1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
<?php
$page_settings = array(
'formid' => 'Sys_cms_user', // for permission
'section' => 'System Setting', // parent/page title
'subsection' => 'User Management', // page title
'domain' => 'sys_cms_user', // table/model name
'access' => 'GNu', // for permission
);
require_once "check_login.php";
require_once 'function_auth.php';
$cms_user_info = SysCmsLogin::where('cmsloginid', '=', $_SESSION["cmsloginid"])->first();
$message = "";
if (empty($_POST["username"])) {
$message .= _lang("Please enter User Name.") . "\\n\\n";
}
$supplier_id = 0;
$agent_id = 0;
$is_platform = 0;
if ($cms_user_info["cmsrole"] != "user") {
if ($cms_user_info["is_platform"] == 1) {
$is_platform = 1;
$is_supplier = 0;
$is_agent = 0;
$supplier_id = 0;
}
}
if (empty($_POST["loginname"])) {
$message .= _lang("Please enter Login Name.") . "\\n\\n";
}
$sql = "SELECT * FROM sys_cms_login where cmsloginname = ? and deleted = ?";
$parameters = array($_POST["loginname"], 0);
$result = bind_pdo($sql, $parameters, "selectone");
if (!empty($result)) {
$message .= _lang("You have already been assigned a login name.") . "\\n\\n";
}
if (!empty($message)) {
echo "<script>alert('" . $message . "'); history.back();</script>";
exit;
}
$strength = Password::strength($_POST["loginpw"], $_POST["username"]);
if (!$strength) {
exit(_lang('Insufficient password strength'));
}
$loginpw = Password::hash($_POST["loginpw"]);
$nowdate = date("Y-m-d H:i:s");
$sql = "select max(cmsloginid) as maxid from sys_cms_login ";
$parameters = array();
$row2 = bind_pdo($sql, $parameters, "selectone");
$loginid = $row2{"maxid"} + 1;
$password_expirydate = date('Y-m-d H:i:s', strtotime("+1 year"));
if ($cms_user_info["cmsrole"] == "user" || $cms_user_info["is_platform"] == 0) {
$sql = "insert into sys_cms_login (cmsloginid, cmsusername, cmsloginname, cmsloginpw, cmsrole, cmsstatus, createdate, createby, lastupdate, lastupby, password_expirydate, is_supplier, supplier_id, is_agent, agent_id) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
$parameters = array($loginid, $_POST["username"], $_POST["loginname"], $loginpw, $_POST["role_level"], "1", $nowdate, $_SESSION["cmsloginid"], $nowdate, $_SESSION["cmsloginid"], $password_expirydate, $is_supplier, $cms_user_info["supplier_id"], $is_agent, $cms_user_info["agent_id"]);
bind_pdo($sql, $parameters);
} else {
$sql = "insert into sys_cms_login (cmsloginid, cmsusername, cmsloginname, cmsloginpw, cmsrole, cmsstatus, createdate, createby, lastupdate, lastupby, password_expirydate, is_platform, is_supplier, supplier_id, is_agent, agent_id) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
$parameters = array($loginid, $_POST["username"], $_POST["loginname"], $loginpw, $_POST["role_level"], "1", $nowdate, $_SESSION["cmsloginid"], $nowdate, $_SESSION["cmsloginid"], $password_expirydate, $is_platform, $is_supplier, $supplier_id, $is_agent, $agent_id);
bind_pdo($sql, $parameters);
}
$id = $dbh->lastInsertId();
if ($id > 0) {
if ($_POST["role_level"] == "super_admin" && $is_platform == 1) {
$profile_id = 1;
} else if ($_POST["role_level"] == "admin" && $is_platform == 1) {
$profile_id = 2;
} else {
$profile_id = 11;
}
$sql = "insert into profile_user (profile_id, user_id) values (?, ?)";
$parameters = array($profile_id, $id);
bind_pdo($sql, $parameters);
}
header("Location: sys_cms_user_index.php?msg=1");
|