2 /****************************************************************************/
\r
4 /****************************************************************************/
\r
5 /* Copyright (c) 2002-2010 */
\r
6 /* Inclusive Design Institute */
\r
7 /* http://atutor.ca */
\r
9 /* This program is free software. You can redistribute it and/or */
\r
10 /* modify it under the terms of the GNU General Public License */
\r
11 /* as published by the Free Software Foundation. */
\r
12 /****************************************************************************/
\r
13 // $Id: create.php 10142 2010-08-17 19:17:26Z hwong $
\r
15 define('AT_INCLUDE_PATH', '../../../../include/');
\r
16 require(AT_INCLUDE_PATH.'vitals.inc.php');
\r
17 admin_authenticate(AT_ADMIN_PRIV_ADMIN);
\r
19 if (isset($_POST['cancel'])) {
\r
20 $msg->addFeedback('CANCELLED');
\r
21 header('Location: index.php');
\r
23 } else if (isset($_POST['submit'])) {
\r
24 $missing_fields = array();
\r
26 /* login validation */
\r
27 if ($_POST['login'] == '') {
\r
28 $missing_fields[] = _AT('login_name');
\r
30 /* check for special characters */
\r
31 if (!(preg_match("/^[a-zA-Z0-9_]([a-zA-Z0-9_])*$/i", $_POST['login']))) {
\r
32 $msg->addError('LOGIN_CHARS');
\r
34 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE login='$_POST[login]'",$db);
\r
35 if (mysql_num_rows($result) != 0) {
\r
36 $msg->addError('LOGIN_EXISTS');
\r
39 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."admins WHERE login='$_POST[login]'",$db);
\r
40 if (mysql_num_rows($result) != 0) {
\r
41 $msg->addError('LOGIN_EXISTS');
\r
46 /* password check: password is verified front end by javascript. here is to handle the errors from javascript */
\r
47 if ($_POST['password_error'] <> "")
\r
49 $pwd_errors = explode(",", $_POST['password_error']);
\r
51 foreach ($pwd_errors as $pwd_error)
\r
53 if ($pwd_error == "missing_password")
\r
54 $missing_fields[] = _AT('password');
\r
56 $msg->addError($pwd_error);
\r
60 /* email validation */
\r
61 if ($_POST['email'] == '') {
\r
62 $missing_fields[] = _AT('email');
\r
63 } else if (!preg_match("/^[a-z0-9\._-]+@+[a-z0-9\._-]+\.+[a-z]{2,6}$/i", $_POST['email'])) {
\r
64 $msg->addError('EMAIL_INVALID');
\r
66 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE email LIKE '$_POST[email]'",$db);
\r
67 if (mysql_num_rows($result) != 0) {
\r
69 $msg->addError('EMAIL_EXISTS');
\r
73 if (isset($_POST['priv_admin'])) {
\r
74 // overrides all above.
\r
75 $priv = AT_ADMIN_PRIV_ADMIN;
\r
76 } else if (isset($_POST['privs'])) {
\r
77 foreach ($_POST['privs'] as $value) {
\r
78 $priv += intval($value);
\r
81 $_POST['privs'] = $priv;
\r
83 if ($missing_fields) {
\r
84 $missing_fields = implode(', ', $missing_fields);
\r
85 $msg->addError(array('EMPTY_FIELDS', $missing_fields));
\r
88 if (!$msg->containsErrors()) {
\r
89 $_POST['login'] = $addslashes($_POST['login']);
\r
90 $password = $addslashes($_POST['form_password_hidden']);
\r
91 $_POST['real_name'] = $addslashes($_POST['real_name']);
\r
92 $_POST['email'] = $addslashes($_POST['email']);
\r
94 $admin_lang = $_config['default_language'];
\r
96 $sql = "INSERT INTO ".TABLE_PREFIX."admins
\r
104 VALUES ('$_POST[login]',
\r
106 '$_POST[real_name]',
\r
111 $result = mysql_query($sql, $db) or die(mysql_error());
\r
113 $sql = "INSERT INTO ".TABLE_PREFIX."admins
\r
121 VALUES ('$_POST[login]',
\r
123 '$_POST[real_name]',
\r
129 write_to_log(AT_ADMIN_LOG_INSERT, 'admins', mysql_affected_rows($db), $sql);
\r
131 $msg->addFeedback('ADMIN_CREATED');
\r
132 header('Location: index.php');
\r
135 $_POST['login'] = $stripslashes($_POST['login']);
\r
136 $_POST['real_name'] = $stripslashes($_POST['real_name']);
\r
137 $_POST['email'] = $stripslashes($_POST['email']);
\r
140 $onload = 'document.form.login.focus();';
\r
141 require(AT_INCLUDE_PATH.'header.inc.php');
\r
143 <script language="JavaScript" src="sha-1factory.js" type="text/javascript"></script>
\r
145 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" name="form">
\r
146 <input type="hidden" name="form_password_hidden" value="" />
\r
147 <input type="hidden" name="password_error" value="" />
\r
149 <div class="input-form">
\r
151 <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="login"><?php echo _AT('login_name'); ?></label><br />
\r
152 <input type="text" name="login" id="login" size="25" value="<?php echo htmlspecialchars($_POST['login']); ?>" />
\r
156 <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="password"><?php echo _AT('password'); ?></label><br />
\r
157 <input type="password" name="password" id="password" size="25" />
\r
161 <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="password2"><?php echo _AT('confirm_password'); ?></label><br />
\r
162 <input type="password" name="confirm_password" id="password2" size="25" />
\r
166 <label for="real_name"><?php echo _AT('real_name'); ?></label><br />
\r
167 <input type="text" name="real_name" id="real_name" size="30" value="<?php echo htmlspecialchars($_POST['real_name']); ?>" />
\r
171 <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="email"><?php echo _AT('email'); ?></label><br />
\r
172 <input type="text" name="email" id="email" size="30" value="<?php echo htmlspecialchars($_POST['email']); ?>" />
\r
176 <?php echo _AT('privileges'); ?><br />
\r
177 <input type="checkbox" name="priv_admin" value="1" id="priv_admin" <?php if ($_POST['priv_admin']) { echo 'checked="checked"'; } ?> /><label for="priv_admin"><?php echo _AT('priv_admin_super'); ?></label><br /><br />
\r
180 $module_list = $moduleFactory->getModules(AT_MODULE_STATUS_ENABLED, 0, TRUE);
\r
181 $keys = array_keys($module_list);
\r
184 <?php foreach ($keys as $module_name): ?>
\r
185 <?php $module =& $module_list[$module_name]; ?>
\r
186 <?php if (!($module->getAdminPrivilege() > 1)) { continue; } ?>
\r
187 <input type="checkbox" name="privs[]" value="<?php echo $module->getAdminPrivilege(); ?>" id="priv_<?php echo $module->getAdminPrivilege(); ?>" <?php if (query_bit($_POST['privs'], $module->getAdminPrivilege())) { echo 'checked="checked"'; } ?> /><label for="priv_<?php echo $module->getAdminPrivilege(); ?>"><?php echo $module->getName() ?></label><br />
\r
188 <?php endforeach; ?>
\r
191 <div class="row buttons">
\r
192 <input type="submit" name="submit" value="<?php echo _AT('save'); ?>" accesskey="s" onClick="return encrypt_password();" />
\r
193 <input type="submit" name="cancel" value="<?php echo _AT('cancel'); ?>" />
\r
198 <script language="JavaScript" src="sha-1factory.js" type="text/javascript"></script>
\r
200 <script type="text/javascript">
\r
201 function encrypt_password()
\r
203 document.form.password_error.value = "";
\r
205 err = verify_password(document.form.password.value, document.form.confirm_password.value);
\r
207 if (err.length > 0)
\r
209 document.form.password_error.value = err;
\r
213 document.form.form_password_hidden.value = hex_sha1(document.form.password.value);
\r
214 document.form.password.value = "";
\r
215 document.form.confirm_password.value = "";
\r
216 if (document.form.priv_admin.checked == true)
\r
218 return confirm('<?php echo _AT('confirm_admin_create'); ?>');
\r
228 <?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>
\r