/** * This action creates a new user. * * Request parameters are: * - new_user_language * - new_user_name * - new_user_passwordPlain * - new_user_email * - r (i.e. a redirection url, optional) * * @todo clean up this method. Idea: write a method to init a user with basic information. * @todo handle r redirection in Minz_Request::forward directly? */ public function createAction() { if (Minz_Request::isPost() && (FreshRSS_Auth::hasAccess('admin') || !max_registrations_reached())) { $db = FreshRSS_Context::$system_conf->db; require_once APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php'; $new_user_language = Minz_Request::param('new_user_language', FreshRSS_Context::$user_conf->language); $languages = Minz_Translate::availableLanguages(); if (!isset($languages[$new_user_language])) { $new_user_language = FreshRSS_Context::$user_conf->language; } $new_user_name = Minz_Request::param('new_user_name'); $ok = $new_user_name != '' && ctype_alnum($new_user_name); if ($ok) { $default_user = FreshRSS_Context::$system_conf->default_user; $ok &= strcasecmp($new_user_name, $default_user) !== 0; //It is forbidden to alter the default user $ok &= !in_array(strtoupper($new_user_name), array_map('strtoupper', listUsers())); //Not an existing user, case-insensitive $configPath = join_path(DATA_PATH, 'users', $new_user_name, 'config.php'); $ok &= !file_exists($configPath); } if ($ok) { $passwordPlain = Minz_Request::param('new_user_passwordPlain', '', true); $passwordHash = ''; if ($passwordPlain != '') { Minz_Request::_param('new_user_passwordPlain'); //Discard plain-text password ASAP $_POST['new_user_passwordPlain'] = ''; if (!function_exists('password_hash')) { include_once LIB_PATH . '/password_compat.php'; } $passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST)); $passwordPlain = ''; $passwordHash = preg_replace('/^\\$2[xy]\\$/', '\\$2a\\$', $passwordHash); //Compatibility with bcrypt.js $ok &= $passwordHash != ''; } if (empty($passwordHash)) { $passwordHash = ''; } $new_user_email = filter_var($_POST['new_user_email'], FILTER_VALIDATE_EMAIL); if (empty($new_user_email)) { $new_user_email = ''; } else { $personaFile = join_path(DATA_PATH, 'persona', $new_user_email . '.txt'); @unlink($personaFile); $ok &= file_put_contents($personaFile, $new_user_name) !== false; } } if ($ok) { mkdir(join_path(DATA_PATH, 'users', $new_user_name)); $config_array = array('language' => $new_user_language, 'passwordHash' => $passwordHash, 'mail_login' => $new_user_email); $ok &= file_put_contents($configPath, "<?php\n return " . var_export($config_array, true) . ';') !== false; } if ($ok) { $userDAO = new FreshRSS_UserDAO(); $ok &= $userDAO->createUser($new_user_name); } invalidateHttpCache(); $notif = array('type' => $ok ? 'good' : 'bad', 'content' => _t('feedback.user.created' . (!$ok ? '.error' : ''), $new_user_name)); Minz_Session::_param('notification', $notif); } $redirect_url = urldecode(Minz_Request::param('r', false, true)); if (!$redirect_url) { $redirect_url = array('c' => 'user', 'a' => 'manage'); } Minz_Request::forward($redirect_url, true); }
private function _language(&$data, $value) { $value = strtolower($value); $languages = Minz_Translate::availableLanguages(); if (!in_array($value, $languages)) { $value = 'en'; } $data['language'] = $value; }
function printStep0() { $actual = Minz_Translate::language(); $languages = Minz_Translate::availableLanguages(); ?> <?php $s0 = checkStep0(); if ($s0['all'] == 'ok') { ?> <p class="alert alert-success"><span class="alert-head"><?php echo _t('gen.short.ok'); ?> </span> <?php echo _t('install.language.defined'); ?> </p> <?php } ?> <form action="index.php?step=0" method="post"> <legend><?php echo _t('install.language.choose'); ?> </legend> <div class="form-group"> <label class="group-name" for="language"><?php echo _t('install.language'); ?> </label> <div class="group-controls"> <select name="language" id="language" tabindex="1" > <?php foreach ($languages as $lang) { ?> <option value="<?php echo $lang; ?> "<?php echo $actual == $lang ? ' selected="selected"' : ''; ?> > <?php echo _t('gen.lang.' . $lang); ?> </option> <?php } ?> </select> </div> </div> <div class="form-group form-actions"> <div class="group-controls"> <button type="submit" class="btn btn-important" tabindex="2" ><?php echo _t('gen.action.submit'); ?> </button> <button type="reset" class="btn" tabindex="3" ><?php echo _t('gen.action.cancel'); ?> </button> <?php if ($s0['all'] == 'ok') { ?> <a class="btn btn-important next-step" href="?step=1" tabindex="4" ><?php echo _t('install.action.next_step'); ?> </a> <?php } ?> </div> </div> </form> <?php }