diff options
| author | Simon Rettberg | 2014-10-06 19:28:27 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2014-10-06 19:28:27 +0200 |
| commit | b16c272a6a4d0e24576cb02f128a07605d5dd731 (patch) | |
| tree | 6a6fef614e0a6a451761c0e18005ee664f988110 /modules/adduser.inc.php | |
| parent | Implement force utf8 option for mysql db (diff) | |
| download | slx-admin-b16c272a6a4d0e24576cb02f128a07605d5dd731.tar.gz slx-admin-b16c272a6a4d0e24576cb02f128a07605d5dd731.tar.xz slx-admin-b16c272a6a4d0e24576cb02f128a07605d5dd731.zip | |
use eventlog when creating users; show info on main page if no user was created yet
Diffstat (limited to 'modules/adduser.inc.php')
| -rw-r--r-- | modules/adduser.inc.php | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/modules/adduser.inc.php b/modules/adduser.inc.php index db1b6f27..47b0745c 100644 --- a/modules/adduser.inc.php +++ b/modules/adduser.inc.php @@ -9,22 +9,22 @@ class Page_AddUser extends Page if (isset($_POST['action']) && $_POST['action'] === 'adduser') { // Check required fields - if (empty($_POST['user']) || empty($_POST['pass1']) || empty($_POST['pass2']) || empty($_POST['fullname']) || empty($_POST['phone']) || empty($_POST['email'])) { + if (empty($_POST['user']) || empty($_POST['pass1']) || empty($_POST['pass2']) || empty($_POST['fullname'])) { Message::addError('empty-field'); Util::redirect('?do=AddUser'); } elseif ($_POST['pass1'] !== $_POST['pass2']) { Message::addError('password-mismatch'); Util::redirect('?do=AddUser'); - } elseif (Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) { + } elseif (!User::hasPermission('superadmin') && Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) { Message::addError('adduser-disabled'); Util::redirect('?do=Session&action=login'); } else { $data = array( - 'user' => $_POST['user'], - 'pass' => Crypto::hash6($_POST['pass1']), - 'fullname' => $_POST['fullname'], - 'phone' => $_POST['phone'], - 'email' => $_POST['email'], + 'user' => $_POST['user'], + 'pass' => Crypto::hash6($_POST['pass1']), + 'fullname' => $_POST['fullname'], + 'phone' => $_POST['phone'], + 'email' => $_POST['email'], ); if (Database::exec('INSERT INTO user SET login = :user, passwd = :pass, fullname = :fullname, phone = :phone, email = :email', $data) != 1) { Util::traceError('Could not create new user in DB'); @@ -33,6 +33,9 @@ class Page_AddUser extends Page $ret = Database::queryFirst('SELECT Count(*) AS num FROM user'); if ($ret !== false && $ret['num'] == 1) { Database::exec('UPDATE user SET permissions = 1'); + EventLog::info('Created first user ' . $_POST['user']); + } else { + EventLog::info(User::getName() . ' created user ' . $_POST['user']); } Message::addInfo('adduser-success'); Util::redirect('?do=Session&action=login'); @@ -44,14 +47,13 @@ class Page_AddUser extends Page { // No user was added, check if current user is allowed to add a new user // Currently you can only add users if there is no user yet. :) - if (Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) { + if (!User::hasPermission('superadmin') && Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) { Message::addError('adduser-disabled'); } else { Render::setTitle(Dictionary::translate('lang_createUser')); Render::addTemplate('page-adduser', $_POST); } - } } |