function create_user() { global $conn, $config, $lang; require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); $security = false; if ($config["demo_mode"] != 1 && $_SESSION['edit_all_users'] == 'yes' || $_SESSION['admin_privs'] == 'yes') { $security = true; } $display = ''; if ($security === true) { // create the user if ($_POST['edit_user_pass'] != $_POST['edit_user_pass2']) { $display .= '<p>' . $lang['user_creation_password_identical'] . '</p>'; $display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>'; } elseif ($_POST['edit_user_pass'] == "") { $display .= '<p>' . $lang['user_creation_password_blank'] . '</p>'; $display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>'; } elseif ($_POST['edit_user_name'] == "") { $display .= '<p>' . $lang['user_editor_need_username'] . '</p>'; $display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>'; } elseif ($_POST['user_email'] == "") { $display .= '<p>' . $lang['user_editor_need_email_address'] . '</p>'; $display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>'; } elseif ($_POST['user_first_name'] == "") { $display .= '<p>' . $lang['user_editor_need_first_name'] . '</p>'; $display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>'; } elseif ($_POST['user_last_name'] == "") { $display .= '<p>' . $lang['user_editor_need_last_name'] . '</p>'; $display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>'; } else { $sql_user_name = $misc->make_db_safe($_POST['edit_user_name']); $sql_user_email = $misc->make_db_safe($_POST['user_email']); $pass_the_form = "Yes"; // first, make sure the user name isn't in use $sql = 'SELECT userdb_user_name from ' . $config['table_prefix'] . 'userdb WHERE userdb_user_name = ' . $sql_user_name; $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } $num = $recordSet->RecordCount(); // second, make sure the user eamail isn't in use $sql2 = 'SELECT userdb_emailaddress from ' . $config['table_prefix'] . 'userdb WHERE userdb_emailaddress = ' . $sql_user_email; $recordSet2 = $conn->Execute($sql2); if ($recordSet2 === false) { $misc->log_error($sql2); } $num2 = $recordSet2->RecordCount(); if ($num >= 1) { $pass_the_form = 'No'; $display .= $lang['user_creation_username_taken']; } elseif ($num2 >= 1) { $pass_the_form = 'No'; $display .= $lang['email_address_already_registered']; } // end if if ($pass_the_form == "Yes") { // what the program should do if the form is valid // generate a random number to enter in as the password (initially) // we'll need to know the actual account id to help with retrieving the user // We will be putting in a random number that we know the value of, we can easily // retrieve the account id in a few moments $random_number = $misc->make_db_safe(rand(1, 10000)); $sql_user_name = $misc->make_db_safe($_POST['edit_user_name']); $md5_user_pass = md5($_POST['edit_user_pass']); $md5_user_pass = $misc->make_db_safe($md5_user_pass); $sql_user_email = $misc->make_db_safe($_POST['user_email']); $sql_user_first_name = $misc->make_db_safe($_POST['user_first_name']); $sql_user_last_name = $misc->make_db_safe($_POST['user_last_name']); $sql_edit_active = $misc->make_db_safe($_POST['edit_active']); $sql_edit_isAgent = $misc->make_db_safe($_POST['edit_isAgent']); $sql_edit_isAdmin = $misc->make_db_safe($_POST['edit_isAdmin']); if ($_POST['edit_isAgent'] == 'yes') { $sql_edit_canEditSiteConfig = $misc->make_db_safe($_POST['edit_canEditSiteConfig']); $sql_edit_canEditMemberTemplate = $misc->make_db_safe($_POST['edit_canEditMemberTemplate']); $sql_edit_canEditAgentTemplate = $misc->make_db_safe($_POST['edit_canEditAgentTemplate']); $sql_edit_canEditListingTemplate = $misc->make_db_safe($_POST['edit_canEditListingTemplate']); $sql_edit_canFeatureListings = $misc->make_db_safe($_POST['edit_canFeatureListings']); $sql_edit_canViewLogs = $misc->make_db_safe($_POST['edit_canViewLogs']); $sql_edit_canModerate = $misc->make_db_safe($_POST['edit_canModerate']); $sql_edit_canPages = $misc->make_db_safe($_POST['edit_canPages']); $sql_edit_canVtour = $misc->make_db_safe($_POST['edit_canVtour']); $sql_edit_canFiles = $misc->make_db_safe($_POST['edit_canFiles']); $sql_edit_canUserFiles = $misc->make_db_safe($_POST['edit_canUserFiles']); $sql_limitListings = $misc->make_db_safe($_POST['limitListings']); $sql_edit_canExportListings = $misc->make_db_safe($_POST['edit_canExportListings']); $sql_edit_canEditListingExpiration = $misc->make_db_safe($_POST['edit_canEditListingExpiration']); $sql_edit_canEditAllListings = $misc->make_db_safe($_POST['edit_canEditAllListings']); $sql_edit_canEditAllUsers = $misc->make_db_safe($_POST['edit_canEditAllUsers']); $sql_edit_canEditPropertyClasses = $misc->make_db_safe($_POST['edit_canEditPropertyClasses']); $sql_edit_limitFeaturedListings = $misc->make_db_safe($_POST['edit_limitFeaturedListings']); $sql_edit_userRank = $misc->make_db_safe($_POST['edit_userRank']); $sql_edit_canManageAddons = $misc->make_db_safe($_POST['edit_canManageAddons']); } else { if ($_POST['edit_isAdmin'] == 'yes') { $sql_edit_limitFeaturedListings = $misc->make_db_safe('-1'); $sql_edit_userRank = $misc->make_db_safe($_POST['edit_userRank']); $sql_limitListings = $misc->make_db_safe('-1'); $sql_edit_canEditSiteConfig = $misc->make_db_safe("no"); $sql_edit_canEditMemberTemplate = $misc->make_db_safe("no"); $sql_edit_canEditAgentTemplate = $misc->make_db_safe("no"); $sql_edit_canEditListingTemplate = $misc->make_db_safe("no"); $sql_edit_canFeatureListings = $misc->make_db_safe("no"); $sql_edit_canViewLogs = $misc->make_db_safe("no"); $sql_edit_canModerate = $misc->make_db_safe("no"); $sql_edit_canPages = $misc->make_db_safe("no"); $sql_edit_canVtour = $misc->make_db_safe("no"); $sql_edit_canFiles = $misc->make_db_safe("no"); $sql_edit_canUserFiles = $misc->make_db_safe("no"); $sql_edit_canExportListings = $misc->make_db_safe("no"); $sql_edit_canEditListingExpiration = $misc->make_db_safe("no"); $sql_edit_canEditAllListings = $misc->make_db_safe("no"); $sql_edit_canEditAllUsers = $misc->make_db_safe("no"); $sql_edit_canEditPropertyClasses = $misc->make_db_safe("no"); $sql_edit_canManageAddons = $misc->make_db_safe("no"); } else { $sql_edit_canEditSiteConfig = $misc->make_db_safe("no"); $sql_edit_canEditMemberTemplate = $misc->make_db_safe("no"); $sql_edit_canEditAgentTemplate = $misc->make_db_safe("no"); $sql_edit_canEditListingTemplate = $misc->make_db_safe("no"); $sql_edit_canFeatureListings = $misc->make_db_safe("no"); $sql_edit_canViewLogs = $misc->make_db_safe("no"); $sql_edit_canModerate = $misc->make_db_safe("no"); $sql_edit_canPages = $misc->make_db_safe("no"); $sql_edit_canVtour = $misc->make_db_safe("no"); $sql_edit_canFiles = $misc->make_db_safe("no"); $sql_edit_canUserFiles = $misc->make_db_safe("no"); $sql_edit_canExportListings = $misc->make_db_safe("no"); $sql_edit_canEditListingExpiration = $misc->make_db_safe("no"); $sql_edit_canEditAllListings = $misc->make_db_safe("no"); $sql_edit_canEditAllUsers = $misc->make_db_safe("no"); $sql_limitListings = 0; $sql_edit_limitFeaturedListings = 0; $sql_edit_userRank = 0; $sql_edit_canEditPropertyClasses = $misc->make_db_safe("no"); $sql_edit_canManageAddons = $misc->make_db_safe("no"); } } // create the account with the random number as the password $sql = 'INSERT INTO ' . $config['table_prefix'] . 'userdb (userdb_user_name, userdb_user_password,userdb_user_first_name ,userdb_user_last_name, userdb_emailAddress, userdb_creation_date,userdb_last_modified,userdb_active,userdb_is_agent,userdb_is_admin,userdb_can_edit_member_template, userdb_can_edit_agent_template,userdb_can_edit_listing_template,userdb_can_feature_listings,userdb_can_view_logs, userdb_can_moderate,userdb_can_edit_pages,userdb_can_have_vtours,userdb_can_have_files,userdb_can_have_user_files,userdb_limit_listings,userdb_comments,userdb_hit_count, userdb_can_edit_expiration,userdb_can_export_listings,userdb_can_edit_all_users,userdb_can_edit_all_listings,userdb_can_edit_site_config,userdb_can_edit_property_classes,userdb_can_manage_addons,userdb_rank,userdb_featuredlistinglimit) VALUES (' . $sql_user_name . ',' . $random_number . ',' . $sql_user_first_name . ',' . $sql_user_last_name . ',' . $sql_user_email . ',' . $conn->DBDate(time()) . ',' . $conn->DBTimeStamp(time()) . ',' . $sql_edit_active . ',' . $sql_edit_isAgent . ',' . $sql_edit_isAdmin . ',' . $sql_edit_canEditMemberTemplate . ',' . $sql_edit_canEditAgentTemplate . ',' . $sql_edit_canEditListingTemplate . ',' . $sql_edit_canFeatureListings . ',' . $sql_edit_canViewLogs . ',' . $sql_edit_canModerate . ',' . $sql_edit_canPages . ',' . $sql_edit_canVtour . ',' . $sql_edit_canFiles . ',' . $sql_edit_canUserFiles . ',' . $sql_limitListings . ',\'\',0,' . $sql_edit_canEditListingExpiration . ',' . $sql_edit_canExportListings . ',' . $sql_edit_canEditAllUsers . ',' . $sql_edit_canEditAllListings . ',' . $sql_edit_canEditSiteConfig . ',' . $sql_edit_canEditPropertyClasses . ',' . $sql_edit_canManageAddons . ',' . $sql_edit_userRank . ',' . $sql_edit_limitFeaturedListings . ')'; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // then we need to retrieve the new user id $sql = 'SELECT userdb_id FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_user_password = '******'userdb_id']; // this is the new user's ID number $recordSet->MoveNext(); } // end while // now it's time to replace the password $sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_user_password = '******' WHERE userdb_id = ' . $new_user_id; $recordSet = $conn->Execute($sql); if ($recordSet === false) { $misc->log_error($sql); } // now that that's taken care of, it's time to insert all the rest // of the variables into the database; $display .= '<p>' . $lang['user_editor_creation_success'] . ': ' . $_POST['edit_user_name'] . '</p>'; $display .= user_managment::edit_user($new_user_id); return $display; } } } return $display; }