diff options
Diffstat (limited to 'modules/adduser.inc.php')
| -rw-r--r-- | modules/adduser.inc.php | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/modules/adduser.inc.php b/modules/adduser.inc.php new file mode 100644 index 0000000..fc0dfa7 --- /dev/null +++ b/modules/adduser.inc.php @@ -0,0 +1,81 @@ +<?php + +class Page_AddUser extends Page +{ + + protected function doPreprocess() + { + User::load(); + if (!User::isShibbolethAuth()) { + Message::addError('Not bwIDM'); + Util::redirect('?do=Main'); + } + if (!User::isAdmin()) { + Message::addError('Not admin!'); + Util::redirect('?do=Main'); + } + // Add? + if (Request::post('action') === 'add') { + $organizationid = Request::post('organization', ''); + $firstname = Request::post('firstname', ''); + $lastname = Request::post('lastname', ''); + $password = Request::post('password', ''); + $login = Request::post('login', ''); + if (empty($organizationid)) { + Message::addError('Keine Einrichtung gewählt.'); + } else if (empty($firstname) || empty($lastname) + || empty($login) || empty($password)) { + Message:addError('Ein Feld wurde nicht ausgefüllt.'); + } else { + // Validate login + if (preg_match('/^[a-z0-9_\.\-]+@([a-z0-9_\.\-]+)$/i', $login, $out)) { + // Complete login + $suffix = $out[1]; + } else if (strpos($login, '@') !== false) { + // Has @ but invalid format + Message::addError('Ungültige Syntax für Login'); + $suffix = '<invalid>'; + } else { + // No @, try add orgid + $suffix = $organizationid; + $login .= "@$suffix"; + } + $ok = Database::queryFirst('SELECT organizationid FROM satellite_suffix WHERE organizationid = :o AND suffix = :s LIMIT 1', array( + 'o' => $organizationid, + 's' => $suffix + )); + if ($ok === false) { + Message::addError('Login-Suffix @{{0}} ist ungültig.', $suffix); + } else { + Database::exec('INSERT INTO user (login, password, organizationid, firstname, lastname, email) ' + . ' VALUES (:login, :password, :organization, :firstname, :lastname, :email)', array( + 'login' => $login, + 'password' => Crypto::hash6($password), + 'organization' => $organizationid, + 'firstname' => $firstname, + 'lastname' => $lastname, + 'email' => Request::post('email') + )); + Message::addSuccess('Benutzer {{0}} angelegt', $login); + } + } + Util::redirect('?do=Main'); + } + } + + protected function doRender() + { + // Show mask + $res = Database::simpleQuery('SELECT organizationid, name FROM satellite ORDER BY name ASC'); + $orgs = array(); + $orgs[] = array( + 'organizationid' => '', + 'name' => ' -- Bitte wählen -- ' + ); + while ($row = $res->fetch(PDO::FETCH_ASSOC)) { + $orgs[] = $row; + } + Render::addTemplate('adduser/_page', array('orgs' => $orgs)); + } + +}
\ No newline at end of file |