Changeset 148
- Timestamp:
- 19/07/05 20:50:12 (3 years ago)
- Files:
-
- admin.lib.php (modified) (1 diff)
- miscfunctions.lib.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
admin.lib.php
r143 r148 756 756 } 757 757 758 // STUFF BELOW HERE IS AS YET UNTESTED 759 760 /* Some functions to manage posts, users etc. */ 761 762 function addUser($user) //user is the user adminning (a staff member?) 758 function addUser() 763 759 { 764 760 $username = ''; 765 $password = ''; 766 $type = 1; 761 $password = makePassword(); 767 762 $name = ''; 768 763 $title = ''; 769 764 $description = ''; 770 $css = 'blog.css';771 $enabled = False; // seems sensible..772 773 //if (check_auth($user)) {}774 765 //sanitise username 775 766 if (isset($_POST['username']) && trim($_POST['username']) != "" && (int)$_POST['username'] == 0) { 776 $username = $_POST['username']; 777 } else { 778 $this->inputError = _("Bad Input - Username"); 779 $err = 1; 780 } 781 782 //sanitise password, assume it will be hashed before sending :) 783 if (isset($_POST['password']) && trim($_POST['password']) != "" && (int)$_POST['password'] == 0) { 784 $password = $_POST['password']; 785 } else { 786 $this->inputError = _("Bad Input - Password"); 787 $err = 1; 788 } 789 790 //sanitise type 791 if (isset($_POST['type']) && trim($_POST['type']) != "" && (int)$_POST['type'] > 0) { 792 $type = (int)$_POST['type']; 793 } else { 794 $this->inputError = _("Bad Input - Type"); 795 $err = 1; 796 } 797 767 if (safeuname($username)) { 768 $username = addslashes(trim(strip_tags($_POST['username']))); 769 } 770 else { 771 $this->inputError = _("Invalid Username Provided"); 772 } 773 } else { 774 $this->inputError = _("No Username Provided"); 775 } 776 798 777 //sanitise name 799 778 if (isset($_POST['name']) && trim($_POST['name']) != "" && (int)$_POST['name'] == 0) { 800 $name = addslashes(urldecode($_POST['name'])); 801 } else { 802 $this->inputError = _("Bad Input - Realname"); 803 $err = 1; 804 } 805 779 $name = addslashes(trim(strip_tags($_POST['name']))); 780 } else { 781 $this->inputError = _("No Real Name Provided"); 782 } 806 783 //sanitise title 807 784 if (isset($_POST['title']) && trim($_POST['title']) != "" && (int)$_POST['title'] == 0) { 808 $title = addslashes(urldecode($_POST['title'])); 809 } else { 810 $this->inputError = _("Bad Input - Title"); 811 $err = 1; 812 } 813 785 $title = addslashes(trim(strip_tags($_POST['title']))); 786 } else { 787 $this->inputError = _("No Title Provided"); 788 } 814 789 //sanitise description 815 790 if (isset($_POST['description']) && trim($_POST['description']) != "" && (int)$_POST['description'] == 0) { 816 $description = addslashes(urldecode($_POST['description'])); 817 } else { 818 $this->inputError = _("Bad Input - Description"); 819 $err = 1; 820 } 821 822 //sanitise css 823 if (isset($_POST['css'])) { // if its not set its defaulted... 824 if (trim($_POST['css']) != "" && (int)$_POST['css'] == 0 && is_file($_POST['css'])) { 825 $css = $_POST['css']; 826 } else { 827 $this->inputError = _("Bad Input - CSS location"); 828 $err = 1; 829 } 830 } 831 832 //sanitise enabled -- not really sure about this. i think creation and enabling should be 833 // done seperately... ??? 834 /*if (isset($_POST['enabled'])) { // if its not set its defaulted... 835 if (trim($_POST['enabled']) != "" && (int)$_POST['enabled'] == 0)) { 836 $css = $_POST['enabled']; 837 } else { 838 $this->inputError = _("Bad Input - Enabled"); 839 $err = 1; 840 } 841 }*/ 842 843 if ($err == 0) { // and insert... 844 845 $query = "INSERT into USERS (username,password,type,name,title,description,css,enabled) VALUES ('{$username}','{$password}',{$type},'{$name}','{$title}','{$description}','{$css}',{$enabled});"; 791 $description = addslashes(trim(strip_tags($_POST['description']))); 792 } else { 793 $this->inputError = _("No Description Provided"); 794 } 795 if (!$this->inputError) { 796 //check the user doesnt already exist 797 $sql = db_query("SELECT username from users where username = '".$username."';"); 798 $sqlNum = db_num_rows($sql); 799 if ($sqlNum != 0) { 800 error(1,_("Username already in use!")); 801 } 802 //check there is a system user with this name (so we can check if they are a sucs member) 803 if(!posix_getpwnam($username)) { 804 error(1,_("You need to be a SUCS member to sign up for a blog here!")); 805 } 806 //do our stuff 807 $sql = ("INSERT into USERS (username,password,name,title,description) VALUES ('{$username}','{$password}','{$name}','{$title}','{$description}');"); 846 808 if (!db_query($query)) { 847 809 error(2,_("Database Insertion failed.")); 848 } else { 849 print(_("New user added:")." ".$username); //pleh? 850 } 851 } else { 852 error(4,_("Bad Input.")); 810 } 811 else { 812 mail( 813 "{$username}@sucs.org", 814 _("Blog Password"), 815 _("You Blog Password is : ").$password."\n"._("Please login and change it at").$_SERVER["SERVER_NAME"].$this->adminPath, 816 "From: \"Blog Admin\" <blogadmin@sucs.org>" 817 ); 818 echo _("Account Added!<br />Your password has been sent to your SUCS email account"); 819 } 820 } 821 else { 822 error(4,$this->inputError); 853 823 } 854 824 } miscfunctions.lib.php
r118 r148 6 6 return $string; 7 7 } 8 9 // generate a pseudo-word random password 10 function makePassword($length=8) 11 { 12 $password = ""; 13 $vowels = "aeiouy"; 14 $consonants = "bcdfghjklmnprst"; 15 $cn = strlen($consonants)-1; 16 $vn = strlen($vowels)-1; 17 // Start on cons or vowel 18 $alt = mt_rand(0, 1); 19 // How many numbers 20 $len = mt_rand($length-3,$length); 21 //add the letters 22 for ($i = 0; $i < $len; $i++) 23 { 24 if ($alt == 1) { 25 $password .= $consonants[ mt_rand(0,$cn) ]; 26 $alt = 0; 27 } 28 else { 29 $password .= $vowels[ mt_rand(0,$vn) ]; 30 $alt = 1; 31 } 32 } 33 //add the numbers 34 for ($i = 0; $i < $length-$len; $i++) 35 { 36 $password .= mt_rand(0,9); 37 } 38 return $password; 39 } 40 8 41 ?>
