PageRenderTime 44ms CodeModel.GetById 14ms RepoModel.GetById 1ms app.codeStats 0ms

/NukeViet3.2/modules/users/admin/user_add.php

http://nuke-viet.googlecode.com/
PHP | 275 lines | 234 code | 35 blank | 6 comment | 31 complexity | 82fc2800dbaae5b2b3f54b28f7021ad5 MD5 | raw file
Possible License(s): BSD-3-Clause, LGPL-2.1, GPL-2.0 
    

  1. <?php

    2. 

  2. 

    3. 

  3. /**
    4. 

  4.  * @Project NUKEVIET CMS 3.0
    5. 

  5.  * @Author VINADES (contact@vinades.vn)
    6. 

  6.  * @Copyright (C) 2010 VINADES. All rights reserved
    7. 

  7.  * @Createdate 04/05/2010 
    8. 

  8.  */

    9. 

  9. 

    10. 

  10. if ( ! defined( 'NV_IS_FILE_ADMIN' ) ) die( 'Stop!!!' );

    11. 

  11. 

    12. 

  12. $page_title = $lang_module['user_add'];

    13. 

  13. 

    14. 

  14. $groups_list = nv_groups_list();

    15. 

  15. 

    16. 

  16. $_user = array();

    17. 

  17. $error = "";

    18. 

  18. 

    19. 

  19. if ( $nv_Request->isset_request( 'confirm', 'post' ) )

    20. 

  20. {

    21. 

  21.     $_user['username'] = filter_text_input( 'username', 'post', '', 1, NV_UNICKMAX );

    22. 

  22.     $_user['email'] = filter_text_input( 'email', 'post', '', 1, 100 );

    23. 

  23.     $_user['password1'] = filter_text_input( 'password1', 'post', '', 0, NV_UPASSMAX );

    24. 

  24.     $_user['password2'] = filter_text_input( 'password2', 'post', '', 0, NV_UPASSMAX );

    25. 

  25.     $_user['question'] = filter_text_input( 'question', 'post', '', 1, 255 );

    26. 

  26.     $_user['answer'] = filter_text_input( 'answer', 'post', '', 1, 255 );

    27. 

  27.     $_user['full_name'] = filter_text_input( 'full_name', 'post', '', 1, 255 );

    28. 

  28.     $_user['gender'] = filter_text_input( 'gender', 'post', '', 1, 1 );

    29. 

  29.     $_user['website'] = filter_text_input( 'website', 'post', '' );

    30. 

  30.     $_user['location'] = filter_text_input( 'location', 'post', '', 1 );

    31. 

  31.     $_user['yim'] = filter_text_input( 'yim', 'post', '', 1, 100 );

    32. 

  32.     $_user['telephone'] = filter_text_input( 'telephone', 'post', '', 1, 100 );

    33. 

  33.     $_user['fax'] = filter_text_input( 'fax', 'post', '', 1, 100 );

    34. 

  34.     $_user['mobile'] = filter_text_input( 'mobile', 'post', '', 1, 100 );

    35. 

  35.     $_user['view_mail'] = $nv_Request->get_int( 'view_mail', 'post', 0 );

    36. 

  36.     $_user['sig'] = filter_text_textarea( 'sig', '', NV_ALLOWED_HTML_TAGS );

    37. 

  37.     $_user['birthday'] = filter_text_input( 'birthday', 'post', '', 1, 10 );

    38. 

  38.     $_user['in_groups'] = $nv_Request->get_typed_array( 'group', 'post', 'int' );

    39. 

  39.     

    40. 

  40.     if ( ! empty( $_user['website'] ) )

    41. 

  41.     {

    42. 

  42.         if ( ! preg_match( "#^(http|https|ftp|gopher)\:\/\/#", $_user['website'] ) )

    43. 

  43.         {

    44. 

  44.             $_user['website'] = "http://" . $_user['website'];

    45. 

  45.         }

    46. 

  46.         if ( ! nv_is_url( $_user['website'] ) )

    47. 

  47.         {

    48. 

  48.             $_user['website'] = "";

    49. 

  49.         }

    50. 

  50.     }

    51. 

  51.     

    52. 

  52.     if ( ( $error_username = nv_check_valid_login( $_user['username'], NV_UNICKMAX, NV_UNICKMIN ) ) != "" )

    53. 

  53.     {

    54. 

  54.         $error = $error_username;

    55. 

  55.     }

    56. 

  56.     elseif ( $_user['username'] != $db->fixdb( $_user['username'] ) )

    57. 

  57.     {

    58. 

  58.         $error = sprintf( $lang_module['account_deny_name'], '<strong>' . $_user['username'] . '</strong>' );

    59. 

  59.     }

    60. 

  60.     elseif ( ( $error_xemail = nv_check_valid_email( $_user['email'] ) ) != "" )

    61. 

  61.     {

    62. 

  62.         $error = $error_xemail;

    63. 

  63.     }

    64. 

  64.     elseif ( $db->sql_numrows( $db->sql_query( "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `md5username`=" . $db->dbescape( md5( $_user['username'] ) ) ) ) != 0 )

    65. 

  65.     {

    66. 

  66.         $error = $lang_module['edit_error_username_exist'];

    67. 

  67.     }

    68. 

  68.     elseif ( $db->sql_numrows( $db->sql_query( "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `email`=" . $db->dbescape( $_user['email'] ) ) ) != 0 )

    69. 

  69.     {

    70. 

  70.         $error = $lang_module['edit_error_email_exist'];

    71. 

  71.     }

    72. 

  72.     elseif ( $db->sql_numrows( $db->sql_query( "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `email`=" . $db->dbescape( $_user['email'] ) ) ) != 0 )

    73. 

  73.     {

    74. 

  74.         $error = $lang_module['edit_error_email_exist'];

    75. 

  75.     }

    76. 

  76.     elseif ( $db->sql_numrows( $db->sql_query( "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_openid` WHERE `email`=" . $db->dbescape( $_user['email'] ) ) ) != 0 )

    77. 

  77.     {

    78. 

  78.         $error = $lang_module['edit_error_email_exist'];

    79. 

  79.     }

    80. 

  80.     elseif ( ( $check_pass = nv_check_valid_pass( $_user['password1'], NV_UPASSMAX, NV_UPASSMIN ) ) != "" )

    81. 

  81.     {

    82. 

  82.         $error = $check_pass;

    83. 

  83.     }

    84. 

  84.     elseif ( $_user['password1'] != $_user['password2'] )

    85. 

  85.     {

    86. 

  86.         $error = $lang_module['edit_error_password'];

    87. 

  87.     }

    88. 

  88.     elseif ( empty( $_user['question'] ) )

    89. 

  89.     {

    90. 

  90.         $error = $lang_module['edit_error_question'];

    91. 

  91.     }

    92. 

  92.     elseif ( empty( $_user['answer'] ) )

    93. 

  93.     {

    94. 

  94.         $error = $lang_module['edit_error_answer'];

    95. 

  95.     }

    96. 

  96.     else

    97. 

  97.     {

    98. 

  98.         $_user['sig'] = nv_nl2br( $_user['sig'], "<br />" );

    99. 

  99.         if ( $_user['gender'] != "M" and $_user['gender'] != "F" )

    100. 

  100.         {

    101. 

  101.             $_user['gender'] = "";

    102. 

  102.         }

    103. 

  103.         

    104. 

  104.         unset( $m );

    105. 

  105.         if ( preg_match( "/^([0-9]{1,2})\.([0-9]{1,2})\.([0-9]{4})$/", $_user['birthday'], $m ) )

    106. 

  106.         {

    107. 

  107.             $_user['birthday'] = mktime( 0, 0, 0, $m[2], $m[1], $m[3] );

    108. 

  108.         }

    109. 

  109.         else

    110. 

  110.         {

    111. 

  111.             $_user['birthday'] = 0;

    112. 

  112.         }

    113. 

  113.         

    114. 

  114.         $data_in_groups = ( ! empty( $_user['in_groups'] ) ) ? implode( ',', $_user['in_groups'] ) : '';

    115. 

  115.         

    116. 

  116.         $password = $crypt->hash( $_user['password1'] );

    117. 

  117.         

    118. 

  118.         $sql = "INSERT INTO `" . NV_USERS_GLOBALTABLE . "` (
    119. 

  119.         `userid`, `username`, `md5username`, `password`, `email`, `full_name`, `gender`, `birthday`, `sig`, `regdate`, 
    120. 

  120.         `website`, `location`, `yim`, `telephone`, `fax`, `mobile`, `question`, `answer`, `passlostkey`, `view_mail`, 
    121. 

  121.         `remember`, `in_groups`, `active`, `checknum`, `last_login`, `last_ip`, `last_agent`, `last_openid`) 
    122. 

  122.         VALUES(
    123. 

  123. 		NULL, 
    124. 

  124. 		" . $db->dbescape( $_user['username'] ) . ",
    125. 

  125. 		" . $db->dbescape( md5( $_user['username'] ) ) . ",
    126. 

  126. 		" . $db->dbescape( $password ) . ",
    127. 

  127. 		" . $db->dbescape( $_user['email'] ) . ",
    128. 

  128. 		" . $db->dbescape( $_user['full_name'] ) . ",
    129. 

  129. 		" . $db->dbescape( $_user['gender'] ) . ",
    130. 

  130. 		" . $_user['birthday'] . ",
    131. 

  131. 		" . $db->dbescape( $_user['sig'] ) . ",
    132. 

  132. 		" . NV_CURRENTTIME . ",
    133. 

  133. 		" . $db->dbescape( $_user['website'] ) . ",
    134. 

  134. 		" . $db->dbescape( $_user['location'] ) . ",
    135. 

  135. 		" . $db->dbescape( $_user['yim'] ) . ",
    136. 

  136. 		" . $db->dbescape( $_user['telephone'] ) . ",
    137. 

  137. 		" . $db->dbescape( $_user['fax'] ) . ",
    138. 

  138. 		" . $db->dbescape( $_user['mobile'] ) . ",
    139. 

  139. 		" . $db->dbescape( $_user['question'] ) . ",
    140. 

  140. 		" . $db->dbescape( $_user['answer'] ) . ",
    141. 

  141. 		'', 
    142. 

  142.         " . $_user['view_mail'] . ", 
    143. 

  143.         1, 
    144. 

  144.         " . $db->dbescape_string( $data_in_groups ) . ", 
    145. 

  145.         1, '', 0, '', '', '')";

    146. 

  146.         

    147. 

  147.         $userid = $db->sql_query_insert_id( $sql );

    148. 

  148.         

    149. 

  149.         if ( $userid )

    150. 

  150.         {

    151. 

  151.             nv_insert_logs( NV_LANG_DATA, $module_name, 'log_add_user', "userid " . $userid, $admin_info['userid'] );

    152. 

  152.             if ( isset( $_FILES['photo'] ) and is_uploaded_file( $_FILES['photo']['tmp_name'] ) )

    153. 

  153.             {

    154. 

  154.                 @require_once ( NV_ROOTDIR . "/includes/class/upload.class.php" );

    155. 

  155.                 

    156. 

  156.                 $upload = new upload( array( 'images' ), $global_config['forbid_extensions'], $global_config['forbid_mimes'], NV_UPLOAD_MAX_FILESIZE, 80, 80 );

    157. 

  157.                 $upload_info = $upload->save_file( $_FILES['photo'], NV_UPLOADS_REAL_DIR . '/' . $module_name, false );

    158. 

  158.                 

    159. 

  159.                 @unlink( $_FILES['photo']['tmp_name'] );

    160. 

  160.                 

    161. 

  161.                 if ( empty( $upload_info['error'] ) )

    162. 

  162.                 {

    163. 

  163.                     @chmod( $upload_info['name'], 0644 );

    164. 

  164.                     

    165. 

  165.                     $file_name = str_replace( NV_ROOTDIR . "/", "", $upload_info['name'] );

    166. 

  166.                     

    167. 

  167.                     $sql = "UPDATE `" . NV_USERS_GLOBALTABLE . "` SET `photo`=" . $db->dbescape( $file_name ) . " WHERE `userid`=" . $userid;

    168. 

  168.                     $db->sql_query( $sql );

    169. 

  169.                 }

    170. 

  170.             }

    171. 

  171.             if ( ! empty( $_user['in_groups'] ) )

    172. 

  172.             {

    173. 

  173.                 foreach ( $_user['in_groups'] as $group_id_i )

    174. 

  174.                 {

    175. 

  175.                     $query = "SELECT `users` FROM `" . NV_GROUPS_GLOBALTABLE . "` WHERE `group_id`=" . $group_id_i;

    176. 

  176.                     $result = $db->sql_query( $query );

    177. 

  177.                     $numrows = $db->sql_numrows( $result );

    178. 

  178.                     if ( $numrows )

    179. 

  179.                     {

    180. 

  180.                         $row_users = $db->sql_fetchrow( $result );

    181. 

  181.                         $users = trim( $row_users['users'] );

    182. 

  182.                         $users = ! empty( $users ) ? explode( ",", $users ) : array();

    183. 

  183.                         $users = array_merge( $users, array( $userid ) );

    184. 

  184.                         $users = array_unique( $users );

    185. 

  185.                         sort( $users );

    186. 

  186.                         $users = array_values( $users );

    187. 

  187.                         $users = ! empty( $users ) ? implode( ",", $users ) : "";

    188. 

  188.                         

    189. 

  189.                         $sql = "UPDATE `" . NV_GROUPS_GLOBALTABLE . "` SET `users`=" . $db->dbescape_string( $users ) . " WHERE `group_id`=" . $group_id_i;

    190. 

  190.                         $db->sql_query( $sql );

    191. 

  191.                     }

    192. 

  192.                 }

    193. 

  193.             

    194. 

  194.             }

    195. 

  195.             

    196. 

  196.             Header( "Location: " . NV_BASE_ADMINURL . "index.php?" . NV_NAME_VARIABLE . "=" . $module_name );

    197. 

  197.             exit();

    198. 

  198.         }

    199. 

  199.         

    200. 

  200.         $error = $lang_module['edit_add_error'];

    201. 

  201.     }

    202. 

  202. }

    203. 

  203. else

    204. 

  204. {

    205. 

  205.     $_user['username'] = $_user['email'] = $_user['password1'] = $_user['password2'] = $_user['question'] = $_user['answer'] = "";

    206. 

  206.     $_user['full_name'] = $_user['gender'] = $_user['website'] = $_user['location'] = $_user['yim'] = $_user['telephone'] = "";

    207. 

  207.     $_user['fax'] = $_user['mobile'] = $_user['sig'] = $_user['birthday'] = "";

    208. 

  208.     $_user['view_mail'] = 0;

    209. 

  209.     $_user['in_groups'] = array();

    210. 

  210. }

    211. 

  211. 

    212. 

  212. $genders = array( //
    213. 

  213. 'N' => array( 'key' => 'N', 'title' => $lang_module['NA'], 'selected' => '' ), //
    214. 

  214. 'M' => array( 'key' => 'M', 'title' => $lang_module['male'], 'selected' => $_user['gender'] == "M" ? " selected=\"selected\"" : "" ), //
    215. 

  215. 'F' => array( 'key' => 'F', 'title' => $lang_module['female'], 'selected' => $_user['gender'] == "F" ? " selected=\"selected\"" : "" ) );//
    216. 

  216. 

    217. 

  217. 

    218. 

  218. $_user['view_mail'] = $_user['view_mail'] ? " checked=\"checked\"" : "";

    219. 

  219. 

    220. 

  220. if ( ! empty( $_user['sig'] ) ) $_user['sig'] = nv_htmlspecialchars( $_user['sig'] );

    221. 

  221. 

    222. 

  222. $groups = array();

    223. 

  223. if ( ! empty( $groups_list ) )

    224. 

  224. {

    225. 

  225.     foreach ( $groups_list as $group_id => $grtl )

    226. 

  226.     {

    227. 

  227.         $groups[] = array( 'id' => $group_id, 'title' => $grtl, 'checked' => ( ! empty( $_user['in_groups'] ) and in_array( $group_id, $_user['in_groups'] ) ) ? " checked=\"checked\"" : "" );

    228. 

  228.     }

    229. 

  229. }

    230. 

  230. 

    231. 

  231. $xtpl = new XTemplate( "user_add.tpl", NV_ROOTDIR . "/themes/" . $global_config['module_theme'] . "/modules/" . $module_file );

    232. 

  232. $xtpl->assign( 'LANG', $lang_module );

    233. 

  233. $xtpl->assign( 'DATA', $_user );

    234. 

  234. $xtpl->assign( 'FORM_ACTION', NV_BASE_ADMINURL . "index.php?" . NV_NAME_VARIABLE . "=" . $module_name . "&amp;" . NV_OP_VARIABLE . "=user_add" );

    235. 

  235. $xtpl->assign( 'NV_BASE_SITEURL', NV_BASE_SITEURL );

    236. 

  236. 

    237. 

  237. if ( ! empty( $error ) )

    238. 

  238. {

    239. 

  239.     $xtpl->assign( 'ERROR', $error );

    240. 

  240.     $xtpl->parse( 'main.error' );

    241. 

  241. }

    242. 

  242. 

    243. 

  243. if ( defined( 'NV_IS_USER_FORUM' ) )

    244. 

  244. {

    245. 

  245.     $xtpl->parse( 'main.is_forum' );

    246. 

  246. }

    247. 

  247. else

    248. 

  248. {

    249. 

  249.     foreach ( $genders as $gender )

    250. 

  250.     {

    251. 

  251.         $xtpl->assign( 'GENDER', $gender );

    252. 

  252.         $xtpl->parse( 'main.add_user.gender' );

    253. 

  253.     }

    254. 

  254.     

    255. 

  255.     if ( ! empty( $groups ) )

    256. 

  256.     {

    257. 

  257.         foreach ( $groups as $group )

    258. 

  258.         {

    259. 

  259.             $xtpl->assign( 'GROUP', $group );

    260. 

  260.             $xtpl->parse( 'main.add_user.group.list' );

    261. 

  261.         }

    262. 

  262.         $xtpl->parse( 'main.add_user.group' );

    263. 

  263.     }

    264. 

  264.     $xtpl->parse( 'main.add_user' );

    265. 

  265. }

    266. 

  266. $xtpl->parse( 'main' );

    267. 

  267. $contents = $xtpl->text( 'main' );

    268. 

  268. 

    269. 

  269. $my_head = "<script type=\"text/javascript\" src=\"" . NV_BASE_SITEURL . "js/popcalendar/popcalendar.js\"></script>\n";

    270. 

  270. 

    271. 

  271. include ( NV_ROOTDIR . "/includes/header.php" );

    272. 

  272. echo nv_admin_theme( $contents );

    273. 

  273. include ( NV_ROOTDIR . "/includes/footer.php" );

    274. 

  274. 

    275. 

  275. ?>
    276.