projects / atutor.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ATutor 2.0
[atutor.git] / mods / _core / users / admins / create.php
1 <?php\r
2 /****************************************************************************/\r
3 /* ATutor                                                                                                                                       */\r
4 /****************************************************************************/\r
5 /* Copyright (c) 2002-2010                                                  */\r
6 /* Inclusive Design Institute                                               */\r
7 /* http://atutor.ca                                                                                                                     */\r
8 /*                                                                                                                                                      */\r
9 /* This program is free software. You can redistribute it and/or                        */\r
10 /* modify it under the terms of the GNU General Public License                          */\r
11 /* as published by the Free Software Foundation.                                                        */\r
12 /****************************************************************************/\r
13 // $Id: create.php 8901 2009-11-11 19:10:19Z cindy $\r
14 \r
15 define('AT_INCLUDE_PATH', '../../../../include/');\r
16 require(AT_INCLUDE_PATH.'vitals.inc.php');\r
17 admin_authenticate(AT_ADMIN_PRIV_ADMIN);\r
18 \r
19 if (isset($_POST['cancel'])) {\r
20         $msg->addFeedback('CANCELLED');\r
21         header('Location: index.php');\r
22         exit;\r
23 } else if (isset($_POST['submit'])) {\r
24         $missing_fields = array();\r
25 \r
26         /* login validation */\r
27         if ($_POST['login'] == '') {\r
28                 $missing_fields[] = _AT('login_name');\r
29         } else {\r
30                 /* check for special characters */\r
31                 if (!(preg_match("/^[a-zA-Z0-9_]([a-zA-Z0-9_])*$/i", $_POST['login']))) {\r
32                         $msg->addError('LOGIN_CHARS');\r
33                 } else {\r
34                         $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE login='$_POST[login]'",$db);\r
35                         if (mysql_num_rows($result) != 0) {\r
36                                 $msg->addError('LOGIN_EXISTS');\r
37                         } \r
38                                                 \r
39                         $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."admins WHERE login='$_POST[login]'",$db);\r
40                         if (mysql_num_rows($result) != 0) {\r
41                                 $msg->addError('LOGIN_EXISTS');\r
42                         }\r
43                 }\r
44         }\r
45 \r
46         /* password check: password is verified front end by javascript. here is to handle the errors from javascript */\r
47         if ($_POST['password_error'] <> "")\r
48         {\r
49                 $pwd_errors = explode(",", $_POST['password_error']);\r
50 \r
51                 foreach ($pwd_errors as $pwd_error)\r
52                 {\r
53                         if ($pwd_error == "missing_password")\r
54                                 $missing_fields[] = _AT('password');\r
55                         else\r
56                                 $msg->addError($pwd_error);\r
57                 }\r
58         }\r
59 \r
60         /* email validation */\r
61         if ($_POST['email'] == '') {\r
62                 $missing_fields[] = _AT('email');\r
63         } else if (!preg_match("/^[a-z0-9\._-]+@+[a-z0-9\._-]+\.+[a-z]{2,6}$/i", $_POST['email'])) {\r
64                 $msg->addError('EMAIL_INVALID');\r
65         }\r
66         $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE email LIKE '$_POST[email]'",$db);\r
67         if (mysql_num_rows($result) != 0) {\r
68                 $valid = 'no';\r
69                 $msg->addError('EMAIL_EXISTS');\r
70         }\r
71 \r
72         $priv = 0;\r
73         if (isset($_POST['priv_admin'])) {\r
74                 // overrides all above.\r
75                 $priv = AT_ADMIN_PRIV_ADMIN;\r
76         } else if (isset($_POST['privs'])) {\r
77                 foreach ($_POST['privs'] as $value) {\r
78                         $priv += intval($value);\r
79                 }\r
80         }\r
81         $_POST['privs'] = $priv;\r
82 \r
83         if ($missing_fields) {\r
84                 $missing_fields = implode(', ', $missing_fields);\r
85                 $msg->addError(array('EMPTY_FIELDS', $missing_fields));\r
86         }\r
87 \r
88         if (!$msg->containsErrors()) {\r
89                 $_POST['login']     = $addslashes($_POST['login']);\r
90                 $password  = $addslashes($_POST['form_password_hidden']);\r
91                 $_POST['real_name'] = $addslashes($_POST['real_name']);\r
92                 $_POST['email']     = $addslashes($_POST['email']);\r
93 \r
94                 $admin_lang = $_config['default_language']; \r
95 \r
96                 $sql    = "INSERT INTO ".TABLE_PREFIX."admins\r
97                                  (login,\r
98                                   password,\r
99                                   real_name,\r
100                                   email,\r
101                                   language,\r
102                                   `privileges`,\r
103                                   last_login)\r
104                           VALUES ('$_POST[login]', \r
105                                   '$password', \r
106                                   '$_POST[real_name]', \r
107                                   '$_POST[email]', \r
108                                   '$admin_lang', \r
109                                   $priv, \r
110                                   0)";\r
111                 $result = mysql_query($sql, $db) or die(mysql_error());\r
112 \r
113                 $sql    = "INSERT INTO ".TABLE_PREFIX."admins\r
114                                  (login,\r
115                                   password,\r
116                                   real_name,\r
117                                   email,\r
118                                   language,\r
119                                   `privileges`,\r
120                                   last_login)\r
121                           VALUES ('$_POST[login]', \r
122                                   '********', \r
123                                   '$_POST[real_name]', \r
124                                   '$_POST[email]', \r
125                                   '$admin_lang', \r
126                                   $priv, \r
127                                   0)";\r
128                                   \r
129                 write_to_log(AT_ADMIN_LOG_INSERT, 'admins', mysql_affected_rows($db), $sql);\r
130 \r
131                 $msg->addFeedback('ADMIN_CREATED');\r
132                 header('Location: index.php');\r
133                 exit;\r
134         }\r
135         $_POST['login']             = $stripslashes($_POST['login']);\r
136         $_POST['real_name']         = $stripslashes($_POST['real_name']);\r
137         $_POST['email']             = $stripslashes($_POST['email']);\r
138\r
139 \r
140 $onload = 'document.form.login.focus();';\r
141 require(AT_INCLUDE_PATH.'header.inc.php'); \r
142 ?>\r
143 <script language="JavaScript" src="sha-1factory.js" type="text/javascript"></script>\r
144 \r
145 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" name="form">\r
146 <input type="hidden" name="form_password_hidden" value="" />\r
147 <input type="hidden" name="password_error" value="" />\r
148 \r
149 <div class="input-form">\r
150         <div class="row">\r
151                 <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="login"><?php echo _AT('login_name'); ?></label><br />\r
152                 <input type="text" name="login" id="login" size="25" value="<?php echo htmlspecialchars($_POST['login']); ?>" />\r
153         </div>\r
154 \r
155         <div class="row">\r
156                 <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="password"><?php echo _AT('password'); ?></label><br />\r
157                 <input type="password" name="password" id="password" size="25" />\r
158         </div>\r
159 \r
160         <div class="row">\r
161                 <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="password2"><?php echo _AT('confirm_password'); ?></label><br />\r
162                 <input type="password" name="confirm_password" id="password2" size="25" />\r
163         </div>\r
164 \r
165         <div class="row">\r
166                 <label for="real_name"><?php echo _AT('real_name'); ?></label><br />\r
167                 <input type="text" name="real_name" id="real_name" size="30" value="<?php echo htmlspecialchars($_POST['real_name']); ?>" />\r
168         </div>\r
169 \r
170         <div class="row">\r
171                 <span class="required" title="<?php echo _AT('required_field'); ?>">*</span><label for="email"><?php echo _AT('email'); ?></label><br />\r
172                 <input type="text" name="email" id="email" size="30" value="<?php echo htmlspecialchars($_POST['email']); ?>" />\r
173         </div>\r
174 \r
175         <div class="row">\r
176                 <?php echo _AT('privileges'); ?><br />\r
177                 <input type="checkbox" name="priv_admin" value="1" id="priv_admin" <?php if ($_POST['priv_admin']) { echo 'checked="checked"'; } ?> /><label for="priv_admin"><?php echo _AT('priv_admin_super'); ?></label><br /><br />\r
178 \r
179                 <?php\r
180                         $module_list = $moduleFactory->getModules(AT_MODULE_STATUS_ENABLED, 0, TRUE);\r
181                         $keys = array_keys($module_list);\r
182                 ?>\r
183 \r
184                 <?php foreach ($keys as $module_name): ?>\r
185                         <?php $module =& $module_list[$module_name]; ?>\r
186                         <?php if (!($module->getAdminPrivilege() > 1)) { continue; } ?>\r
187                                 <input type="checkbox" name="privs[]" value="<?php echo $module->getAdminPrivilege(); ?>" id="priv_<?php echo $module->getAdminPrivilege(); ?>" <?php if (query_bit($_POST['privs'], $module->getAdminPrivilege())) { echo 'checked="checked"'; }  ?> /><label for="priv_<?php echo $module->getAdminPrivilege(); ?>"><?php echo $module->getName() ?></label><br />\r
188                 <?php endforeach; ?>\r
189         </div>\r
190 \r
191         <div class="row buttons">\r
192                 <input type="submit" name="submit" value="<?php echo _AT('save'); ?>" accesskey="s" onClick="return encrypt_password();" />\r
193                 <input type="submit" name="cancel" value="<?php echo _AT('cancel'); ?>" />\r
194         </div>\r
195 </div>\r
196 </form>\r
197 \r
198 <script language="JavaScript" src="sha-1factory.js" type="text/javascript"></script>\r
199 \r
200 <script type="text/javascript">\r
201 function encrypt_password()\r
202 {\r
203         document.form.password_error.value = "";\r
204 \r
205         err = verify_password(document.form.password.value, document.form.confirm_password.value);\r
206         \r
207         if (err.length > 0)\r
208         {\r
209                 document.form.password_error.value = err;\r
210         }\r
211         else\r
212         {\r
213                 document.form.form_password_hidden.value = hex_sha1(document.form.password.value);\r
214                 document.form.password.value = "";\r
215                 document.form.confirm_password.value = "";\r
216                 if (document.form.priv_admin.checked == true) \r
217                 {\r
218                         return confirm('<?php echo _AT('confirm_admin_create'); ?>');\r
219                 } \r
220                 else \r
221                 {\r
222                         return true;\r
223                 }\r
224         }\r
225 }\r
226 </script>\r
227 \r
228 <?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>\r
Course Management Learning Management Tools