auth_ensure_user_authenticated();
current_user_ensure_unprotected();
$f_email = gpc_get_string('email', '');
$f_realname = gpc_get_string('realname', '');
$f_password = gpc_get_string('password', '');
$f_password_confirm = gpc_get_string('password_confirm', '');
// get the user id once, so that if we decide in the future to enable this for
// admins / managers to change details of other users.
$t_user_id = auth_get_current_user_id();
$t_redirect = 'account_page.php';
$t_email_updated = false;
$t_password_updated = false;
$t_realname_updated = false;
/** @todo Listing what fields were updated is not standard behaviour of MantisBT - it also complicates the code. */
if (OFF == config_get('use_ldap_email')) {
$f_email = email_append_domain($f_email);
email_ensure_valid($f_email);
email_ensure_not_disposable($f_email);
if ($f_email != user_get_email($t_user_id)) {
user_set_email($t_user_id, $f_email);
$t_email_updated = true;
}
}
# strip extra spaces from real name
$t_realname = string_normalize($f_realname);
if ($t_realname != user_get_field($t_user_id, 'realname')) {
# checks for problems with realnames
$t_username = user_get_field($t_user_id, 'username');
user_ensure_realname_unique($t_username, $t_realname);
user_set_realname($t_user_id, $t_realname);
$t_realname_updated = true;
* @package MantisBT
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2014 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*/
/**
* MantisBT Core API's
*/
require_once 'core.php';
require_once 'email_api.php';
form_security_validate('signup');
$f_username = strip_tags(gpc_get_string('username'));
$f_email = strip_tags(gpc_get_string('email'));
$f_captcha = gpc_get_string('captcha', '');
$f_username = trim($f_username);
$f_email = email_append_domain(trim($f_email));
$f_captcha = utf8_strtolower(trim($f_captcha));
# Retrieve captcha key now, as session might get cleared by logout
$t_form_key = session_get_int(CAPTCHA_KEY, null);
# force logout on the current user if already authenticated
if (auth_is_user_authenticated()) {
auth_logout();
}
# Check to see if signup is allowed
if (OFF == config_get_global('allow_signup')) {
print_header_redirect('login_page.php');
exit;
}
if (ON == config_get('signup_use_captcha') && get_gd_version() > 0 && helper_call_custom_function('auth_can_change_password', array())) {
# captcha image requires GD library and related option to ON
$t_key = utf8_strtolower(utf8_substr(md5(config_get('password_confirm_hash_magic_string') . $t_form_key), 1, 5));
public function post($request)
{
/**
* Creates a new user.
*
* The user will get a confirmation email, and will have the password provided
* in the incoming representation.
*
* @param $request - The Request we're responding to
*/
if (!access_has_global_level(config_get('manage_user_threshold'))) {
throw new HTTPException(403, "Access denied to create user");
}
$new_user = new User();
$new_user->populate_from_repr($request->body);
$username = $new_user->mantis_data['username'];
$password = $new_user->mantis_data['password'];
$email = email_append_domain($new_user->mantis_data['email']);
$access_level = $new_user->mantis_data['access_level'];
$protected = $new_user->mantis_data['protected'];
$enabled = $new_user->mantis_data['enabled'];
$realname = $new_user->mantis_data['realname'];
if (!user_is_name_valid($username)) {
throw new HTTPException(500, "Invalid username");
} elseif (!user_is_realname_valid($realname)) {
throw new HTTPException(500, "Invalid realname");
}
user_create($username, $password, $email, $access_level, $protected, $enabled, $realname);
$new_user_id = user_get_id_by_name($username);
$new_user_url = User::get_url_from_mantis_id($new_user_id);
$this->rsrc_data = $new_user_url;
$resp = new Response();
$resp->status = 201;
$resp->headers[] = "location: {$new_user_url}";
$resp->body = $this->_repr($request);
return $resp;
}