diff options
| author | Simon Rettberg | 2014-05-23 20:49:02 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2014-05-23 20:49:02 +0200 |
| commit | fe6ac16498b05d0f0c8ed7fda394273815d3d6da (patch) | |
| tree | cadf5f103ef3db7ba1b40d59d85937c998aad22f /modules/adduser.inc.php | |
| parent | Server Setup page (diff) | |
| download | slx-admin-fe6ac16498b05d0f0c8ed7fda394273815d3d6da.tar.gz slx-admin-fe6ac16498b05d0f0c8ed7fda394273815d3d6da.tar.xz slx-admin-fe6ac16498b05d0f0c8ed7fda394273815d3d6da.zip | |
Stuff (WIP)
Diffstat (limited to 'modules/adduser.inc.php')
| -rw-r--r-- | modules/adduser.inc.php | 88 |
1 files changed, 47 insertions, 41 deletions
diff --git a/modules/adduser.inc.php b/modules/adduser.inc.php index 6a5faf3a..19fa5425 100644 --- a/modules/adduser.inc.php +++ b/modules/adduser.inc.php @@ -1,49 +1,55 @@ <?php -User::load(); +class Page_AddUser extends Page +{ -if (isset($_POST['action']) && $_POST['action'] === 'adduser') { - // Check required fields - if (empty($_POST['user']) || empty($_POST['pass1']) || empty($_POST['pass2']) || empty($_POST['fullname']) || empty($_POST['phone']) || empty($_POST['email'])) { - Message::addError('empty-field'); - Util::redirect('?do=AddUser'); - } elseif ($_POST['pass1'] !== $_POST['pass2']) { - Message::addError('password-mismatch'); - Util::redirect('?do=AddUser'); - } elseif (Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) { - Message::addError('adduser-disabled'); - Util::redirect('?do=Session&action=login'); - } else { - $data = array( - 'user' => $_POST['user'], - 'pass' => Crypto::hash6($_POST['pass1']), - 'fullname' => $_POST['fullname'], - 'phone' => $_POST['phone'], - 'email' => $_POST['email'], - ); - if (strlen($data['pass']) < 50) Util::traceError('Error hashing password using SHA-512'); - if (Database::exec('INSERT INTO user SET login = :user, passwd = :pass, fullname = :fullname, phone = :phone, email = :email', $data) != 1) { - Util::traceError('Could not create new user in DB'); - } - // Make it superadmin if first user. This method sucks as it's a race condition but hey... - $ret = Database::queryFirst('SELECT Count(*) AS num FROM user'); - if ($ret !== false && $ret['num'] == 1) { - Database::exec('UPDATE user SET permissions = 1'); + protected function doPreprocess() + { + User::load(); + + if (isset($_POST['action']) && $_POST['action'] === 'adduser') { + // Check required fields + if (empty($_POST['user']) || empty($_POST['pass1']) || empty($_POST['pass2']) || empty($_POST['fullname']) || empty($_POST['phone']) || empty($_POST['email'])) { + Message::addError('empty-field'); + Util::redirect('?do=AddUser'); + } elseif ($_POST['pass1'] !== $_POST['pass2']) { + Message::addError('password-mismatch'); + Util::redirect('?do=AddUser'); + } elseif (Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) { + Message::addError('adduser-disabled'); + Util::redirect('?do=Session&action=login'); + } else { + $data = array( + 'user' => $_POST['user'], + 'pass' => Crypto::hash6($_POST['pass1']), + 'fullname' => $_POST['fullname'], + 'phone' => $_POST['phone'], + 'email' => $_POST['email'], + ); + if (Database::exec('INSERT INTO user SET login = :user, passwd = :pass, fullname = :fullname, phone = :phone, email = :email', $data) != 1) { + Util::traceError('Could not create new user in DB'); + } + // Make it superadmin if first user. This method sucks as it's a race condition but hey... + $ret = Database::queryFirst('SELECT Count(*) AS num FROM user'); + if ($ret !== false && $ret['num'] == 1) { + Database::exec('UPDATE user SET permissions = 1'); + } + Message::addInfo('adduser-success'); + Util::redirect('?do=Session&action=login'); + } } - Message::addInfo('adduser-success'); - Util::redirect('?do=Session&action=login'); } -} -function render_module() -{ - // No user was added, check if current user is allowed to add a new user - // Currently you can only add users if there is no user yet. :) - if (Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) { - Message::addError('adduser-disabled'); - } else { - Render::setTitle('Benutzer anlegen'); - Render::addTemplate('page-adduser', $_POST); + protected function doRender() + { + // No user was added, check if current user is allowed to add a new user + // Currently you can only add users if there is no user yet. :) + if (Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) { + Message::addError('adduser-disabled'); + } else { + Render::setTitle('Benutzer anlegen'); + Render::addTemplate('page-adduser', $_POST); + } } -} +} |