/** * Action called to post values of a new user. */ public function postnewAction() { // TODO prevent CSRF $this->secure('admin'); $user = new App_Model_User(); $user->setUsername($_POST['username']); $user->setPassword($_POST['password']); $user->setFirstname($_POST['firstname']); $user->setLastname($_POST['lastname']); $user->setIsAdmin($_POST['is_admin'] == 'on'); $user->setEmail($_POST['email']); if (0 === count($user->isValid())) { $user->save(); return redirect_to('/admin/users'); } else { $errors = ''; foreach ($user->isValid() as $error) { $errors .= $error . "<br />"; } flash_now('error', $errors); return $this->createAction(); } }