From 50404f3b23b7fd6aeae4c9d2f6df0ea25e984e66 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 3 May 2016 19:03:09 +0200
Subject: WIP

---
 modules-available/adduser/page.inc.php | 60 ++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 modules-available/adduser/page.inc.php

(limited to 'modules-available/adduser/page.inc.php')

diff --git a/modules-available/adduser/page.inc.php b/modules-available/adduser/page.inc.php
new file mode 100644
index 00000000..c236cb6f
--- /dev/null
+++ b/modules-available/adduser/page.inc.php
@@ -0,0 +1,60 @@
+<?php
+
+class Page_AddUser extends Page
+{
+
+	protected function doPreprocess()
+	{
+		User::load();
+
+		if (isset($_POST['action']) && $_POST['action'] === 'adduser') {
+			// Check required fields
+			if (empty($_POST['user']) || empty($_POST['pass1']) || empty($_POST['pass2']) || empty($_POST['fullname'])) {
+				Message::addError('empty-field');
+				Util::redirect('?do=AddUser');
+			} elseif ($_POST['pass1'] !== $_POST['pass2']) {
+				Message::addError('password-mismatch');
+				Util::redirect('?do=AddUser');
+			} elseif (!User::hasPermission('superadmin') && Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) {
+				Message::addError('adduser-disabled');
+				Util::redirect('?do=Session&action=login');
+			} else {
+				$data = array(
+					'user' => $_POST['user'],
+					'pass' => Crypto::hash6($_POST['pass1']),
+					'fullname' => $_POST['fullname'],
+					'phone' => $_POST['phone'],
+					'email' => $_POST['email'],
+				);
+				if (Database::exec('INSERT INTO user SET login = :user, passwd = :pass, fullname = :fullname, phone = :phone, email = :email', $data) != 1) {
+					Util::traceError('Could not create new user in DB');
+				}
+				// Make it superadmin if first user. This method sucks as it's a race condition but hey...
+				$ret = Database::queryFirst('SELECT Count(*) AS num FROM user');
+				if ($ret !== false && $ret['num'] == 1) {
+					Database::exec('UPDATE user SET permissions = 1');
+					EventLog::clear();
+					EventLog::info('Created first user ' . $_POST['user']);
+				} else {
+					EventLog::info(User::getName() . ' created user ' . $_POST['user']);
+				}
+				Message::addInfo('adduser-success');
+				Util::redirect('?do=Session&action=login');
+			}
+		}
+	}
+
+	protected function doRender()
+	{
+		// No user was added, check if current user is allowed to add a new user
+		// Currently you can only add users if there is no user yet. :)
+		if (!User::hasPermission('superadmin') && Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) {
+			Message::addError('adduser-disabled');
+		} else {
+
+			Render::setTitle(Dictionary::translate('lang_createUser'));
+			Render::addTemplate('page-adduser', $_POST);
+		}
+	}
+
+}
-- 
cgit v1.2.3-55-g7522