function create_user()
{
global $conn, $config, $lang;
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$security = false;
if ($config["demo_mode"] != 1 && $_SESSION['edit_all_users'] == 'yes' || $_SESSION['admin_privs'] == 'yes') {
$security = true;
}
$display = '';
if ($security === true) {
// create the user
if ($_POST['edit_user_pass'] != $_POST['edit_user_pass2']) {
$display .= '<p>' . $lang['user_creation_password_identical'] . '</p>';
$display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>';
} elseif ($_POST['edit_user_pass'] == "") {
$display .= '<p>' . $lang['user_creation_password_blank'] . '</p>';
$display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>';
} elseif ($_POST['edit_user_name'] == "") {
$display .= '<p>' . $lang['user_editor_need_username'] . '</p>';
$display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>';
} elseif ($_POST['user_email'] == "") {
$display .= '<p>' . $lang['user_editor_need_email_address'] . '</p>';
$display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>';
} elseif ($_POST['user_first_name'] == "") {
$display .= '<p>' . $lang['user_editor_need_first_name'] . '</p>';
$display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>';
} elseif ($_POST['user_last_name'] == "") {
$display .= '<p>' . $lang['user_editor_need_last_name'] . '</p>';
$display .= '<form><input type="button" value="' . $lang['back_button_text'] . '" onclick="history.back()" /></form>';
} else {
$sql_user_name = $misc->make_db_safe($_POST['edit_user_name']);
$sql_user_email = $misc->make_db_safe($_POST['user_email']);
$pass_the_form = "Yes";
// first, make sure the user name isn't in use
$sql = 'SELECT userdb_user_name from ' . $config['table_prefix'] . 'userdb WHERE userdb_user_name = ' . $sql_user_name;
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
$num = $recordSet->RecordCount();
// second, make sure the user eamail isn't in use
$sql2 = 'SELECT userdb_emailaddress from ' . $config['table_prefix'] . 'userdb WHERE userdb_emailaddress = ' . $sql_user_email;
$recordSet2 = $conn->Execute($sql2);
if ($recordSet2 === false) {
$misc->log_error($sql2);
}
$num2 = $recordSet2->RecordCount();
if ($num >= 1) {
$pass_the_form = 'No';
$display .= $lang['user_creation_username_taken'];
} elseif ($num2 >= 1) {
$pass_the_form = 'No';
$display .= $lang['email_address_already_registered'];
}
// end if
if ($pass_the_form == "Yes") {
// what the program should do if the form is valid
// generate a random number to enter in as the password (initially)
// we'll need to know the actual account id to help with retrieving the user
// We will be putting in a random number that we know the value of, we can easily
// retrieve the account id in a few moments
$random_number = $misc->make_db_safe(rand(1, 10000));
$sql_user_name = $misc->make_db_safe($_POST['edit_user_name']);
$md5_user_pass = md5($_POST['edit_user_pass']);
$md5_user_pass = $misc->make_db_safe($md5_user_pass);
$sql_user_email = $misc->make_db_safe($_POST['user_email']);
$sql_user_first_name = $misc->make_db_safe($_POST['user_first_name']);
$sql_user_last_name = $misc->make_db_safe($_POST['user_last_name']);
$sql_edit_active = $misc->make_db_safe($_POST['edit_active']);
$sql_edit_isAgent = $misc->make_db_safe($_POST['edit_isAgent']);
$sql_edit_isAdmin = $misc->make_db_safe($_POST['edit_isAdmin']);
if ($_POST['edit_isAgent'] == 'yes') {
$sql_edit_canEditSiteConfig = $misc->make_db_safe($_POST['edit_canEditSiteConfig']);
$sql_edit_canEditMemberTemplate = $misc->make_db_safe($_POST['edit_canEditMemberTemplate']);
$sql_edit_canEditAgentTemplate = $misc->make_db_safe($_POST['edit_canEditAgentTemplate']);
$sql_edit_canEditListingTemplate = $misc->make_db_safe($_POST['edit_canEditListingTemplate']);
$sql_edit_canFeatureListings = $misc->make_db_safe($_POST['edit_canFeatureListings']);
$sql_edit_canViewLogs = $misc->make_db_safe($_POST['edit_canViewLogs']);
$sql_edit_canModerate = $misc->make_db_safe($_POST['edit_canModerate']);
$sql_edit_canPages = $misc->make_db_safe($_POST['edit_canPages']);
$sql_edit_canVtour = $misc->make_db_safe($_POST['edit_canVtour']);
$sql_edit_canFiles = $misc->make_db_safe($_POST['edit_canFiles']);
$sql_edit_canUserFiles = $misc->make_db_safe($_POST['edit_canUserFiles']);
$sql_limitListings = $misc->make_db_safe($_POST['limitListings']);
$sql_edit_canExportListings = $misc->make_db_safe($_POST['edit_canExportListings']);
$sql_edit_canEditListingExpiration = $misc->make_db_safe($_POST['edit_canEditListingExpiration']);
$sql_edit_canEditAllListings = $misc->make_db_safe($_POST['edit_canEditAllListings']);
$sql_edit_canEditAllUsers = $misc->make_db_safe($_POST['edit_canEditAllUsers']);
$sql_edit_canEditPropertyClasses = $misc->make_db_safe($_POST['edit_canEditPropertyClasses']);
$sql_edit_limitFeaturedListings = $misc->make_db_safe($_POST['edit_limitFeaturedListings']);
$sql_edit_userRank = $misc->make_db_safe($_POST['edit_userRank']);
$sql_edit_canManageAddons = $misc->make_db_safe($_POST['edit_canManageAddons']);
} else {
if ($_POST['edit_isAdmin'] == 'yes') {
$sql_edit_limitFeaturedListings = $misc->make_db_safe('-1');
$sql_edit_userRank = $misc->make_db_safe($_POST['edit_userRank']);
$sql_limitListings = $misc->make_db_safe('-1');
$sql_edit_canEditSiteConfig = $misc->make_db_safe("no");
$sql_edit_canEditMemberTemplate = $misc->make_db_safe("no");
$sql_edit_canEditAgentTemplate = $misc->make_db_safe("no");
$sql_edit_canEditListingTemplate = $misc->make_db_safe("no");
$sql_edit_canFeatureListings = $misc->make_db_safe("no");
$sql_edit_canViewLogs = $misc->make_db_safe("no");
$sql_edit_canModerate = $misc->make_db_safe("no");
$sql_edit_canPages = $misc->make_db_safe("no");
$sql_edit_canVtour = $misc->make_db_safe("no");
$sql_edit_canFiles = $misc->make_db_safe("no");
$sql_edit_canUserFiles = $misc->make_db_safe("no");
$sql_edit_canExportListings = $misc->make_db_safe("no");
$sql_edit_canEditListingExpiration = $misc->make_db_safe("no");
$sql_edit_canEditAllListings = $misc->make_db_safe("no");
$sql_edit_canEditAllUsers = $misc->make_db_safe("no");
$sql_edit_canEditPropertyClasses = $misc->make_db_safe("no");
$sql_edit_canManageAddons = $misc->make_db_safe("no");
} else {
$sql_edit_canEditSiteConfig = $misc->make_db_safe("no");
$sql_edit_canEditMemberTemplate = $misc->make_db_safe("no");
$sql_edit_canEditAgentTemplate = $misc->make_db_safe("no");
$sql_edit_canEditListingTemplate = $misc->make_db_safe("no");
$sql_edit_canFeatureListings = $misc->make_db_safe("no");
$sql_edit_canViewLogs = $misc->make_db_safe("no");
$sql_edit_canModerate = $misc->make_db_safe("no");
$sql_edit_canPages = $misc->make_db_safe("no");
$sql_edit_canVtour = $misc->make_db_safe("no");
$sql_edit_canFiles = $misc->make_db_safe("no");
$sql_edit_canUserFiles = $misc->make_db_safe("no");
$sql_edit_canExportListings = $misc->make_db_safe("no");
$sql_edit_canEditListingExpiration = $misc->make_db_safe("no");
$sql_edit_canEditAllListings = $misc->make_db_safe("no");
$sql_edit_canEditAllUsers = $misc->make_db_safe("no");
$sql_limitListings = 0;
$sql_edit_limitFeaturedListings = 0;
$sql_edit_userRank = 0;
$sql_edit_canEditPropertyClasses = $misc->make_db_safe("no");
$sql_edit_canManageAddons = $misc->make_db_safe("no");
}
}
// create the account with the random number as the password
$sql = 'INSERT INTO ' . $config['table_prefix'] . 'userdb (userdb_user_name, userdb_user_password,userdb_user_first_name ,userdb_user_last_name, userdb_emailAddress,
userdb_creation_date,userdb_last_modified,userdb_active,userdb_is_agent,userdb_is_admin,userdb_can_edit_member_template,
userdb_can_edit_agent_template,userdb_can_edit_listing_template,userdb_can_feature_listings,userdb_can_view_logs,
userdb_can_moderate,userdb_can_edit_pages,userdb_can_have_vtours,userdb_can_have_files,userdb_can_have_user_files,userdb_limit_listings,userdb_comments,userdb_hit_count,
userdb_can_edit_expiration,userdb_can_export_listings,userdb_can_edit_all_users,userdb_can_edit_all_listings,userdb_can_edit_site_config,userdb_can_edit_property_classes,userdb_can_manage_addons,userdb_rank,userdb_featuredlistinglimit) VALUES
(' . $sql_user_name . ',' . $random_number . ',' . $sql_user_first_name . ',' . $sql_user_last_name . ',' . $sql_user_email . ',' . $conn->DBDate(time()) . ',' . $conn->DBTimeStamp(time()) . ',' . $sql_edit_active . ',' . $sql_edit_isAgent . ',' . $sql_edit_isAdmin . ',' . $sql_edit_canEditMemberTemplate . ',' . $sql_edit_canEditAgentTemplate . ',' . $sql_edit_canEditListingTemplate . ',' . $sql_edit_canFeatureListings . ',' . $sql_edit_canViewLogs . ',' . $sql_edit_canModerate . ',' . $sql_edit_canPages . ',' . $sql_edit_canVtour . ',' . $sql_edit_canFiles . ',' . $sql_edit_canUserFiles . ',' . $sql_limitListings . ',\'\',0,' . $sql_edit_canEditListingExpiration . ',' . $sql_edit_canExportListings . ',' . $sql_edit_canEditAllUsers . ',' . $sql_edit_canEditAllListings . ',' . $sql_edit_canEditSiteConfig . ',' . $sql_edit_canEditPropertyClasses . ',' . $sql_edit_canManageAddons . ',' . $sql_edit_userRank . ',' . $sql_edit_limitFeaturedListings . ')';
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// then we need to retrieve the new user id
$sql = 'SELECT userdb_id FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_user_password = '******'userdb_id'];
// this is the new user's ID number
$recordSet->MoveNext();
}
// end while
// now it's time to replace the password
$sql = 'UPDATE ' . $config['table_prefix'] . 'userdb SET userdb_user_password = '******' WHERE userdb_id = ' . $new_user_id;
$recordSet = $conn->Execute($sql);
if ($recordSet === false) {
$misc->log_error($sql);
}
// now that that's taken care of, it's time to insert all the rest
// of the variables into the database;
$display .= '<p>' . $lang['user_editor_creation_success'] . ': ' . $_POST['edit_user_name'] . '</p>';
$display .= user_managment::edit_user($new_user_id);
return $display;
}
}
}
return $display;
}
