/** * @param $tpl iMSCP_pTemplate * @return void */ function add_user($tpl) { /** @var $cfg iMSCP_Config_Handler_File */ $cfg = iMSCP_Registry::get('config'); if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_user') { iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onBeforeAddUser); if (check_user_data()) { $upass = cryptPasswordWithSalt(clean_input($_POST['password'])); $user_id = $_SESSION['user_id']; $username = clean_input($_POST['username']); $fname = clean_input($_POST['fname']); $lname = clean_input($_POST['lname']); $gender = clean_input($_POST['gender']); $firm = clean_input($_POST['firm']); $zip = clean_input($_POST['zip']); $city = clean_input($_POST['city']); $state = clean_input($_POST['state']); $country = clean_input($_POST['country']); $email = clean_input($_POST['email']); $phone = clean_input($_POST['phone']); $fax = clean_input($_POST['fax']); $street1 = clean_input($_POST['street1']); $street2 = clean_input($_POST['street2']); if (get_gender_by_code($gender, true) === null) { $gender = ''; } $query = "\n\t\t\t\tINSERT INTO `admin` (\n\t\t\t\t\t`admin_name`, `admin_pass`, `admin_type`, `domain_created`, `created_by`, `fname`, `lname`, `firm`,\n\t\t\t\t\t`zip`, `city`, `state`, `country`, `email`, `phone`, `fax`, `street1`, `street2`, `gender`\n\t\t\t\t) VALUES (\n\t\t\t\t\t?, ?, 'admin', unix_timestamp(), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?\n\t\t\t\t)\n\t\t\t"; exec_query($query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender)); /** @var $db iMSCP_Database */ $db = iMSCP_Registry::get('db'); $new_admin_id = $db->insertId(); $user_logged = $_SESSION['user_logged']; write_log("{$user_logged}: add admin: {$username}", E_USER_WARNING); $user_def_lang = $cfg->USER_INITIAL_LANG; $user_theme_color = $cfg->USER_INITIAL_THEME; $query = "\n\t\t\t\tREPLACE INTO `user_gui_props` (\n\t\t\t\t\t`user_id`, `lang`, `layout`\n\t\t\t\t) VALUES (\n\t\t\t\t\t?, ?, ?\n\t\t\t\t)\n\t\t\t"; exec_query($query, array($new_admin_id, $user_def_lang, $user_theme_color)); iMSCP_Events_Aggregator::getInstance()->dispatch(iMSCP_Events::onAfterAddUser); send_add_user_auto_msg($user_id, clean_input($_POST['username']), clean_input($_POST['password']), clean_input($_POST['email']), clean_input($_POST['fname']), clean_input($_POST['lname']), tr('Administrator')); //$_SESSION['user_added'] = 1; set_page_message(tr('Admin account successfully created.'), 'success'); redirectTo('manage_users.php'); } else { // check user data $tpl->assign(array('EMAIL' => clean_input($_POST['email'], true), 'USERNAME' => clean_input($_POST['username'], true), 'FIRST_NAME' => clean_input($_POST['fname'], true), 'LAST_NAME' => clean_input($_POST['lname'], true), 'FIRM' => clean_input($_POST['firm'], true), 'ZIP' => clean_input($_POST['zip'], true), 'CITY' => clean_input($_POST['city'], true), 'STATE' => clean_input($_POST['state'], true), 'COUNTRY' => clean_input($_POST['country'], true), 'STREET_1' => clean_input($_POST['street1'], true), 'STREET_2' => clean_input($_POST['street2'], true), 'PHONE' => clean_input($_POST['phone'], true), 'FAX' => clean_input($_POST['fax'], true), 'VL_MALE' => $_POST['gender'] == 'M' ? $cfg->HTML_SELECTED : '', 'VL_FEMALE' => $_POST['gender'] == 'F' ? $cfg->HTML_SELECTED : '', 'VL_UNKNOWN' => $_POST['gender'] == 'U' || empty($_POST['gender']) ? $cfg->HTML_SELECTED : '')); } } else { $tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'STATE' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => '', 'VL_MALE' => '', 'VL_FEMALE' => '', 'VL_UNKNOWN' => $cfg->HTML_SELECTED)); } }
/** * @param EasySCP_TemplateEngine $tpl */ function add_user($tpl) { $cfg = EasySCP_Registry::get('Config'); $sql = EasySCP_Registry::get('Db'); if (isset($_POST['uaction']) && $_POST['uaction'] === 'add_user') { if (check_user_data()) { $upass = crypt_user_pass($_POST['pass']); $user_id = $_SESSION['user_id']; $username = clean_input($_POST['username']); $fname = clean_input($_POST['fname']); $lname = clean_input($_POST['lname']); $gender = clean_input($_POST['gender']); $firm = clean_input($_POST['firm']); $zip = clean_input($_POST['zip']); $city = clean_input($_POST['city']); $state = clean_input($_POST['state']); $country = clean_input($_POST['country']); $email = clean_input($_POST['email']); $phone = clean_input($_POST['phone']); $fax = clean_input($_POST['fax']); $street1 = clean_input($_POST['street1']); $street2 = clean_input($_POST['street2']); if (get_gender_by_code($gender, true) === null) { $gender = ''; } $query = "\n\t\t\t\tINSERT INTO `admin`\n\t\t\t\t\t(\n\t\t\t\t\t\t`admin_name`,\n\t\t\t\t\t\t`admin_pass`,\n\t\t\t\t\t\t`admin_type`,\n\t\t\t\t\t\t`domain_created`,\n\t\t\t\t\t\t`created_by`,\n\t\t\t\t\t\t`fname`,\n\t\t\t\t\t\t`lname`,\n\t\t\t\t\t\t`firm`,\n\t\t\t\t\t\t`zip`,\n\t\t\t\t\t\t`city`,\n\t\t\t\t\t\t`state`,\n\t\t\t\t\t\t`country`,\n\t\t\t\t\t\t`email`,\n\t\t\t\t\t\t`phone`,\n\t\t\t\t\t\t`fax`,\n\t\t\t\t\t\t`street1`,\n\t\t\t\t\t\t`street2`,\n\t\t\t\t\t\t`gender`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t'admin',\n\t\t\t\t\t\tunix_timestamp(),\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?,\n\t\t\t\t\t\t?\n\t\t\t\t\t)\n\t\t\t"; exec_query($sql, $query, array($username, $upass, $user_id, $fname, $lname, $firm, $zip, $city, $state, $country, $email, $phone, $fax, $street1, $street2, $gender)); $new_admin_id = $sql->insertId(); $user_logged = $_SESSION['user_logged']; write_log("{$user_logged}: add admin: {$username}"); $user_def_lang = $_SESSION['user_def_lang']; $user_theme_color = $_SESSION['user_theme']; $query = "\n\t\t\t\tINSERT INTO `user_gui_props` (\n\t\t\t\t\t`user_id`,\n\t\t\t\t\t`lang`,\n\t\t\t\t\t`layout`\n\t\t\t\t) VALUES (?,?,?)\n\t\t\t"; exec_query($sql, $query, array($new_admin_id, $user_def_lang, $user_theme_color)); send_add_user_auto_msg($user_id, clean_input($_POST['username']), clean_input($_POST['pass']), clean_input($_POST['email']), clean_input($_POST['fname']), clean_input($_POST['lname']), tr('Administrator'), $gender); $_SESSION['user_added'] = 1; user_goto('manage_users.php'); } else { // check user data $tpl->assign(array('EMAIL' => clean_input($_POST['email'], true), 'USERNAME' => clean_input($_POST['username'], true), 'FIRST_NAME' => clean_input($_POST['fname'], true), 'LAST_NAME' => clean_input($_POST['lname'], true), 'FIRM' => clean_input($_POST['firm'], true), 'ZIP' => clean_input($_POST['zip'], true), 'CITY' => clean_input($_POST['city'], true), 'STATE' => clean_input($_POST['state'], true), 'COUNTRY' => clean_input($_POST['country'], true), 'STREET_1' => clean_input($_POST['street1'], true), 'STREET_2' => clean_input($_POST['street2'], true), 'PHONE' => clean_input($_POST['phone'], true), 'FAX' => clean_input($_POST['fax'], true), 'VL_MALE' => $_POST['gender'] == 'M' ? $cfg->HTML_SELECTED : '', 'VL_FEMALE' => $_POST['gender'] == 'F' ? $cfg->HTML_SELECTED : '', 'VL_UNKNOWN' => $_POST['gender'] == 'U' || empty($_POST['gender']) ? $cfg->HTML_SELECTED : '')); } } else { $tpl->assign(array('EMAIL' => '', 'USERNAME' => '', 'FIRST_NAME' => '', 'LAST_NAME' => '', 'FIRM' => '', 'ZIP' => '', 'CITY' => '', 'STATE' => '', 'COUNTRY' => '', 'STREET_1' => '', 'STREET_2' => '', 'PHONE' => '', 'FAX' => '', 'VL_MALE' => '', 'VL_FEMALE' => '', 'VL_UNKNOWN' => $cfg->HTML_SELECTED)); } // end else }
/** * Check user data * * @param bool $noPass If true skip password check * @return bool True if user data are valid, false otherwise */ function check_ruser_data($noPass = false) { global $password, $passwordRepeat, $email, $customerId, $firstName, $lastName, $gender, $firm, $street1, $street2, $zip, $city, $state, $country, $phone, $fax, $domainIp; // Get data for fields from previous page if (isset($_POST['userpassword'])) { $password = clean_input($_POST['userpassword']); } else { $password = ''; } if (isset($_POST['userpassword_repeat'])) { $passwordRepeat = clean_input($_POST['userpassword_repeat']); } else { $passwordRepeat = ''; } if (isset($_POST['useremail'])) { $email = clean_input($_POST['useremail']); } else { $email = ''; } if (isset($_POST['useruid'])) { $customerId = clean_input($_POST['useruid']); } else { $customerId = ''; } if (isset($_POST['userfname'])) { $firstName = clean_input($_POST['userfname']); } else { $firstName = ''; } if (isset($_POST['userlname'])) { $lastName = clean_input($_POST['userlname']); } else { $lastName = ''; } if (isset($_POST['gender']) && get_gender_by_code($_POST['gender'], true) !== null) { $gender = $_POST['gender']; } else { $gender = 'U'; } if (isset($_POST['userfirm'])) { $firm = clean_input($_POST['userfirm']); } else { $firm = ''; } if (isset($_POST['userstreet1'])) { $street1 = clean_input($_POST['userstreet1']); } else { $street1 = ''; } if (isset($_POST['userstreet2'])) { $street2 = clean_input($_POST['userstreet2']); } else { $street2 = ''; } if (isset($_POST['userzip'])) { $zip = clean_input($_POST['userzip']); } else { $zip = ''; } if (isset($_POST['usercity'])) { $city = clean_input($_POST['usercity']); } else { $city = ''; } if (isset($_POST['userstate'])) { $state = clean_input($_POST['userstate']); } else { $state = ''; } if (isset($_POST['usercountry'])) { $country = clean_input($_POST['usercountry']); } else { $country = ''; } if (isset($_POST['userphone'])) { $phone = clean_input($_POST['userphone']); } else { $phone = ''; } if (isset($_POST['userfax'])) { $fax = clean_input($_POST['userfax']); } else { $fax = ''; } if (isset($_POST['domain_ip'])) { $domainIp = clean_input($_POST['domain_ip']); } else { $domainIp = ''; } if (!$noPass) { if ('' === $passwordRepeat || '' === $password) { set_page_message(tr('Please fill up both data fields for password.'), 'error'); } elseif ($passwordRepeat !== $password) { set_page_message(tr("Passwords do not match."), 'error'); } else { checkPasswordSyntax($password); } } if (!chk_email($email)) { set_page_message(tr('Incorrect email length or syntax.'), 'error'); } if ($customerId != '' && strlen($customerId) > 200) { set_page_message(tr('Customer ID cannot have more than 200 characters'), 'error'); } if ($firstName != '' && strlen($firstName) > 200) { set_page_message(tr('First name cannot have more than 200 characters.'), 'error'); } if ($lastName != '' && strlen($lastName) > 200) { set_page_message(tr('Last name cannot have more than 200 characters.'), 'error'); } if ($zip != '' && (strlen($zip) > 200 || is_number(!$zip))) { set_page_message(tr('Incorrect post code length or syntax!'), 'error'); } if (Zend_Session::namespaceIsset('pageMessages')) { return false; } return true; }
/** * Check validity of input data * * @todo check if we can remove out commented code block */ function check_ruser_data($tpl, $noPass) { global $dmn_name, $hpid, $dmn_user_name; global $user_email, $customer_id, $first_name; global $last_name, $firm, $zip, $gender; global $city, $state, $country, $street_one; global $street_two, $phone; global $fax, $inpass, $domain_ip; $cfg = EasySCP_Registry::get('Config'); $user_add_error = '_off_'; $inpass_re = ''; // Get data for fields from previous page if (isset($_POST['userpassword'])) { $inpass = $_POST['userpassword']; } if (isset($_POST['userpassword_repeat'])) { $inpass_re = $_POST['userpassword_repeat']; } if (isset($_POST['domain_ip'])) { $domain_ip = $_POST['domain_ip']; } if (isset($_POST['useremail'])) { $user_email = $_POST['useremail']; } if (isset($_POST['useruid'])) { $customer_id = $_POST['useruid']; } if (isset($_POST['userfname'])) { $first_name = $_POST['userfname']; } if (isset($_POST['userlname'])) { $last_name = $_POST['userlname']; } if (isset($_POST['userfirm'])) { $firm = $_POST['userfirm']; } if (isset($_POST['userzip'])) { $zip = $_POST['userzip']; } if (isset($_POST['usercity'])) { $city = $_POST['usercity']; } if (isset($_POST['userstate'])) { $state = $_POST['userstate']; } if (isset($_POST['usercountry'])) { $country = $_POST['usercountry']; } if (isset($_POST['userstreet1'])) { $street_one = $_POST['userstreet1']; } if (isset($_POST['userstreet2'])) { $street_two = $_POST['userstreet2']; } if (isset($_POST['userphone'])) { $phone = $_POST['userphone']; } if (isset($_POST['userfax'])) { $fax = $_POST['userfax']; } if (isset($_POST['gender']) && !is_null(get_gender_by_code($_POST['gender'], true))) { $gender = $_POST['gender']; } else { $gender = ''; } //if (isset($_SESSION['local_data'])) // list($dmn_name, $hpid, $dmn_user_name) = explode(";", $_SESSION['local_data']); // Begin checking... if ('_no_' == $noPass) { if ('' === $inpass_re || '' === $inpass) { $user_add_error = tr('Please fill up both data fields for password!'); } else { if ($inpass_re !== $inpass) { $user_add_error = tr("Passwords don't match!"); } else { if (!chk_password($inpass)) { if ($cfg->PASSWD_STRONG) { $user_add_error = sprintf(tr('The password must be at least %s long and contain letters and numbers to be valid.'), $cfg->PASSWD_CHARS); } else { $user_add_error = sprintf(tr('Password data is shorter than %s signs or includes not permitted signs!'), $cfg->PASSWD_CHARS); } } } } } if (is_null($user_email)) { $user_add_error = tr('Incorrect email length or syntax!'); } if ($user_add_error == '_off_') { // send data through session $_SESSION['Message'] = NULL; return true; } else { $_SESSION['Message'] = $user_add_error; return false; } }