diff --git a/core/users/signup.php b/core/users/signup.php index 58cc906476..ab364556fa 100644 --- a/core/users/signup.php +++ b/core/users/signup.php @@ -59,22 +59,25 @@ require_once "resources/require.php"; } //get the values from http and set as variables - $username = check_str($_POST["username"]); - $password = check_str($_POST["password"]); - $confirmpassword = check_str($_POST["confirmpassword"]); - $group_uuid_name = check_str($_POST["group_uuid_name"]); - $user_email = check_str($_POST["user_email"]); - $contact_organization = check_str($_POST["contact_organization"]); - $contact_name_given = check_str($_POST["contact_name_given"]); - $contact_name_family = check_str($_POST["contact_name_family"]); + if (sizeof($_POST) > 0) { + $username = check_str($_POST["username"]); + $password = check_str($_POST["password"]); + $confirmpassword = check_str($_POST["confirmpassword"]); + $group_uuid_name = check_str($_POST["group_uuid_name"]); + $user_email = check_str($_POST["user_email"]); + $contact_organization = check_str($_POST["contact_organization"]); + $contact_name_given = check_str($_POST["contact_name_given"]); + $contact_name_family = check_str($_POST["contact_name_family"]); -if ($group_uuid_name != '') { - $group_data = explode('|', $group_uuid_name); - $group_uuid = $group_data[0]; - $group_name = $group_data[1]; -} + if ($group_uuid_name != '') { + $group_data = explode('|', $group_uuid_name); + $group_uuid = $group_data[0]; + $group_name = $group_data[1]; + } + } -if (count($_POST)>0 && check_str($_POST["persistform"]) != "1") { + +if (count($_POST) > 0 && check_str($_POST["persistform"]) != "1") { $msg = ''; @@ -93,10 +96,10 @@ if (count($_POST)>0 && check_str($_POST["persistform"]) != "1") { $msg .= $text['message-required'].$text['label-username']."
\n"; } else { - $sql = "SELECT * FROM v_users "; - $sql .= "WHERE username = '$username' "; + $sql = "select * from v_users "; + $sql .= "where username = '$username' "; if ($_SESSION["user"]["unique"]["text"] != "global") { - $sql .= "AND domain_uuid = '$domain_uuid' "; + $sql .= "and domain_uuid = '$domain_uuid' "; } //$sql .= "and user_enabled = 'true' "; $prep_statement = $db->prepare(check_sql($sql)); @@ -310,25 +313,29 @@ if (count($_POST)>0 && check_str($_POST["persistform"]) != "1") { echo " ".$text['label-email'].""; echo " "; echo " "; + echo " "; echo " ".$text['label-group'].""; echo " "; - $sql = "SELECT * FROM v_groups "; - $sql .= "where domain_uuid = '".$domain_uuid."' "; - $sql .= "or domain_uuid is null "; - $sql .= "order by group_name asc "; + + $sql = "select * from v_groups "; + $sql .= "where (domain_uuid = '".$domain_uuid."' or domain_uuid is null) "; + $sql .= "order by domain_uuid desc, group_name asc "; $prep_statement = $db->prepare(check_sql($sql)); + $prep_statement->bindParam(':domain_uuid', $domain_uuid); + $prep_statement->execute(); $prep_statement->execute(); - echo " \n"; + echo " \n"; foreach($result as $field) { if ($field['group_name'] == "superadmin" && !if_group("superadmin")) { continue; } //only show the superadmin group to other superadmins if ($field['group_name'] == "admin" && (!if_group("superadmin") && !if_group("admin") )) { continue; } //only show the admin group to other admins - echo " \n"; + echo " \n"; } echo " "; - unset($sql, $result); + unset($sql, $prep_statement, $result); + echo " "; echo " "; echo " ";