+
+ $current_users = fetchAllUsers();
+
+ // Check form action
+ if ($_POST['action'] === "Download") // Download list of users and populate the text area
+ {
+
+ foreach ($current_users as $u)
+ {
+ if ($u['user_name'] !== "admin")
+ $text_area=$text_area."\n".$u['user_name'].",".$u['display_name'].",".$u['email'];
+ }
+ }
+ else if ($_POST['action'] === "Upload") // Upload users in the text area
+ {
+\r
+ if ($_POST['upload_mode'] === "purge")\r
+ {\r
+ $to_delete = fetchAllUsersWithoutPerm("Administrator");\r
+ if (count($to_delete) > 0)\r
+ {\r
+ if ($deletion_count = deleteUsers($to_delete)) {\r
+ $successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ }\r
+
+ $text_area = $_POST['userUpload'];
+
+ // Iterate through each row
+ $all_rows=preg_split("/((\r?\n)|(\r\n?))/", $_POST['userUpload']);
+
+ foreach ($all_rows as $row)
+ {
+ if (empty($row) or $row[0] === '#')
+ continue;
+
+ $fields = preg_split("/,/", $row);\r
+ if(count($fields) < 3)\r
+ {\r
+ $errors[] = "Warning: Ignoring row not in correct format: ".htmlspecialchars($row);\r
+ continue;\r
+ }\r
+
+ $username = trim($fields[0]);
+ $displayname = trim($fields[1]);
+ $email = trim($fields[2]);\r
+ $title = trim($fields[3]);\r
+ \r
+ if(!isValidEmail($email))\r
+ {\r
+ $errors[] = "Enter a valid email for row: ".htmlspecialchars($row);\r
+ continue;\r
+ }\r
+
+ // generate the temporary password
+ $password = generatePassword();
+
+ //Construct a user object
+ $user = new User($username,$displayname,$password,$email);
+
+ //Checking this flag tells us whether there were any errors such as possible data duplication occured
+ if(!$user->status)
+ {
+ if($user->username_taken) $localerrors[] = lang("ACCOUNT_USERNAME_IN_USE",array($username));
+ if($user->displayname_taken) $localerrors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE",array($displayname));
+ if($user->email_taken) $localerrors[] = lang("ACCOUNT_EMAIL_IN_USE",array($email));
+ }
+ else
+ {
+ //Attempt to add the user to the database, carry out finishing tasks like emailing the user (if required)
+ $user->userCakeAddUser(); //This doesn't return anything itself
+
+ if($user->mail_failure) $localerrors[] = lang("MAIL_ERROR");
+ if($user->sql_failure) $localerrors[] = lang("SQL_ERROR");
+ \r
+ if(strlen($title) >= 50)\r
+ {\r
+ $localerrors[] = "Warning: User".$username." added but failed to set title: ".lang("ACCOUNT_TITLE_CHAR_LIMIT",array(1,50));\r
+ }\r
+ else if (count($localerrors) == 0 && strlen($title) > 0)\r
+ {\r
+ $user_id = fetchUserId($username); //So stupid, when you create a user, it doesn't return the user id\r
+ if (!updateTitle($user_id, $title))\r
+ {\r
+ $localerrors[] = "Warning: User ".$username." added but failed to set title: ". lang("SQL_ERROR");\r
+ }\r
+ }
+ }
+
+ if(count($localerrors) == 0)
+ {\r
+ $users[] = [$username, $password]; //Push user onto array
+ //$successes[] = ($user->success);
+ }\r
+ else\r
+ {\r
+ $errors = array_merge($errors, $localerrors);\r
+ }
+
+ }
+ \r
+ if(count($users) > 0)\r
+ {\r
+ $successes[] = (count($users)." users created.");\r
+ $successes[] = ("The list of usernames and passwords follow. You must save this!");\r
+ foreach($users as $user)\r
+ {\r
+ $successes[] = $user[0].",".$user[1];\r
+ }\r
+ }
+ }
+
+
+}\r
+\r
+require_once("models/header.php");\r
+startPage();\r
+\r
+echo notificationBlock($errors,$successes);\r
+\r
+echo '<div class="widget"><div class="title">Upload users</div>';
+
+if ($show_form)