diff options
Diffstat (limited to 'modules/adduser')
| -rw-r--r-- | modules/adduser/config.json | 4 | ||||
| -rw-r--r-- | modules/adduser/module.inc.php | 60 | ||||
| -rw-r--r-- | modules/adduser/templates/page-adduser.html | 28 |
3 files changed, 92 insertions, 0 deletions
diff --git a/modules/adduser/config.json b/modules/adduser/config.json new file mode 100644 index 00000000..d5da4cc8 --- /dev/null +++ b/modules/adduser/config.json @@ -0,0 +1,4 @@ +{ + "category":"hidden", + "enabled":"true" +} diff --git a/modules/adduser/module.inc.php b/modules/adduser/module.inc.php new file mode 100644 index 00000000..c236cb6f --- /dev/null +++ b/modules/adduser/module.inc.php @@ -0,0 +1,60 @@ +<?php + +class Page_AddUser extends Page +{ + + protected function doPreprocess() + { + User::load(); + + if (isset($_POST['action']) && $_POST['action'] === 'adduser') { + // Check required fields + if (empty($_POST['user']) || empty($_POST['pass1']) || empty($_POST['pass2']) || empty($_POST['fullname'])) { + Message::addError('empty-field'); + Util::redirect('?do=AddUser'); + } elseif ($_POST['pass1'] !== $_POST['pass2']) { + Message::addError('password-mismatch'); + Util::redirect('?do=AddUser'); + } elseif (!User::hasPermission('superadmin') && Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) { + Message::addError('adduser-disabled'); + Util::redirect('?do=Session&action=login'); + } else { + $data = array( + 'user' => $_POST['user'], + 'pass' => Crypto::hash6($_POST['pass1']), + 'fullname' => $_POST['fullname'], + 'phone' => $_POST['phone'], + 'email' => $_POST['email'], + ); + if (Database::exec('INSERT INTO user SET login = :user, passwd = :pass, fullname = :fullname, phone = :phone, email = :email', $data) != 1) { + Util::traceError('Could not create new user in DB'); + } + // Make it superadmin if first user. This method sucks as it's a race condition but hey... + $ret = Database::queryFirst('SELECT Count(*) AS num FROM user'); + if ($ret !== false && $ret['num'] == 1) { + Database::exec('UPDATE user SET permissions = 1'); + EventLog::clear(); + EventLog::info('Created first user ' . $_POST['user']); + } else { + EventLog::info(User::getName() . ' created user ' . $_POST['user']); + } + Message::addInfo('adduser-success'); + Util::redirect('?do=Session&action=login'); + } + } + } + + protected function doRender() + { + // No user was added, check if current user is allowed to add a new user + // Currently you can only add users if there is no user yet. :) + if (!User::hasPermission('superadmin') && Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) { + Message::addError('adduser-disabled'); + } else { + + Render::setTitle(Dictionary::translate('lang_createUser')); + Render::addTemplate('page-adduser', $_POST); + } + } + +} diff --git a/modules/adduser/templates/page-adduser.html b/modules/adduser/templates/page-adduser.html new file mode 100644 index 00000000..0b097890 --- /dev/null +++ b/modules/adduser/templates/page-adduser.html @@ -0,0 +1,28 @@ +<form class="form-adduser" action="?do=AddUser" method="post"> + <input type="text" name="prevent_autofill" id="prevent_autofill" value="" style="display:none;"> + <input type="password" name="password_fake" id="password_fake" value="" style="display:none;"> + <h2 class="form-signin-heading">{{lang_createUser}}</h2> + <div class="row"> + <div class="col-md-4">{{lang_username}} *</div> + <div class="col-md-4"><input type="text" name="user" value="{{user}}" class="form-control" placeholder="{{lang_username}}" autofocus></div> + </div> + <div class="row"> + <div class="col-md-4">{{lang_password}} *</div> + <div class="col-md-4"><input type="password" name="pass1" class="form-control" placeholder="{{lang_password}}"></div> + <div class="col-md-4"><input type="password" name="pass2" class="form-control" placeholder="{{lang_confirmation}}"></div> + </div> + <div class="row"> + <div class="col-md-4">{{lang_fullName}} *</div> + <div class="col-md-4"><input type="text" name="fullname" value="{{fullname}}" class="form-control" placeholder="{{lang_fullName}}"></div> + </div> + <div class="row"> + <div class="col-md-4">{{lang_telephone}}</div> + <div class="col-md-4"><input type="text" name="phone" value="{{phone}}" class="form-control" placeholder="{{lang_telephone}}"></div> + </div> + <div class="row"> + <div class="col-md-4">E-Mail</div> + <div class="col-md-4"><input type="text" name="email" value="{{email}}" class="form-control" placeholder="E-Mail"></div> + </div> + <button class="btn btn-lg btn-primary btn-block" type="submit">{{lang_createUser}}</button> + <input type="hidden" name="action" value="adduser"> +</form>
\ No newline at end of file |