2 /****************************************************************************/
\r
4 /****************************************************************************/
\r
5 /* Copyright (c) 2002-2010 */
\r
6 /* Inclusive Design Institute */
\r
7 /* http://atutor.ca */
\r
9 /* This program is free software. You can redistribute it and/or */
\r
10 /* modify it under the terms of the GNU General Public License */
\r
11 /* as published by the Free Software Foundation. */
\r
12 /****************************************************************************/
\r
15 define('AT_INCLUDE_PATH', '../../../../include/');
\r
16 require(AT_INCLUDE_PATH.'vitals.inc.php');
\r
17 admin_authenticate(AT_ADMIN_PRIV_ADMIN);
\r
19 if (isset($_POST['cancel'])) {
\r
20 $msg->addFeedback('CANCELLED');
\r
21 header('Location: index.php');
\r
23 } else if (isset($_POST['submit'])) {
\r
24 $missing_fields = array();
\r
26 /* login validation */
\r
27 if ($_POST['login'] == '') {
\r
28 $missing_fields[] = _AT('login_name');
\r
30 /* check for special characters */
\r
31 if (!(preg_match("/^[a-zA-Z0-9_]([a-zA-Z0-9_])*$/i", $_POST['login']))) {
\r
32 $msg->addError('LOGIN_CHARS');
\r
34 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE login='$_POST[login]'",$db);
\r
35 if (mysql_num_rows($result) != 0) {
\r
36 $msg->addError('LOGIN_EXISTS');
\r
39 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."admins WHERE login='$_POST[login]'",$db);
\r
40 if (mysql_num_rows($result) != 0) {
\r
41 $msg->addError('LOGIN_EXISTS');
\r
46 /* password check: password is verified front end by javascript. here is to handle the errors from javascript */
\r
47 if ($_POST['password_error'] <> "")
\r
49 $pwd_errors = explode(",", $_POST['password_error']);
\r
51 foreach ($pwd_errors as $pwd_error)
\r
53 if ($pwd_error == "missing_password")
\r
54 $missing_fields[] = _AT('password');
\r
56 $msg->addError($pwd_error);
\r
60 /* email validation */
\r
61 if ($_POST['email'] == '') {
\r
62 $missing_fields[] = _AT('email');
\r
63 } else if (!preg_match("/^[a-z0-9\._-]+@+[a-z0-9\._-]+\.+[a-z]{2,6}$/i", $_POST['email'])) {
\r
64 $msg->addError('EMAIL_INVALID');
\r
66 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE email LIKE '$_POST[email]'",$db);
\r
67 if (mysql_num_rows($result) != 0) {
\r
69 $msg->addError('EMAIL_EXISTS');
\r
73 if (isset($_POST['priv_admin'])) {
\r
74 // overrides all above.
\r
75 $priv = AT_ADMIN_PRIV_ADMIN;
\r
76 } else if (isset($_POST['privs'])) {
\r
77 foreach ($_POST['privs'] as $value) {
\r
78 $priv += intval($value);
\r
81 $_POST['privs'] = $priv;
\r
83 if ($missing_fields) {
\r
84 $missing_fields = implode(', ', $missing_fields);
\r
85 $msg->addError(array('EMPTY_FIELDS', $missing_fields));
\r
88 if (!$msg->containsErrors()) {
\r
89 $_POST['login'] = $addslashes($_POST['login']);
\r
90 $password = $addslashes($_POST['form_password_hidden']);
\r
91 $_POST['real_name'] = $addslashes($_POST['real_name']);
\r
92 $_POST['email'] = $addslashes($_POST['email']);
\r
94 $admin_lang = $_config['default_language'];
\r
96 $sql = "INSERT INTO ".TABLE_PREFIX."admins
\r
104 VALUES ('$_POST[login]',
\r
106 '$_POST[real_name]',
\r
111 $result = mysql_query($sql, $db) or die(mysql_error());
\r
113 $sql = "INSERT INTO ".TABLE_PREFIX."admins
\r
121 VALUES ('$_POST[login]',
\r
123 '$_POST[real_name]',
\r
129 write_to_log(AT_ADMIN_LOG_INSERT, 'admins', mysql_affected_rows($db), $sql);
\r
131 $msg->addFeedback('ADMIN_CREATED');
\r
132 header('Location: index.php');
\r
135 $_POST['login'] = $stripslashes($_POST['login']);
\r
136 $_POST['real_name'] = $stripslashes($_POST['real_name']);
\r
137 $_POST['email'] = $stripslashes($_POST['email']);
\r
140 $onload = 'document.form.login.focus();';
\r
141 require(AT_INCLUDE_PATH.'header.inc.php');
\r
143 <script language="JavaScript" src="sha-1factory.js" type="text/javascript"></script>
\r
146 $module_list = $moduleFactory->getModules(AT_MODULE_STATUS_ENABLED, 0, TRUE);
\r
147 $keys = array_keys($module_list);
\r
151 <script language="JavaScript" src="sha-1factory.js" type="text/javascript"></script>
\r
153 <script type="text/javascript">
\r
154 function encrypt_password()
\r
156 document.form.password_error.value = "";
\r
158 err = verify_password(document.form.password.value, document.form.confirm_password.value);
\r
160 if (err.length > 0)
\r
162 document.form.password_error.value = err;
\r
166 document.form.form_password_hidden.value = hex_sha1(document.form.password.value);
\r
167 document.form.password.value = "";
\r
168 document.form.confirm_password.value = "";
\r
169 if (document.form.priv_admin.checked == true)
\r
171 return confirm('<?php echo _AT('confirm_admin_create'); ?>');
\r
182 $savant->assign('keys', $keys);
\r
183 $savant->assign('module_list', $module_list);
\r
184 $savant->display('admin/users/create.tmpl.php');
\r
185 require(AT_INCLUDE_PATH.'footer.inc.php'); ?>
\r