2012-06-04 16:58:40 +02:00
|
|
|
<?php
|
|
|
|
|
/*
|
|
|
|
|
FusionPBX
|
|
|
|
|
Version: MPL 1.1
|
|
|
|
|
|
|
|
|
|
The contents of this file are subject to the Mozilla Public License Version
|
|
|
|
|
1.1 (the "License"); you may not use this file except in compliance with
|
|
|
|
|
the License. You may obtain a copy of the License at
|
|
|
|
|
http://www.mozilla.org/MPL/
|
|
|
|
|
|
|
|
|
|
Software distributed under the License is distributed on an "AS IS" basis,
|
|
|
|
|
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
|
|
|
for the specific language governing rights and limitations under the
|
|
|
|
|
License.
|
|
|
|
|
|
|
|
|
|
The Original Code is FusionPBX
|
|
|
|
|
|
|
|
|
|
The Initial Developer of the Original Code is
|
|
|
|
|
Mark J Crane <markjcrane@fusionpbx.com>
|
|
|
|
|
Portions created by the Initial Developer are Copyright (C) 2008-2012
|
|
|
|
|
the Initial Developer. All Rights Reserved.
|
|
|
|
|
|
|
|
|
|
Contributor(s):
|
|
|
|
|
Mark J Crane <markjcrane@fusionpbx.com>
|
|
|
|
|
*/
|
|
|
|
|
include "root.php";
|
2013-07-06 08:03:27 +02:00
|
|
|
require_once "resources/require.php";
|
2013-07-06 07:50:55 +02:00
|
|
|
require_once "resources/check_auth.php";
|
2012-06-04 16:58:40 +02:00
|
|
|
|
|
|
|
|
if (if_group("admin") || if_group("superadmin")) {
|
|
|
|
|
//access allowed
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
echo "access denied";
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-09 06:32:24 +02:00
|
|
|
//add multi-lingual support
|
|
|
|
|
require_once "app_languages.php";
|
|
|
|
|
foreach($text as $key => $value) {
|
|
|
|
|
$text[$key] = $value[$_SESSION['domain']['language']['code']];
|
|
|
|
|
}
|
|
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
$username = check_str($_POST["username"]);
|
|
|
|
|
$password = check_str($_POST["password"]);
|
|
|
|
|
$confirmpassword = check_str($_POST["confirmpassword"]);
|
2014-06-21 21:40:16 +02:00
|
|
|
$group_name = check_str($_POST["group_name"]);
|
|
|
|
|
$user_email = check_str($_POST["user_email"]);
|
2012-06-04 16:58:40 +02:00
|
|
|
$contact_organization = check_str($_POST["contact_organization"]);
|
|
|
|
|
$contact_name_given = check_str($_POST["contact_name_given"]);
|
|
|
|
|
$contact_name_family = check_str($_POST["contact_name_family"]);
|
2014-06-21 21:40:16 +02:00
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
|
|
|
|
|
if (count($_POST)>0 && check_str($_POST["persistform"]) != "1") {
|
|
|
|
|
|
2013-12-27 19:09:42 +01:00
|
|
|
$msg = '';
|
2012-06-04 16:58:40 +02:00
|
|
|
|
|
|
|
|
//--- begin captcha verification ---------------------
|
|
|
|
|
//session_start(); //make sure sessions are started
|
|
|
|
|
if (strtolower($_SESSION["captcha"]) != strtolower($_REQUEST["captcha"]) || strlen($_SESSION["captcha"]) == 0) {
|
2013-12-27 19:09:42 +01:00
|
|
|
//$msg .= "Captcha Verification Failed<br>\n";
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
//echo "verified";
|
|
|
|
|
}
|
|
|
|
|
//--- end captcha verification -----------------------
|
|
|
|
|
|
|
|
|
|
//username is already used.
|
|
|
|
|
if (strlen($username) == 0) {
|
2013-12-27 19:09:42 +01:00
|
|
|
$msg .= $text['message-required'].$text['label-username']."<br>\n";
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$sql = "SELECT * FROM v_users ";
|
2013-12-27 19:09:42 +01:00
|
|
|
$sql .= "WHERE username = '$username' ";
|
|
|
|
|
if ($_SESSION["user"]["unique"]["text"] != "global") {
|
|
|
|
|
$sql .= "AND domain_uuid = '$domain_uuid' ";
|
|
|
|
|
}
|
|
|
|
|
//$sql .= "and user_enabled = 'true' ";
|
2012-06-04 16:58:40 +02:00
|
|
|
$prep_statement = $db->prepare(check_sql($sql));
|
|
|
|
|
$prep_statement->execute();
|
|
|
|
|
if (count($prep_statement->fetchAll(PDO::FETCH_NAMED)) > 0) {
|
2013-12-27 19:09:42 +01:00
|
|
|
$msg .= "Please choose a different Username.<br>\n";
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-12-27 19:09:42 +01:00
|
|
|
if (strlen($password) == 0) { $msg .= $text['message-password_blank']."<br>\n"; }
|
|
|
|
|
if ($password != $confirmpassword) { $msg .= $text['message-password_mismatch']."<br>\n"; }
|
|
|
|
|
//if (strlen($contact_organization) == 0) { $msg .= $text['message-required'].$text['label-company_name']."<br>\n"; }
|
|
|
|
|
//if (strlen($contact_name_given) == 0) { $msg .= $text['message-required'].$text['label-first_name']."<br>\n"; }
|
|
|
|
|
//if (strlen($contact_name_family) == 0) { $msg .= $text['message-required'].$text['label-last_name']."<br>\n"; }
|
|
|
|
|
if (strlen($user_email) == 0) { $msg .= $text['message-required'].$text['label-email']."<br>\n"; }
|
2012-06-04 16:58:40 +02:00
|
|
|
|
2013-12-27 19:09:42 +01:00
|
|
|
if (strlen($msg) > 0) {
|
2013-07-06 08:29:50 +02:00
|
|
|
require_once "resources/header.php";
|
2012-06-04 16:58:40 +02:00
|
|
|
echo "<div align='center'>";
|
|
|
|
|
echo "<table><tr><td>";
|
2013-12-27 19:09:42 +01:00
|
|
|
echo $msg;
|
2012-06-04 16:58:40 +02:00
|
|
|
echo "</td></tr></table>";
|
2013-07-06 08:24:11 +02:00
|
|
|
require_once "resources/persist_form.php";
|
2012-06-04 16:58:40 +02:00
|
|
|
echo persistform($_POST);
|
|
|
|
|
echo "</div>";
|
2013-07-06 08:29:50 +02:00
|
|
|
require_once "resources/footer.php";
|
2012-06-04 16:58:40 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//salt used with the password to create a one way hash
|
|
|
|
|
$salt = generate_password('20', '4');
|
|
|
|
|
|
|
|
|
|
//prepare the uuids
|
|
|
|
|
$user_uuid = uuid();
|
2014-06-21 21:40:16 +02:00
|
|
|
$group_user_uuid = uuid();
|
2012-06-04 16:58:40 +02:00
|
|
|
$contact_uuid = uuid();
|
|
|
|
|
|
|
|
|
|
//add the user
|
|
|
|
|
$sql = "insert into v_users ";
|
|
|
|
|
$sql .= "(";
|
|
|
|
|
$sql .= "domain_uuid, ";
|
|
|
|
|
$sql .= "user_uuid, ";
|
|
|
|
|
$sql .= "contact_uuid, ";
|
|
|
|
|
$sql .= "username, ";
|
|
|
|
|
$sql .= "password, ";
|
|
|
|
|
$sql .= "salt, ";
|
2012-08-31 03:44:11 +02:00
|
|
|
$sql .= "add_date, ";
|
|
|
|
|
$sql .= "add_user, ";
|
2012-08-10 19:29:25 +02:00
|
|
|
$sql .= "user_enabled ";
|
2012-06-04 16:58:40 +02:00
|
|
|
$sql .= ") ";
|
|
|
|
|
$sql .= "values ";
|
|
|
|
|
$sql .= "(";
|
|
|
|
|
$sql .= "'$domain_uuid', ";
|
|
|
|
|
$sql .= "'$user_uuid', ";
|
|
|
|
|
$sql .= "'$contact_uuid', ";
|
|
|
|
|
$sql .= "'$username', ";
|
|
|
|
|
$sql .= "'".md5($salt.$password)."', ";
|
|
|
|
|
$sql .= "'".$salt."', ";
|
|
|
|
|
$sql .= "now(), ";
|
2012-08-10 19:29:25 +02:00
|
|
|
$sql .= "'".$_SESSION["username"]."', ";
|
|
|
|
|
$sql .= "'true' ";
|
2012-06-04 16:58:40 +02:00
|
|
|
$sql .= ")";
|
|
|
|
|
$db->exec(check_sql($sql));
|
|
|
|
|
unset($sql);
|
|
|
|
|
|
2014-06-21 21:40:16 +02:00
|
|
|
//add the user to the group
|
|
|
|
|
if (strlen($group_name) > 0) {
|
|
|
|
|
if ( ($group_name == "superadmin" && if_group("superadmin")) || $group_name != "superadmin") {
|
|
|
|
|
$sql = "insert into v_group_users ";
|
|
|
|
|
$sql .= "( ";
|
|
|
|
|
$sql .= "group_user_uuid, ";
|
|
|
|
|
$sql .= "domain_uuid, ";
|
|
|
|
|
$sql .= "group_name, ";
|
|
|
|
|
$sql .= "user_uuid ";
|
|
|
|
|
$sql .= ") ";
|
|
|
|
|
$sql .= "values ";
|
|
|
|
|
$sql .= "(";
|
|
|
|
|
$sql .= "'".$group_user_uuid."', ";
|
|
|
|
|
$sql .= "'".$domain_uuid."', ";
|
|
|
|
|
$sql .= "'".$group_name."', ";
|
|
|
|
|
$sql .= "'".$user_uuid."' ";
|
|
|
|
|
$sql .= ")";
|
|
|
|
|
$db->exec(check_sql($sql));
|
|
|
|
|
unset($sql);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
//add to contacts
|
|
|
|
|
$sql = "insert into v_contacts ";
|
|
|
|
|
$sql .= "(";
|
|
|
|
|
$sql .= "domain_uuid, ";
|
|
|
|
|
$sql .= "contact_uuid, ";
|
|
|
|
|
$sql .= "contact_type, ";
|
|
|
|
|
$sql .= "contact_organization, ";
|
|
|
|
|
$sql .= "contact_name_given, ";
|
|
|
|
|
$sql .= "contact_name_family, ";
|
|
|
|
|
$sql .= "contact_nickname, ";
|
|
|
|
|
$sql .= "contact_email ";
|
|
|
|
|
$sql .= ") ";
|
|
|
|
|
$sql .= "values ";
|
|
|
|
|
$sql .= "(";
|
|
|
|
|
$sql .= "'$domain_uuid', ";
|
|
|
|
|
$sql .= "'$contact_uuid', ";
|
|
|
|
|
$sql .= "'user', ";
|
|
|
|
|
$sql .= "'$contact_organization', ";
|
|
|
|
|
$sql .= "'$contact_name_given', ";
|
|
|
|
|
$sql .= "'$contact_name_family', ";
|
|
|
|
|
$sql .= "'$username', ";
|
|
|
|
|
$sql .= "'$user_email' ";
|
|
|
|
|
$sql .= ")";
|
|
|
|
|
$db->exec(check_sql($sql));
|
|
|
|
|
unset($sql);
|
|
|
|
|
|
|
|
|
|
//log the success
|
|
|
|
|
//$log_type = 'user'; $log_status='add'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." user added.";
|
|
|
|
|
//log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $_SERVER["REMOTE_ADDR"]);
|
|
|
|
|
|
2014-02-23 10:39:12 +01:00
|
|
|
$_SESSION["message"] = $text['message-add'];
|
|
|
|
|
header("Location: index.php");
|
2012-06-04 16:58:40 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//show the header
|
2013-07-06 08:29:50 +02:00
|
|
|
require_once "resources/header.php";
|
2013-06-09 06:32:24 +02:00
|
|
|
$page["title"] = $text['title-user_add'];
|
2012-06-04 16:58:40 +02:00
|
|
|
|
|
|
|
|
//show the content
|
2014-07-07 18:34:43 +02:00
|
|
|
echo "<script>";
|
|
|
|
|
echo " function compare_passwords() {";
|
|
|
|
|
echo " if (document.getElementById('password').value != document.getElementById('confirmpassword').value) {";
|
|
|
|
|
echo " $('#password').addClass('formfld_highlight');";
|
|
|
|
|
echo " $('#confirmpassword').addClass('formfld_highlight');";
|
|
|
|
|
echo " }";
|
|
|
|
|
echo " else {";
|
|
|
|
|
echo " $('#password').removeClass('formfld_highlight');";
|
|
|
|
|
echo " $('#confirmpassword').removeClass('formfld_highlight');";
|
|
|
|
|
echo " }";
|
|
|
|
|
echo " }";
|
|
|
|
|
echo "</script>";
|
|
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
echo "<div align='center'>";
|
|
|
|
|
|
|
|
|
|
$tablewidth ='width="100%"';
|
|
|
|
|
echo "<form method='post' action=''>";
|
|
|
|
|
echo "<div class='borderlight' style='padding:10px;'>\n";
|
|
|
|
|
|
|
|
|
|
echo "<table border='0' $tablewidth cellpadding='6' cellspacing='0'>";
|
|
|
|
|
echo " <tr>\n";
|
|
|
|
|
echo " <td width='80%'>\n";
|
2013-06-09 06:32:24 +02:00
|
|
|
echo " <b>".$text['header-user_add']."</b>\n";
|
|
|
|
|
echo " <br><br>\n";
|
|
|
|
|
echo " ".$text['description-user_add']."\n";
|
2012-06-04 16:58:40 +02:00
|
|
|
echo " </td>\n";
|
|
|
|
|
echo " <td width='20%' align='right'>\n";
|
2013-06-09 06:32:24 +02:00
|
|
|
echo " <input type='button' class='btn' name='back' alt='".$text['button-back']."' onclick=\"window.history.back()\" value='".$text['button-back']."'>\n";
|
2012-06-04 16:58:40 +02:00
|
|
|
echo " </td>\n";
|
|
|
|
|
echo " </tr>\n";
|
|
|
|
|
echo "</table>\n";
|
|
|
|
|
|
|
|
|
|
echo "<table border='0' $tablewidth cellpadding='6' cellspacing='0'>";
|
|
|
|
|
echo " <tr>";
|
2013-06-09 06:32:24 +02:00
|
|
|
echo " <td class='vncellreq' width='40%'>".$text['label-username'].":</td>";
|
2012-06-04 16:58:40 +02:00
|
|
|
echo " <td class='vtable' width='60%'><input type='text' class='formfld' autocomplete='off' name='username' value='$username'></td>";
|
|
|
|
|
echo " </tr>";
|
|
|
|
|
|
|
|
|
|
echo " <tr>";
|
2013-06-09 06:32:24 +02:00
|
|
|
echo " <td class='vncellreq'>".$text['label-password'].":</td>";
|
2014-07-07 18:34:43 +02:00
|
|
|
echo " <td class='vtable'><input type='password' class='formfld' autocomplete='off' name='password' id='password' value='$password' onblur='compare_passwords();'></td>";
|
2012-06-04 16:58:40 +02:00
|
|
|
echo " </tr>";
|
|
|
|
|
echo " <tr>";
|
2013-06-09 06:32:24 +02:00
|
|
|
echo " <td class='vncellreq'>".$text['label-confirm_password'].":</td>";
|
2014-07-07 18:34:43 +02:00
|
|
|
echo " <td class='vtable'><input type='password' class='formfld' autocomplete='off' name='confirmpassword' id='confirmpassword' value='$confirmpassword' onblur='compare_passwords();'></td>";
|
2012-06-04 16:58:40 +02:00
|
|
|
echo " </tr>";
|
|
|
|
|
echo " <tr>";
|
2013-06-09 06:32:24 +02:00
|
|
|
echo " <td class='vncellreq'>".$text['label-email'].":</td>";
|
2012-06-04 16:58:40 +02:00
|
|
|
echo " <td class='vtable'><input type='text' class='formfld' name='user_email' value='$user_email'></td>";
|
|
|
|
|
echo " </tr>";
|
|
|
|
|
echo " <tr>";
|
2014-06-21 21:40:16 +02:00
|
|
|
echo " <td class='vncell' valign='top'>".$text['label-group'].":</td>";
|
|
|
|
|
echo " <td class='vtable'>";
|
|
|
|
|
$sql = "SELECT * FROM v_groups ";
|
|
|
|
|
$sql .= "where domain_uuid = '".$domain_uuid."' ";
|
|
|
|
|
$sql .= "order by group_name asc ";
|
|
|
|
|
$prep_statement = $db->prepare(check_sql($sql));
|
|
|
|
|
$prep_statement->execute();
|
|
|
|
|
echo " <select name=\"group_name\" class='formfld' style='width: auto; margin-right: 3px;'>\n";
|
|
|
|
|
echo " <option value=\"\"></option>\n";
|
|
|
|
|
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
|
|
|
|
foreach($result as $field) {
|
|
|
|
|
if ($field['group_name'] == "superadmin" && !if_group("superadmin")) { continue; } //only show the superadmin group to other users in the superadmin group
|
|
|
|
|
if (!in_array($field["group_name"], $assigned_groups)) {
|
|
|
|
|
echo " <option value='".$field['group_name']."'>".$field['group_name']."</option>\n";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
echo " </select>";
|
|
|
|
|
unset($sql, $result);
|
|
|
|
|
echo " </td>";
|
|
|
|
|
echo " </tr>";
|
|
|
|
|
echo " <tr>";
|
2013-06-09 06:32:24 +02:00
|
|
|
echo " <td class='vncell'>".$text['label-first_name'].":</td>";
|
2012-06-04 16:58:40 +02:00
|
|
|
echo " <td class='vtable'><input type='text' class='formfld' name='contact_name_given' value='$contact_name_given'></td>";
|
|
|
|
|
echo " </tr>";
|
|
|
|
|
echo " <tr>";
|
2013-06-09 06:32:24 +02:00
|
|
|
echo " <td class='vncell'>".$text['label-last_name'].":</td>";
|
2012-06-04 16:58:40 +02:00
|
|
|
echo " <td class='vtable'><input type='text' class='formfld' name='contact_name_family' value='$contact_name_family'></td>";
|
|
|
|
|
echo " </tr>";
|
|
|
|
|
echo " <tr>";
|
2013-06-09 06:32:24 +02:00
|
|
|
echo " <td class='vncell'>".$text['label-company_name'].":</td>";
|
2012-06-04 16:58:40 +02:00
|
|
|
echo " <td class='vtable'><input type='text' class='formfld' name='contact_organization' value='$contact_organization'></td>";
|
|
|
|
|
echo " </tr>";
|
|
|
|
|
echo "</table>";
|
|
|
|
|
echo "</div>";
|
|
|
|
|
|
|
|
|
|
echo "<div class='' style='padding:10px;'>\n";
|
|
|
|
|
echo "<table $tablewidth>";
|
|
|
|
|
echo " <tr>";
|
|
|
|
|
echo " <td colspan='2' align='right'>";
|
2013-06-09 06:32:24 +02:00
|
|
|
echo " <input type='submit' name='submit' class='btn' value='".$text['button-create_account']."'>";
|
2012-06-04 16:58:40 +02:00
|
|
|
echo " </td>";
|
|
|
|
|
echo " </tr>";
|
|
|
|
|
echo "</table>";
|
|
|
|
|
echo "</form>";
|
|
|
|
|
|
|
|
|
|
echo "</div>";
|
|
|
|
|
|
|
|
|
|
//show the footer
|
2013-07-06 08:29:50 +02:00
|
|
|
require_once "resources/footer.php";
|
2012-06-04 16:58:40 +02:00
|
|
|
?>
|
