summaryrefslogblamecommitdiffstats
path: root/modules/adduser.inc.php
blob: 3e49a78a6f349b40071e4e4e0728c10a207ddb4a (plain) (tree) 
16088083 ^





























01065674 ^

16088083 ^




01065674 ^


16088083 ^








1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

30

31
32
33
34

35
36

37
38
39
40
41
42
43
44





























                                                                                                                                                                         
                                                              



                                                    

                                                                                







                                                                                
<?php

User::load();

if (isset($_POST['action']) && $_POST['action'] === 'adduser') {
	// Check required fields
	if (empty($_POST['user']) || empty($_POST['pass1']) || empty($_POST['pass2']) || empty($_POST['fullname']) || empty($_POST['phone']) || empty($_POST['email'])) {
		Message::addError('empty-field');
	} elseif ($_POST['pass1'] !== $_POST['pass2']) {
		Message::addError('password-mismatch');
	} else {
		$salt = substr(str_replace('+', '.', base64_encode(pack('N4', mt_rand(), mt_rand(), mt_rand(), mt_rand()))), 0, 22);
		$data = array(
			'user'       => $_POST['user'],
			'pass'       => crypt($_POST['pass1'], '$6$' . $salt),
			'fullname'   => $_POST['fullname'],
			'phone'      => $_POST['phone'],
			'email'      => $_POST['email'],
		);
		if (strlen($data['pass']) < 50) Util::traceError('Error hashing password using SHA-512');
		if (Database::exec('INSERT INTO user SET login = :user, passwd = :pass, fullname = :fullname, phone = :phone, email = :email', $data) != 1) {
			Util::traceError('Could not create new user in DB');
		}
		$adduser_success = true;
	}
}

function render_module()
{
	// A user was added. Show success message and bail out
	if (isset($adduser_success)) {
		Message::addInfo('adduser-success');
		return;
	}
	// No user was added, check if current user is allowed to add a new user
	// Currently you can only add users if there is no user yet. :)
	if (Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) {
		Message::addError('adduser-disabled');
	} else {
		Render::setTitle('Benutzer anlegen');
		Render::addTemplate('page-adduser', $_POST);
	}
}
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-17 23:07:15 +0200