users` SET '.
|
|
| 158 |
$sql = 'INSERT INTO `'.$oDb->TablePrefix.'users` SET '.
|
|
| 158 | 159 |
'`group_id` = '.intval($group_id).', '. |
| 159 |
'`groups_id` = \''.$database->escapeString($groups_id).'\', '.
|
|
| 160 |
'`groups_id` = \''.$oDb->escapeString($groups_id).'\', '.
|
|
| 160 | 161 |
'`active` = '.intval($active).', '. |
| 161 |
'`username` = \''.$database->escapeString($username).'\', '.
|
|
| 162 |
'`username` = \''.$oDb->escapeString($username).'\', '.
|
|
| 162 | 163 |
'`password` = \''.md5($password).'\', '. |
| 163 |
'`confirm_code` = \''.$database->escapeString($confirm_code).'\', '.
|
|
| 164 |
'`confirm_code` = \''.$oDb->escapeString($confirm_code).'\', '.
|
|
| 164 | 165 |
'`confirm_timeout` = '.intval($confirm_timeout).', '. |
| 165 |
'`remember_key` = \''.$database->escapeString($remember_key).'\', '.
|
|
| 166 |
'`remember_key` = \''.$oDb->escapeString($remember_key).'\', '.
|
|
| 166 | 167 |
'`last_reset` = '.intval($last_reset).', '. |
| 167 |
'`display_name` = \''.$database->escapeString($display_name).'\', '.
|
|
| 168 |
'`email` = \''.$database->escapeString($email).'\', '.
|
|
| 168 |
'`display_name` = \''.$oDb->escapeString($display_name).'\', '.
|
|
| 169 |
'`email` = \''.$oDb->escapeString($email).'\', '.
|
|
| 169 | 170 |
'`timezone` = '.intval($timezone).', '. |
| 170 |
'`date_format` = \''.$database->escapeString($date_format).'\', '.
|
|
| 171 |
'`time_format` = \''.$database->escapeString($time_format).'\', '.
|
|
| 172 |
'`language` = \''.$database->escapeString($language).'\', '.
|
|
| 173 |
'`home_folder` = \''.$database->escapeString($home_folder).'\', '.
|
|
| 171 |
'`date_format` = \''.$oDb->escapeString($date_format).'\', '.
|
|
| 172 |
'`time_format` = \''.$oDb->escapeString($time_format).'\', '.
|
|
| 173 |
'`language` = \''.$oDb->escapeString($language).'\', '.
|
|
| 174 |
'`home_folder` = \''.$oDb->escapeString($home_folder).'\', '.
|
|
| 174 | 175 |
'`login_when` = '.intval($login_when).', '. |
| 175 |
'`login_ip` = \''.$database->escapeString($login_ip).'\' '.
|
|
| 176 |
'`login_ip` = \''.$oDb->escapeString($login_ip).'\' '.
|
|
| 176 | 177 |
''; |
| 177 |
if($database->query($sql)) {
|
|
| 178 |
msgQueue::add($mLang->MESSAGE_USERS_ADDED, true);
|
|
| 178 |
if($oDb->doQuery($sql)) {
|
|
| 179 |
msgQueue::add($oTrans->MESSAGE_USERS_ADDED, true);
|
|
| 179 | 180 |
$bRetVal = true; |
| 180 | 181 |
} |
| 181 |
if($database->is_error()) {
|
|
| 182 |
msgQueue::add( implode('<br />',explode(';',$database->get_error())) );
|
|
| 182 |
if($oDb->isError()) {
|
|
| 183 |
msgQueue::add( implode('<br />',explode(';',$oDb->getError())) );
|
|
| 183 | 184 |
} |
| 184 | 185 |
} else {
|
| 185 |
msgQueue::add($mLang->HEADING_ADD_USER.' '.$mLang->MESSAGE_GENERIC_NOT_COMPARE);
|
|
| 186 |
msgQueue::add($oTrans->HEADING_ADD_USER.' '.$oTrans->MESSAGE_GENERIC_NOT_COMPARE);
|
|
| 186 | 187 |
|
| 187 | 188 |
} |
| 188 | 189 |
return $bRetVal; |
Also available in: Unified diff
! activate class Translate for all addons in admin/ (except pages/)
! class.admin >> add translation of the current theme to Translate