From 47517c76094834d582121b84098c84c0bcb8353f Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 23 Apr 2015 17:40:24 +0200
Subject: Add AddUser mask for creating test accounts

---
 modules/adduser.inc.php | 81 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 modules/adduser.inc.php

(limited to 'modules')

diff --git a/modules/adduser.inc.php b/modules/adduser.inc.php
new file mode 100644
index 0000000..fc0dfa7
--- /dev/null
+++ b/modules/adduser.inc.php
@@ -0,0 +1,81 @@
+<?php
+
+class Page_AddUser extends Page
+{
+
+	protected function doPreprocess()
+	{
+		User::load();
+		if (!User::isShibbolethAuth()) {
+			Message::addError('Not bwIDM');
+			Util::redirect('?do=Main');
+		}
+		if (!User::isAdmin()) {
+			Message::addError('Not admin!');
+			Util::redirect('?do=Main');
+		}
+		// Add?
+		if (Request::post('action') === 'add') {
+			$organizationid = Request::post('organization', '');
+			$firstname = Request::post('firstname', '');
+			$lastname = Request::post('lastname', '');
+			$password = Request::post('password', '');
+			$login = Request::post('login', '');
+			if (empty($organizationid)) {
+				Message::addError('Keine Einrichtung gewählt.');
+			} else if (empty($firstname) || empty($lastname)
+				|| empty($login) || empty($password)) {
+				Message:addError('Ein Feld wurde nicht ausgefüllt.');
+			} else {
+				// Validate login
+				if (preg_match('/^[a-z0-9_\.\-]+@([a-z0-9_\.\-]+)$/i', $login, $out)) {
+					// Complete login
+					$suffix = $out[1];
+				} else if (strpos($login, '@') !== false) {
+					// Has @ but invalid format
+					Message::addError('Ungültige Syntax für Login');
+					$suffix = '<invalid>';
+				} else {
+					// No @, try add orgid
+					$suffix = $organizationid;
+					$login .= "@$suffix";
+				}
+				$ok = Database::queryFirst('SELECT organizationid FROM satellite_suffix WHERE organizationid = :o AND suffix = :s LIMIT 1', array(
+					'o' => $organizationid,
+					's' => $suffix
+				));
+				if ($ok === false) {
+					Message::addError('Login-Suffix @{{0}} ist ungültig.', $suffix);
+				} else {
+					Database::exec('INSERT INTO user (login, password, organizationid, firstname, lastname, email) '
+						. ' VALUES (:login, :password, :organization, :firstname, :lastname, :email)', array(
+							'login' => $login,
+							'password' => Crypto::hash6($password),
+							'organization' => $organizationid,
+							'firstname' => $firstname,
+							'lastname' => $lastname,
+							'email' => Request::post('email')
+						));
+					Message::addSuccess('Benutzer {{0}} angelegt', $login);
+				}
+			}
+			Util::redirect('?do=Main');
+		}
+	}
+
+	protected function doRender()
+	{
+		// Show mask
+		$res = Database::simpleQuery('SELECT organizationid, name FROM satellite ORDER BY name ASC');
+		$orgs = array();
+		$orgs[] = array(
+			'organizationid' => '',
+			'name' => ' -- Bitte wählen -- '
+		);
+		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+			$orgs[] = $row;
+		}
+		Render::addTemplate('adduser/_page', array('orgs' => $orgs));
+	}
+
+}
\ No newline at end of file
-- 
cgit v1.2.3-55-g7522