コード例 #1
0
ファイル: user.php プロジェクト: milk54/geeklog-japan
/**
* This function allows the administrator to import batches of users
*
* TODO: This function should first display the users that are to be imported,
* together with the invalid users and the reason of invalidity. Each valid line
* should have a checkbox that allows selection of final to be imported users.
* After clicking an extra button, the actual import should take place. This will
* prevent problems in case the list formatting is incorrect.
*
* @return   string          HTML with success or error message
*
*/
function importusers()
{
    global $_CONF, $_TABLES, $LANG04, $LANG28;
    // Setting this to true will cause import to print processing status to
    // webpage and to the error.log file
    $verbose_import = true;
    $retval = '';
    // Bulk import implies admin authorisation:
    $_CONF['usersubmission'] = 0;
    // First, upload the file
    require_once $_CONF['path_system'] . 'classes/upload.class.php';
    $upload = new upload();
    $upload->setPath($_CONF['path_data']);
    $upload->setAllowedMimeTypes(array('text/plain' => '.txt'));
    $upload->setFileNames('user_import_file.txt');
    if ($upload->uploadFiles()) {
        // Good, file got uploaded, now install everything
        $thefile = current($_FILES);
        $filename = $_CONF['path_data'] . 'user_import_file.txt';
        if (!file_exists($filename)) {
            // empty upload form
            $retval = COM_refresh($_CONF['site_admin_url'] . '/user.php?mode=importform');
            return $retval;
        }
    } else {
        // A problem occurred, print debug information
        $retval = COM_showMessageText($upload->printErrors(false), $LANG28[24]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22]));
        return $retval;
    }
    $users = file($filename);
    $retval .= COM_startBlock($LANG28[31], '', COM_getBlockTemplate('_admin_block', 'header'));
    // Following variables track import processing statistics
    $successes = 0;
    $failures = 0;
    foreach ($users as $line) {
        $line = rtrim($line);
        if (empty($line)) {
            continue;
        }
        list($full_name, $u_name, $email) = explode("\t", $line);
        $full_name = strip_tags($full_name);
        $u_name = COM_applyFilter($u_name);
        $email = COM_applyFilter($email);
        if ($verbose_import) {
            $retval .= "<br" . XHTML . "><b>Working on username={$u_name}, fullname={$full_name}, and email={$email}</b><br" . XHTML . ">\n";
            COM_errorLog("Working on username={$u_name}, fullname={$full_name}, and email={$email}", 1);
        }
        // prepare for database
        $userName = trim($u_name);
        $fullName = trim($full_name);
        $emailAddr = trim($email);
        if (COM_isEmail($email)) {
            // email is valid form
            $ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($userName));
            $ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($emailAddr));
            if ($ucount == 0 && $ecount == 0) {
                // user doesn't already exist - pass in optional true for $batchimport parm
                $uid = USER_createAccount($userName, $emailAddr, '', $fullName, '', '', '', true);
                $result = USER_createAndSendPassword($userName, $emailAddr, $uid);
                if ($result) {
                    $successes++;
                    if ($verbose_import) {
                        $retval .= "<br" . XHTML . "> Account for <b>{$u_name}</b> created successfully.<br" . XHTML . ">\n";
                        COM_errorLog("Account for {$u_name} created successfully", 1);
                    }
                } else {
                    // user creation failed
                    $retval .= "<br" . XHTML . ">ERROR: There was a problem creating the account for <b>{$u_name}</b>.<br" . XHTML . ">\n";
                    COM_errorLog("ERROR: here was a problem creating the account for {$u_name}.", 1);
                }
            } else {
                if ($verbose_import) {
                    $retval .= "<br" . XHTML . "><b>{$u_name}</b> or <b>{$email}</b> already exists, account not created.<br" . XHTML . ">\n";
                    // user already exists
                    COM_errorLog("{$u_name},{$email}: username or email already exists, account not created", 1);
                }
                $failures++;
            }
            // end if $ucount == 0 && ecount == 0
        } else {
            if ($verbose_import) {
                $retval .= "<br" . XHTML . "><b>{$email}</b> is not a valid email address, account not created<br" . XHTML . ">\n";
                // malformed email
                COM_errorLog("{$email} is not a valid email address, account not created", 1);
            }
            $failures++;
        }
        // end if COM_isEmail($email)
    }
    // end foreach
    unlink($filename);
    $retval .= '<p>' . sprintf($LANG28[32], $successes, $failures);
    $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
    $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[24]));
    return $retval;
}
コード例 #2
0
ファイル: lib-security.php プロジェクト: Geeklog-Core/geeklog
/**
 * Check to see if we can authenticate this user with a remote server
 * A user has not managed to login localy, but has an @ in their user
 * name and we have enabled distributed authentication. Firstly, try to
 * see if we have cached the module that we used to authenticate them
 * when they signed up (i.e. they've actualy changed their password
 * elsewhere and we need to synch.) If not, then try to authenticate
 * them with /every/ authentication module. If this suceeds, create
 * a user for them.
 *
 * @param  string $loginname Their username
 * @param  string $passwd    The password entered
 * @param  string $service   The service portion of $username
 * @param  string $uid       OUTPUT parameter, pass it by ref to get uid back.
 * @return int     user status, -1 for fail.
 */
function SEC_remoteAuthentication(&$loginname, $passwd, $service, &$uid)
{
    global $_CONF, $_TABLES;
    /* First try a local cached login */
    $remoteusername = DB_escapeString($loginname);
    $remoteservice = DB_escapeString($service);
    $result = DB_query("SELECT passwd, status, uid FROM {$_TABLES['users']} WHERE remoteusername='******' AND remoteservice='{$remoteservice}'");
    $tmp = DB_error();
    $nrows = DB_numRows($result);
    if ($tmp == 0 && $nrows == 1) {
        $U = DB_fetchArray($result);
        $uid = $U['uid'];
        $mypass = $U['passwd'];
        // also used to see if the user existed later.
        if ($mypass == SEC_encryptPassword($passwd)) {
            /* Valid password for cached user, return status */
            return $U['status'];
        }
    }
    $service = COM_sanitizeFilename($service);
    $servicefile = $_CONF['path_system'] . 'classes/authentication/' . $service . '.auth.class.php';
    if (file_exists($servicefile)) {
        require_once $servicefile;
        $authmodule = new $service();
        if ($authmodule->authenticate($loginname, $passwd)) {
            /* check to see if they have logged in before: */
            if (empty($mypass)) {
                // no such user, create them
                // Check to see if their remoteusername is unique locally
                $checkName = DB_getItem($_TABLES['users'], 'username', "username='******'");
                if (!empty($checkName)) {
                    // no, call custom function.
                    if (function_exists('CUSTOM_uniqueRemoteUsername')) {
                        $loginname = CUSTOM_uniqueRemoteUsername($loginname, $service);
                    }
                }
                USER_createAccount($loginname, $authmodule->email, $passwd, $authmodule->fullname, $authmodule->homepage, $remoteusername, $remoteservice);
                $uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice='{$remoteservice}'");
                // Store full remote account name:
                DB_query("UPDATE {$_TABLES['users']} SET remoteusername='******', remoteservice='{$remoteservice}', status=3 WHERE uid='{$uid}'");
                // Add to remote users:
                $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Remote Users'");
                DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ({$remote_grp}, {$uid})");
                return 3;
                // Remote auth precludes usersubmission,
                // and integrates user activation, see?
            } else {
                // user existed, update local password:
                DB_change($_TABLES['users'], 'passwd', SEC_encryptPassword($passwd), array('remoteusername', 'remoteservice'), array($remoteusername, $remoteservice));
                // and return their status
                return DB_getItem($_TABLES['users'], 'status', "remoteusername='******' AND remoteservice='{$remoteservice}'");
            }
        } else {
            return -1;
        }
    } else {
        return -1;
    }
}
コード例 #3
0
ファイル: users.php プロジェクト: spacequad/glfusion
function createuser()
{
    global $_CONF, $_TABLES, $LANG01, $LANG04, $MESSAGE, $REMOTE_ADDR;
    $retval = '';
    $retval = '';
    $passwd = '';
    $passwd_conf = '';
    if ($_CONF['disable_new_user_registration']) {
        COM_setMsg($LANG04[122], 'error');
        echo COM_refresh($_CONF['site_url']);
    }
    $email = isset($_POST['email']) ? COM_applyFilter($_POST['email']) : '';
    $email_conf = isset($_POST['email_conf']) ? COM_applyFilter($_POST['email_conf']) : '';
    $username = isset($_POST['username']) ? $_POST['username'] : '';
    if (isset($_POST['passwd'])) {
        $passwd = trim($_POST['passwd']);
    }
    if (isset($_POST['passwd_conf'])) {
        $passwd_conf = trim($_POST['passwd_conf']);
    }
    $username = COM_truncate(trim($username), 48);
    if (!USER_validateUsername($username)) {
        $retval .= newuserform($LANG04[162]);
        return $retval;
    }
    $email = COM_truncate(trim($email), 96);
    $email_conf = trim($email_conf);
    if ($_CONF['registration_type'] == 1) {
        if (empty($passwd) || $passwd != $passwd_conf) {
            $retval .= newuserform($MESSAGE[67]);
            return $retval;
        }
    }
    $fullname = '';
    if (!empty($_POST['fullname'])) {
        $fullname = COM_truncate(trim(USER_sanitizeName($_POST['fullname'])), 80);
    }
    if (!isset($_CONF['disallow_domains'])) {
        $_CONF['disallow_domains'] = '';
    }
    if (COM_isEmail($email) && !empty($username) && $email === $email_conf && !USER_emailMatches($email, $_CONF['disallow_domains']) && strlen($username) <= 48) {
        $ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($username));
        $ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($email));
        if ($ucount == 0 and $ecount == 0) {
            // For glFusion, it would be okay to create this user now. But check
            // with a custom userform first, if one exists.
            if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
                $msg = CUSTOM_userCheck($username, $email);
                if (!empty($msg)) {
                    // no, it's not okay with the custom userform
                    $retval = CUSTOM_userForm($msg);
                    return $retval;
                }
            }
            // Let plugins have a chance to decide what to do before creating the user, return errors.
            $spamCheckData = array('username' => $username, 'email' => $email, 'ip' => $REMOTE_ADDR);
            $msg = PLG_itemPreSave('registration', $spamCheckData);
            if (!empty($msg)) {
                $retval .= newuserform($msg);
                return $retval;
            }
            if ($_CONF['registration_type'] == 1 && !empty($passwd)) {
                $encryptedPasswd = SEC_encryptPassword($passwd);
            } else {
                $encryptedPasswd = '';
            }
            $uid = USER_createAccount($username, $email, $encryptedPasswd, $fullname);
            if ($_CONF['usersubmission'] == 1) {
                if (DB_getItem($_TABLES['users'], 'status', "uid = " . (int) $uid) == USER_ACCOUNT_AWAITING_APPROVAL) {
                    echo COM_refresh($_CONF['site_url'] . '/index.php?msg=48');
                } else {
                    $retval = emailpassword($username, $passwd, 1);
                }
            } else {
                $retval = emailpassword($username, $passwd);
            }
            return $retval;
        } else {
            $retval .= newuserform($LANG04[19]);
        }
    } else {
        if ($email !== $email_conf) {
            $msg = $LANG04[125];
            $retval .= newuserform($msg);
        } else {
            // invalid username or email address
            if (empty($username) || strlen($username) > 48) {
                $msg = $LANG01[32];
                // invalid username
            } else {
                $msg = $LANG04[18];
                // invalid email address
            }
            $retval .= newuserform($msg);
        }
    }
    return $retval;
}
コード例 #4
0
 function doValidLogin($login)
 {
     global $_TABLES, $status, $uid;
     // Remote auth precludes usersubmission,
     // and integrates user activation, see?;
     $status = USER_ACCOUNT_ACTIVE;
     // PHP replaces "." with "_"
     $openid_identity = addslashes($this->query['openid_identity']);
     $openid_nickname = '';
     if (isset($this->query['openid_sreg_nickname'])) {
         $openid_nickname = $this->query['openid_sreg_nickname'];
     }
     // Check if that account is already registered.
     $result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE remoteusername = '******' AND remoteservice = 'openid'");
     $tmp = DB_error();
     $nrows = DB_numRows($result);
     if (!($tmp == 0) || !($nrows == 1)) {
         // First time login with this OpenID, creating account...
         if (empty($openid_nickname)) {
             $openid_nickname = $this->makeUsername($this->query['openid_identity']);
         }
         // we simply can't accept empty usernames ...
         if (empty($openid_nickname)) {
             COM_errorLog('Got an empty username for ' . $openid_identity);
             // not strictly correct - just to signal a failed login attempt
             $status = USER_ACCOUNT_DISABLED;
             $uid = 0;
             return;
         }
         // Ensure that remoteusername is unique locally.
         $openid_nickname = USER_uniqueUsername($openid_nickname);
         $openid_sreg_email = '';
         if (isset($this->query['openid_sreg_email'])) {
             $openid_sreg_email = $this->query['openid_sreg_email'];
         }
         $openid_sreg_fullname = '';
         if (isset($this->query['openid_sreg_fullname'])) {
             $openid_sreg_fullname = $this->query['openid_sreg_fullname'];
         }
         USER_createAccount($openid_nickname, $openid_sreg_email, '', $openid_sreg_fullname, '', $this->query['openid_identity'], 'openid');
         $uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice = 'openid'");
         // Store full remote account name:
         DB_query("UPDATE {$_TABLES['users']} SET remoteusername = '******', remoteservice = 'openid', status = 3 WHERE uid = {$uid}");
         // Add to remote users:
         $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
         DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$remote_grp}, {$uid})");
     } else {
         $result = DB_query("SELECT uid,status FROM {$_TABLES['users']} WHERE remoteusername = '******' AND remoteservice = 'openid'");
         list($uid, $status) = DB_fetchArray($result);
     }
 }
コード例 #5
0
 public function doAction($info)
 {
     global $_TABLES, $status, $uid, $_CONF;
     // COM_errorLog("doAction() method ------------------");
     // remote auth precludes usersubmission, and integrates user activation
     $status = USER_ACCOUNT_ACTIVE;
     $users = $this->_getCreateUserInfo($info);
     $userinfo = $this->_getUpdateUserInfo($info);
     $passwords = USER_createPassword();
     $users['passwd2'] = $passwords['encrypted'];
     $sql = "SELECT uid,status FROM {$_TABLES['users']} WHERE remoteusername = '******'remoteusername']}' AND remoteservice = '{$users['remoteservice']}'";
     // COM_errorLog("sql={$sql}");
     $result = DB_query($sql);
     $tmp = DB_error();
     // COM_errorLog("DB_error={$tmp}");
     $nrows = DB_numRows($result);
     // COM_errorLog("DB_numRows={$nrows}");
     if (empty($tmp) && $nrows == 1) {
         list($uid, $status) = DB_fetchArray($result);
         // COM_errorLog("user found!  uid={$uid} status={$status}");
     } else {
         // COM_errorLog("user not found - creating new account");
         // initial login - create account
         $status = USER_ACCOUNT_ACTIVE;
         // COM_errorLog("checking remoteuser login name for uniqueness");
         $checkName = DB_getItem($_TABLES['users'], 'username', "username='******'loginname']}'");
         if (!empty($checkName)) {
             if ($checkName == $users['loginname']) {
                 if (function_exists('CUSTOM_uniqueRemoteUsername')) {
                     // COM_errorLog("CUSTOM_uniqueRemoteUserName function exists, calling it");
                     $users['loginname'] = CUSTOM_uniqueRemoteUsername($users['loginname'], $users['remoteservice']);
                 } else {
                     // COM_errorLog("loginname is not unique, using USER_uniqueUsername() to create one");
                     $users['loginname'] = USER_uniqueUsername($users['loginname']);
                 }
             }
         }
         $uid = USER_createAccount($users['loginname'], $users['email'], $users['passwd2'], $users['fullname'], $users['homepage'], $users['remoteusername'], $users['remoteservice']);
         // COM_errorLog("after creation, uid={$uid}");
         // COM_errorLog("updating users[]");
         if (is_array($users)) {
             $this->_DBupdate_users($uid, $users);
         }
         // COM_errorLog("updating userinfo[]");
         if (is_array($userinfo)) {
             $this->_DBupdate_userinfo($uid, $userinfo);
         }
         // COM_errorLog("adding uid={$uid} to Remote Users group");
         $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
         DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$remote_grp}, {$uid})");
         // usercreate after trigger
         if (method_exists($this, '_after_trigger')) {
             $this->_after_trigger($uid, $users, $userinfo);
         }
     }
 }
コード例 #6
0
 public function doAction($info)
 {
     global $_TABLES, $LANG04, $status, $uid, $_CONF, $checkMerge;
     $users = $this->_getCreateUserInfo($info);
     $userinfo = $this->_getUpdateUserInfo($info);
     $sql = "SELECT uid,status FROM {$_TABLES['users']} WHERE remoteusername = '******'remoteusername']) . "' AND remoteservice = '" . DB_escapeString($users['remoteservice']) . "'";
     $result = DB_query($sql);
     $tmp = DB_error();
     $nrows = DB_numRows($result);
     if (empty($tmp) && $nrows == 1) {
         // existing user...
         list($uid, $status) = DB_fetchArray($result);
         $checkMerge = false;
     } else {
         if ($_CONF['disable_new_user_registration']) {
             echo COM_siteHeader();
             echo $LANG04[122];
             echo COM_siteFooter();
             exit;
         }
         // initial login - create account
         $loginname = $users['loginname'];
         $checkName = DB_getItem($_TABLES['users'], 'username', "username='******'");
         if (!empty($checkName)) {
             if (function_exists('CUSTOM_uniqueRemoteUsername')) {
                 $loginname = CUSTOM_uniqueRemoteUsername(loginname, $remoteservice);
             }
             if (strcasecmp($checkName, $loginname) == 0) {
                 $loginname = USER_uniqueUsername($loginname);
             }
         }
         $users['loginname'] = $loginname;
         $uid = USER_createAccount($users['loginname'], $users['email'], '', $users['fullname'], $users['homepage'], $users['remoteusername'], $users['remoteservice']);
         if (is_array($users)) {
             $this->_DBupdate_users($uid, $users);
         }
         if (is_array($userinfo)) {
             $this->_DBupdate_userinfo($uid, $userinfo);
         }
         $status = DB_getItem($_TABLES['users'], 'status', 'uid=' . (int) $uid);
         $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
         DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$remote_grp}, {$uid})");
         if (isset($users['socialuser'])) {
             $social_result = DB_query("SELECT * FROM {$_TABLES['social_follow_services']} WHERE service_name='" . DB_escapeString($users['socialservice']) . "' AND enabled=1");
             if (DB_numRows($social_result) > 0) {
                 $social_row = DB_fetchArray($social_result);
                 $sql = "REPLACE INTO {$_TABLES['social_follow_user']} (ssid,uid,ss_username) ";
                 $sql .= " VALUES (" . (int) $social_row['ssid'] . "," . $uid . ",'" . $users['socialuser'] . "');";
                 DB_query($sql, 1);
             }
         }
         if (isset($users['email']) && $users['email'] != '') {
             $sql = "SELECT * FROM {$_TABLES['users']} WHERE account_type = " . LOCAL_USER . " AND email='" . DB_escapeString($users['email']) . "' AND uid > 1";
             $result = DB_query($sql);
             $numRows = DB_numRows($result);
             if ($numRows == 1) {
                 $row = DB_fetchArray($result);
                 $remoteUID = $uid;
                 $localUID = $row['uid'];
                 USER_mergeAccountScreen($remoteUID, $localUID);
             }
         }
     }
 }
コード例 #7
0
 public function doAction($info)
 {
     global $_TABLES, $status, $uid, $_CONF;
     // remote auth precludes usersubmission, and integrates user activation
     $status = USER_ACCOUNT_ACTIVE;
     $users = $this->_getCreateUserInfo($info);
     $userinfo = $this->_getUpdateUserInfo($info);
     $sql = "SELECT uid,status FROM {$_TABLES['users']} WHERE remoteusername = '******'remoteusername']) . "' AND remoteservice = '" . DB_escapeString($users['remoteservice']) . "'";
     $result = DB_query($sql);
     $tmp = DB_error();
     $nrows = DB_numRows($result);
     if (empty($tmp) && $nrows == 1) {
         list($uid, $status) = DB_fetchArray($result);
     } else {
         // initial login - create account
         $status = USER_ACCOUNT_ACTIVE;
         $loginname = $users['loginname'];
         $checkName = DB_getItem($_TABLES['users'], 'username', "username='******'");
         if (!empty($checkName)) {
             if (function_exists('CUSTOM_uniqueRemoteUsername')) {
                 $loginname = CUSTOM_uniqueRemoteUsername(loginname, $remoteservice);
             }
             if (strcasecmp($checkName, $loginname) == 0) {
                 $loginname = USER_uniqueUsername($loginname);
             }
         }
         $users['loginname'] = $loginname;
         $uid = USER_createAccount($users['loginname'], $users['email'], '', $users['fullname'], $users['homepage'], $users['remoteusername'], $users['remoteservice']);
         if (is_array($users)) {
             $this->_DBupdate_users($uid, $users);
         }
         if (is_array($userinfo)) {
             $this->_DBupdate_userinfo($uid, $userinfo);
         }
         $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
         DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$remote_grp}, {$uid})");
     }
 }
コード例 #8
0
ファイル: users.php プロジェクト: Geeklog-Core/geeklog
/**
 * Creates a user
 * Creates a user with the give username and email address
 *
 * @param    string $username   username to create user for
 * @param    string $email      email address to assign to user
 * @param    string $email_conf confirmation email address check
 * @return   string      HTML for the form again if error occurs, otherwise nothing.
 */
function createuser($username, $email, $email_conf)
{
    global $_CONF, $_TABLES, $LANG01, $LANG04;
    $retval = '';
    $username = trim($username);
    $email = trim($email);
    $email_conf = trim($email_conf);
    if (!isset($_CONF['disallow_domains'])) {
        $_CONF['disallow_domains'] = '';
    }
    if (COM_isEmail($email) && !empty($username) && $email === $email_conf && !USER_emailMatches($email, $_CONF['disallow_domains']) && strlen($username) <= 16) {
        $ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($username));
        $ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($email));
        if ($ucount == 0 && $ecount == 0) {
            // For Geeklog, it would be okay to create this user now. But check
            // with a custom userform first, if one exists.
            if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
                $ret = CUSTOM_userCheck($username, $email);
                if (!empty($ret)) {
                    // no, it's not okay with the custom userform
                    $retval = COM_createHTMLDocument(CUSTOM_userForm($ret['string']));
                    return $retval;
                }
            }
            // Let plugins have a chance to decide what to do before creating the user, return errors.
            $msg = PLG_itemPreSave('registration', $username);
            if (!empty($msg)) {
                if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) {
                    $retval .= CUSTOM_userForm($msg);
                } else {
                    $retval .= newuserform($msg);
                }
                $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22]));
                return $retval;
            }
            $uid = USER_createAccount($username, $email);
            if ($_CONF['usersubmission'] == 1) {
                if (DB_getItem($_TABLES['users'], 'status', "uid = {$uid}") == USER_ACCOUNT_AWAITING_APPROVAL) {
                    COM_redirect($_CONF['site_url'] . '/index.php?msg=48');
                } else {
                    $retval = emailpassword($username, 1);
                }
            } else {
                $retval = emailpassword($username, 1);
            }
            return $retval;
        } else {
            if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) {
                $retval .= CUSTOM_userForm($LANG04[19]);
            } else {
                $retval .= newuserform($LANG04[19]);
            }
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22]));
        }
    } elseif ($email !== $email_conf) {
        $msg = $LANG04[125];
        if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) {
            $retval .= CUSTOM_userForm($msg);
        } else {
            $retval .= newuserform($msg);
        }
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22]));
    } else {
        // invalid username or email address
        if (empty($username) || strlen($username) > 16) {
            $msg = $LANG01[32];
            // invalid username
        } else {
            $msg = $LANG04[18];
            // invalid email address
        }
        if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) {
            $retval .= CUSTOM_userForm($msg);
        } else {
            $retval .= newuserform($msg);
        }
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22]));
    }
    return $retval;
}