/**
  * Creates a new user for the platform
  * @author Hugues Peeters <*****@*****.**>,
  * @author Roan Embrechts <*****@*****.**>
  * @param  string Firstname
  * @param  string Lastname
  * @param  int    Status (1 for course tutor, 5 for student, 6 for anonymous)
  * @param  string e-mail address
  * @param  string Login
  * @param  string Password
  * @param  string Any official code (optional)
  * @param  string User language    (optional)
  * @param  string Phone number    (optional)
  * @param  string Picture URI        (optional)
  * @param  string Authentication source    (optional, defaults to 'platform', dependind on constant)
  * @param  string Account expiration date (optional, defaults to null)
  * @param  int     Whether the account is enabled or disabled by default
  * @param  int     The department of HR in which the user is registered (optional, defaults to 0)
  * @param  array Extra fields
  * @param  string Encrypt method used if password is given encrypted. Set to an empty string by default
  * @param  bool $send_mail
  * @param  bool $isAdmin
  *
  * @return mixed   new user id - if the new user creation succeeds, false otherwise
  * @desc The function tries to retrieve user id from the session.
  * If it exists, the current user id is the creator id. If a problem arises,
  * it stores the error message in global $api_failureList
  * @assert ('Sam','Gamegie',5,'*****@*****.**','jo','jo') > 1
  * @assert ('Pippin','Took',null,null,'jo','jo') === false
  */
 public static function create_user($firstName, $lastName, $status, $email, $loginName, $password, $official_code = '', $language = '', $phone = '', $picture_uri = '', $auth_source = PLATFORM_AUTH_SOURCE, $expirationDate = null, $active = 1, $hr_dept_id = 0, $extra = null, $encrypt_method = '', $send_mail = false, $isAdmin = false)
 {
     $currentUserId = api_get_user_id();
     $hook = HookCreateUser::create();
     if (!empty($hook)) {
         $hook->notifyCreateUser(HOOK_EVENT_TYPE_PRE);
     }
     global $_configuration;
     $original_password = $password;
     $access_url_id = 1;
     if (api_get_multiple_access_url()) {
         $access_url_id = api_get_current_access_url_id();
     }
     if (is_array($_configuration[$access_url_id]) && isset($_configuration[$access_url_id]['hosting_limit_users']) && $_configuration[$access_url_id]['hosting_limit_users'] > 0) {
         $num = self::get_number_of_users();
         if ($num >= $_configuration[$access_url_id]['hosting_limit_users']) {
             api_warn_hosting_contact('hosting_limit_users');
             Display::addFlash(Display::return_message(get_lang('PortalUsersLimitReached'), 'warning'));
             return false;
         }
     }
     if ($status === 1 && is_array($_configuration[$access_url_id]) && isset($_configuration[$access_url_id]['hosting_limit_teachers']) && $_configuration[$access_url_id]['hosting_limit_teachers'] > 0) {
         $num = self::get_number_of_users(1);
         if ($num >= $_configuration[$access_url_id]['hosting_limit_teachers']) {
             Display::addFlash(Display::return_message(get_lang('PortalTeachersLimitReached'), 'warning'));
             api_warn_hosting_contact('hosting_limit_teachers');
             return false;
         }
     }
     if (empty($password)) {
         Display::addFlash(Display::return_message(get_lang('ThisFieldIsRequired') . ': ' . get_lang('Password'), 'warning'));
         return false;
     }
     // database table definition
     $table_user = Database::get_main_table(TABLE_MAIN_USER);
     //Checking the user language
     $languages = api_get_languages();
     $language = strtolower($language);
     if (!in_array($language, $languages['folder'])) {
         $language = api_get_setting('platformLanguage');
     }
     if (!empty($currentUserId)) {
         $creator_id = $currentUserId;
     } else {
         $creator_id = '';
     }
     // First check wether the login already exists
     if (!self::is_username_available($loginName)) {
         return api_set_failure('login-pass already taken');
     }
     $currentDate = api_get_utc_datetime();
     $now = new DateTime($currentDate);
     if (empty($expirationDate)) {
         // Default expiration date
         // if there is a default duration of a valid account then
         // we have to change the expiration_date accordingly
         if (api_get_setting('account_valid_duration') != '') {
             $expirationDate = new DateTime($currentDate);
             $days = intval(api_get_setting('account_valid_duration'));
             $expirationDate->modify('+' . $days . ' day');
         }
     } else {
         $expirationDate = api_get_utc_datetime($expirationDate);
         $expirationDate = new \DateTime($expirationDate, new DateTimeZone('UTC'));
     }
     $userManager = self::getManager();
     /** @var User $user */
     $user = $userManager->createUser();
     $user->setLastname($lastName)->setFirstname($firstName)->setUsername($loginName)->setStatus($status)->setPlainPassword($password)->setEmail($email)->setOfficialCode($official_code)->setPictureUri($picture_uri)->setCreatorId($creator_id)->setAuthSource($auth_source)->setPhone($phone)->setLanguage($language)->setRegistrationDate($now)->setHrDeptId($hr_dept_id)->setActive($active);
     if (!empty($expirationDate)) {
         $user->setExpirationDate($expirationDate);
     }
     $userManager->updateUser($user, true);
     $userId = $user->getId();
     if (!empty($userId)) {
         $return = $userId;
         $sql = "UPDATE {$table_user} SET user_id = {$return} WHERE id = {$return}";
         Database::query($sql);
         if ($isAdmin) {
             UserManager::add_user_as_admin($userId);
         }
         if (api_get_multiple_access_url()) {
             UrlManager::add_user_to_url($return, api_get_current_access_url_id());
         } else {
             //we are adding by default the access_url_user table with access_url_id = 1
             UrlManager::add_user_to_url($return, 1);
         }
         if (!empty($email) && $send_mail) {
             $recipient_name = api_get_person_name($firstName, $lastName, null, PERSON_NAME_EMAIL_ADDRESS);
             $tplSubject = new Template(null, false, false, false, false, false);
             $layoutSubject = $tplSubject->get_template('mail/subject_registration_platform.tpl');
             $emailSubject = $tplSubject->fetch($layoutSubject);
             $sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
             $email_admin = api_get_setting('emailAdministrator');
             if (api_is_multiple_url_enabled()) {
                 $access_url_id = api_get_current_access_url_id();
                 if ($access_url_id != -1) {
                     $url = api_get_access_url($access_url_id);
                 }
             } else {
                 $url = $_configuration['root_web'];
             }
             $tplContent = new Template(null, false, false, false, false, false);
             // variables for the default template
             $tplContent->assign('complete_name', stripslashes(api_get_person_name($firstName, $lastName)));
             $tplContent->assign('login_name', $loginName);
             $tplContent->assign('original_password', stripslashes($original_password));
             $tplContent->assign('mailWebPath', $url);
             $layoutContent = $tplContent->get_template('mail/content_registration_platform.tpl');
             $emailBody = $tplContent->fetch($layoutContent);
             /* MANAGE EVENT WITH MAIL */
             if (EventsMail::check_if_using_class('user_registration')) {
                 $values["about_user"] = $return;
                 $values["password"] = $original_password;
                 $values["send_to"] = array($return);
                 $values["prior_lang"] = null;
                 EventsDispatcher::events('user_registration', $values);
             } else {
                 $phoneNumber = isset($extra['mobile_phone_number']) ? $extra['mobile_phone_number'] : null;
                 $additionalParameters = array('smsType' => SmsPlugin::WELCOME_LOGIN_PASSWORD, 'userId' => $return, 'mobilePhoneNumber' => $phoneNumber, 'password' => $original_password);
                 api_mail_html($recipient_name, $email, $emailSubject, $emailBody, $sender_name, $email_admin, null, null, null, $additionalParameters);
             }
             /* ENDS MANAGE EVENT WITH MAIL */
         }
         Event::addEvent(LOG_USER_CREATE, LOG_USER_ID, $return);
     } else {
         return api_set_failure('error inserting in Database');
     }
     if (is_array($extra) && count($extra) > 0) {
         $res = true;
         foreach ($extra as $fname => $fvalue) {
             $res = $res && self::update_extra_field_value($return, $fname, $fvalue);
         }
     }
     self::update_extra_field_value($return, 'already_logged_in', 'false');
     if (!empty($hook)) {
         $hook->setEventData(array('return' => $return, 'originalPassword' => $original_password));
         $hook->notifyCreateUser(HOOK_EVENT_TYPE_POST);
     }
     return $return;
 }
Esempio n. 2
0
 /**
  * For the sake of genericity, this function is a switch.
  * It's called by EventsDispatcher and fires the good function
  * with the good require_once.
  *
  * @param string $event_name
  * @param array $params
  */
 public static function event_send_mail($event_name, $params)
 {
     EventsMail::send_mail($event_name, $params);
 }
         //File does not exist
         $fp = fopen($homep . $topf . '_' . $lang . $ext, 'w');
         fputs($fp, $home_top);
         fclose($fp);
         foreach ($_languages['name'] as $key => $value) {
             $lang_name = $_languages['folder'][$key];
             if (isset($_POST[$lang_name])) {
                 if (file_exists($homep . $topf . '_' . $lang_name . $ext)) {
                     $fp = fopen($homep . $topf . '_' . $lang_name . $ext, 'w');
                     fputs($fp, $home_top);
                     fclose($fp);
                 }
             }
         }
     }
     if (EventsMail::check_if_using_class('portal_homepage_edited')) {
         EventsDispatcher::events('portal_homepage_edited', array('about_user' => api_get_user_id()));
     }
     Event::addEvent(LOG_HOMEPAGE_CHANGED, 'edit_top', cut(strip_tags($home_top), 254), api_get_utc_datetime(), api_get_user_id());
     break;
 case 'edit_notice':
     // Filter
     $notice_title = trim(strip_tags(stripslashes($_POST['notice_title'])));
     $notice_text = trim(str_replace(array("\r", "\n"), array('', '<br />'), strip_tags(stripslashes($_POST['notice_text']), '<a>')));
     if (empty($notice_title) || empty($notice_text)) {
         $errorMsg = get_lang('NoticeWillBeNotDisplayed');
     }
     // Write
     if (file_exists($homep . $noticef . '_' . $lang . $ext)) {
         if (is_writable($homep . $noticef . '_' . $lang . $ext)) {
             $fp = fopen($homep . $noticef . '_' . $lang . $ext, 'w');
Esempio n. 4
0
 /**
  * Creates a new user for the platform
  * @author Hugues Peeters <*****@*****.**>,
  * @author Roan Embrechts <*****@*****.**>
  * @param  string Firstname
  * @param  string Lastname
  * @param  int    Status (1 for course tutor, 5 for student, 6 for anonymous)
  * @param  string e-mail address
  * @param  string Login
  * @param  string Password
  * @param  string Any official code (optional)
  * @param  string User language    (optional) (isocode)
  * @param  string Phone number    (optional)
  * @param  string Picture URI        (optional)
  * @param  string Authentication source    (optional, defaults to 'platform', dependind on constant)
  * @param  string Account expiration date (optional, defaults to null)
  * @param  int     Whether the account is enabled or disabled by default
  * @param  int     The department of HR in which the user is registered (optional, defaults to 0)
  * @param  array Extra fields
  * @param  string Encrypt method used if password is given encrypted. Set to an empty string by default
  * @param  bool $send_mail
  * @param  bool $isAdmin
  *
  * @return mixed   new user id - if the new user creation succeeds, false otherwise
  * @desc The function tries to retrieve user id from the session.
  * If it exists, the current user id is the creator id. If a problem arises,
  * it stores the error message in global $api_failureList
  * @assert ('Sam','Gamegie',5,'*****@*****.**','jo','jo') > 1
  * @assert ('Pippin','Took',null,null,'jo','jo') === false
  */
 public static function create_user($firstName, $lastName, $status, $email, $loginName, $password, $official_code = '', $language = '', $phone = '', $picture_uri = '', $auth_source = PLATFORM_AUTH_SOURCE, $expirationDate = null, $active = 1, $hr_dept_id = 0, $extra = null, $encrypt_method = '', $send_mail = false, $isAdmin = false)
 {
     $currentUserId = api_get_user_id();
     $hook = HookCreateUser::create();
     if (!empty($hook)) {
         $hook->notifyCreateUser(HOOK_EVENT_TYPE_PRE);
     }
     $original_password = $password;
     if (empty($password)) {
         Display::addFlash(Display::return_message(get_lang('ThisFieldIsRequired') . ': ' . get_lang('Password'), 'warning'));
         return false;
     }
     // database table definition
     $table_user = Database::get_main_table(TABLE_MAIN_USER);
     //Checking the user language
     $languages = api_get_languages();
     if (!in_array($language, array_keys($languages))) {
         $language = api_get_setting('language.platform_language');
     }
     if (!empty($currentUserId)) {
         $creator_id = $currentUserId;
     } else {
         $creator_id = 0;
     }
     // First check wether the login already exists
     if (!self::is_username_available($loginName)) {
         throw new \Exception("Username '{$loginName}' already exists");
     }
     $currentDate = api_get_utc_datetime();
     $now = new DateTime($currentDate);
     if (empty($expirationDate) || $expirationDate == '0000-00-00 00:00:00') {
         // Default expiration date
         // if there is a default duration of a valid account then
         // we have to change the expiration_date accordingly
         // Accept 0000-00-00 00:00:00 as a null value to avoid issues with
         // third party code using this method with the previous (pre-1.10)
         // value of 0000...
         if (api_get_setting('profile.account_valid_duration') != '') {
             $expirationDate = new DateTime($currentDate);
             $days = intval(api_get_setting('profile.account_valid_duration'));
             $expirationDate->modify('+' . $days . ' day');
         }
     } else {
         $expirationDate = api_get_utc_datetime($expirationDate);
         $expirationDate = new \DateTime($expirationDate, new DateTimeZone('UTC'));
     }
     $em = Database::getManager();
     $userManager = self::getManager();
     /** @var User $user */
     $user = $userManager->createUser();
     $user->setLastname($lastName)->setFirstname($firstName)->setUsername($loginName)->setStatus($status)->setPlainPassword($password)->setEmail($email)->setOfficialCode($official_code)->setPictureUri($picture_uri)->setCreatorId($creator_id)->setAuthSource($auth_source)->setPhone($phone)->setLanguage($language)->setRegistrationDate($now)->setHrDeptId($hr_dept_id)->setActive($active)->setEnabled($active);
     $url = $em->getRepository('ChamiloCoreBundle:AccessUrl')->find(api_get_current_access_url_id());
     $accessRelUser = new AccessUrlRelUser();
     $accessRelUser->setUser($user);
     $accessRelUser->setPortal($url);
     $user->setPortal($accessRelUser);
     if (!empty($expirationDate)) {
         $user->setExpirationDate($expirationDate);
     }
     switch ($status) {
         case STUDENT:
             $group = 'student';
             break;
         case COURSEMANAGER:
             $group = 'teacher';
             break;
         case DRH:
             $group = 'drh';
             break;
         case SESSIONADMIN:
             $group = 'session_manager';
             break;
             /*case QUESTION:
               $group = 'question_manager';
               break;*/
         /*case QUESTION:
           $group = 'question_manager';
           break;*/
         case STUDENT_BOSS:
             $group = 'student_boss';
             break;
         case INVITEE:
             $group = 'invitee';
             break;
     }
     if ($isAdmin) {
         $group = 'admin';
     }
     $criteria = ['code' => $group];
     $group = $em->getRepository('ChamiloUserBundle:Group')->findOneBy($criteria);
     $user->setGroups(array($group));
     $userManager->updateUser($user, true);
     $userId = $user->getId();
     if (!empty($userId)) {
         $return = $userId;
         $sql = "UPDATE {$table_user} SET user_id = {$return} WHERE id = {$return}";
         Database::query($sql);
         if ($isAdmin) {
             UserManager::add_user_as_admin($user);
         }
         if (api_get_multiple_access_url()) {
             UrlManager::add_user_to_url($return, api_get_current_access_url_id());
         } else {
             //we are adding by default the access_url_user table with access_url_id = 1
             UrlManager::add_user_to_url($return, 1);
         }
         if (!empty($email) && $send_mail) {
             $recipient_name = api_get_person_name($firstName, $lastName, null, PERSON_NAME_EMAIL_ADDRESS);
             $emailSubject = Container::getTemplating()->render('@template_style/mail/subject_registration_platform.html.twig');
             $sender_name = api_get_person_name(api_get_setting('admin.administrator_name'), api_get_setting('admin.administrator_surname'), null, PERSON_NAME_EMAIL_ADDRESS);
             $email_admin = api_get_setting('admin.administrator_email');
             $url = api_get_path(WEB_PATH);
             if (api_is_multiple_url_enabled()) {
                 $access_url_id = api_get_current_access_url_id();
                 if ($access_url_id != -1) {
                     $url = api_get_access_url($access_url_id);
                 }
             }
             $emailBody = Container::getTemplating()->render('@template_style/mail/content_registration_platform.html.twig', ['complete_name' => stripslashes(api_get_person_name($firstName, $lastName)), 'login_name' => $loginName, 'original_password' => stripslashes($original_password), 'mail_web_path' => $url]);
             /* MANAGE EVENT WITH MAIL */
             if (EventsMail::check_if_using_class('user_registration')) {
                 $values["about_user"] = $return;
                 $values["password"] = $original_password;
                 $values["send_to"] = array($return);
                 $values["prior_lang"] = null;
                 EventsDispatcher::events('user_registration', $values);
             } else {
                 $phoneNumber = isset($extra['mobile_phone_number']) ? $extra['mobile_phone_number'] : null;
                 $additionalParameters = array('smsType' => SmsPlugin::WELCOME_LOGIN_PASSWORD, 'userId' => $return, 'mobilePhoneNumber' => $phoneNumber, 'password' => $original_password);
                 api_mail_html($recipient_name, $email, $emailSubject, $emailBody, $sender_name, $email_admin, null, null, null, $additionalParameters);
             }
             /* ENDS MANAGE EVENT WITH MAIL */
         }
         Event::addEvent(LOG_USER_CREATE, LOG_USER_ID, $return);
     } else {
         throw new \Exception('error inserting in Database');
     }
     if (is_array($extra) && count($extra) > 0) {
         $res = true;
         foreach ($extra as $fname => $fvalue) {
             $res = $res && self::update_extra_field_value($return, $fname, $fvalue);
         }
     }
     self::update_extra_field_value($return, 'already_logged_in', 'false');
     if (!empty($hook)) {
         $hook->setEventData(array('return' => $return, 'originalPassword' => $original_password));
         $hook->notifyCreateUser(HOOK_EVENT_TYPE_POST);
     }
     return $return;
 }
 /**
  * Creates a new user for the platform
  * @author Hugues Peeters <*****@*****.**>,
  * @author Roan Embrechts <*****@*****.**>
  * @param    string    Firstname
  * @param    string    Lastname
  * @param    int       Status (1 for course tutor, 5 for student, 6 for anonymous)
  * @param    string    e-mail address
  * @param    string    Login
  * @param    string    Password
  * @param    string    Any official code (optional)
  * @param    string    User language    (optional)
  * @param    string    Phone number    (optional)
  * @param    string    Picture URI        (optional)
  * @param    string    Authentication source    (optional, defaults to 'platform', dependind on constant)
  * @param    string    Account expiration date (optional, defaults to '0000-00-00 00:00:00')
  * @param    int        Whether the account is enabled or disabled by default
  * @param    int        The department of HR in which the user is registered (optional, defaults to 0)
  * @param     array    Extra fields
  * @param    string    Encrypt method used if password is given encrypted. Set to an empty string by default
  * @return mixed   new user id - if the new user creation succeeds, false otherwise
  * @desc The function tries to retrieve $_user['user_id'] from the global space. If it exists, $_user['user_id'] is the creator id. If a problem arises, it stores the error message in global $api_failureList
  * @assert ('Sam','Gamegie',5,'*****@*****.**','jo','jo') > 1
  * @assert ('Pippin','Took',null,null,'jo','jo') === false
  */
 public static function create_user($firstName, $lastName, $status, $email, $loginName, $password, $official_code = '', $language = '', $phone = '', $picture_uri = '', $auth_source = PLATFORM_AUTH_SOURCE, $expiration_date = '0000-00-00 00:00:00', $active = 1, $hr_dept_id = 0, $extra = null, $encrypt_method = '', $send_mail = false)
 {
     global $_configuration;
     $original_password = $password;
     $access_url_id = 1;
     if (api_get_multiple_access_url()) {
         $access_url_id = api_get_current_access_url_id();
     }
     if (is_array($_configuration[$access_url_id]) && isset($_configuration[$access_url_id]['hosting_limit_users']) && $_configuration[$access_url_id]['hosting_limit_users'] > 0) {
         $num = self::get_number_of_users();
         if ($num >= $_configuration[$access_url_id]['hosting_limit_users']) {
             return api_set_failure('portal users limit reached');
         }
     }
     if ($status === 1 && is_array($_configuration[$access_url_id]) && isset($_configuration[$access_url_id]['hosting_limit_teachers']) && $_configuration[$access_url_id]['hosting_limit_teachers'] > 0) {
         $num = self::get_number_of_users(1);
         if ($num >= $_configuration[$access_url_id]['hosting_limit_teachers']) {
             return api_set_failure('portal teachers limit reached');
         }
     }
     $firstName = Security::remove_XSS($firstName);
     $lastName = Security::remove_XSS($lastName);
     $loginName = Security::remove_XSS($loginName);
     $phone = Security::remove_XSS($phone);
     // database table definition
     $table_user = Database::get_main_table(TABLE_MAIN_USER);
     //Checking the user language
     $languages = api_get_languages();
     if (!in_array($language, $languages['folder'])) {
         $language = api_get_setting('platformLanguage');
     }
     $creator_id = api_get_user_id();
     // First check wether the login already exists
     if (!self::is_username_available($loginName)) {
         return api_set_failure('login-pass already taken');
     }
     if (empty($encrypt_method)) {
         $password = api_get_encrypted_password($password);
     } else {
         if ($_configuration['password_encryption'] === $encrypt_method) {
             if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) {
                 return api_set_failure('encrypt_method invalid');
             } else {
                 if ($encrypt_method == 'sha1' && !preg_match('/^[A-Fa-f0-9]{40}$/', $password)) {
                     return api_set_failure('encrypt_method invalid');
                 }
             }
         } else {
             return api_set_failure('encrypt_method invalid');
         }
     }
     //@todo replace this date with the api_get_utc_date function big problem with users that are already registered
     $current_date = api_get_utc_datetime();
     $sql = "INSERT INTO {$table_user} " . "SET lastname =         '" . Database::escape_string(trim($lastName)) . "'," . "firstname =         '" . Database::escape_string(trim($firstName)) . "'," . "username =            '******'," . "status =             '" . Database::escape_string($status) . "'," . "password =             '******'," . "email =             '" . Database::escape_string($email) . "'," . "official_code    =     '" . Database::escape_string($official_code) . "'," . "picture_uri     =     '" . Database::escape_string($picture_uri) . "'," . "creator_id      =     '" . Database::escape_string($creator_id) . "'," . "auth_source =         '" . Database::escape_string($auth_source) . "'," . "phone =             '" . Database::escape_string($phone) . "'," . "language =             '" . Database::escape_string($language) . "'," . "registration_date = '" . $current_date . "'," . "expiration_date =     '" . Database::escape_string($expiration_date) . "'," . "hr_dept_id =         '" . Database::escape_string($hr_dept_id) . "'," . "active =             '" . Database::escape_string($active) . "'";
     $result = Database::query($sql);
     if ($result) {
         //echo "id returned";
         $return = Database::insert_id();
         if (api_get_multiple_access_url()) {
             UrlManager::add_user_to_url($return, api_get_current_access_url_id());
         } else {
             //we are adding by default the access_url_user table with access_url_id = 1
             UrlManager::add_user_to_url($return, 1);
         }
         // Adding user
         /** @var Entity\User $user */
         $em = self::$em;
         $user = $em->getRepository('Entity\\User')->find($return);
         $role = $em->getRepository('Entity\\Role')->find($status);
         $user->getRolesObj()->add($role);
         $em->persist($user);
         $em->flush();
         if (!empty($email) && $send_mail) {
             $recipient_name = api_get_person_name($firstName, $lastName, null, PERSON_NAME_EMAIL_ADDRESS);
             $emailsubject = '[' . api_get_setting('siteName') . '] ' . get_lang('YourReg') . ' ' . api_get_setting('siteName');
             $sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
             $email_admin = api_get_setting('emailAdministrator');
             if (api_is_multiple_url_enabled()) {
                 $access_url_id = api_get_current_access_url_id();
                 if ($access_url_id != -1) {
                     $url = api_get_current_access_url_info();
                     $emailbody = get_lang('Dear') . " " . stripslashes(api_get_person_name($firstName, $lastName)) . ",\n\n" . get_lang('YouAreReg') . " " . api_get_setting('siteName') . " " . get_lang('WithTheFollowingSettings') . "\n\n" . get_lang('Username') . " : " . $loginName . "\n" . get_lang('Pass') . " : " . stripslashes($original_password) . "\n\n" . get_lang('Address') . " " . api_get_setting('siteName') . " " . get_lang('Is') . " : " . $url['url'] . "\n\n" . get_lang('Problem') . "\n\n" . get_lang('Formula') . ",\n\n" . api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname')) . "\n" . get_lang('Manager') . " " . api_get_setting('siteName') . "\nT. " . api_get_setting('administratorTelephone') . "\n" . get_lang('Email') . " : " . api_get_setting('emailAdministrator');
                 }
             } else {
                 $emailbody = get_lang('Dear') . " " . stripslashes(api_get_person_name($firstName, $lastName)) . ",\n\n" . get_lang('YouAreReg') . " " . api_get_setting('siteName') . " " . get_lang('WithTheFollowingSettings') . "\n\n" . get_lang('Username') . " : " . $loginName . "\n" . get_lang('Pass') . " : " . stripslashes($original_password) . "\n\n" . get_lang('Address') . " " . api_get_setting('siteName') . " " . get_lang('Is') . " : " . $_configuration['root_web'] . "\n\n" . get_lang('Problem') . "\n\n" . get_lang('Formula') . ",\n\n" . api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname')) . "\n" . get_lang('Manager') . " " . api_get_setting('siteName') . "\nT. " . api_get_setting('administratorTelephone') . "\n" . get_lang('Email') . " : " . api_get_setting('emailAdministrator');
             }
             /* MANAGE EVENT WITH MAIL */
             if (EventsMail::check_if_using_class('user_registration')) {
                 $values["about_user"] = $return;
                 $values["password"] = $original_password;
                 $values["send_to"] = array($return);
                 $values["prior_lang"] = null;
                 EventsDispatcher::events('user_registration', $values);
             } else {
                 @api_mail_html($recipient_name, $email, $emailsubject, $emailbody, $sender_name, $email_admin);
             }
             /* ENDS MANAGE EVENT WITH MAIL */
         }
         // Add event to system log
         $user_id_manager = api_get_user_id();
         $user_info = api_get_user_info($return);
         event_system(LOG_USER_CREATE, LOG_USER_ID, $return, api_get_utc_datetime(), $user_id_manager);
         event_system(LOG_USER_CREATE, LOG_USER_OBJECT, $user_info, api_get_utc_datetime(), $user_id_manager);
     } else {
         return api_set_failure('error inserting in Database');
     }
     if (is_array($extra) && count($extra) > 0) {
         $res = true;
         foreach ($extra as $fname => $fvalue) {
             $res = $res && self::update_extra_field_value($return, $fname, $fvalue);
         }
     }
     self::update_extra_field_value($return, 'already_logged_in', 'false');
     return $return;
 }
    /**
     * Creates a new user for the platform
     * @author Hugues Peeters <*****@*****.**>,
     * @author Roan Embrechts <*****@*****.**>
     * @param    string    Firstname
     * @param    string    Lastname
     * @param    int       Status (1 for course tutor, 5 for student, 6 for anonymous)
     * @param    string    e-mail address
     * @param    string    Login
     * @param    string    Password
     * @param    string    Any official code (optional)
     * @param    string    User language    (optional)
     * @param    string    Phone number    (optional)
     * @param    string    Picture URI        (optional)
     * @param    string    Authentication source    (optional, defaults to 'platform', dependind on constant)
     * @param    string    Account expiration date (optional, defaults to '0000-00-00 00:00:00')
     * @param    int        Whether the account is enabled or disabled by default
     * @param    int        The department of HR in which the user is registered (optional, defaults to 0)
     * @param     array    Extra fields
     * @param    string    Encrypt method used if password is given encrypted. Set to an empty string by default
     * @return mixed   new user id - if the new user creation succeeds, false otherwise
     * @desc The function tries to retrieve $_user['user_id'] from the global space. If it exists, $_user['user_id'] is the creator id. If a problem arises, it stores the error message in global $api_failureList
     * @assert ('Sam','Gamegie',5,'*****@*****.**','jo','jo') > 1
     * @assert ('Pippin','Took',null,null,'jo','jo') === false
     */
    public static function create_user(
        $firstName,
        $lastName,
        $status,
        $email,
        $loginName,
        $password,
        $official_code = '',
        $language = '',
        $phone = '',
        $picture_uri = '',
        $auth_source = PLATFORM_AUTH_SOURCE,
        $expiration_date = '0000-00-00 00:00:00',
        $active = 1,
        $hr_dept_id = 0,
        $extra = null,
        $encrypt_method = '',
        $send_mail = false
    ) {
        global $_user, $_configuration;
        $original_password = $password;
        $access_url_id = 1;

        if (api_get_multiple_access_url()) {
            $access_url_id = api_get_current_access_url_id();
        }

        if (is_array($_configuration[$access_url_id]) &&
            isset($_configuration[$access_url_id]['hosting_limit_users']) &&
            $_configuration[$access_url_id]['hosting_limit_users'] > 0) {
            $num = self::get_number_of_users();
            if ($num >= $_configuration[$access_url_id]['hosting_limit_users']) {
                api_warn_hosting_contact('hosting_limit_users');
                return api_set_failure('portal users limit reached');
            }
        }

        if ($status === 1 &&
            is_array($_configuration[$access_url_id]) &&
            isset($_configuration[$access_url_id]['hosting_limit_teachers']) &&
            $_configuration[$access_url_id]['hosting_limit_teachers'] > 0
        ) {
            $num = self::get_number_of_users(1);
            if ($num >= $_configuration[$access_url_id]['hosting_limit_teachers']) {
                api_warn_hosting_contact('hosting_limit_teachers');
                return api_set_failure('portal teachers limit reached');
            }
        }

        $firstName = Security::remove_XSS($firstName);
        $lastName = Security::remove_XSS($lastName);
        $loginName = Security::remove_XSS($loginName);
        $phone = Security::remove_XSS($phone);

        // database table definition
        $table_user = Database::get_main_table(TABLE_MAIN_USER);

        //Checking the user language
        $languages = api_get_languages();
        $language = strtolower($language);
        if (!in_array($language, $languages['folder'])) {
            $language = api_get_setting('platformLanguage');
        }

        if ($_user['user_id']) {
            $creator_id = intval($_user['user_id']);
        } else {
            $creator_id = '';
        }

        // First check wether the login already exists
        if (!self::is_username_available($loginName)) {
            return api_set_failure('login-pass already taken');
        }

        //$password = "******";

        if (empty($encrypt_method)) {
            $password = api_get_encrypted_password($password);
        } else {
            if ($_configuration['password_encryption'] === $encrypt_method) {
                if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) {
                    return api_set_failure('encrypt_method invalid');
                } else if ($encrypt_method == 'sha1' && !preg_match('/^[A-Fa-f0-9]{40}$/', $password)) {
                    return api_set_failure('encrypt_method invalid');
                }
            } else {
                return api_set_failure('encrypt_method invalid');
            }
        }


        $current_date = api_get_utc_datetime();
        $sql = "INSERT INTO $table_user
                SET lastname =         '".Database::escape_string(trim($lastName))."',
                firstname =         '".Database::escape_string(trim($firstName))."',
                username =            '******',
                status =             '".Database::escape_string($status)."',
                password =             '******',
                email =             '".Database::escape_string($email)."',
                official_code    =     '".Database::escape_string($official_code)."',
                picture_uri     =     '".Database::escape_string($picture_uri)."',
                creator_id      =     '".Database::escape_string($creator_id)."',
                auth_source =         '".Database::escape_string($auth_source)."',
                phone =             '".Database::escape_string($phone)."',
                language =             '".Database::escape_string($language)."',
                registration_date = '".$current_date."',
                expiration_date =     '".Database::escape_string($expiration_date)."',
                hr_dept_id =         '".Database::escape_string($hr_dept_id)."',
                active =             '".Database::escape_string($active)."'";
        $result = Database::query($sql);

        if ($result) {
            //echo "id returned";
            $return = Database::insert_id();
            if (api_get_multiple_access_url()) {
                UrlManager::add_user_to_url($return, api_get_current_access_url_id());
            } else {
                //we are adding by default the access_url_user table with access_url_id = 1
                UrlManager::add_user_to_url($return, 1);
            }

            if (!empty($email) && $send_mail) {
                $recipient_name = api_get_person_name($firstName, $lastName, null, PERSON_NAME_EMAIL_ADDRESS);
                $emailsubject = '['.api_get_setting('siteName').'] '.get_lang('YourReg').' '.api_get_setting('siteName');
                $sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
                $email_admin = api_get_setting('emailAdministrator');

                if (api_is_multiple_url_enabled()) {
                    $access_url_id = api_get_current_access_url_id();
                    if ($access_url_id != -1) {
                        $url = api_get_access_url($access_url_id);
                        $emailbody = get_lang('Dear')." ".stripslashes(api_get_person_name($firstName, $lastName)).",\n\n".get_lang('YouAreReg')." ".api_get_setting('siteName')." ".get_lang('WithTheFollowingSettings')."\n\n".get_lang('Username')." : ".$loginName."\n".get_lang('Pass')." : ".stripslashes($original_password)."\n\n".get_lang('Address')." ".api_get_setting('siteName')." ".get_lang('Is')." : ".$url['url']."\n\n".get_lang('Problem')."\n\n".get_lang('SignatureFormula').",\n\n".api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'))."\n".get_lang('Manager')." ".api_get_setting('siteName')."\nT. ".api_get_setting('administratorTelephone')."\n".get_lang('Email')." : ".api_get_setting('emailAdministrator');
                    }
                } else {
                    $emailbody = get_lang('Dear')." ".stripslashes(api_get_person_name($firstName, $lastName)).",\n\n".get_lang('YouAreReg')." ".api_get_setting('siteName')." ".get_lang('WithTheFollowingSettings')."\n\n".get_lang('Username')." : ".$loginName."\n".get_lang('Pass')." : ".stripslashes($original_password)."\n\n".get_lang('Address')." ".api_get_setting('siteName')." ".get_lang('Is')." : ".$_configuration['root_web']."\n\n".get_lang('Problem')."\n\n".get_lang('SignatureFormula').",\n\n".api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'))."\n".get_lang('Manager')." ".api_get_setting('siteName')."\nT. ".api_get_setting('administratorTelephone')."\n".get_lang('Email')." : ".api_get_setting('emailAdministrator');
                }

                /* MANAGE EVENT WITH MAIL */
                if (EventsMail::check_if_using_class('user_registration')) {
                    $values["about_user"] = $return;
                    $values["password"] = $original_password;
                    $values["send_to"] = array($return);
                    $values["prior_lang"] = null;
                    EventsDispatcher::events('user_registration', $values);
                } else {
                    $phoneNumber = isset($extra['mobile_phone_number']) ? $extra['mobile_phone_number'] : null;
                    $additionalParameters = array(
                        'smsType' => ClockworksmsPlugin::WELCOME_LOGIN_PASSWORD,
                        'userId' => $return,
                        'mobilePhoneNumber' => $phoneNumber,
                        'password' => $original_password
                    );
                    api_mail_html(
                        $recipient_name,
                        $email,
                        $emailsubject,
                        $emailbody,
                        $sender_name,
                        $email_admin,
                        null,
                        null,
                        null,
                        $additionalParameters
                    );
                }
                /* ENDS MANAGE EVENT WITH MAIL */
            }
            event_system(LOG_USER_CREATE, LOG_USER_ID, $return);
        } else {
            return api_set_failure('error inserting in Database');
        }

        if (is_array($extra) && count($extra) > 0) {
            $res = true;
            foreach ($extra as $fname => $fvalue) {
                $res = $res && self::update_extra_field_value($return, $fname, $fvalue);
            }
        }
        self::update_extra_field_value($return, 'already_logged_in', 'false');

        return $return;
    }