public function process(\w2p_Core_CAppUI $AppUI, array $myArray)
{
if (!$this->object->bind($myArray)) {
$AppUI->setMsg($this->object->getError(), UI_MSG_ERROR);
$this->resultPath = $this->errorPath;
return $AppUI;
}
/**
* The nonce validation only throws a warning as of v3.1 so that we don't break anyone's forms. As of v4.0
* this validation will be turned on and any form processing using this controller will have to include
* the __nonce field. See http://wiki.web2project.net/index.php?title=Security_Nonce for more details.
*/
if ('' != $AppUI->__nonce && $AppUI->__nonce != $myArray['__nonce']) {
error_log("Your submission is missing the CSRF nonce. Please see http://wiki.web2project.net/index.php?title=Security_Nonce for details.");
// $AppUI->setMsg("There was an error processing the form. Please submit again.", UI_MSG_ERROR);
// $AppUI->holdObject($this->object);
// $this->resultPath = $this->errorPath;
// return $AppUI;
}
$action = $this->delete ? 'deleted' : 'stored';
$this->success = $this->delete ? $this->object->delete() : $this->object->store();
if ($this->success) {
$AppUI->setMsg($this->prefix . ' ' . $action, UI_MSG_OK, true);
$this->resultPath = $this->successPath;
} else {
$AppUI->holdObject($this->object);
$AppUI->setMsg($this->object->getError(), UI_MSG_ERROR);
$this->resultPath = $this->errorPath;
}
return $AppUI;
}
public function process(\w2p_Core_CAppUI $AppUI, array $myArray)
{
if (!canEdit('users')) {
$this->resultPath = ACCESS_DENIED;
return $AppUI;
}
$action = $this->delete ? 'deleted' : 'stored';
$this->success = $this->delete ? $this->object->del_acl((int) $myArray['permission_id']) : $this->object->addUserPermission();
if ($this->success) {
$AppUI->setMsg($this->prefix . ' ' . $action, UI_MSG_OK, true);
$this->resultPath = $this->successPath;
$this->object->recalcPermissions(null, (int) $myArray['permission_user']);
} else {
$AppUI->setMsg($this->object->getError(), UI_MSG_ERROR);
$this->resultPath = $this->errorPath;
$AppUI->holdObject($this->object);
}
return $AppUI;
}
}
$username = w2PgetParam($_POST, 'user_username', 0);
$username = preg_replace("/[^A-Za-z0-9]/", "", $username);
$user = new CAdmin_User();
$result = $user->loadAll(null, "user_username = '******'");
if (count($result)) {
header('Location: newuser.php?msg=existing-user');
}
$email = w2PgetParam($_POST, 'contact_email', 0);
$contact = new CContact();
$result = $contact->loadAll(null, "contact_email = '{$email}'");
if (count($result)) {
header('Location: newuser.php?msg=existing-email');
}
if (!$user->bind($_POST)) {
$AppUI->setMsg($user->getError(), UI_MSG_ERROR);
header('Location: newuser.php?msg=user');
}
if (!$contact->bind($_POST)) {
$AppUI->setMsg($contact->getError(), UI_MSG_ERROR);
header('Location: newuser.php?msg=contact');
}
$result = $contact->store();
if (count($contact->getError())) {
header('Location: newuser.php?msg=contact');
} else {
$user->user_contact = $contact->contact_id;
$result = $user->store(null, true);
if (count($user->getError())) {
header('Location: newuser.php?msg=user');
} else {
$contactListByUsername = CContact::getContactByUsername($username);
if ($contactListByUsername != 'User Not Found') {
error_reporting(0);
echo "<script language='javascript'>\n alert('The username you selected already exists, please select another or if that user name is yours request the password recovery through the dedicated link.');\n history.go(-2);\n </script>";
die;
}
$email = w2PgetParam($_POST, 'contact_email', 0);
$contactListByEmail = CContact::getContactByEmail($email);
if ($contactListByEmail != 'User Not Found') {
error_reporting(0);
echo "<script language='javascript'>\n alert('The email you selected already exists, please select another or if that email is yours request the password recovery through the dedicated link.');\n history.go(-2);\n </script>";
die;
}
$user = new CUser();
if (!$user->bind($_POST)) {
$AppUI->setMsg($user->getError(), UI_MSG_ERROR);
$AppUI->redirect();
}
$contact = new CContact();
if (!$contact->bind($_POST)) {
$AppUI->setMsg($contact->getError(), UI_MSG_ERROR);
$AppUI->redirect();
}
// prepare (and translate) the module name ready for the suffix
$AppUI->setMsg('User');
$isNewUser = !w2PgetParam($_REQUEST, 'user_id', 0);
if ($isNewUser) {
// check if a user with the param Username already exists
if (is_array($contactListByUsername)) {
$AppUI->setMsg('This username is not available, please try another.', UI_MSG_ERROR, true);
$AppUI->redirect();
$AppUI = new w2p_Core_CAppUI();
$updatekey = w2PgetParam($_GET, 'updatekey', 0);
$updatekey = preg_replace("/[^A-Za-z0-9]/", "", $updatekey);
$contact_id = CContact::getContactByUpdatekey($updatekey);
$company_id = intval(w2PgetParam($_REQUEST, 'company_id', 0));
$company_name = w2PgetParam($_REQUEST, 'company_name', null);
// check permissions for this record
if (!$contact_id) {
echo $AppUI->_('You are not authorized to use this page. If you should be authorized please contact') . ' ' . $w2Pconfig['company_name'] . ' ' . $AppUI->_('to give you another valid link, thank you.');
exit;
}
// load the record data
$msg = '';
$row = new CContact();
if (!$row->load($contact_id) && $contact_id > 0) {
$AppUI->setMsg('Contact');
$AppUI->setMsg('invalidID', UI_MSG_ERROR, true);
$AppUI->redirect();
} else {
//TODO: replace with the proper canEdit()
if ($row->contact_private && $row->contact_owner != $AppUI->user_id && $row->contact_owner && $contact_id != 0) {
// check only owner can edit
$AppUI->redirect(ACCESS_DENIED);
}
}
// setup the title block
$ttl = $contact_id > 0 ? 'Edit Contact' : 'Add Contact';
$company_detail = $row->getCompanyDetails();
$dept_detail = $row->getDepartmentDetails();
if ($contact_id == 0 && $company_id > 0) {
$company_detail['company_id'] = $company_id;
$msg = 'The username you selected already exists, please select another or if that user name is yours request the password recovery through the dedicated link.';
break;
case 'existing-email':
$msg = 'The email you selected already exists, please select another or if that email is yours request the password recovery through the dedicated link.';
break;
case 'user':
case 'contact':
$msg = "There was an error creating your {$msg}. No further information is available at this time.";
break;
case 'ok':
$msg = 'The User Administrator has been notified to grant you access to the system and an email message was sent to you with your login info. Thank you very much.';
break;
default:
$msg = 'No clue what you just tried, but stop it.';
}
$AppUI->setMsg($msg, UI_MSG_ERROR);
// Can not load the passwordstrength.js file via AppUI->addJavascriptFile()
// because AppUI->loadFooterJS() is never called...
?>
<script type="text/javascript" src="<?php
echo W2P_BASE_URL;
?>
/js/passwordstrength.js"></script>
<script language="javascript">
function submitIt(){
var form = document.editFrm;
if (form.user_username.value.length < <?php
echo w2PgetConfig('username_min_len');
?>
) {
alert("<?php
