diff options
| author | Simon Rettberg | 2016-05-03 19:03:09 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2016-05-03 19:03:09 +0200 |
| commit | 50404f3b23b7fd6aeae4c9d2f6df0ea25e984e66 (patch) | |
| tree | 05e99fdffa696434960d7c77966c0bc36d6339e8 /modules-available/adduser/page.inc.php | |
| parent | Second half of merge.... (diff) | |
| download | slx-admin-50404f3b23b7fd6aeae4c9d2f6df0ea25e984e66.tar.gz slx-admin-50404f3b23b7fd6aeae4c9d2f6df0ea25e984e66.tar.xz slx-admin-50404f3b23b7fd6aeae4c9d2f6df0ea25e984e66.zip | |
WIP
Diffstat (limited to 'modules-available/adduser/page.inc.php')
| -rw-r--r-- | modules-available/adduser/page.inc.php | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/modules-available/adduser/page.inc.php b/modules-available/adduser/page.inc.php new file mode 100644 index 00000000..c236cb6f --- /dev/null +++ b/modules-available/adduser/page.inc.php @@ -0,0 +1,60 @@ +<?php + +class Page_AddUser extends Page +{ + + protected function doPreprocess() + { + User::load(); + + if (isset($_POST['action']) && $_POST['action'] === 'adduser') { + // Check required fields + if (empty($_POST['user']) || empty($_POST['pass1']) || empty($_POST['pass2']) || empty($_POST['fullname'])) { + Message::addError('empty-field'); + Util::redirect('?do=AddUser'); + } elseif ($_POST['pass1'] !== $_POST['pass2']) { + Message::addError('password-mismatch'); + Util::redirect('?do=AddUser'); + } elseif (!User::hasPermission('superadmin') && Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) { + Message::addError('adduser-disabled'); + Util::redirect('?do=Session&action=login'); + } else { + $data = array( + 'user' => $_POST['user'], + 'pass' => Crypto::hash6($_POST['pass1']), + 'fullname' => $_POST['fullname'], + 'phone' => $_POST['phone'], + 'email' => $_POST['email'], + ); + if (Database::exec('INSERT INTO user SET login = :user, passwd = :pass, fullname = :fullname, phone = :phone, email = :email', $data) != 1) { + Util::traceError('Could not create new user in DB'); + } + // Make it superadmin if first user. This method sucks as it's a race condition but hey... + $ret = Database::queryFirst('SELECT Count(*) AS num FROM user'); + if ($ret !== false && $ret['num'] == 1) { + Database::exec('UPDATE user SET permissions = 1'); + EventLog::clear(); + EventLog::info('Created first user ' . $_POST['user']); + } else { + EventLog::info(User::getName() . ' created user ' . $_POST['user']); + } + Message::addInfo('adduser-success'); + Util::redirect('?do=Session&action=login'); + } + } + } + + protected function doRender() + { + // No user was added, check if current user is allowed to add a new user + // Currently you can only add users if there is no user yet. :) + if (!User::hasPermission('superadmin') && Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) { + Message::addError('adduser-disabled'); + } else { + + Render::setTitle(Dictionary::translate('lang_createUser')); + Render::addTemplate('page-adduser', $_POST); + } + } + +} |