function initialize_user()
{
global $Conf, $Opt, $Me;
// backwards compat: set $_SESSION["user"] from $_SESSION["Me"]
if (!isset($_SESSION["user"]) && isset($_SESSION["Me"])) {
$x = $_SESSION["Me"];
$_SESSION["user"] = "******";
unset($_SESSION["Me"], $_SESSION["pcmembers"]);
}
if (!isset($_SESSION["trueuser"]) && isset($_SESSION["user"])) {
$_SESSION["trueuser"] = $_SESSION["user"];
}
if (is_string(@$_SESSION["trueuser"])) {
$userwords = explode(" ", $_SESSION["trueuser"]);
$_SESSION["trueuser"] = (object) array("contactId" => $userwords[0], "dsn" => $userwords[1], "email" => @$userwords[2]);
}
// load current user
$Me = null;
$trueuser = @$_SESSION["trueuser"];
if ($trueuser && $trueuser->dsn == $Conf->dsn) {
$Me = Contact::find_by_id($trueuser->contactId);
}
if (!$Me && $trueuser && $trueuser->email) {
$Me = Contact::find_by_email($trueuser->email);
}
if (!$Me) {
$Me = new Contact($trueuser);
}
$Me = $Me->activate();
// if bounced through login, add post data
if (isset($_SESSION["login_bounce"]) && !$Me->is_empty()) {
$lb = $_SESSION["login_bounce"];
if ($lb[0] == $Conf->dsn && $lb[2] !== "index" && $lb[2] == Navigation::page()) {
foreach ($lb[3] as $k => $v) {
if (!isset($_REQUEST[$k])) {
$_REQUEST[$k] = $_GET[$k] = $v;
}
}
$_REQUEST["after_login"] = 1;
}
unset($_SESSION["login_bounce"]);
}
}
function initialize_user()
{
global $Conf, $Me;
// load current user
$Me = null;
$trueuser = get($_SESSION, "trueuser");
if ($trueuser && $trueuser->email) {
$Me = Contact::find_by_email($trueuser->email);
}
if (!$Me) {
$Me = new Contact($trueuser);
}
$Me = $Me->activate();
// if bounced through login, add post data
if (isset($_SESSION["login_bounce"]) && !$Me->is_empty()) {
$lb = $_SESSION["login_bounce"];
if ($lb[0] == $Conf->dsn && $lb[2] !== "index" && $lb[2] == Navigation::page()) {
foreach ($lb[3] as $k => $v) {
if (!isset($_REQUEST[$k])) {
$_REQUEST[$k] = $_GET[$k] = $v;
}
}
$_REQUEST["after_login"] = 1;
}
unset($_SESSION["login_bounce"]);
}
// set $_SESSION["addrs"]
if ($_SERVER["REMOTE_ADDR"] && (!is_array(@$_SESSION["addrs"]) || @$_SESSION["ips"][0] !== $_SERVER["REMOTE_ADDR"])) {
$as = array($_SERVER["REMOTE_ADDR"]);
if (is_array(@$_SESSION["addrs"])) {
foreach ($_SESSION["addrs"] as $a) {
if ($a !== $_SERVER["REMOTE_ADDR"] && count($as) < 5) {
$as[] = $a;
}
}
}
$_SESSION["addrs"] = $as;
}
}
function run(Contact $user, $qreq, $ssel)
{
global $Conf;
$mt = $qreq->assignfn;
$mpc = (string) $qreq->markpc;
$pc = null;
if ($mpc != "" && $mpc != "0") {
$pc = Contact::find_by_email($mpc);
}
if ($mt == "auto") {
$t = in_array($qreq->t, array("acc", "s")) ? $qreq->t : "all";
$q = join("+", $ssel->selection());
go(hoturl("autoassign", "pap={$q}&t={$t}&q={$q}"));
} else {
if ($mt == "lead" || $mt == "shepherd") {
if ($user->assign_paper_pc($ssel->selection(), $mt, $pc)) {
$Conf->confirmMsg(ucfirst(pluralx($ssel->selection(), $mt)) . " set.");
} else {
if ($OK) {
$Conf->confirmMsg("No changes.");
}
}
} else {
if (!$pc) {
Conf::msg_error("“" . htmlspecialchars($mpc) . "” is not a PC member.");
} else {
if ($mt == "conflict" || $mt == "unconflict") {
if ($mt == "conflict") {
Dbl::qe("insert into PaperConflict (paperId, contactId, conflictType) (select paperId, ?, ? from Paper where paperId" . $ssel->sql_predicate() . ") on duplicate key update conflictType=greatest(conflictType, values(conflictType))", $pc->contactId, CONFLICT_CHAIRMARK);
$user->log_activity("Mark conflicts with {$mpc}", $ssel->selection());
} else {
Dbl::qe("delete from PaperConflict where PaperConflict.conflictType<? and contactId=? and (paperId" . $ssel->sql_predicate() . ")", CONFLICT_AUTHOR, $pc->contactId);
$user->log_activity("Remove conflicts with {$mpc}", $ssel->selection());
}
} else {
if (substr($mt, 0, 6) == "assign" && ($asstype = substr($mt, 6)) && isset(ReviewForm::$revtype_names[$asstype])) {
Dbl::qe_raw("lock tables PaperConflict write, PaperReview write, PaperReviewRefused write, Paper write, ActionLog write, Settings write");
$result = Dbl::qe_raw("select Paper.paperId, reviewId, reviewType, reviewModified, conflictType from Paper left join PaperReview on (Paper.paperId=PaperReview.paperId and PaperReview.contactId=" . $pc->contactId . ") left join PaperConflict on (Paper.paperId=PaperConflict.paperId and PaperConflict.contactId=" . $pc->contactId . ") where Paper.paperId" . $ssel->sql_predicate());
$conflicts = array();
$assigned = array();
$nworked = 0;
while ($row = PaperInfo::fetch($result, $user)) {
if ($asstype && $row->conflictType > 0) {
$conflicts[] = $row->paperId;
} else {
if ($asstype && $row->reviewType >= REVIEW_PC && $asstype != $row->reviewType) {
$assigned[] = $row->paperId;
} else {
$user->assign_review($row->paperId, $pc->contactId, $asstype);
$nworked++;
}
}
}
if (count($conflicts)) {
Conf::msg_error("Some papers were not assigned because of conflicts (" . join(", ", $conflicts) . "). If these conflicts are in error, remove them and try to assign again.");
}
if (count($assigned)) {
Conf::msg_error("Some papers were not assigned because the PC member already had an assignment (" . join(", ", $assigned) . ").");
}
if ($nworked) {
$Conf->confirmMsg($asstype == 0 ? "Unassigned reviews." : "Assigned reviews.");
}
Dbl::qe_raw("unlock tables");
$Conf->update_rev_tokens_setting(false);
}
}
}
}
}
}
// pc
$user_van = Contact::find_by_email("*****@*****.**");
// none
$user_mgbaker = Contact::find_by_email("*****@*****.**");
// pc
$user_shenker = Contact::find_by_email("*****@*****.**");
// pc, chair
$user_jon = Contact::find_by_email("*****@*****.**");
// pc, red
$user_varghese = Contact::find_by_email("*****@*****.**");
// pc
$user_wilma = Contact::find_by_email("*****@*****.**");
// pc
$user_mjh = Contact::find_by_email("*****@*****.**");
// pc
$user_pdruschel = Contact::find_by_email("*****@*****.**");
// pc
$user_nobody = new Contact();
// users are different
xassert($user_chair && $user_estrin && $user_kohler && $user_marina && $user_van && $user_nobody);
xassert($user_chair->contactId && $user_estrin->contactId && $user_kohler->contactId && $user_marina->contactId && $user_van->contactId && !$user_nobody->contactId);
xassert($user_chair->contactId != $user_estrin->contactId);
// check permissions on paper
function check_paper1($paper1)
{
global $user_chair, $user_estrin, $user_kohler, $user_marina, $user_van, $user_nobody;
xassert_neqq($paper1, null);
xassert($user_chair->can_view_paper($paper1));
xassert($user_estrin->can_view_paper($paper1));
xassert($user_marina->can_view_paper($paper1));
xassert($user_van->can_view_paper($paper1));
function save($cj, $old_user = null, $actor = null)
{
global $Conf, $Me, $Now;
assert(is_object($cj));
self::normalize_name($cj);
if (!$old_user && is_int(get($cj, "id")) && $cj->id) {
$old_user = Contact::find_by_id($cj->id);
} else {
if (!$old_user && is_string(get($cj, "email")) && $cj->email) {
$old_user = Contact::find_by_email($cj->email);
}
}
if (!get($cj, "id")) {
$cj->id = $old_user ? $old_user->contactId : "new";
}
if ($cj->id !== "new" && $old_user && $cj->id != $old_user->contactId) {
$this->set_error("id", "Saving user with different ID");
return false;
}
$no_old_db_account = !$old_user || !$old_user->has_database_account();
$old_cdb_user = null;
if ($old_user && $old_user->has_email()) {
$old_cdb_user = Contact::contactdb_find_by_email($old_user->email);
} else {
if (is_string(get($cj, "email")) && $cj->email) {
$old_cdb_user = Contact::contactdb_find_by_email($cj->email);
}
}
$user = $old_user ?: $old_cdb_user;
$this->normalize($cj, $user);
if ($this->nerrors) {
return false;
}
$this->check_invariants($cj);
$user = $user ?: new Contact();
if (($send = $this->send_email) === null) {
$send = !$old_cdb_user;
}
if ($user->save_json($cj, $actor, $send)) {
return $user;
} else {
return false;
}
}
$Conf->confirmMsg("Merged account " . htmlspecialchars($old_user->email) . ".");
$new_user->log_activity("Merged account {$old_user->email}");
go(hoturl("index"));
} else {
$new_user->log_activity("Merged account {$old_user->email} with errors");
$MergeError .= $Conf->db_error_html(true);
}
}
if (isset($_REQUEST["merge"]) && check_post()) {
if (!$_REQUEST["email"]) {
$MergeError = "Enter an email address to merge.";
} else {
if (!$_REQUEST["password"]) {
$MergeError = "Enter the password of the account to merge.";
} else {
$MiniMe = Contact::find_by_email($_REQUEST["email"]);
if (!$MiniMe) {
$MergeError = "No account for " . htmlspecialchars($_REQUEST["email"]) . " exists. Did you enter the correct email address?";
} else {
if (!$MiniMe->check_password($_REQUEST["password"])) {
$MergeError = "That password is incorrect.";
} else {
if ($MiniMe->contactId == $Me->contactId) {
$Conf->confirmMsg("Accounts successfully merged.");
go(hoturl("index"));
} else {
crpmerge($MiniMe);
}
}
}
}
function upload_grades($pset, $text, $fname)
{
global $Conf;
assert($pset->gitless_grades);
$csv = new CsvParser($text);
$csv->set_header($csv->next());
while ($line = $csv->next()) {
if (@$line["seascode_username"]) {
$who = $line["seascode_username"];
$user = Contact::find_by_username($who);
} else {
if (@$line["email"]) {
$who = $line["email"];
$user = Contact::find_by_email($who);
} else {
if (@$line["name"]) {
$who = $line["name"];
list($first, $last) = Text::split_name($who);
$user = Contact::find_by_query("firstName like '" . sqlqtrim($first) . "%' and lastName='" . sqlqtrim($last) . "'");
if ($user && $user->firstName != $first && !str_starts_with($user->firstName, "{$first} ")) {
$user = null;
}
} else {
continue;
}
}
}
if ($user) {
if (!save_grades($user, $pset, null, $line, true)) {
$Conf->errorMsg("no grades set for “" . htmlspecialchars($who) . "”");
}
} else {
$Conf->errorMsg(htmlspecialchars($fname) . ":" . $csv->lineno() . ": unknown user “" . htmlspecialchars($who) . "”");
}
}
return true;
}
<?php
// test05.php -- HotCRP paper submission tests
// HotCRP is Copyright (c) 2006-2016 Eddie Kohler and Regents of the UC
// Distributed under an MIT-like license; see LICENSE
global $ConfSitePATH;
$ConfSitePATH = preg_replace(",/[^/]+/[^/]+\$,", "", __FILE__);
require_once "{$ConfSitePATH}/test/setup.php";
$Conf->save_setting("sub_open", 1);
$Conf->save_setting("sub_update", $Now + 100);
$Conf->save_setting("sub_sub", $Now + 100);
// load users
$user_estrin = Contact::find_by_email("*****@*****.**");
// pc
$user_nobody = new Contact();
$ps = new PaperStatus($user_estrin);
$paper1a = $ps->paper_json(1);
xassert_eqq($paper1a->title, "Scalable Timers for Soft State Protocols");
$ps->save_paper_json((object) ["id" => 1, "title" => "Scalable Timers? for Soft State Protocols"]);
xassert(!$ps->nerrors);
$paper1b = $ps->paper_json(1);
xassert_eqq($paper1b->title, "Scalable Timers? for Soft State Protocols");
$paper1b->title = $paper1a->title;
$paper1b->submitted_at = $paper1a->submitted_at;
xassert_eqq(json_encode($paper1b), json_encode($paper1a));
$doc = Filer::file_upload_json(["error" => UPLOAD_ERR_OK, "name" => "amazing-sample.pdf", "tmp_name" => "{$ConfSitePATH}/src/sample.pdf", "tmp_name_safe" => true, "type" => "application/pdf"]);
$ps->save_paper_json((object) ["id" => 1, "submission" => $doc]);
xassert(!$ps->nerrors);
$paper1c = $ps->paper_json(1);
xassert_eqq($paper1c->submission->sha1, "2f1bccbf1e0e98004c01ef5b26eb9619f363e38e");
xassert_exit();
$_POST["password2"] = trim((string) @$_POST["password2"]);
if ($_POST["password"] == "") {
Conf::msg_error("You must enter a password.");
} else {
if ($_POST["password"] !== $_POST["password2"]) {
Conf::msg_error("The two passwords you entered did not match.");
} else {
if (!Contact::valid_password($_POST["password"])) {
Conf::msg_error("Invalid password.");
} else {
$flags = 0;
if ($_POST["password"] === @$_POST["autopassword"]) {
$flags |= Contact::CHANGE_PASSWORD_PLAINTEXT;
}
$Acct->change_password(null, $_POST["password"], $flags);
if (!$iscdb || !($log_acct = Contact::find_by_email($Acct->email))) {
$log_acct = $Acct;
}
$log_acct->log_activity("Password reset via " . substr($_REQUEST["resetcap"], 0, 8) . "...");
$Conf->confirmMsg("Your password has been changed. You may now sign in to the conference site.");
$capmgr->delete($capdata);
$Conf->save_session("password_reset", (object) array("time" => $Now, "email" => $Acct->email, "password" => $_POST["password"]));
go(hoturl("index"));
}
}
}
$password_class = " error";
}
$Conf->header("Reset password", "resetpassword", false);
if (!isset($_POST["autopassword"]) || trim($_POST["autopassword"]) != $_POST["autopassword"] || strlen($_POST["autopassword"]) < 16 || !preg_match("/\\A[-0-9A-Za-z@_+=]*\\z/", $_POST["autopassword"])) {
$_POST["autopassword"] = Contact::random_password();
private static function login()
{
global $Conf, $Now, $Opt, $email_class, $password_class;
$external_login = isset($Opt["ldapLogin"]) || isset($Opt["httpAuthLogin"]);
// In all cases, we need to look up the account information
// to determine if the user is registered
if (!isset($_REQUEST["email"]) || ($_REQUEST["email"] = trim($_REQUEST["email"])) == "") {
$email_class = " error";
if (isset($Opt["ldapLogin"])) {
return Conf::msg_error("Enter your LDAP username.");
} else {
return Conf::msg_error("Enter your email address.");
}
}
// Check for the cookie
if (isset($_SESSION["testsession"])) {
/* Session cookie set */
} else {
if (!isset($_REQUEST["testsession"])) {
// set a cookie to test that their browser supports cookies
$_SESSION["testsession"] = true;
$url = "testsession=1";
foreach (array("email", "password", "action", "go", "signin") as $a) {
if (isset($_REQUEST[$a])) {
$url .= "&{$a}=" . urlencode($_REQUEST[$a]);
}
}
Navigation::redirect("?" . $url);
} else {
return Conf::msg_error("You appear to have disabled cookies in your browser, but this site needs to set cookies to function. Google has <a href='http://www.google.com/cookies.html'>an informative article on how to enable them</a>.");
}
}
// do LDAP login before validation, since we might create an account
if (isset($Opt["ldapLogin"])) {
$_REQUEST["action"] = "login";
if (!self::ldap_login()) {
return null;
}
}
// is email valid?
if (!validate_email($_REQUEST["email"])) {
// can we make it valid by adding the default domain?
if (isset($Opt["defaultEmailDomain"]) && validate_email($_REQUEST["email"] . "@" . $Opt["defaultEmailDomain"])) {
$_REQUEST["email"] = $_REQUEST["email"] . "@" . $Opt["defaultEmailDomain"];
}
}
// look up user in our database
if (strpos($_REQUEST["email"], "@") === false) {
self::unquote_double_quoted_request();
}
$user = Contact::find_by_email($_REQUEST["email"]);
// look up or create user in contact database
$cdb_user = null;
if (opt("contactdb_dsn")) {
if ($user) {
$cdb_user = $user->contactdb_user();
} else {
$cdb_user = Contact::contactdb_find_by_email($_REQUEST["email"]);
}
}
// create account if requested
if ($_REQUEST["action"] == "new") {
if (!($user = self::create_account($user, $cdb_user))) {
return null;
}
$_REQUEST["password"] = $user->plaintext_password();
}
// auto-create account if external login
if (!$user && $external_login) {
$reg = Contact::safe_registration($_REQUEST);
$reg->no_validate_email = true;
if (!($user = Contact::create($reg))) {
return Conf::msg_error($Conf->db_error_html(true, "while adding your account"));
}
if ($Conf->setting("setupPhase", false)) {
return self::first_user($user, $msg);
}
// automatically make new LDAP users PC members.
if (isset($Opt["ldap_AutoNewUserPc"])) {
$user->save_roles(Contact::ROLE_PC, null);
}
}
// if no user found, then fail
if (!$user && (!$cdb_user || !$cdb_user->allow_contactdb_password())) {
$email_class = " error";
return Conf::msg_error("No account for " . htmlspecialchars($_REQUEST["email"]) . ". Did you enter the correct email address?");
}
// if user disabled, then fail
if ($user && $user->disabled) {
return Conf::msg_error("Your account is disabled. Contact the site administrator for more information.");
}
// maybe reset password
$xuser = $user ?: $cdb_user;
if ($_REQUEST["action"] == "forgot") {
$worked = $xuser->sendAccountInfo("forgot", true);
if ($worked == "@resetpassword") {
$Conf->confirmMsg("A password reset link has been emailed to " . htmlspecialchars($_REQUEST["email"]) . ". When you receive that email, follow its instructions to create a new password.");
} else {
if ($worked) {
$Conf->confirmMsg("Your password has been emailed to " . htmlspecialchars($_REQUEST["email"]) . ". When you receive that email, return here to sign in.");
$Conf->log("Sent password", $xuser);
}
}
return null;
}
// check password
if (!$external_login) {
if (($password = trim(req_s("password"))) === "") {
$password_class = " error";
return Conf::msg_error("Enter your password. If you’ve forgotten it, enter your email address and use the “I forgot my password” option.");
}
if (!$xuser->check_password($password)) {
$password_class = " error";
return Conf::msg_error("That password doesn’t match. If you’ve forgotten your password, enter your email address and use the “I forgot my password” option.");
}
}
// mark activity
$xuser->mark_login();
// activate and redirect
$user = $xuser->activate();
unset($_SESSION["testsession"]);
$_SESSION["trueuser"] = (object) array("email" => $user->email);
$Conf->save_session("freshlogin", true);
$Conf->save_session("password_reset", null);
if (isset($_REQUEST["go"])) {
$where = $_REQUEST["go"];
} else {
if (isset($_SESSION["login_bounce"]) && $_SESSION["login_bounce"][0] == $Conf->dsn) {
$where = $_SESSION["login_bounce"][1];
} else {
$where = hoturl("index");
}
}
go($where);
exit;
}
function save_user($cj, $user_status, $Acct, $allow_modification)
{
global $Conf, $Me, $Opt, $OK, $newProfile;
if ($newProfile) {
$Acct = null;
}
// check for missing fields
UserStatus::normalize_name($cj);
if ($newProfile && !isset($cj->email)) {
$user_status->set_error("email", "Email address required.");
return false;
}
// check email
if ($newProfile || $cj->email != $Acct->email) {
if ($new_acct = Contact::find_by_email($cj->email)) {
if ($allow_modification) {
$cj->id = $new_acct->contactId;
} else {
$msg = "Email address “" . htmlspecialchars($cj->email) . "” is already in use.";
if ($Me->privChair) {
$msg = str_replace("an account", "<a href=\"" . hoturl("profile", "u=" . urlencode($cj->email)) . "\">an account</a>", $msg);
}
if (!$newProfile) {
$msg .= " You may want to <a href=\"" . hoturl("mergeaccounts") . "\">merge these accounts</a>.";
}
return $user_status->set_error("email", $msg);
}
} else {
if (Contact::external_login()) {
if ($cj->email === "") {
return $user_status->set_error("email", "Not a valid username.");
}
} else {
if ($cj->email === "") {
return $user_status->set_error("email", "You must supply an email address.");
} else {
if (!validate_email($cj->email)) {
return $user_status->set_error("email", "“" . htmlspecialchars($cj->email) . "” is not a valid email address.");
}
}
}
}
if (!$newProfile && !$Me->privChair) {
$old_preferredEmail = $Acct->preferredEmail;
$Acct->preferredEmail = $cj->email;
$capmgr = $Conf->capability_manager();
$rest = array("capability" => $capmgr->create(CAPTYPE_CHANGEEMAIL, array("user" => $Acct, "timeExpires" => time() + 259200, "data" => json_encode(array("uemail" => $cj->email)))));
$mailer = new HotCRPMailer($Acct, null, $rest);
$prep = $mailer->make_preparation("@changeemail", $rest);
if ($prep->sendable) {
Mailer::send_preparation($prep);
$Conf->warnMsg("Mail has been sent to " . htmlspecialchars($cj->email) . ". Use the link it contains to confirm your email change request.");
} else {
Conf::msg_error("Mail cannot be sent to " . htmlspecialchars($cj->email) . " at this time. Your email address was unchanged.");
}
// Save changes *except* for new email, by restoring old email.
$cj->email = $Acct->email;
$Acct->preferredEmail = $old_preferredEmail;
}
}
// save account
return $user_status->save($cj, $Acct, $Me);
}
function check_save_review($req, &$tf, $contact)
{
global $Conf;
// look up reviewer
$Reviewer = $contact;
if (isset($req["reviewerEmail"]) && strcasecmp($req["reviewerEmail"], $contact->email) != 0 && !($Reviewer = Contact::find_by_email($req["reviewerEmail"]))) {
return $this->reviewer_error($req, $tf, $contact->privChair ? "No such user." : null);
}
// look up paper & review rows, check review permission
if (!($prow = $Conf->paperRow($req["paperId"], $contact, $whyNot))) {
return $this->tfError($tf, true, whyNotText($whyNot, "review"));
}
$rrow_args = ["paperId" => $prow->paperId, "first" => true, "contactId" => $Reviewer->contactId, "rev_tokens" => $contact->review_tokens()];
$rrow = $Conf->reviewRow($rrow_args);
$new_rrid = false;
if ($contact !== $Reviewer && !$rrow) {
if (!$contact->can_create_review_from($prow, $Reviewer)) {
return $this->reviewer_error($req, $tf);
}
$new_rrid = $contact->assign_review($prow->paperId, $Reviewer->contactId, $Reviewer->isPC ? REVIEW_PC : REVIEW_EXTERNAL);
if (!$new_rrid) {
return $this->tfError($tf, true, "Internal error while creating review.");
}
$rrow = $Conf->reviewRow($rrow_args);
}
if ($whyNot = $contact->perm_submit_review($prow, $rrow)) {
if ($contact === $Reviewer || $contact->can_view_review_identity($prow, $rrow)) {
return $this->tfError($tf, true, whyNotText($whyNot, "review"));
} else {
return $this->reviewer_error($req, $tf);
}
}
// actually check review and save
if ($this->checkRequestFields($req, $rrow, $tf)) {
$this->save_review($req, $rrow, $prow, $contact, $tf);
return true;
} else {
if ($new_rrid) {
$contact->assign_review($prow->paperId, $Reviewer->contactId, 0);
}
return false;
}
}
private static function create_account($user, $cdb_user)
{
global $Conf, $Opt, $email_class;
// check for errors
if ($user && $user->has_database_account() && $user->activity_at > 0 || $cdb_user && $cdb_user->activity_at > 0) {
$email_class = " error";
return $Conf->errorMsg("An account already exists for " . htmlspecialchars($_REQUEST["email"]) . ". To retrieve your password, select “I forgot my password.”");
} else {
if (!validate_email($_REQUEST["email"])) {
$email_class = " error";
return $Conf->errorMsg("“" . htmlspecialchars($_REQUEST["email"]) . "” is not a valid email address.");
} else {
if (@$Opt["disableNewUsers"]) {
$email_class = " error";
return $Conf->errorMsg("Account creation is disabled.");
}
}
}
// create database account
if (!$user || !$user->has_database_account()) {
if (!($user = Contact::find_by_email($_REQUEST["email"], true))) {
return $Conf->errorMsg($Conf->db_error_html(true, "while adding your account"));
}
}
$user->sendAccountInfo("create", true);
$msg = "Successfully created an account for " . htmlspecialchars($_REQUEST["email"]) . ".";
// handle setup phase
if ($Conf->setting("setupPhase") && self::first_user($user, $msg)) {
return $user;
}
if (Mailer::allow_send($user->email)) {
$msg .= " A password has been emailed to you. Return here when you receive it to complete the registration process. If you don’t receive the email, check your spam folders and verify that you entered the correct address.";
} else {
if ($Opt["sendEmail"]) {
$msg .= " The email address you provided seems invalid.";
} else {
$msg .= " The conference system is not set up to mail passwords at this time.";
}
$msg .= " Although an account was created for you, you need help to retrieve your password. Contact " . Text::user_html(Contact::site_contact()) . ".";
}
if (isset($_REQUEST["password"]) && trim($_REQUEST["password"]) != "") {
$msg .= " Note that the password you supplied on the login screen was ignored.";
}
$Conf->confirmMsg($msg);
return null;
}
function user($email)
{
return Contact::find_by_email($email);
}