new.php

本代码是为客户联系管理而做的系统

<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: new.php,v $
// | $Date: 2004/02/11 20:32:13 $
// | $Revision: 1.30 $
// +-------------------------------------------------------------+
// | File Details:
// | - User creation form and handler.
// +-------------------------------------------------------------+

error_reporting(E_ALL ^ E_NOTICE);

include "./../global.php";

tech_nav('users');

// default do
$_REQUEST['do'] = trim($_REQUEST['do']);
if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
	$_REQUEST['do'] = "new";
}

if (!$user['p_create_users'] AND !$user['is_admin']) {
	nopermission("create new users.");
}

############################################# CREATE USER ############################################# 

if ($_REQUEST['do'] == "new2") {
	
	// password
	if (!$_REQUEST['password']) {
		$_REQUEST['password'] = make_pass(8);
		$_REQUEST['password1'] = $_REQUEST['password'];

	} elseif ($_REQUEST['password'] != $_REQUEST['password1']) {
		unset($_REQUEST['password'], $_REQUEST['password1']);
		$error .= "The passwords you have entered do not match\n";
	}

	// empty email
	if (!validate_email($_REQUEST['email'])) {
		$error .= "You have not entered a valid email address\n";
	}

	// empty username
	if (!$_REQUEST['username']) {
		$newusername = 1;
		$_REQUEST['username'] = make_username($_REQUEST['email']);
	} else {
		// username in use
		$db->query("SELECT id FROM user WHERE username = '" . mysql_escape_string($_REQUEST['username']) . "'");
		if ($db->num_rows() > 0) {
			$error .= "The username you entered is already in use. Please enter another one\n";
		}
	}

	// email in use
	$db->query("SELECT username, id FROM user WHERE email = '" . mysql_escape_string($_REQUEST['email']) . "'");
	if ($db->num_rows() > 0) {
		$result = $db->row_array();
		$mailerror = "The email address you entered is already in use by $result[username] (userid $result[id])\n";
	}

	$db->query("SELECT userid FROM user_email WHERE email = '" . mysql_escape_string($_REQUEST['email']) . "'");
	if ($db->num_rows() > 0) {
		$mailerror = "There is already a user with the email address $_REQUEST[user]\n";
	}

	$db->query("SELECT id FROM user WHERE email = '" . mysql_escape_string($_REQUEST['email']) . "'");
	if ($db->num_rows() > 0) {
		$mailerror = "There is already a user with the email address $_REQUEST[user]\n";
	}

	if ($mailerror) {
		$error .= $mailerror;
	}

	$password_cookie = md5($_REQUEST['password'] . uniqid(rand(),1));
	$password_cookie = substr($password_cookie, 0, 8);
	$password_url = md5($password . uniqid(rand(),1) . $session['sessionid']);
	$password_url = substr($password_url, 0, 8);

	$query = "INSERT INTO user SET 
					name = '" . mysql_escape_string($_REQUEST[name]) . "',
					email = '" . mysql_escape_string($_REQUEST[email]) . "',
					password = '" . mysql_escape_string($_REQUEST[password]) . "',
					password_cookie = '" . mysql_escape_string($password_cookie) . "',
					password_url = '" . mysql_escape_string($password_url) . "',
					username = '" . mysql_escape_string($_REQUEST[username]) . "', 
					timezone = '$settings[timezone]', 
					date_registered = '" . mktime() . "'
		";

	// get the fields that we are expecting to be created
	$db->query("SELECT * FROM user_def WHERE tech_editable");

	$terms = array();
	while ($user_fields = $db->row_array()) {
		$data = field_def_val($user_fields, $_REQUEST[custom_fields][$user_fields[name]], $_REQUEST[custom_fields]["extra" . $user_fields[name]]);
		$terms[] = " $user_fields[name] = '" . mysql_escape_string($data) . "'";

	}
	
	if (is_array($terms)) {
		if (count($terms)) {
			$query .= " , " . join(', ', $terms);
		}
	}

	// run the query
	if ($error) {

		// unset autogenerate username
		if ($_REQUEST['password'] != $_REQUEST['password1']) {
			unset($_REQUEST['password'], $_REQUEST['password1']);
		}
		if ($newusername) {
			unset($_REQUEST['username']);
		}

		$_REQUEST['do'] = "new";
		alert($error);
	
	} else {

		$db->query($query);
		$userid = $db->last_id();

		$user_details = $db->query_return("SELECT * FROM user WHERE id = '$userid'");

		if ($_REQUEST['sendemail']) {
			$user_details = update_user_details($user_details);
			eval(makeemaileval('message', 'BODY_register_tech', $subject));
			dp_mail($user_details['email'], $subject, $message);
		}

		jump('new.php?do=new', 'User Created');

	}

}

################################## MASS ADD USERS (2) ################################# 

if ($_REQUEST['do'] == "massadd2") {

	$emails = split(',', $_REQUEST['emails']);
	if (is_array($emails)) {
		foreach ($emails AS $key => $var) {
			$email_check[$key] = "'" . mysql_escape_string(trim($var)) . "'";
		}
		$terms = join(',', $email_check);

		$db->query("SELECT email FROM user_email WHERE email IN ($terms)");
		while($res = $db->row_array()) {
			$used_emails = $res['email'];
		}

		$db->query("SELECT email FROM user WHERE email IN ($terms)");
		while($res = $db->row_array()) {
			$used_emails[] = $res['email'];
		}

		if (!is_array($used_emails)) {
			$used_emails = array();
		}

		foreach ($emails AS $key => $var) {
			$var = trim($var);
			if (validate_email($var)) {
				if (@in_array($var, $used_emails)) {
					$message .= "$var already in use, account not created.\n";
					continue;
				} 
				$username = make_username($var);

				$password = make_pass(8);
				$password_cookie = md5($_REQUEST[password] . uniqid(rand(),1));
				$password_cookie = substr($password_cookie, 0, 8);
				$password_url = md5($password . uniqid(rand(),1) . $session[sessionid]);
				$password_url = substr($password_url, 0, 8);

				$db->query("
					INSERT INTO user SET
					password = '" . mysql_escape_string($password) . "',
					timezone = '" . mysql_escape_string($settings['timezone']) . "',
					username = '" . mysql_escape_string($username) . "',
					password_cookie = '" . mysql_escape_string($password_cookie) . "',
					password_url = '" . mysql_escape_string($password_url) . "',
					email = '" . mysql_escape_string($var) . "',
					date_registered = '" . mktime() . "'
				");

				$user_details = array(
					'email' => $var,
					'password' => $password,
					'username' => $username
				);

				$popup .= "User $var with username $username created\n";
				if ($_REQUEST['sendemail']) {
					$user_details = update_user_details($user_details);
					eval(makeemaileval('message', 'BODY_register_tech', $subject));
					dp_mail($user_details['email'], $subject, $message);
				}

			} else {
				if ($var != '') {
					$popup .= "Email $var invalid, user not created\n";
				}
			}
		}
	}
	alert($popup);
	$_REQUEST['do'] = "massadd";
}

############################################# MASS ADD USERS ############################################# 

if ($_REQUEST['do'] == "massadd") {

	$table[] = array(table_thelp('<b>Email Addresses</b><br />(comma separated)', 'Users', 'Mass Add'), form_textarea('emails', 100, 20));
	$table[] = array(table_thelp('<b>Send Welcome Email</b>', 'Users', 'Add/Edit: Send Welcome E-mail'), form_radio_yn('sendemail', NULL, $settings['register_welcome']));

	table_header('Mass add users', 'new.php', array('do' => 'massadd2'));
	table_content('', $table);
	table_footer('Create Users');
	unset($columns, $table);

}

############################################# NEW / EDIT ############################################# 

if ($_REQUEST['do'] == "new" OR $_REQUEST['do'] == "edit") {
	
	if ($do == "edit") {	
		if ($user[p_edit_users] != "1") {
			nopermission('edit users');
		}
	}
	
	// get user data
	if ($id != "") {
		$db->query("SELECT * FROM user WHERE id = '$id'");
		$user2 = $db->row_array();
	}
	
	$table[] = array(table_thelp('<b>Email Address</b>', 'Users', 'Add/Edit: E-mail Address'), form_input('email', $_REQUEST['email']));
	$table[] = array(table_thelp('<b>Name</b>', 'Users', 'Add/Edit: Name'), form_input('name', $_REQUEST['name']));
	$table[] = array(table_thelp('<b>Username</b>', 'Users', 'Add/Edit: Username'), form_input('username', $_REQUEST['username']));
	$table[] = array(table_thelp('<b>Password</b>', 'Users', 'Add/Edit: Password'), form_password('password', $_REQUEST['password']));
	$table[] = array(table_thelp('<b>Repeat Password</b>', 'Users', 'Add/Edit: Password'), form_password('password1', $_REQUEST['password1']));
	$table[] = array(table_thelp('<b>Send Welcome Email</b>', 'Users', 'Add/Edit: Send Welcome E-mail'), form_radio_yn('sendemail', NULL, $settings['register_welcome']));
	
	// what data can we view?
	$db->query("SELECT * FROM user_def WHERE tech_editable ORDER BY displayorder");

	if ($db->num_rows() > 0) {
		$table[] = table_midheader('Other Fields');
	}

	while ($user_data =  $db->row_array()) {

		$user_data[display_name] = unserialize($user_data[display_name]);
		$user_data[display_name] = $user_data[display_name][$settings[default_language]];

		$bit = field_def($user_data, 'redo', $_REQUEST[custom_fields][$user_data[name]], $_REQUEST[custom_fields]["extra" . $user_data[name]]);
		$table[] = array("<b>$user_data[display_name]</b>", $bit);

	}

	$extra = form_hidden('id', $id);
	if ($_REQUEST['do'] == "new") {
		$hidden = array('do' => 'new2');
	} else {
		$hidden = array('do' => 'edit2');
	}

	table_header('Create User', 'new.php', $hidden, '', 'searchform');
	table_content($columns, $table);
	table_footer('Create');
	unset($columns, $table);
	
} // end do

tech_footer();
?>