1 files changed, 15 insertions, 4 deletions

diff --git a/actions/useradd.php b/actions/useradd.php
index 8e588d073..17459021b 100644
--- a/actions/useradd.php
+++ b/actions/useradd.php
@@ -10,8 +10,8 @@ elgg_make_sticky_form('useradd');
 
 // Get variables
 $username = get_input('username');
-$password = get_input('password');
-$password2 = get_input('password2');
+$password = get_input('password', null, false);
+$password2 = get_input('password2', null, false);
 $email = get_input('email');
 $name = get_input('name');
 
@@ -20,13 +20,24 @@ if (is_array($admin)) {
 	$admin = $admin[0];
 }
 
+// no blank fields
+if ($username == '' || $password == '' || $password2 == '' || $email == '' || $name == '') {
+	register_error(elgg_echo('register:fields'));
+	forward(REFERER);
+}
+
+if (strcmp($password, $password2) != 0) {
+	register_error(elgg_echo('RegistrationException:PasswordMismatch'));
+	forward(REFERER);
+}
+
 // For now, just try and register the user
 try {
 	$guid = register_user($username, $password, $name, $email, TRUE);
 
-	if (((trim($password) != "") && (strcmp($password, $password2) == 0)) && ($guid)) {
+	if ($guid) {
 		$new_user = get_entity($guid);
-		if (($guid) && ($admin)) {
+		if ($new_user && $admin && elgg_is_admin_logged_in()) {
 			$new_user->makeAdmin();
 		}