/**
* @param $tpl iMSCP_pTemplate
* @return void
*/
function add_user($tpl)
{
/** @var $cfg iMSCP_Config_Handler_File */
$cfg = iMSCP_Registry::get('config');
if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_user') {
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddUser);
if (check_user_data()) {
$upass = cryptPasswordWithSalt(clean_input($_POST['password']));
$user_id = $_SESSION['user_id'];
$username = clean_input($_POST['username']);
$fname = clean_input($_POST['fname']);
$lname = clean_input($_POST['lname']);
$gender = clean_input($_POST['gender']);
$firm = clean_input($_POST['firm']);
$zip = clean_input($_POST['zip']);
$city = clean_input($_POST['city']);
$state = clean_input($_POST['state']);
$country = clean_input($_POST['country']);
$email = clean_input($_POST['email']);
$phone = clean_input($_POST['phone']);
$fax = clean_input($_POST['fax']);
$street1 = clean_input($_POST['street1']);
$street2 = clean_input($_POST['street2']);
if (get_gender_by_code($gender, true) === null) {
$gender = '';
}
$query = "\n\t\t\t\tINSERT INTO `admin` (\n\t\t\t\t\t`admin_name`, `admin_pass`, `admin_type`, `domain_created`, `created_by`, `fname`, `lname`, `firm`,\n\t\t\t\t\t`zip`, `city`, `state`, `country`, `email`, `phone`, `fax`, `street1`, `street2`, `gender`\n\t\t\t\t) VALUES (\n\t\t\t\t\t?, ?, 'admin', unix_timestamp(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?\n\t\t\t\t)\n\t\t\t";
exec_query($query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender));
/** @var $db iMSCP_Database */
$db = iMSCP_Registry::get('db');
$new_admin_id = $db->insertId();
$user_logged = $_SESSION['user_logged'];
write_log("{$user_logged}: add admin: {$username}", E_USER_WARNING);
$user_def_lang = $cfg->USER_INITIAL_LANG;
$user_theme_color = $cfg->USER_INITIAL_THEME;
$query = "\n\t\t\t\tREPLACE INTO `user_gui_props` (\n\t\t\t\t\t`user_id`, `lang`, `layout`\n\t\t\t\t) VALUES (\n\t\t\t\t\t?, ?, ?\n\t\t\t\t)\n\t\t\t";
exec_query($query, array($new_admin_id, $user_def_lang, $user_theme_color));
iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddUser);
send_add_user_auto_msg($user_id, clean_input($_POST['username']), clean_input($_POST['password']), clean_input($_POST['email']), clean_input($_POST['fname']), clean_input($_POST['lname']), tr('Administrator'));
//$_SESSION['user_added'] = 1;
set_page_message(tr('Admin account successfully created.'), 'success');
redirectTo('manage_users.php');
} else {
// check user data
$tpl->assign(array('EMAIL' => clean_input($_POST['email'], true), 'USERNAME' => clean_input($_POST['username'], true), 'FIRST_NAME' => clean_input($_POST['fname'], true), 'LAST_NAME' => clean_input($_POST['lname'], true), 'FIRM' => clean_input($_POST['firm'], true), 'ZIP' => clean_input($_POST['zip'], true), 'CITY' => clean_input($_POST['city'], true), 'STATE' => clean_input($_POST['state'], true), 'COUNTRY' => clean_input($_POST['country'], true), 'STREET_1' => clean_input($_POST['street1'], true), 'STREET_2' => clean_input($_POST['street2'], true), 'PHONE' => clean_input($_POST['phone'], true), 'FAX' => clean_input($_POST['fax'], true), 'VL_MALE' => $_POST['gender'] == 'M' ? $cfg->HTML_SELECTED : '', 'VL_FEMALE' => $_POST['gender'] == 'F' ? $cfg->HTML_SELECTED : '', 'VL_UNKNOWN' => $_POST['gender'] == 'U' || empty($_POST['gender']) ? $cfg->HTML_SELECTED : ''));
}
} else {
$tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'STATE' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => '', 'VL_MALE' => '', 'VL_FEMALE' => '', 'VL_UNKNOWN' => $cfg->HTML_SELECTED));
}
}
/**
* @param EasySCP_TemplateEngine $tpl
*/
function add_user($tpl)
{
$cfg = EasySCP_Registry::get('Config');
$sql = EasySCP_Registry::get('Db');
if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_user') {
if (check_user_data()) {
$upass = crypt_user_pass($_POST['pass']);
$user_id = $_SESSION['user_id'];
$username = clean_input($_POST['username']);
$fname = clean_input($_POST['fname']);
$lname = clean_input($_POST['lname']);
$gender = clean_input($_POST['gender']);
$firm = clean_input($_POST['firm']);
$zip = clean_input($_POST['zip']);
$city = clean_input($_POST['city']);
$state = clean_input($_POST['state']);
$country = clean_input($_POST['country']);
$email = clean_input($_POST['email']);
$phone = clean_input($_POST['phone']);
$fax = clean_input($_POST['fax']);
$street1 = clean_input($_POST['street1']);
$street2 = clean_input($_POST['street2']);
if (get_gender_by_code($gender, true) === null) {
$gender = '';
}
$query = "\n\t\t\t\tINSERT INTO `admin`\n\t\t\t\t\t(\n\t\t\t\t\t\t`admin_name`,\n\t\t\t\t\t\t`admin_pass`,\n\t\t\t\t\t\t`admin_type`,\n\t\t\t\t\t\t`domain_created`,\n\t\t\t\t\t\t`created_by`,\n\t\t\t\t\t\t`fname`,\n\t\t\t\t\t\t`lname`,\n\t\t\t\t\t\t`firm`,\n\t\t\t\t\t\t`zip`,\n\t\t\t\t\t\t`city`,\n\t\t\t\t\t\t`state`,\n\t\t\t\t\t\t`country`,\n\t\t\t\t\t\t`email`,\n\t\t\t\t\t\t`phone`,\n\t\t\t\t\t\t`fax`,\n\t\t\t\t\t\t`street1`,\n\t\t\t\t\t\t`street2`,\n\t\t\t\t\t\t`gender`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t'admin',\n\t\t\t\t\t\tunix_timestamp(),\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?\n\t\t\t\t\t)\n\t\t\t";
exec_query($sql, $query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender));
$new_admin_id = $sql->insertId();
$user_logged = $_SESSION['user_logged'];
write_log("{$user_logged}: add admin: {$username}");
$user_def_lang = $_SESSION['user_def_lang'];
$user_theme_color = $_SESSION['user_theme'];
$query = "\n\t\t\t\tINSERT INTO `user_gui_props` (\n\t\t\t\t\t`user_id`,\n\t\t\t\t\t`lang`,\n\t\t\t\t\t`layout`\n\t\t\t\t) VALUES (?,?,?)\n\t\t\t";
exec_query($sql, $query, array($new_admin_id, $user_def_lang, $user_theme_color));
send_add_user_auto_msg($user_id, clean_input($_POST['username']), clean_input($_POST['pass']), clean_input($_POST['email']), clean_input($_POST['fname']), clean_input($_POST['lname']), tr('Administrator'), $gender);
$_SESSION['user_added'] = 1;
user_goto('manage_users.php');
} else {
// check user data
$tpl->assign(array('EMAIL' => clean_input($_POST['email'], true), 'USERNAME' => clean_input($_POST['username'], true), 'FIRST_NAME' => clean_input($_POST['fname'], true), 'LAST_NAME' => clean_input($_POST['lname'], true), 'FIRM' => clean_input($_POST['firm'], true), 'ZIP' => clean_input($_POST['zip'], true), 'CITY' => clean_input($_POST['city'], true), 'STATE' => clean_input($_POST['state'], true), 'COUNTRY' => clean_input($_POST['country'], true), 'STREET_1' => clean_input($_POST['street1'], true), 'STREET_2' => clean_input($_POST['street2'], true), 'PHONE' => clean_input($_POST['phone'], true), 'FAX' => clean_input($_POST['fax'], true), 'VL_MALE' => $_POST['gender'] == 'M' ? $cfg->HTML_SELECTED : '', 'VL_FEMALE' => $_POST['gender'] == 'F' ? $cfg->HTML_SELECTED : '', 'VL_UNKNOWN' => $_POST['gender'] == 'U' || empty($_POST['gender']) ? $cfg->HTML_SELECTED : ''));
}
} else {
$tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'STATE' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => '', 'VL_MALE' => '', 'VL_FEMALE' => '', 'VL_UNKNOWN' => $cfg->HTML_SELECTED));
}
// end else
}
/**
* Check user data
*
* @param bool $noPass If true skip password check
* @return bool True if user data are valid, false otherwise
*/
function check_ruser_data($noPass = false)
{
global $password, $passwordRepeat, $email, $customerId, $firstName, $lastName, $gender, $firm, $street1, $street2, $zip, $city, $state, $country, $phone, $fax, $domainIp;
// Get data for fields from previous page
if (isset($_POST['userpassword'])) {
$password = clean_input($_POST['userpassword']);
} else {
$password = '';
}
if (isset($_POST['userpassword_repeat'])) {
$passwordRepeat = clean_input($_POST['userpassword_repeat']);
} else {
$passwordRepeat = '';
}
if (isset($_POST['useremail'])) {
$email = clean_input($_POST['useremail']);
} else {
$email = '';
}
if (isset($_POST['useruid'])) {
$customerId = clean_input($_POST['useruid']);
} else {
$customerId = '';
}
if (isset($_POST['userfname'])) {
$firstName = clean_input($_POST['userfname']);
} else {
$firstName = '';
}
if (isset($_POST['userlname'])) {
$lastName = clean_input($_POST['userlname']);
} else {
$lastName = '';
}
if (isset($_POST['gender']) && get_gender_by_code($_POST['gender'], true) !== null) {
$gender = $_POST['gender'];
} else {
$gender = 'U';
}
if (isset($_POST['userfirm'])) {
$firm = clean_input($_POST['userfirm']);
} else {
$firm = '';
}
if (isset($_POST['userstreet1'])) {
$street1 = clean_input($_POST['userstreet1']);
} else {
$street1 = '';
}
if (isset($_POST['userstreet2'])) {
$street2 = clean_input($_POST['userstreet2']);
} else {
$street2 = '';
}
if (isset($_POST['userzip'])) {
$zip = clean_input($_POST['userzip']);
} else {
$zip = '';
}
if (isset($_POST['usercity'])) {
$city = clean_input($_POST['usercity']);
} else {
$city = '';
}
if (isset($_POST['userstate'])) {
$state = clean_input($_POST['userstate']);
} else {
$state = '';
}
if (isset($_POST['usercountry'])) {
$country = clean_input($_POST['usercountry']);
} else {
$country = '';
}
if (isset($_POST['userphone'])) {
$phone = clean_input($_POST['userphone']);
} else {
$phone = '';
}
if (isset($_POST['userfax'])) {
$fax = clean_input($_POST['userfax']);
} else {
$fax = '';
}
if (isset($_POST['domain_ip'])) {
$domainIp = clean_input($_POST['domain_ip']);
} else {
$domainIp = '';
}
if (!$noPass) {
if ('' === $passwordRepeat || '' === $password) {
set_page_message(tr('Please fill up both data fields for password.'), 'error');
} elseif ($passwordRepeat !== $password) {
set_page_message(tr("Passwords do not match."), 'error');
} else {
checkPasswordSyntax($password);
}
}
if (!chk_email($email)) {
set_page_message(tr('Incorrect email length or syntax.'), 'error');
}
if ($customerId != '' && strlen($customerId) > 200) {
set_page_message(tr('Customer ID cannot have more than 200 characters'), 'error');
}
if ($firstName != '' && strlen($firstName) > 200) {
set_page_message(tr('First name cannot have more than 200 characters.'), 'error');
}
if ($lastName != '' && strlen($lastName) > 200) {
set_page_message(tr('Last name cannot have more than 200 characters.'), 'error');
}
if ($zip != '' && (strlen($zip) > 200 || is_number(!$zip))) {
set_page_message(tr('Incorrect post code length or syntax!'), 'error');
}
if (Zend_Session::namespaceIsset('pageMessages')) {
return false;
}
return true;
}
/**
* Check validity of input data
*
* @todo check if we can remove out commented code block
*/
function check_ruser_data($tpl, $noPass)
{
global $dmn_name, $hpid, $dmn_user_name;
global $user_email, $customer_id, $first_name;
global $last_name, $firm, $zip, $gender;
global $city, $state, $country, $street_one;
global $street_two, $phone;
global $fax, $inpass, $domain_ip;
$cfg = EasySCP_Registry::get('Config');
$user_add_error = '_off_';
$inpass_re = '';
// Get data for fields from previous page
if (isset($_POST['userpassword'])) {
$inpass = $_POST['userpassword'];
}
if (isset($_POST['userpassword_repeat'])) {
$inpass_re = $_POST['userpassword_repeat'];
}
if (isset($_POST['domain_ip'])) {
$domain_ip = $_POST['domain_ip'];
}
if (isset($_POST['useremail'])) {
$user_email = $_POST['useremail'];
}
if (isset($_POST['useruid'])) {
$customer_id = $_POST['useruid'];
}
if (isset($_POST['userfname'])) {
$first_name = $_POST['userfname'];
}
if (isset($_POST['userlname'])) {
$last_name = $_POST['userlname'];
}
if (isset($_POST['userfirm'])) {
$firm = $_POST['userfirm'];
}
if (isset($_POST['userzip'])) {
$zip = $_POST['userzip'];
}
if (isset($_POST['usercity'])) {
$city = $_POST['usercity'];
}
if (isset($_POST['userstate'])) {
$state = $_POST['userstate'];
}
if (isset($_POST['usercountry'])) {
$country = $_POST['usercountry'];
}
if (isset($_POST['userstreet1'])) {
$street_one = $_POST['userstreet1'];
}
if (isset($_POST['userstreet2'])) {
$street_two = $_POST['userstreet2'];
}
if (isset($_POST['userphone'])) {
$phone = $_POST['userphone'];
}
if (isset($_POST['userfax'])) {
$fax = $_POST['userfax'];
}
if (isset($_POST['gender']) && !is_null(get_gender_by_code($_POST['gender'], true))) {
$gender = $_POST['gender'];
} else {
$gender = '';
}
//if (isset($_SESSION['local_data']))
// list($dmn_name, $hpid, $dmn_user_name) = explode(";", $_SESSION['local_data']);
// Begin checking...
if ('_no_' == $noPass) {
if ('' === $inpass_re || '' === $inpass) {
$user_add_error = tr('Please fill up both data fields for password!');
} else {
if ($inpass_re !== $inpass) {
$user_add_error = tr("Passwords don't match!");
} else {
if (!chk_password($inpass)) {
if ($cfg->PASSWD_STRONG) {
$user_add_error = sprintf(tr('The password must be at least %s long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS);
} else {
$user_add_error = sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS);
}
}
}
}
}
if (is_null($user_email)) {
$user_add_error = tr('Incorrect email length or syntax!');
}
if ($user_add_error == '_off_') {
// send data through session
$_SESSION['Message'] = NULL;
return true;
} else {
$_SESSION['Message'] = $user_add_error;
return false;
}
}
