function adminRegister() { if (User::isLoggedIn() && (User::isAdmin() || User::isSuperAdmin())) { global $error; $use_captcha = true; global $obj_smarty; $bln_success = false; $arr_submit = array(array('lastname', 'textonly', true, ''), array('password', 'string', true, ''), array('username', 'string', true, ''), array('email', 'string', true, '')); $frm_submitted = validate_var($arr_submit); if (!$error) { global $obj_db; $arr_user = null; // check if username does not exist $str_query = 'SELECT * FROM `users` ' . ' WHERE `username` = "' . $frm_submitted['username'] . '"'; $res1 = mysqli_query($obj_db, $str_query); if ($res1 !== false) { $arr_user = mysqli_fetch_array($res1, MYSQLI_ASSOC); } if (!is_null($arr_user) && !empty($res1)) { echo 'Username already exists'; } else { // check mailaddress $str_query = 'SELECT * FROM `users` ' . ' WHERE `email` = "' . $frm_submitted['email'] . '"'; $res2 = mysqli_query($obj_db, $str_query); if ($res2 !== false) { $arr_user2 = mysqli_fetch_array($res2, MYSQLI_ASSOC); } if (!is_null($arr_user2) && !empty($res2)) { echo 'Email already exists'; } else { $bln_success = User::adminRegister($frm_submitted, true); } if ($bln_success === false) { echo 'Admin must be logged in'; } } } else { echo $error; } if ($bln_success) { echo 'User inserted successfully'; } } else { echo 'No admin is logged in or you have no rights to do this'; } }
function quickAddUser() { if (User::isLoggedIn() && (User::isAdmin() || User::isSuperAdmin())) { global $error; $use_captcha = true; global $obj_smarty; $bln_success = false; $msg = ''; $arr_submit = array(array('firstname', 'textonly', false, ''), array('infix', 'string', false, ''), array('lastname', 'textonly', true, ''), array('password', 'string', true, ''), array('username', 'string', true, ''), array('email', 'string', true, '')); $frm_submitted = validate_var($arr_submit); if (!$error || is_null($error)) { global $obj_db; $arr_user = null; // check if username does not exist $str_query = 'SELECT * FROM `users` ' . ' WHERE `username` = "' . $frm_submitted['username'] . '"'; $res1 = mysqli_query($obj_db, $str_query); if ($res1 !== false) { $arr_user = mysqli_fetch_array($res1, MYSQLI_ASSOC); } if (!is_null($arr_user) && !empty($res1)) { $error = 'Username already exists'; } else { // check mailaddress $str_query = 'SELECT * FROM `users` ' . ' WHERE `email` = "' . $frm_submitted['email'] . '"'; $res2 = mysqli_query($obj_db, $str_query); if ($res2 !== false) { $arr_user2 = mysqli_fetch_array($res2, MYSQLI_ASSOC); } if (!is_null($arr_user2) && !empty($res2)) { $error = 'Email already exists'; } else { $bln_success = User::adminRegister($frm_submitted, true); if ($bln_success === false) { $error = 'Admin must be logged in'; } } } } else { //echo $error; } if ($bln_success) { $msg = 'User inserted successfully'; } } else { $error = 'No admin is logged in or you have no rights to do this'; } if (!empty($error)) { $obj_smarty->assign('active', 'quick_new_user'); $obj_smarty->assign('error', $error); $obj_smarty->assign('values', $frm_submitted); $obj_smarty->display(FULLCAL_DIR . '/view/admin_panel.tpl'); exit; } else { header('location: ' . FULLCAL_URL . '/admin/users'); exit; } }