summaryrefslogblamecommitdiffstats
path: root/modules/adduser.inc.php
blob: db1b6f27b406da1816daf10288b187f9895a98f4 (plain) (tree) 
16088083 ^


fe6ac164 ^


16088083 ^

fe6ac164 ^


































633e4312 ^

16088083 ^

16088083 ^

fe6ac164 ^







3ea6f0a6 ^

a0d6b81c ^

fe6ac164 ^


3ea6f0a6 ^

16088083 ^

16088083 ^

fe6ac164 ^

1
2

3
4

5

6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

40

41

42

43
44
45
46
47
48
49

50

51

52
53

54

55

56

57


     

                               
 

































                                                                                                                                                                                         
                 
         
 






                                                                                        
 
                                                                                   

                                                                    
                
         
 
 
<?php

class Page_AddUser extends Page
{

	protected function doPreprocess()
	{
		User::load();

		if (isset($_POST['action']) && $_POST['action'] === 'adduser') {
			// Check required fields
			if (empty($_POST['user']) || empty($_POST['pass1']) || empty($_POST['pass2']) || empty($_POST['fullname']) || empty($_POST['phone']) || empty($_POST['email'])) {
				Message::addError('empty-field');
				Util::redirect('?do=AddUser');
			} elseif ($_POST['pass1'] !== $_POST['pass2']) {
				Message::addError('password-mismatch');
				Util::redirect('?do=AddUser');
			} elseif (Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) {
				Message::addError('adduser-disabled');
				Util::redirect('?do=Session&action=login');
			} else {
				$data = array(
					'user'       => $_POST['user'],
					'pass'       => Crypto::hash6($_POST['pass1']),
					'fullname'   => $_POST['fullname'],
					'phone'      => $_POST['phone'],
					'email'      => $_POST['email'],
				);
				if (Database::exec('INSERT INTO user SET login = :user, passwd = :pass, fullname = :fullname, phone = :phone, email = :email', $data) != 1) {
					Util::traceError('Could not create new user in DB');
				}
				// Make it superadmin if first user. This method sucks as it's a race condition but hey...
				$ret = Database::queryFirst('SELECT Count(*) AS num FROM user');
				if ($ret !== false && $ret['num'] == 1) {
					Database::exec('UPDATE user SET permissions = 1');
				}
				Message::addInfo('adduser-success');
				Util::redirect('?do=Session&action=login');
			}
		}
	}

	protected function doRender()
	{
		// No user was added, check if current user is allowed to add a new user
		// Currently you can only add users if there is no user yet. :)
		if (Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) {
			Message::addError('adduser-disabled');
		} else {

			Render::setTitle(Dictionary::translate('lang_createUser'));
			Render::addTemplate('page-adduser', $_POST);
		}
		
	}

}
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-21 01:52:25 +0200