/**
* Quick Add user submit trigger
*/
public function AddSubmitTrigger()
{
$e107cache = e107::getCache();
$userMethods = e107::getUserSession();
$mes = e107::getMessage();
$sql = e107::getDb();
$e_event = e107::getEvent();
$admin_log = e107::getAdminLog();
if (!$_POST['ac'] == md5(ADMINPWCHANGE)) {
exit;
}
$e107cache->clear('online_menu_member_total');
$e107cache->clear('online_menu_member_newest');
$error = false;
if (isset($_POST['generateloginname'])) {
$_POST['loginname'] = $userMethods->generateUserLogin($pref['predefinedLoginName']);
}
$_POST['password2'] = $_POST['password1'] = $_POST['password'];
// Now validate everything
$allData = validatorClass::validateFields($_POST, $userMethods->userVettingInfo, true);
// Fix Display and user name
if (!check_class($pref['displayname_class'], $allData['data']['user_class'])) {
if ($allData['data']['user_name'] != $allData['data']['user_loginname']) {
$allData['data']['user_name'] = $allData['data']['user_loginname'];
$mes->addWarning(str_replace('[x]', $allData['data']['user_loginname'], USRLAN_237));
//$allData['errors']['user_name'] = ERR_FIELDS_DIFFERENT;
}
}
// Do basic validation
validatorClass::checkMandatory('user_name, user_loginname', $allData);
// Check for missing fields (email done in userValidation() )
validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', 0);
// Do basic DB-related checks
$userMethods->userValidation($allData);
// Do user-specific DB checks
if (!isset($allData['errors']['user_password'])) {
// No errors in password - keep it outside the main data array
$savePassword = $allData['data']['user_password'];
// Delete the password value in the output array
unset($allData['data']['user_password']);
}
// Restrict the scope of this
unset($_POST['password2'], $_POST['password1']);
if (count($allData['errors'])) {
$temp = validatorClass::makeErrorList($allData, 'USER_ERR_', '%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo);
$mes->addError($temp);
$error = true;
}
// Always save some of the entered data - then we can redisplay on error
$user_data =& $allData['data'];
if ($error) {
$this->setParam('user_data', $user_data);
return;
}
if (varset($_POST['perms'])) {
$allData['data']['user_admin'] = 1;
$allData['data']['user_perms'] = implode('.', $_POST['perms']);
}
$user_data['user_password'] = $userMethods->HashPassword($savePassword, $user_data['user_login']);
$user_data['user_join'] = time();
if ($userMethods->needEmailPassword()) {
// Save separate password encryption for use with email address
$user_prefs = e107::getArrayStorage()->unserialize($user_data['user_prefs']);
$user_prefs['email_password'] = $userMethods->HashPassword($savePassword, $user_data['user_email']);
$user_data['user_prefs'] = e107::getArrayStorage()->serialize($user_prefs);
unset($user_prefs);
}
$userMethods->userClassUpdate($allData['data'], 'userall');
//FIXME - (SecretR) there is a better way to fix this (missing default value, sql error in strict mode - user_realm is to be deleted from DB later)
$allData['data']['user_realm'] = '';
// Set any initial classes
$userMethods->addNonDefaulted($user_data);
validatorClass::addFieldTypes($userMethods->userVettingInfo, $allData);
$userid = $sql->insert('user', $allData);
if ($userid) {
$sysuser = e107::getSystemUser(false, false);
$sysuser->setData($allData['data']);
$sysuser->setId($userid);
$user_data['user_id'] = $userid;
// Add to admin log
e107::getLog()->add('USET_02', "UName: {$user_data['user_name']}; Email: {$user_data['user_email']}", E_LOG_INFORMATIVE);
// Add to user audit trail
e107::getLog()->user_audit(USER_AUDIT_ADD_ADMIN, $user_data, 0, $user_data['user_loginname']);
e107::getEvent()->trigger('userfull', $user_data);
e107::getEvent()->trigger('admin_user_created', $user_data);
// send everything available for user data - bit sparse compared with user-generated signup
if (isset($_POST['sendconfemail'])) {
$check = false;
// Send confirmation email to user
switch ((int) $_POST['sendconfemail']) {
case 0:
// activate, don't notify
$check = -1;
break;
case 1:
// activate and send password
$check = $sysuser->email('quickadd', array('user_password' => $savePassword, 'mail_subject' => USRLAN_187 . SITENAME, 'activation_url' => USRLAN_238));
break;
case 2:
// require activation and send password and activation link
$sysuser->set('user_ban', 2)->set('user_sess', e_user_model::randomKey())->save();
$check = $sysuser->email('quickadd', array('user_password' => $savePassword, 'mail_subject' => USRLAN_187 . SITENAME, 'activation_url' => SITEURL . "signup.php?activate." . $sysuser->getId() . "." . $sysuser->getValue('sess')));
break;
}
if ($check && $check !== -1) {
$mes->addSuccess(USRLAN_188);
} elseif (!$check) {
$mes->addError(USRLAN_189);
}
}
// $message = str_replace('--NAME--', htmlspecialchars($user_data['user_name'], ENT_QUOTES, CHARSET), USRLAN_174);
$message = USRLAN_172;
$mes->addSuccess($message)->addSuccess(USRLAN_128 . ': <strong>' . htmlspecialchars($user_data['user_loginname'], ENT_QUOTES, CHARSET) . '</strong>');
$mes->addSuccess(LAN_PASSWORD . ': <strong>' . htmlspecialchars($savePassword, ENT_QUOTES, CHARSET) . '</strong>');
return;
} else {
$mes->addError(LAN_CREATED_FAILED);
$mes->addError($sql->getLastErrorText());
}
}
// avatar uploaded - give it a reference which identifies it as server-stored
// Vetting routines will do resizing and so on
$_POST['image'] = '-upload-' . $upload['name'];
} elseif ($upload['name'] && $upload['index'] == 'photo' && $pref['photo_upload']) {
// photograph uploaded
$_POST['user_sess'] = '-upload-' . $upload['name'];
} elseif (isset($upload['error']) && isset($upload['message'])) {
$extraErrors[] = $upload['message'];
}
}
}
}
// Now validate everything - just check everything that's been entered
$allData = validatorClass::validateFields($_POST, $userMethods->userVettingInfo, TRUE);
// Do basic validation
validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', $inp);
// Do basic DB-related checks
$userMethods->userValidation($allData);
// Do user-specific DB checks
$savePassword = '';
if ($_POST['password1'] != '' || $_POST['password2'] != '') {
// Need to validate new password here
if (!isset($allData['errors']['user_password'])) {
// No errors in password yet - may be valid
$savePassword = $allData['data']['user_password'];
unset($allData['data']['user_password']);
// Delete the password value in the output array
}
} else {
unset($allData['errors']['user_password']);
// Delete the error which an empty password field generates
function addUser()
{
$e107cache = e107::getCache();
$userMethods = e107::getUserSession();
$mes = e107::getMessage();
$sql = e107::getDb();
$e_event = e107::getEvent();
global $admin_log;
if (!$_POST['ac'] == md5(ADMINPWCHANGE)) {
exit;
}
$e107cache->clear('online_menu_member_total');
$e107cache->clear('online_menu_member_newest');
$error = false;
if (isset($_POST['generateloginname'])) {
$_POST['loginname'] = $userMethods->generateUserLogin($pref['predefinedLoginName']);
}
/*
if (isset ($_POST['generatepassword']))
{
$_POST['password1'] = $userMethods->generateRandomString('**********');
// 10-char password should be enough
$_POST['password2'] = $_POST['password1'];
}
*/
$_POST['password2'] = $_POST['password1'];
// Now validate everything
$allData = validatorClass::validateFields($_POST, $userMethods->userVettingInfo, true);
// Do basic validation
validatorClass::checkMandatory('user_name,user_loginname', $allData);
// Check for missing fields (email done in userValidation() )
validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', 0);
// Do basic DB-related checks
$userMethods->userValidation($allData);
// Do user-specific DB checks
if (!isset($allData['errors']['user_password'])) {
// No errors in password - keep it outside the main data array
$savePassword = $allData['data']['user_password'];
unset($allData['data']['user_password']);
// Delete the password value in the output array
}
unset($_POST['password1']);
// Restrict the scope of this
unset($_POST['password2']);
if (!check_class($pref['displayname_class'], $allData['data']['user_class'])) {
if ($allData['data']['user_name'] != $allData['data']['user_loginname']) {
$allData['errors']['user_name'] = ERR_FIELDS_DIFFERENT;
}
}
if (count($allData['errors'])) {
// require_once (e_HANDLER."message_handler.php");
$temp = validatorClass::makeErrorList($allData, 'USER_ERR_', '%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo);
// message_handler('P_ALERT',$temp);
$mes->addError($temp);
$error = true;
}
// Always save some of the entered data - then we can redisplay on error
$user_data =& $allData['data'];
if (!$error) {
if (varset($_POST['perms'])) {
$allData['data']['user_admin'] = 1;
$allData['data']['user_perms'] = implode('.', $_POST['perms']);
}
$message = '';
$user_data['user_password'] = $userMethods->HashPassword($savePassword, $user_data['user_login']);
$user_data['user_join'] = time();
if ($userMethods->needEmailPassword()) {
// Save separate password encryption for use with email address
$user_data['user_prefs'] = serialize(array('email_password' => $userMethods->HashPassword($savePassword, $user_data['user_email'])));
}
$userMethods->userClassUpdate($allData['data'], 'userall');
// Set any initial classes
$userMethods->addNonDefaulted($user_data);
validatorClass::addFieldTypes($userMethods->userVettingInfo, $allData);
//FIXME - (SecretR) there is a better way to fix this (missing default value, sql error in strict mode - user_realm is to be deleted from DB later)
$allData['data']['user_realm'] = '';
if ($sql->db_Insert('user', $allData)) {
// Add to admin log
$admin_log->log_event('USET_02', "UName: {$user_data['user_name']}; Email: {$user_data['user_email']}", E_LOG_INFORMATIVE);
// Add to user audit trail
$admin_log->user_audit(USER_AUDIT_ADD_ADMIN, $user_data, 0, $user_data['user_loginname']);
$e_event->trigger('userfull', $user_data);
// send everything available for user data - bit sparse compared with user-generated signup
if (isset($_POST['sendconfemail'])) {
// Send confirmation email to user
require_once e_HANDLER . 'mail.php';
include_once e107::coreTemplatePath('email', 'front');
//correct way to load a core template.
if (!isset($QUICKADDUSER_TEMPLATE)) {
$QUICKADDUSER_TEMPLATE = USRLAN_185 . USRLAN_186;
}
$var_search = array('{SITEURL}', '{LOGIN}', '{USERNAME}', '{PASSWORD}', '{EMAIL}');
$var_replace = array(SITEURL, $user_data['user_name'], $user_data['user_login'], $savePassword, $user_data['user_email']);
$e_message = str_replace($var_search, $var_replace, $QUICKADDUSER_TEMPLATE);
if (sendemail($user_data['user_email'], USRLAN_187 . SITEURL, $e_message, $user_data['user_login'], '', '')) {
$message = USRLAN_188 . '<br /><br />';
} else {
$message = USRLAN_189 . '<br /><br />';
}
}
$message .= str_replace('--NAME--', $user_data['user_name'], USRLAN_174);
if (isset($_POST['generateloginname'])) {
$message .= '<br /><br />' . USRLAN_173 . ': ' . $user_data['user_login'];
}
if (isset($_POST['generatepassword'])) {
$message .= '<br /><br />' . USRLAN_172 . ': ' . $savePassword;
}
unset($user_data);
// Don't recycle the data once the user's been accepted without error
}
$mes->addSuccess($message);
} else {
}
// $mes = e107::getMessage();
}
