1<?php 2/* 3 * vim:set softtabstop=4 shiftwidth=4 expandtab: 4 * 5 * LICENSE: GNU Affero General Public License, version 3 (AGPL-3.0-or-later) 6 * Copyright 2001 - 2020 Ampache.org 7 * 8 * This program is free software: you can redistribute it and/or modify 9 * it under the terms of the GNU Affero General Public License as published by 10 * the Free Software Foundation, either version 3 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU Affero General Public License for more details. 17 * 18 * You should have received a copy of the GNU Affero General Public License 19 * along with this program. If not, see <https://www.gnu.org/licenses/>. 20 * 21 */ 22 23declare(strict_types=0); 24 25namespace Ampache\Module\Application\Admin\User; 26 27use Ampache\Config\ConfigContainerInterface; 28use Ampache\Config\ConfigurationKeyEnum; 29use Ampache\Repository\Model\ModelFactoryInterface; 30use Ampache\Repository\Model\User; 31use Ampache\Module\Application\Exception\AccessDeniedException; 32use Ampache\Module\System\AmpError; 33use Ampache\Module\System\Core; 34use Ampache\Module\Util\Mailer; 35use Ampache\Module\Util\Ui; 36use Ampache\Module\Util\UiInterface; 37use Ampache\Repository\UserRepositoryInterface; 38use Psr\Http\Message\ResponseInterface; 39use Psr\Http\Message\ServerRequestInterface; 40 41final class AddUserAction extends AbstractUserAction 42{ 43 public const REQUEST_KEY = 'add_user'; 44 45 private UiInterface $ui; 46 47 private ModelFactoryInterface $modelFactory; 48 49 private ConfigContainerInterface $configContainer; 50 51 private UserRepositoryInterface $userRepository; 52 53 public function __construct( 54 UiInterface $ui, 55 ModelFactoryInterface $modelFactory, 56 ConfigContainerInterface $configContainer, 57 UserRepositoryInterface $userRepository 58 ) { 59 $this->ui = $ui; 60 $this->modelFactory = $modelFactory; 61 $this->configContainer = $configContainer; 62 $this->userRepository = $userRepository; 63 } 64 65 protected function handle(ServerRequestInterface $request): ?ResponseInterface 66 { 67 if ($this->configContainer->isFeatureEnabled(ConfigurationKeyEnum::DEMO_MODE) === true) { 68 return null; 69 } 70 71 if (!Core::form_verify('add_user')) { 72 throw new AccessDeniedException(); 73 } 74 75 $this->ui->showHeader(); 76 77 $username = (string) scrub_in(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES)); 78 $fullname = (string) scrub_in(filter_input(INPUT_POST, 'fullname', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES)); 79 $email = (string) scrub_in(filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL)); 80 $website = (string) scrub_in(filter_input(INPUT_POST, 'website', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES)); 81 $access = (int) scrub_in(filter_input(INPUT_POST, 'access', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES)); 82 $pass1 = filter_input(INPUT_POST, 'password_1', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); 83 $pass2 = filter_input(INPUT_POST, 'password_2', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); 84 $state = (string) scrub_in(filter_input(INPUT_POST, 'state', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES)); 85 $city = (string) scrub_in(Core::get_get('city')); 86 87 if ($pass1 !== $pass2 || !strlen($pass1)) { 88 AmpError::add('password', T_("Your Passwords don't match")); 89 } 90 91 if (empty($username)) { 92 AmpError::add('username', T_('A Username is required')); 93 } 94 95 /* make sure the username doesn't already exist */ 96 if ($this->userRepository->findByUsername($username) !== null) { 97 AmpError::add('username', T_('That Username already exists')); 98 } 99 100 // Check the mail for correct address formation. 101 if (!Mailer::validate_address($email)) { 102 AmpError::add('email', T_('You entered an invalid e-mail address')); 103 } 104 105 /* If we've got an error then show add form! */ 106 if (AmpError::occurred()) { 107 require_once Ui::find_template('show_add_user.inc.php'); 108 109 $this->ui->showQueryStats(); 110 $this->ui->showFooter(); 111 112 return null; 113 } 114 115 /* Attempt to create the user */ 116 $user_id = User::create($username, $fullname, $email, $website, $pass1, $access, $state, $city); 117 if ($user_id < 1) { 118 AmpError::add('general', T_("The new User was not created")); 119 } 120 121 $user = $this->modelFactory->createUser($user_id); 122 $user->upload_avatar(); 123 124 $useraccess = ''; 125 switch ($access) { 126 case 5: 127 $useraccess = T_('Guest'); 128 break; 129 case 25: 130 $useraccess = T_('User'); 131 break; 132 case 50: 133 $useraccess = T_('Content Manager'); 134 break; 135 case 75: 136 $useraccess = T_('Catalog Manager'); 137 break; 138 case 100: 139 $useraccess = T_('Admin'); 140 } 141 142 $this->ui->showConfirmation( 143 T_('New User Added'), 144 /* HINT: %1 Username, %2 Access (Guest, User, Admin) */ 145 sprintf(T_('%1$s has been created with an access level of %2$s'), $username, $useraccess), 146 sprintf('%s/admin/users.php', $this->configContainer->getWebPath()) 147 ); 148 149 $this->ui->showQueryStats(); 150 $this->ui->showFooter(); 151 152 return null; 153 } 154} 155