<?php
class Page_AddUser extends Page
{
protected function doPreprocess()
{
User::load();
if (!User::isShibbolethAuth()) {
Message::addError('Not {{0}}', CONFIG_IDM);
Util::redirect('?do=Main');
}
if (!User::isAdmin()) {
Message::addError('Not admin!');
Util::redirect('?do=Main');
}
// Add?
if (Request::post('action') === 'add') {
$organizationid = Request::post('organization', '');
$firstname = Request::post('firstname', '');
$lastname = Request::post('lastname', '');
$password = Request::post('password', '');
$login = Request::post('login', '');
if (empty($organizationid)) {
Message::addError('Keine Einrichtung gewählt.');
} else if (empty($firstname) || empty($lastname)
|| empty($login) || empty($password)) {
Message::addError('Ein Feld wurde nicht ausgefüllt.');
} else {
// Validate login
if (preg_match('/^[a-z0-9_\.\-]+@([a-z0-9_\.\-]+)$/i', $login, $out)) {
// Complete login
$suffix = $out[1];
} else if (strpos($login, '@') !== false) {
// Has @ but invalid format
Message::addError('Ungültige Syntax für Login');
$suffix = '<invalid>';
} else {
// No @, try add orgid
$suffix = $organizationid;
$login .= "@$suffix";
}
$ok = Database::queryFirst('SELECT organizationid FROM organization_suffix WHERE organizationid = :o AND suffix = :s LIMIT 1', array(
'o' => $organizationid,
's' => $suffix
));
if ($ok === false) {
Message::addError('Login-Suffix @{{0}} ist ungültig.', $suffix);
} else {
Database::exec('INSERT INTO user (userid, password, organizationid, firstname, lastname, email)
VALUES (:userid, :password, :organization, :firstname, :lastname, :email)
ON DUPLICATE KEY UPDATE password = VALUES(password)', array(
'userid' => $login,
'password' => Crypto::hash6($password),
'organization' => $organizationid,
'firstname' => $firstname,
'lastname' => $lastname,
'email' => Request::post('email')
));
Message::addSuccess('Benutzer {{0}} angelegt', $login);
}
}
Util::redirect('?do=Main');
}
}
protected function doRender()
{
// Show mask
$res = Database::simpleQuery('SELECT organizationid, name FROM organization ORDER BY name ASC');
$orgs = array();
$orgs[] = array(
'organizationid' => '',
'name' => ' -- Bitte wählen -- '
);
while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
$orgs[] = $row;
}
Render::addTemplate('adduser/_page', array('orgs' => $orgs));
}
}