function auto_create_user_account()
{
# Automatically creates a user account (which requires approval unless $auto_approve_accounts is true).
global $applicationname, $user_email, $baseurl, $email_notify, $lang, $user_account_auto_creation_usergroup, $registration_group_select, $auto_approve_accounts, $auto_approve_domains, $customContents;
# Work out which user group to set. Allow a hook to change this, if necessary.
$altgroup = hook("auto_approve_account_switch_group");
if ($altgroup !== false) {
$usergroup = $altgroup;
} else {
$usergroup = $user_account_auto_creation_usergroup;
}
if ($registration_group_select) {
$usergroup = getvalescaped("usergroup", "", true);
# Check this is a valid selectable usergroup (should always be valid unless this is a hack attempt)
if (sql_value("select allow_registration_selection value from usergroup where ref='{$usergroup}'", 0) != 1) {
exit("Invalid user group selection");
}
}
$newusername = escape_check(make_username(getval("name", "")));
#check if account already exists
$check = sql_value("select email value from user where email = '{$user_email}'", "");
if ($check != "") {
return $lang["useremailalreadyexists"];
}
# Prepare to create the user.
$email = trim(getvalescaped("email", ""));
$password = make_password();
# Work out if we should automatically approve this account based on $auto_approve_accounts or $auto_approve_domains
$approve = false;
# Block immediate reset
$bypassemail = false;
if ($auto_approve_accounts == true) {
$approve = true;
$bypassemail = true;
// We can send user direct to password reset page
} elseif (count($auto_approve_domains) > 0) {
# Check e-mail domain.
foreach ($auto_approve_domains as $domain => $set_usergroup) {
// If a group is not specified the variables don't get set correctly so we need to correct this
if (is_numeric($domain)) {
$domain = $set_usergroup;
$set_usergroup = "";
}
if (substr(strtolower($email), strlen($email) - strlen($domain) - 1) == "@" . strtolower($domain)) {
# E-mail domain match.
$approve = true;
# If user group is supplied, set this
if (is_numeric($set_usergroup)) {
$usergroup = $set_usergroup;
}
}
}
}
# Create the user
sql_query("insert into user (username,password,fullname,email,usergroup,comments,approved) values ('" . $newusername . "','" . $password . "','" . getvalescaped("name", "") . "','" . $email . "','" . $usergroup . "','" . escape_check($customContents) . "'," . ($approve ? 1 : 0) . ")");
$new = sql_insert_id();
hook("afteruserautocreated", "all", array("new" => $new));
if ($approve) {
# Auto approving
global $anonymous_login;
if (isset($anonymous_login)) {
global $rs_session;
$rs_session = get_rs_session_id();
if ($rs_session == false) {
break;
}
# Copy any anonymous session collections to the new user account
if (!function_exists("get_session_collections")) {
include_once dirname(__FILE__) . "/../include/collections_functions.php";
}
global $username, $userref;
$username = $anonymous_login;
$userref = sql_value("SELECT ref value FROM user where username='******'", "");
$sessioncollections = get_session_collections($rs_session, $userref, false);
if (count($sessioncollections) > 0) {
foreach ($sessioncollections as $sessioncollection) {
update_collection_user($sessioncollection, $new);
}
sql_query("UPDATE user SET current_collection='{$sessioncollection}' WHERE ref='{$new}'");
}
}
if ($bypassemail) {
// No requirement to check anything else e.g. a valid email domain. We can take user direct to the password reset page to set the new account
$password_reset_url_key = create_password_reset_key($newusername);
redirect($baseurl . "?rp=" . $new . $password_reset_url_key);
exit;
} else {
email_reset_link($email, true);
redirect($baseurl . "/pages/done.php?text=user_request");
exit;
}
} else {
# Not auto approving.
# Build a message to send to an admin notifying of unapproved user (same as email_user_request(),
# but also adds the new user name to the mail)
$message = $lang["userrequestnotification1"] . "\n\n" . $lang["name"] . ": " . getval("name", "") . "\n\n" . $lang["email"] . ": " . getval("email", "") . "\n\n" . $lang["comment"] . ": " . getval("userrequestcomment", "") . "\n\n" . $lang["ipaddress"] . ": '" . $_SERVER["REMOTE_ADDR"] . "'\n\n" . $customContents . "\n\n" . $lang["userrequestnotification3"] . "\n{$baseurl}?u=" . $new;
send_mail($email_notify, $applicationname . ": " . $lang["requestuserlogin"] . " - " . getval("name", ""), $message, "", $user_email, "", "", getval("name", ""));
}
return true;
}
<?php
include "../include/db.php";
include "../include/general.php";
if (!$allow_password_reset) {
exit("Password requests have been disabled.");
}
# User should never see this.
if (getval("save", "") != "") {
if (email_reset_link(getvalescaped("email", "")) || $hide_failed_reset_text) {
redirect("pages/done.php?text=user_password_link_sent");
} else {
$error = true;
}
}
include "../include/header.php";
?>
<h1><?php
echo $lang["requestnewpassword"];
?>
</h1>
<p><?php
echo text("introtextreset");
?>
</p>
<form method="post" action="<?php
echo $baseurl_short;
?>
