if (!defined('EXPONENT')) {
exit('');
}
if (exponent_permissions_check('user_management', exponent_core_makeLocation('administrationmodule'))) {
#if ($user && $user->is_acting_admin == 1) {
if (!defined('SYS_USERS')) {
require_once BASE . 'subsystems/users.php';
}
if (!defined('SYS_SECURITY')) {
require_once BASE . 'subsystems/security.php';
}
if (isset($_POST['id'])) {
// Existing user profile edit
$_POST['id'] = intval($_POST['id']);
$u = exponent_users_getUserById(intval($_POST['id']));
$u = exponent_users_update($_POST, $u);
//save extensions
exponent_users_saveProfileExtensions($_POST, $u, false);
exponent_users_saveUser($u);
exponent_flow_redirect();
} else {
$i18n = exponent_lang_loadFile('modules/administrationmodule/actions/umgr_saveuser.php');
$_POST['username'] = trim($_POST['username']);
if (exponent_users_getUserByName($_POST['username']) != null) {
$post = $_POST;
unset($post['username']);
$post['_formError'] = $i18n['name_taken'];
exponent_sessions_set('last_POST', $post);
header('Location: ' . $_SERVER['HTTP_REFERER']);
} else {
if ($_POST['pass1'] != $_POST['pass2']) {
function exponent_users_create($formvalues)
{
// Update the user object (at this point we are not dealing with profile
// extensions, just the basic object).
$u = exponent_users_update($formvalues, null);
// The username is not included in the update method, so we define it here.
$u->username = $formvalues['username'];
// Make an md5 checksum hash of the password for storage. That way no
// one can know a password without being told.
$u->password = md5($formvalues['pass1']);
// Set the acting admin flag if we need to.
global $user;
$u->is_acting_admin = isset($formvalues['is_acting_admin']) && $user->is_admin == 1 ? 1 : 0;
// Insert the user object into the database, and save the ID.
global $db;
$u->id = $db->insertObject($u, 'user');
// Calculate Group Memeberships for newly created users. Any groups that
// are marked as 'inclusive' automatically pick up new users. This is the part
// of the code that goes out, finds those groups, and makes the new user a member
// of them.
$memb = null;
$memb->member_id = $u->id;
// Also need to process the groupcodes, for promotional signup
$code_where = '';
if (isset($formvalues['groupcode']) && $formvalues['groupcode'] != '') {
$code_where = " OR code='" . $formvalues['groupcode'] . "'";
}
foreach ($db->selectObjects('group', 'inclusive=1' . $code_where) as $g) {
$memb->group_id = $g->id;
$db->insertObject($memb, 'groupmembership');
}
// Return the newly created user object (complete with ID) to the caller.
return $u;
}
##################################################
#
# Copyright (c) 2004-2006 OIC Group, Inc.
# Written and Designed by James Hunt
#
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
if ($user) {
if (!defined('SYS_USERS')) {
require_once 'subsystems/users.php';
}
$user = exponent_users_update($_POST, $user);
$user = exponent_users_saveUser($user);
$user = exponent_users_saveProfileExtensions($_POST, $user, false);
$_SESSION[SYS_SESSION_KEY]['user'] = $user;
exponent_flow_redirect();
} else {
echo SITE_403_HTML;
}