1<?php
2# MantisBT - A PHP based bugtracking system
3
4# MantisBT is free software: you can redistribute it and/or modify
5# it under the terms of the GNU General Public License as published by
6# the Free Software Foundation, either version 2 of the License, or
7# (at your option) any later version.
8#
9# MantisBT is distributed in the hope that it will be useful,
10# but WITHOUT ANY WARRANTY; without even the implied warranty of
11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12# GNU General Public License for more details.
13#
14# You should have received a copy of the GNU General Public License
15# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * Create a User
19 *
20 * @package MantisBT
21 * @copyright Copyright 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
22 * @copyright Copyright 2002  MantisBT Team - mantisbt-dev@lists.sourceforge.net
23 * @link http://www.mantisbt.org
24 *
25 * @uses core.php
26 * @uses access_api.php
27 * @uses authentication_api.php
28 * @uses constant_inc.php
29 * @uses form_api.php
30 * @uses gpc_api.php
31 * @uses helper_api.php
32 * @uses html_api.php
33 * @uses lang_api.php
34 * @uses print_api.php
35 * @uses string_api.php
36 * @uses utility_api.php
37 */
38
39require_once( 'core.php' );
40require_api( 'access_api.php' );
41require_api( 'authentication_api.php' );
42require_api( 'constant_inc.php' );
43require_api( 'form_api.php' );
44require_api( 'gpc_api.php' );
45require_api( 'helper_api.php' );
46require_api( 'html_api.php' );
47require_api( 'lang_api.php' );
48require_api( 'print_api.php' );
49require_api( 'string_api.php' );
50require_api( 'utility_api.php' );
51
52form_security_validate( 'manage_user_create' );
53
54auth_reauthenticate();
55
56$f_username        = gpc_get_string( 'username' );
57$f_realname        = gpc_get_string( 'realname', '' );
58$f_password        = gpc_get_string( 'password', '' );
59$f_password_verify = gpc_get_string( 'password_verify', '' );
60$f_email           = gpc_get_string( 'email', '' );
61$f_access_level    = gpc_get_string( 'access_level' );
62$f_protected       = gpc_get_bool( 'protected' );
63$f_enabled         = gpc_get_bool( 'enabled' );
64
65if( $f_password != $f_password_verify ) {
66	trigger_error( ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR );
67}
68
69# Password won't be sent by email. It is entered by the admin
70# Now, if the password is empty, confirm that that is what we wanted
71if( is_blank( $f_password ) && (
72	ON != config_get( 'send_reset_password' ) ||
73	ON != config_get( 'enable_email_notification' ) )
74) {
75	helper_ensure_confirmed(
76		lang_get( 'empty_password_sure_msg' ),
77		lang_get( 'empty_password_button' ) );
78}
79
80$t_data = array(
81	'query' => array(),
82	'payload' => array(
83		'username' => $f_username,
84		'email' => $f_email,
85		'access_level' => array( 'id' => $f_access_level ),
86		'real_name' => $f_realname,
87		'password' => $f_password,
88		'protected' => $f_protected,
89		'enabled' => $f_enabled
90	)
91);
92
93$t_command = new UserCreateCommand( $t_data );
94$t_result = $t_command->execute();
95
96form_security_purge( 'manage_user_create' );
97
98$t_user_id = $t_result['id'];
99$t_redirect_url = 'manage_user_edit_page.php?user_id=' . $t_user_id;
100
101layout_page_header( null, $t_redirect_url );
102
103layout_page_begin( 'manage_overview_page.php' );
104$t_access_level = get_enum_element( 'access_levels', $f_access_level );
105$t_message = lang_get( 'created_user_part1' )
106	. ' <span class="bold">' . $f_username . '</span> '
107	. lang_get( 'created_user_part2' )
108	. ' <span class="bold">' . $t_access_level . '</span><br />';
109html_operation_successful( $t_redirect_url, $t_message );
110
111echo '</div>';
112
113layout_page_end();
114