Portions created by the Initial Developer are Copyright (C) 2008-2012 the Initial Developer. All Rights Reserved. Contributor(s): Mark J Crane */ include "root.php"; require_once "resources/require.php"; require_once "resources/check_auth.php"; if (if_group("admin") || if_group("superadmin")) { //access allowed } else { echo "access denied"; return; } //add multi-lingual support require_once "app_languages.php"; foreach($text as $key => $value) { $text[$key] = $value[$_SESSION['domain']['language']['code']]; } $username = check_str($_POST["username"]); $password = check_str($_POST["password"]); $confirmpassword = check_str($_POST["confirmpassword"]); $contact_organization = check_str($_POST["contact_organization"]); $contact_name_given = check_str($_POST["contact_name_given"]); $contact_name_family = check_str($_POST["contact_name_family"]); $user_email = check_str($_POST["user_email"]); if (count($_POST)>0 && check_str($_POST["persistform"]) != "1") { $msgerror = ''; //--- begin captcha verification --------------------- //session_start(); //make sure sessions are started if (strtolower($_SESSION["captcha"]) != strtolower($_REQUEST["captcha"]) || strlen($_SESSION["captcha"]) == 0) { //$msgerror .= "Captcha Verification Failed
\n"; } else { //echo "verified"; } //--- end captcha verification ----------------------- //username is already used. if (strlen($username) == 0) { $msgerror .= $text['message-required'].$text['label-username']."
\n"; } else { $sql = "SELECT * FROM v_users "; $sql .= "where domain_uuid = '$domain_uuid' "; $sql .= "and username = '$username' "; $sql .= "and user_enabled = 'true' "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); if (count($prep_statement->fetchAll(PDO::FETCH_NAMED)) > 0) { $msgerror .= "Please choose a different Username.
\n"; } } if (strlen($password) == 0) { $msgerror .= $text['message-password_blank']."
\n"; } if ($password != $confirmpassword) { $msgerror .= $text['message-password_mismatch']."
\n"; } //if (strlen($contact_organization) == 0) { $msgerror .= $text['message-required'].$text['label-company_name']."
\n"; } //if (strlen($contact_name_given) == 0) { $msgerror .= $text['message-required'].$text['label-first_name']."
\n"; } //if (strlen($contact_name_family) == 0) { $msgerror .= $text['message-required'].$text['label-last_name']."
\n"; } if (strlen($user_email) == 0) { $msgerror .= $text['message-required'].$text['label-email']."
\n"; } if (strlen($msgerror) > 0) { require_once "resources/header.php"; echo "

"; echo "

"; echo $msgerror; echo "

"; require_once "resources/persist_form.php"; echo persistform($_POST); echo "

"; require_once "resources/footer.php"; return; } //salt used with the password to create a one way hash $salt = generate_password('20', '4'); //prepare the uuids $user_uuid = uuid(); $contact_uuid = uuid(); //add the user $sql = "insert into v_users "; $sql .= "("; $sql .= "domain_uuid, "; $sql .= "user_uuid, "; $sql .= "contact_uuid, "; $sql .= "username, "; $sql .= "password, "; $sql .= "salt, "; $sql .= "add_date, "; $sql .= "add_user, "; $sql .= "user_enabled "; $sql .= ") "; $sql .= "values "; $sql .= "("; $sql .= "'$domain_uuid', "; $sql .= "'$user_uuid', "; $sql .= "'$contact_uuid', "; $sql .= "'$username', "; $sql .= "'".md5($salt.$password)."', "; $sql .= "'".$salt."', "; $sql .= "now(), "; $sql .= "'".$_SESSION["username"]."', "; $sql .= "'true' "; $sql .= ")"; $db->exec(check_sql($sql)); unset($sql); //add to contacts $sql = "insert into v_contacts "; $sql .= "("; $sql .= "domain_uuid, "; $sql .= "contact_uuid, "; $sql .= "contact_type, "; $sql .= "contact_organization, "; $sql .= "contact_name_given, "; $sql .= "contact_name_family, "; $sql .= "contact_nickname, "; $sql .= "contact_email "; $sql .= ") "; $sql .= "values "; $sql .= "("; $sql .= "'$domain_uuid', "; $sql .= "'$contact_uuid', "; $sql .= "'user', "; $sql .= "'$contact_organization', "; $sql .= "'$contact_name_given', "; $sql .= "'$contact_name_family', "; $sql .= "'$username', "; $sql .= "'$user_email' "; $sql .= ")"; $db->exec(check_sql($sql)); unset($sql); //log the success //$log_type = 'user'; $log_status='add'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." user added."; //log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $_SERVER["REMOTE_ADDR"]); $group_name = 'user'; $sql = "insert into v_group_users "; $sql .= "("; $sql .= "group_user_uuid, "; $sql .= "domain_uuid, "; $sql .= "group_name, "; $sql .= "user_uuid "; $sql .= ")"; $sql .= "values "; $sql .= "("; $sql .= "'".uuid()."', "; $sql .= "'$domain_uuid', "; $sql .= "'$group_name', "; $sql .= "'$user_uuid' "; $sql .= ")"; $db->exec(check_sql($sql)); unset($sql); require_once "resources/header.php"; echo "\n"; echo "

".$text['message-add']."

"; require_once "resources/footer.php"; return; } //show the header require_once "resources/header.php"; $page["title"] = $text['title-user_add']; //show the content echo "

"; $tablewidth ='width="100%"'; echo "

"; echo "

\n"; echo ""; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "

\n"; echo " ".$text['header-user_add']."\n"; echo "

\n"; echo " ".$text['description-user_add']."\n"; echo "

\n"; echo " \n"; echo "

\n"; echo ""; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo " "; echo "

".$text['label-username'].":
".$text['label-password'].":
".$text['label-confirm_password'].":
".$text['label-email'].":
".$text['label-first_name'].":
".$text['label-last_name'].":
".$text['label-company_name'].":

"; echo "

\n"; echo ""; echo " "; echo " "; echo " "; echo "

"; echo " "; echo "

"; echo ""; echo "

"; //show the footer require_once "resources/footer.php"; ?>