auth_ensure_user_authenticated(); current_user_ensure_unprotected(); $f_email = gpc_get_string('email', ''); $f_realname = gpc_get_string('realname', ''); $f_password = gpc_get_string('password', ''); $f_password_confirm = gpc_get_string('password_confirm', ''); // get the user id once, so that if we decide in the future to enable this for // admins / managers to change details of other users. $t_user_id = auth_get_current_user_id(); $t_redirect = 'account_page.php'; $t_email_updated = false; $t_password_updated = false; $t_realname_updated = false; /** @todo Listing what fields were updated is not standard behaviour of MantisBT - it also complicates the code. */ if (OFF == config_get('use_ldap_email')) { $f_email = email_append_domain($f_email); email_ensure_valid($f_email); email_ensure_not_disposable($f_email); if ($f_email != user_get_email($t_user_id)) { user_set_email($t_user_id, $f_email); $t_email_updated = true; } } # strip extra spaces from real name $t_realname = string_normalize($f_realname); if ($t_realname != user_get_field($t_user_id, 'realname')) { # checks for problems with realnames $t_username = user_get_field($t_user_id, 'username'); user_ensure_realname_unique($t_username, $t_realname); user_set_realname($t_user_id, $t_realname); $t_realname_updated = true;
* @package MantisBT * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright (C) 2002 - 2014 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org */ /** * MantisBT Core API's */ require_once 'core.php'; require_once 'email_api.php'; form_security_validate('signup'); $f_username = strip_tags(gpc_get_string('username')); $f_email = strip_tags(gpc_get_string('email')); $f_captcha = gpc_get_string('captcha', ''); $f_username = trim($f_username); $f_email = email_append_domain(trim($f_email)); $f_captcha = utf8_strtolower(trim($f_captcha)); # Retrieve captcha key now, as session might get cleared by logout $t_form_key = session_get_int(CAPTCHA_KEY, null); # force logout on the current user if already authenticated if (auth_is_user_authenticated()) { auth_logout(); } # Check to see if signup is allowed if (OFF == config_get_global('allow_signup')) { print_header_redirect('login_page.php'); exit; } if (ON == config_get('signup_use_captcha') && get_gd_version() > 0 && helper_call_custom_function('auth_can_change_password', array())) { # captcha image requires GD library and related option to ON $t_key = utf8_strtolower(utf8_substr(md5(config_get('password_confirm_hash_magic_string') . $t_form_key), 1, 5));
public function post($request) { /** * Creates a new user. * * The user will get a confirmation email, and will have the password provided * in the incoming representation. * * @param $request - The Request we're responding to */ if (!access_has_global_level(config_get('manage_user_threshold'))) { throw new HTTPException(403, "Access denied to create user"); } $new_user = new User(); $new_user->populate_from_repr($request->body); $username = $new_user->mantis_data['username']; $password = $new_user->mantis_data['password']; $email = email_append_domain($new_user->mantis_data['email']); $access_level = $new_user->mantis_data['access_level']; $protected = $new_user->mantis_data['protected']; $enabled = $new_user->mantis_data['enabled']; $realname = $new_user->mantis_data['realname']; if (!user_is_name_valid($username)) { throw new HTTPException(500, "Invalid username"); } elseif (!user_is_realname_valid($realname)) { throw new HTTPException(500, "Invalid realname"); } user_create($username, $password, $email, $access_level, $protected, $enabled, $realname); $new_user_id = user_get_id_by_name($username); $new_user_url = User::get_url_from_mantis_id($new_user_id); $this->rsrc_data = $new_user_url; $resp = new Response(); $resp->status = 201; $resp->headers[] = "location: {$new_user_url}"; $resp->body = $this->_repr($request); return $resp; }