* * This page calls the Add User Controller * * Copyright (c) 2012 OWASP * * LICENSE: * * This file is part of Hackademic CMS (https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project). * * Hackademic CMS is free software: you can redistribute it and/or modify it under the terms of the GNU General Public * License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any * later version. * * Hackademic CMS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more * details. * * You should have received a copy of the GNU General Public License along with Hackademic CMS. If not, see * <http://www.gnu.org/licenses/>. * * * @author Pragya Gupta <pragya18nsit[at]gmail[dot]com> * @author Konstantinos Papapanagiotou <conpap[at]gmail[dot]com> * @license http://www.gnu.org/licenses/gpl.html * @copyright 2012 OWASP * */ require_once "../../init.php"; require_once HACKADEMIC_PATH . "admin/controller/class.AddUserController.php"; $controller = new AddUserController(); echo $controller->go();
public static function post()
{
$page = new Page();
$page->data['title'] = 'Gebruiker toevoegen';
//Validate input
$formTopViewErrMsgs = UserDataFormTopViewValidator::validate($_POST);
$formPasswordViewErrMsgs = UserDataFormPasswordViewValidator::validate($_POST);
$formMiddleViewErrMsgs = UserDataFormMiddleViewValidator::validate($_POST);
//No error means we create a user and password salt
if (empty($formTopViewErrMsgs) && empty($formPasswordViewErrMsgs) && empty($formMiddleViewErrMsgs)) {
$passwordSalt = Random::getGuid();
$user = new User();
$user->email = $_POST['email'];
$user->firstName = ucwords($_POST['first_name']);
$user->lastName = ucwords($_POST['last_name']);
$user->passwordHash = hash_pbkdf2("sha256", $_POST['password'], $passwordSalt, SecurityConfig::N_PASSWORD_HASH_ITERATIONS);
$user->street = ucwords($_POST['street']);
$user->houseNumber = $_POST['house_number'];
$user->city = ucwords($_POST['city']);
$user->postalCode = $_POST['postal_code'];
$user->country = ucwords($_POST['country']);
$user->phone = $_POST['phone'];
$user->dateOfBirth = $_POST['date_of_birth'];
//Add the user
try {
$userId = UserDB::addUser($user, $passwordSalt, $_POST['card_number']);
$page->addView('addRenewUser/addUser/SuccessfullyAddedView');
//Send welcome mail
try {
$failedEmails = Email::sendEmails('WelcomeNewMember.html', 'JH DE Stip - Welkom', EmailConfig::FROM_ADDRESS, [$user], null);
//If failedEmails is not empty the mail was not sent
if (!empty($failedEmails)) {
$page->data['ErrorMessageNoDescriptionNoLinkView']['errorTitle'] = 'Kan welkomstmail niet verzenden.';
$page->addView('error/ErrorMessageNoDescriptionNoLinkView');
}
} catch (Exception $ex) {
$page->data['ErrorMessageNoDescriptionNoLinkView']['errorTitle'] = 'Kan welkomstmail niet verzenden.';
$page->addView('error/ErrorMessageNoDescriptionNoLinkView');
}
//Add money to user's card
try {
$addedUser = UserDB::getFullUserById($userId);
$executingBrowserName = BrowserDB::getBrowserById($_SESSION['Stippers']['browser']->browserId)->name;
$trans = new MoneyTransaction(null, $addedUser->userId, 0, AddOrRenewUserConfig::NEW_OR_RENEWED_USER_BONUS, 0, 0, true, null, $executingBrowserName, null);
MoneyTransactionDB::addTransaction($addedUser, $trans);
} catch (Exception $ex) {
if (isset($page->data['ErrorMessageNoDescriptionNoLinkView']['errorTitle'])) {
$page->data['ErrorMessageNoDescriptionNoLinkView']['errorTitle'] .= ' Kan het saldo van het account niet verhogen, probeer dit handmatig te doen.';
} else {
$page->data['ErrorMessageNoDescriptionNoLinkView']['errorTitle'] = 'Kan het saldo van het account niet verhogen, probeer dit handmatig te doen.';
}
$page->addView('error/ErrorMessageNoDescriptionNoLinkView');
}
} catch (UserDBException $ex) {
AddUserController::buildAddUserPage($page, true);
if ($ex->getCode() == UserDBException::EMAILALREADYEXISTS) {
$page->data['UserDataFormTopView']['errMsgs']['global'] = '<h2 class="error_message" id="user_data_form_error_message">Dit e-mailadres is al in gebruik.</h2>';
} elseif ($ex->getCode() == UserDBException::CARDALREADYUSED) {
$page->data['UserDataFormTopView']['errMsgs']['global'] = '<h2 class="error_message" id="user_data_form_error_message">Dit kaartnummer is al in gebruik.</h2>';
} else {
$page->data['UserDataFormTopView']['errMsgs']['global'] = '<h2 class="error_message" id="user_data_form_error_message">Kan gebruiker niet toevoegen, probeer het opnieuw.</h2>';
}
} catch (Exception $ex) {
AddUserController::buildAddUserPage($page, true);
$page->data['UserDataFormTopView']['errMsgs']['global'] = '<h2 class="error_message" id="user_data_form_error_message">Kan gebruiker niet toevoegen, probeer het opnieuw.</h2>';
}
} else {
AddUserController::buildAddUserPage($page, true);
$page->data['UserDataFormTopView']['errMsgs'] = array_merge($page->data['UserDataFormTopView']['errMsgs'], $formTopViewErrMsgs);
$page->data['UserDataFormPasswordView']['errMsgs'] = array_merge($page->data['UserDataFormPasswordView']['errMsgs'], $formPasswordViewErrMsgs);
$page->data['UserDataFormMiddleView']['errMsgs'] = array_merge($page->data['UserDataFormMiddleView']['errMsgs'], $formMiddleViewErrMsgs);
}
$page->showWithMenu();
}