Portions created by the Initial Developer are Copyright (C) 2008-2012 the Initial Developer. All Rights Reserved. Contributor(s): Mark J Crane */ include "root.php"; require_once "resources/require.php"; require_once "resources/check_auth.php"; if (if_group("admin") || if_group("superadmin")) { //access allowed } else { echo "access denied"; return; } //add multi-lingual support require_once "app_languages.php"; foreach($text as $key => $value) { $text[$key] = $value[$_SESSION['domain']['language']['code']]; } $username = check_str($_POST["username"]); $password = check_str($_POST["password"]); $confirmpassword = check_str($_POST["confirmpassword"]); $group_name = check_str($_POST["group_name"]); $user_email = check_str($_POST["user_email"]); $contact_organization = check_str($_POST["contact_organization"]); $contact_name_given = check_str($_POST["contact_name_given"]); $contact_name_family = check_str($_POST["contact_name_family"]); if (count($_POST)>0 && check_str($_POST["persistform"]) != "1") { $msg = ''; //--- begin captcha verification --------------------- //session_start(); //make sure sessions are started if (strtolower($_SESSION["captcha"]) != strtolower($_REQUEST["captcha"]) || strlen($_SESSION["captcha"]) == 0) { //$msg .= "Captcha Verification Failed
\n"; } else { //echo "verified"; } //--- end captcha verification ----------------------- //username is already used. if (strlen($username) == 0) { $msg .= $text['message-required'].$text['label-username']."
\n"; } else { $sql = "SELECT * FROM v_users "; $sql .= "WHERE username = '$username' "; if ($_SESSION["user"]["unique"]["text"] != "global") { $sql .= "AND domain_uuid = '$domain_uuid' "; } //$sql .= "and user_enabled = 'true' "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); if (count($prep_statement->fetchAll(PDO::FETCH_NAMED)) > 0) { $msg .= "Please choose a different Username.
\n"; } } if (strlen($password) == 0) { $msg .= $text['message-password_blank']."
\n"; } if ($password != $confirmpassword) { $msg .= $text['message-password_mismatch']."
\n"; } //if (strlen($contact_organization) == 0) { $msg .= $text['message-required'].$text['label-company_name']."
\n"; } //if (strlen($contact_name_given) == 0) { $msg .= $text['message-required'].$text['label-first_name']."
\n"; } //if (strlen($contact_name_family) == 0) { $msg .= $text['message-required'].$text['label-last_name']."
\n"; } if (strlen($user_email) == 0) { $msg .= $text['message-required'].$text['label-email']."
\n"; } if (strlen($msg) > 0) { require_once "resources/header.php"; echo "

"; echo "

"; echo $msg; echo "

"; require_once "resources/persist_form.php"; echo persistform($_POST); echo "

"; require_once "resources/footer.php"; return; } //salt used with the password to create a one way hash $salt = generate_password('20', '4'); //prepare the uuids $user_uuid = uuid(); $group_user_uuid = uuid(); $contact_uuid = uuid(); //add the user $sql = "insert into v_users "; $sql .= "("; $sql .= "domain_uuid, "; $sql .= "user_uuid, "; $sql .= "contact_uuid, "; $sql .= "username, "; $sql .= "password, "; $sql .= "salt, "; $sql .= "add_date, "; $sql .= "add_user, "; $sql .= "user_enabled "; $sql .= ") "; $sql .= "values "; $sql .= "("; $sql .= "'$domain_uuid', "; $sql .= "'$user_uuid', "; $sql .= "'$contact_uuid', "; $sql .= "'$username', "; $sql .= "'".md5($salt.$password)."', "; $sql .= "'".$salt."', "; $sql .= "now(), "; $sql .= "'".$_SESSION["username"]."', "; $sql .= "'true' "; $sql .= ")"; $db->exec(check_sql($sql)); unset($sql); //add the user to the group if (strlen($group_name) > 0) { if ( ($group_name == "superadmin" && if_group("superadmin")) || $group_name != "superadmin") { $sql = "insert into v_group_users "; $sql .= "( "; $sql .= "group_user_uuid, "; $sql .= "domain_uuid, "; $sql .= "group_name, "; $sql .= "user_uuid "; $sql .= ") "; $sql .= "values "; $sql .= "("; $sql .= "'".$group_user_uuid."', "; $sql .= "'".$domain_uuid."', "; $sql .= "'".$group_name."', "; $sql .= "'".$user_uuid."' "; $sql .= ")"; $db->exec(check_sql($sql)); unset($sql); } } //add to contacts $sql = "insert into v_contacts "; $sql .= "("; $sql .= "domain_uuid, "; $sql .= "contact_uuid, "; $sql .= "contact_type, "; $sql .= "contact_organization, "; $sql .= "contact_name_given, "; $sql .= "contact_name_family, "; $sql .= "contact_nickname, "; $sql .= "contact_email "; $sql .= ") "; $sql .= "values "; $sql .= "("; $sql .= "'$domain_uuid', "; $sql .= "'$contact_uuid', "; $sql .= "'user', "; $sql .= "'$contact_organization', "; $sql .= "'$contact_name_given', "; $sql .= "'$contact_name_family', "; $sql .= "'$username', "; $sql .= "'$user_email' "; $sql .= ")"; $db->exec(check_sql($sql)); unset($sql); //log the success //$log_type = 'user'; $log_status='add'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." user added."; //log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $_SERVER["REMOTE_ADDR"]); $_SESSION["message"] = $text['message-add']; header("Location: index.php"); return; } //show the header require_once "resources/header.php"; $document['title'] = $text['title-user_add']; //show the content echo ""; echo "

"; $tablewidth ='width="100%"'; echo "

"; echo "

\n"; echo ""; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "

\n"; echo " ".$text['header-user_add']."\n"; echo "

\n"; echo " ".$text['description-user_add']."\n"; echo "

\n"; echo " \n"; echo "

\n"; echo ""; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo "

".$text['label-username'].":
".$text['label-password'].":
".$text['label-confirm_password'].":
".$text['label-email'].":
".$text['label-group'].":	"; $sql = "SELECT * FROM v_groups "; $sql .= "where domain_uuid = '".$domain_uuid."' "; $sql .= "order by group_name asc "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); echo " "; unset($sql, $result); echo "
".$text['label-first_name'].":
".$text['label-last_name'].":
".$text['label-company_name'].":

"; echo "

"; echo "

\n"; echo ""; echo " "; echo " "; echo " "; echo "

"; echo " "; echo "

"; echo ""; echo "

"; //show the footer require_once "resources/footer.php"; ?>