/** * Quick Add user submit trigger */ public function AddSubmitTrigger() { $e107cache = e107::getCache(); $userMethods = e107::getUserSession(); $mes = e107::getMessage(); $sql = e107::getDb(); $e_event = e107::getEvent(); $admin_log = e107::getAdminLog(); if (!$_POST['ac'] == md5(ADMINPWCHANGE)) { exit; } $e107cache->clear('online_menu_member_total'); $e107cache->clear('online_menu_member_newest'); $error = false; if (isset($_POST['generateloginname'])) { $_POST['loginname'] = $userMethods->generateUserLogin($pref['predefinedLoginName']); } $_POST['password2'] = $_POST['password1'] = $_POST['password']; // Now validate everything $allData = validatorClass::validateFields($_POST, $userMethods->userVettingInfo, true); // Fix Display and user name if (!check_class($pref['displayname_class'], $allData['data']['user_class'])) { if ($allData['data']['user_name'] != $allData['data']['user_loginname']) { $allData['data']['user_name'] = $allData['data']['user_loginname']; $mes->addWarning(str_replace('[x]', $allData['data']['user_loginname'], USRLAN_237)); //$allData['errors']['user_name'] = ERR_FIELDS_DIFFERENT; } } // Do basic validation validatorClass::checkMandatory('user_name, user_loginname', $allData); // Check for missing fields (email done in userValidation() ) validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', 0); // Do basic DB-related checks $userMethods->userValidation($allData); // Do user-specific DB checks if (!isset($allData['errors']['user_password'])) { // No errors in password - keep it outside the main data array $savePassword = $allData['data']['user_password']; // Delete the password value in the output array unset($allData['data']['user_password']); } // Restrict the scope of this unset($_POST['password2'], $_POST['password1']); if (count($allData['errors'])) { $temp = validatorClass::makeErrorList($allData, 'USER_ERR_', '%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo); $mes->addError($temp); $error = true; } // Always save some of the entered data - then we can redisplay on error $user_data =& $allData['data']; if ($error) { $this->setParam('user_data', $user_data); return; } if (varset($_POST['perms'])) { $allData['data']['user_admin'] = 1; $allData['data']['user_perms'] = implode('.', $_POST['perms']); } $user_data['user_password'] = $userMethods->HashPassword($savePassword, $user_data['user_login']); $user_data['user_join'] = time(); if ($userMethods->needEmailPassword()) { // Save separate password encryption for use with email address $user_prefs = e107::getArrayStorage()->unserialize($user_data['user_prefs']); $user_prefs['email_password'] = $userMethods->HashPassword($savePassword, $user_data['user_email']); $user_data['user_prefs'] = e107::getArrayStorage()->serialize($user_prefs); unset($user_prefs); } $userMethods->userClassUpdate($allData['data'], 'userall'); //FIXME - (SecretR) there is a better way to fix this (missing default value, sql error in strict mode - user_realm is to be deleted from DB later) $allData['data']['user_realm'] = ''; // Set any initial classes $userMethods->addNonDefaulted($user_data); validatorClass::addFieldTypes($userMethods->userVettingInfo, $allData); $userid = $sql->insert('user', $allData); if ($userid) { $sysuser = e107::getSystemUser(false, false); $sysuser->setData($allData['data']); $sysuser->setId($userid); $user_data['user_id'] = $userid; // Add to admin log e107::getLog()->add('USET_02', "UName: {$user_data['user_name']}; Email: {$user_data['user_email']}", E_LOG_INFORMATIVE); // Add to user audit trail e107::getLog()->user_audit(USER_AUDIT_ADD_ADMIN, $user_data, 0, $user_data['user_loginname']); e107::getEvent()->trigger('userfull', $user_data); e107::getEvent()->trigger('admin_user_created', $user_data); // send everything available for user data - bit sparse compared with user-generated signup if (isset($_POST['sendconfemail'])) { $check = false; // Send confirmation email to user switch ((int) $_POST['sendconfemail']) { case 0: // activate, don't notify $check = -1; break; case 1: // activate and send password $check = $sysuser->email('quickadd', array('user_password' => $savePassword, 'mail_subject' => USRLAN_187 . SITENAME, 'activation_url' => USRLAN_238)); break; case 2: // require activation and send password and activation link $sysuser->set('user_ban', 2)->set('user_sess', e_user_model::randomKey())->save(); $check = $sysuser->email('quickadd', array('user_password' => $savePassword, 'mail_subject' => USRLAN_187 . SITENAME, 'activation_url' => SITEURL . "signup.php?activate." . $sysuser->getId() . "." . $sysuser->getValue('sess'))); break; } if ($check && $check !== -1) { $mes->addSuccess(USRLAN_188); } elseif (!$check) { $mes->addError(USRLAN_189); } } // $message = str_replace('--NAME--', htmlspecialchars($user_data['user_name'], ENT_QUOTES, CHARSET), USRLAN_174); $message = USRLAN_172; $mes->addSuccess($message)->addSuccess(USRLAN_128 . ': <strong>' . htmlspecialchars($user_data['user_loginname'], ENT_QUOTES, CHARSET) . '</strong>'); $mes->addSuccess(LAN_PASSWORD . ': <strong>' . htmlspecialchars($savePassword, ENT_QUOTES, CHARSET) . '</strong>'); return; } else { $mes->addError(LAN_CREATED_FAILED); $mes->addError($sql->getLastErrorText()); } }
} // Use LoginName for DisplayName if restricted if (!check_class($pref['displayname_class'], e_UC_PUBLIC . ',' . e_UC_MEMBER)) { $_POST['username'] = $_POST['loginname']; } // generate password if passwords are disabled and email validation is enabled. $noPasswordInput = e107::getPref('signup_option_password', 2); //0 = generate it. if (empty($noPasswordInput) && !isset($_POST['password1']) && intval($pref['user_reg_veri']) === 1) { $_POST['password1'] = $userMethods->generateRandomString("#*******#"); $_POST['password2'] = $_POST['password1']; } // Now validate everything $allData = validatorClass::validateFields($_POST, $userMethods->userVettingInfo, TRUE); // Do basic validation validatorClass::checkMandatory('user_name,user_loginname', $allData); // Check for missing fields (email done in userValidation() ) validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', 0); // Do basic DB-related checks $userMethods->userValidation($allData); if (!isset($allData['errors']['user_password'])) { // No errors in password - keep it outside the main data array $savePassword = $allData['data']['user_password']; unset($allData['data']['user_password']); // Delete the password value in the output array } unset($_POST['password1']); // Restrict the scope of this unset($_POST['password2']); $allData['user_ip'] = e107::getIPHandler()->getIP(FALSE); // check for multiple signups from the same IP address. But ignore localhost
function addUser() { $e107cache = e107::getCache(); $userMethods = e107::getUserSession(); $mes = e107::getMessage(); $sql = e107::getDb(); $e_event = e107::getEvent(); global $admin_log; if (!$_POST['ac'] == md5(ADMINPWCHANGE)) { exit; } $e107cache->clear('online_menu_member_total'); $e107cache->clear('online_menu_member_newest'); $error = false; if (isset($_POST['generateloginname'])) { $_POST['loginname'] = $userMethods->generateUserLogin($pref['predefinedLoginName']); } /* if (isset ($_POST['generatepassword'])) { $_POST['password1'] = $userMethods->generateRandomString('**********'); // 10-char password should be enough $_POST['password2'] = $_POST['password1']; } */ $_POST['password2'] = $_POST['password1']; // Now validate everything $allData = validatorClass::validateFields($_POST, $userMethods->userVettingInfo, true); // Do basic validation validatorClass::checkMandatory('user_name,user_loginname', $allData); // Check for missing fields (email done in userValidation() ) validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', 0); // Do basic DB-related checks $userMethods->userValidation($allData); // Do user-specific DB checks if (!isset($allData['errors']['user_password'])) { // No errors in password - keep it outside the main data array $savePassword = $allData['data']['user_password']; unset($allData['data']['user_password']); // Delete the password value in the output array } unset($_POST['password1']); // Restrict the scope of this unset($_POST['password2']); if (!check_class($pref['displayname_class'], $allData['data']['user_class'])) { if ($allData['data']['user_name'] != $allData['data']['user_loginname']) { $allData['errors']['user_name'] = ERR_FIELDS_DIFFERENT; } } if (count($allData['errors'])) { // require_once (e_HANDLER."message_handler.php"); $temp = validatorClass::makeErrorList($allData, 'USER_ERR_', '%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo); // message_handler('P_ALERT',$temp); $mes->addError($temp); $error = true; } // Always save some of the entered data - then we can redisplay on error $user_data =& $allData['data']; if (!$error) { if (varset($_POST['perms'])) { $allData['data']['user_admin'] = 1; $allData['data']['user_perms'] = implode('.', $_POST['perms']); } $message = ''; $user_data['user_password'] = $userMethods->HashPassword($savePassword, $user_data['user_login']); $user_data['user_join'] = time(); if ($userMethods->needEmailPassword()) { // Save separate password encryption for use with email address $user_data['user_prefs'] = serialize(array('email_password' => $userMethods->HashPassword($savePassword, $user_data['user_email']))); } $userMethods->userClassUpdate($allData['data'], 'userall'); // Set any initial classes $userMethods->addNonDefaulted($user_data); validatorClass::addFieldTypes($userMethods->userVettingInfo, $allData); //FIXME - (SecretR) there is a better way to fix this (missing default value, sql error in strict mode - user_realm is to be deleted from DB later) $allData['data']['user_realm'] = ''; if ($sql->db_Insert('user', $allData)) { // Add to admin log $admin_log->log_event('USET_02', "UName: {$user_data['user_name']}; Email: {$user_data['user_email']}", E_LOG_INFORMATIVE); // Add to user audit trail $admin_log->user_audit(USER_AUDIT_ADD_ADMIN, $user_data, 0, $user_data['user_loginname']); $e_event->trigger('userfull', $user_data); // send everything available for user data - bit sparse compared with user-generated signup if (isset($_POST['sendconfemail'])) { // Send confirmation email to user require_once e_HANDLER . 'mail.php'; include_once e107::coreTemplatePath('email', 'front'); //correct way to load a core template. if (!isset($QUICKADDUSER_TEMPLATE)) { $QUICKADDUSER_TEMPLATE = USRLAN_185 . USRLAN_186; } $var_search = array('{SITEURL}', '{LOGIN}', '{USERNAME}', '{PASSWORD}', '{EMAIL}'); $var_replace = array(SITEURL, $user_data['user_name'], $user_data['user_login'], $savePassword, $user_data['user_email']); $e_message = str_replace($var_search, $var_replace, $QUICKADDUSER_TEMPLATE); if (sendemail($user_data['user_email'], USRLAN_187 . SITEURL, $e_message, $user_data['user_login'], '', '')) { $message = USRLAN_188 . '<br /><br />'; } else { $message = USRLAN_189 . '<br /><br />'; } } $message .= str_replace('--NAME--', $user_data['user_name'], USRLAN_174); if (isset($_POST['generateloginname'])) { $message .= '<br /><br />' . USRLAN_173 . ': ' . $user_data['user_login']; } if (isset($_POST['generatepassword'])) { $message .= '<br /><br />' . USRLAN_172 . ': ' . $savePassword; } unset($user_data); // Don't recycle the data once the user's been accepted without error } $mes->addSuccess($message); } else { } // $mes = e107::getMessage(); }