$_POST['user'], 'pass' => Crypto::hash6($_POST['pass1']), 'fullname' => $_POST['fullname'], 'phone' => $_POST['phone'], 'email' => $_POST['email'], ); if (Database::exec('INSERT INTO user SET login = :user, passwd = :pass, fullname = :fullname, phone = :phone, email = :email', $data) != 1) { Util::traceError('Could not create new user in DB'); } // Make it superadmin if first user. This method sucks as it's a race condition but hey... $ret = Database::queryFirst('SELECT Count(*) AS num FROM user'); if ($ret !== false && $ret['num'] == 1) { Database::exec('UPDATE user SET permissions = 1'); EventLog::clear(); EventLog::info('Created first user ' . $_POST['user']); } else { EventLog::info(User::getName() . ' created user ' . $_POST['user']); } Message::addInfo('adduser-success'); Util::redirect('?do=Session&action=login'); } } } protected function doRender() { // No user was added, check if current user is allowed to add a new user // Currently you can only add users if there is no user yet. :) if (!User::hasPermission('superadmin') && Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) { Message::addError('adduser-disabled'); } else { Render::addTemplate('page-adduser', $_POST); } } }