Beispiel #1
0
 function auto_create_user_account()
 {
     # Automatically creates a user account (which requires approval unless $auto_approve_accounts is true).
     global $applicationname, $user_email, $baseurl, $email_notify, $lang, $user_account_auto_creation_usergroup, $registration_group_select, $auto_approve_accounts, $auto_approve_domains, $customContents;
     # Work out which user group to set. Allow a hook to change this, if necessary.
     $altgroup = hook("auto_approve_account_switch_group");
     if ($altgroup !== false) {
         $usergroup = $altgroup;
     } else {
         $usergroup = $user_account_auto_creation_usergroup;
     }
     if ($registration_group_select) {
         $usergroup = getvalescaped("usergroup", "", true);
         # Check this is a valid selectable usergroup (should always be valid unless this is a hack attempt)
         if (sql_value("select allow_registration_selection value from usergroup where ref='{$usergroup}'", 0) != 1) {
             exit("Invalid user group selection");
         }
     }
     $newusername = escape_check(make_username(getval("name", "")));
     #check if account already exists
     $check = sql_value("select email value from user where email = '{$user_email}'", "");
     if ($check != "") {
         return $lang["useremailalreadyexists"];
     }
     # Prepare to create the user.
     $email = trim(getvalescaped("email", ""));
     $password = make_password();
     # Work out if we should automatically approve this account based on $auto_approve_accounts or $auto_approve_domains
     $approve = false;
     # Block immediate reset
     $bypassemail = false;
     if ($auto_approve_accounts == true) {
         $approve = true;
         $bypassemail = true;
         // We can send user  direct to password reset page
     } elseif (count($auto_approve_domains) > 0) {
         # Check e-mail domain.
         foreach ($auto_approve_domains as $domain => $set_usergroup) {
             // If a group is not specified the variables don't get set correctly so we need to correct this
             if (is_numeric($domain)) {
                 $domain = $set_usergroup;
                 $set_usergroup = "";
             }
             if (substr(strtolower($email), strlen($email) - strlen($domain) - 1) == "@" . strtolower($domain)) {
                 # E-mail domain match.
                 $approve = true;
                 # If user group is supplied, set this
                 if (is_numeric($set_usergroup)) {
                     $usergroup = $set_usergroup;
                 }
             }
         }
     }
     # Create the user
     sql_query("insert into user (username,password,fullname,email,usergroup,comments,approved) values ('" . $newusername . "','" . $password . "','" . getvalescaped("name", "") . "','" . $email . "','" . $usergroup . "','" . escape_check($customContents) . "'," . ($approve ? 1 : 0) . ")");
     $new = sql_insert_id();
     hook("afteruserautocreated", "all", array("new" => $new));
     if ($approve) {
         # Auto approving
         global $anonymous_login;
         if (isset($anonymous_login)) {
             global $rs_session;
             $rs_session = get_rs_session_id();
             if ($rs_session == false) {
                 break;
             }
             # Copy any anonymous session collections to the new user account
             if (!function_exists("get_session_collections")) {
                 include_once dirname(__FILE__) . "/../include/collections_functions.php";
             }
             global $username, $userref;
             $username = $anonymous_login;
             $userref = sql_value("SELECT ref value FROM user where username='******'", "");
             $sessioncollections = get_session_collections($rs_session, $userref, false);
             if (count($sessioncollections) > 0) {
                 foreach ($sessioncollections as $sessioncollection) {
                     update_collection_user($sessioncollection, $new);
                 }
                 sql_query("UPDATE user SET current_collection='{$sessioncollection}' WHERE ref='{$new}'");
             }
         }
         if ($bypassemail) {
             // No requirement to check anything else e.g. a valid email domain. We can take user direct to the password reset page to set the new account
             $password_reset_url_key = create_password_reset_key($newusername);
             redirect($baseurl . "?rp=" . $new . $password_reset_url_key);
             exit;
         } else {
             email_reset_link($email, true);
             redirect($baseurl . "/pages/done.php?text=user_request");
             exit;
         }
     } else {
         # Not auto approving.
         # Build a message to send to an admin notifying of unapproved user (same as email_user_request(),
         # but also adds the new user name to the mail)
         $message = $lang["userrequestnotification1"] . "\n\n" . $lang["name"] . ": " . getval("name", "") . "\n\n" . $lang["email"] . ": " . getval("email", "") . "\n\n" . $lang["comment"] . ": " . getval("userrequestcomment", "") . "\n\n" . $lang["ipaddress"] . ": '" . $_SERVER["REMOTE_ADDR"] . "'\n\n" . $customContents . "\n\n" . $lang["userrequestnotification3"] . "\n{$baseurl}?u=" . $new;
         send_mail($email_notify, $applicationname . ": " . $lang["requestuserlogin"] . " - " . getval("name", ""), $message, "", $user_email, "", "", getval("name", ""));
     }
     return true;
 }
Beispiel #2
0
function auto_create_user_account()
	{
	# Automatically creates a user account (which requires approval unless $auto_approve_accounts is true).
	global $applicationname,$user_email,$email_from,$baseurl,$email_notify,$lang,$custom_registration_fields,$custom_registration_required,$user_account_auto_creation_usergroup,$registration_group_select,$auto_approve_accounts,$auto_approve_domains;
	
	# Add custom fields
	$c="";
	if (isset($custom_registration_fields))
		{
		$custom=explode(",",$custom_registration_fields);
	
		# Required fields?
		if (isset($custom_registration_required)) {$required=explode(",",$custom_registration_required);}
	
		for ($n=0;$n<count($custom);$n++)
			{
			if (isset($required) && in_array($custom[$n],$required) && getval("custom" . $n,"")=="")
				{
				return false; # Required field was not set.
				}
			
			$c.=i18n_get_translated($custom[$n]) . ": " . getval("custom" . $n,"") . "\n\n";
			}
		}

	# Required fields (name, email) not set?
	if (getval("name","")=="") {return $lang['requiredfields'];}
	if (getval("email","")=="") {return $lang['requiredfields'];}
	
	# Work out which user group to set. Allow a hook to change this, if necessary.
	$altgroup=hook("auto_approve_account_switch_group");
	if ($altgroup!==false)
		{
		$usergroup=$altgroup;
		}
	else
		{
		$usergroup=$user_account_auto_creation_usergroup;
		}
			
	if ($registration_group_select)
		{
		$usergroup=getvalescaped("usergroup","",true);
		# Check this is a valid selectable usergroup (should always be valid unless this is a hack attempt)
		if (sql_value("select allow_registration_selection value from usergroup where ref='$usergroup'",0)!=1) {exit("Invalid user group selection");}
		}
	
	$username=escape_check(make_username(getval("name","")));
	
	#check if account already exists
	$check=sql_value("select email value from user where email = '$user_email'","");
	if ($check!=""){return $lang["useremailalreadyexists"];}

	# Prepare to create the user.
	$email=trim(getvalescaped("email","")) ;
	$password=make_password();

	# Work out if we should automatically approve this account based on $auto_approve_accounts or $auto_approve_domains
	$approve=false;
	if ($auto_approve_accounts==true)
		{
		$approve=true;
		}
	elseif (count($auto_approve_domains)>0)
		{
		# Check e-mail domain.
		foreach ($auto_approve_domains as $domain=>$set_usergroup)
			{
			// If a group is not specified the variables don't get set correctly so we need to correct this
			if (is_numeric($domain)){$domain=$set_usergroup;$set_usergroup="";} 
			if (substr(strtolower($email),strlen($email)-strlen($domain)-1)==("@" . strtolower($domain)))
				{
				# E-mail domain match.
				$approve=true;
				
				# If user group is supplied, set this
				if (is_numeric($set_usergroup)) {$usergroup=$set_usergroup;}
				}
			}
		}
	

	# Create the user
	sql_query("insert into user (username,password,fullname,email,usergroup,comments,approved) values ('" . $username . "','" . $password . "','" . getvalescaped("name","") . "','" . $email . "','" . $usergroup . "','" . escape_check($c) . "'," . (($approve)?1:0) . ")");
	$new=sql_insert_id();

	if ($approve)
		{
		# Auto approving, send mail direct to user
		email_user_welcome($email,$username,$password,$usergroup);
		}
	else
		{
		# Not auto approving.
		# Build a message to send to an admin notifying of unapproved user
		$message=$lang["userrequestnotification1"] . "\n\n" . $lang["name"] . ": " . getval("name","") . "\n\n" . $lang["email"] . ": " . getval("email","") . "\n\n" . $lang["comment"] . ": " . getval("userrequestcomment","") . "\n\n" . $lang["ipaddress"] . ": '" . $_SERVER["REMOTE_ADDR"] . "'\n\n" . $c . "\n\n" . $lang["userrequestnotification3"] . "\n$baseurl?u=" . $new;
		
		
		send_mail($email_notify,$applicationname . ": " . $lang["requestuserlogin"] . " - " . getval("name",""),$message,"",$user_email,"","",getval("name",""));
		}
		
	return true;
	}