$controller->setPageTitle(WT_I18N::translate('Request new user account'));
// The form parameters are mandatory, and the validation errors are shown in the client.
if ($WT_SESSION->good_to_send && $user_name && $user_password01 && $user_password01 == $user_password02 && $user_realname && $user_email && $user_comments) {
// These validation errors cannot be shown in the client.
if (User::findByIdentifier($user_name)) {
WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.'));
} elseif (User::findByIdentifier($user_email)) {
WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate email address. A user with that email already exists.'));
} elseif (preg_match('/(?!' . preg_quote(WT_SERVER_NAME, '/') . ')(((?:ftp|http|https):\\/\\/)[a-zA-Z0-9.-]+)/', $user_comments, $match)) {
WT_FlashMessages::addMessage(WT_I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . WT_I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]));
Log::addAuthenticationLog('Possible spam registration from "' . $user_name . '"/"' . $user_email . '" comments="' . $user_comments . '"');
} else {
// Everything looks good - create the user
$controller->pageHeader();
Log::addAuthenticationLog('User registration requested for: ' . $user_name);
$user = User::create($user_name, $user_realname, $user_email, $user_password01);
$user->setSetting('language', WT_LOCALE)->setSetting('verified', 0)->setSetting('verified_by_admin', !$REQUIRE_ADMIN_AUTH_REGISTRATION)->setSetting('reg_timestamp', date('U'))->setSetting('reg_hashcode', md5(Uuid::uuid4()))->setSetting('contactmethod', 'messaging2')->setSetting('comment', $user_comments)->setSetting('visibleonline', 1)->setSetting('editaccount', 1)->setSetting('auto_accept', 0)->setSetting('canadmin', 0)->setSetting('sessiontime', 0);
// Generate an email in the admin’s language
$webmaster = User::find(get_gedcom_setting(WT_GED_ID, 'WEBMASTER_USER_ID'));
WT_I18N::init($webmaster->getSetting('language'));
$mail1_body = WT_I18N::translate('Hello administrator…') . WT_Mail::EOL . WT_Mail::EOL . WT_I18N::translate('A prospective user has registered with webtrees at %s.', WT_SERVER_NAME . WT_SCRIPT_PATH . ' ' . $WT_TREE->tree_title_html) . WT_Mail::EOL . WT_Mail::EOL . WT_I18N::translate('Username') . ' ' . $user->getUserName() . WT_Mail::EOL . WT_I18N::translate('Real name') . ' ' . $user->getRealName() . WT_Mail::EOL . WT_I18N::translate('Email address:') . ' ' . $user->getEmail() . WT_Mail::EOL . WT_I18N::translate('Comments') . ' ' . $user_comments . WT_Mail::EOL . WT_Mail::EOL . WT_I18N::translate('The user has been sent an e-mail with the information necessary to confirm the access request') . WT_Mail::EOL . WT_Mail::EOL;
if ($REQUIRE_ADMIN_AUTH_REGISTRATION) {
$mail1_body .= WT_I18N::translate('You will be informed by e-mail when this prospective user has confirmed the request. You can then complete the process by activating the user name. The new user will not be able to login until you activate the account.');
} else {
$mail1_body .= WT_I18N::translate('You will be informed by e-mail when this prospective user has confirmed the request. After this, the user will be able to login without any action on your part.');
}
$mail1_body .= WT_Mail::auditFooter();
$mail1_subject = WT_I18N::translate('New registration at %s', WT_SERVER_NAME . WT_SCRIPT_PATH . ' ' . $WT_TREE->tree_title);
WT_I18N::init(WT_LOCALE);
echo '<div id="login-register-page">';
// Generate an email in the user’s language
echo '</table>';
exit;
case 'createuser':
if (!WT_Filter::checkCsrf()) {
$action = 'createform';
} elseif (User::findByIdentifier($username)) {
WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.'));
$action = 'createform';
} elseif (User::findByIdentifier($emailaddress)) {
WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate email address. A user with that email already exists.'));
$action = 'createform';
} elseif ($pass1 != $pass2) {
WT_FlashMessages::addMessage(WT_I18N::translate('Passwords do not match.'));
$action = 'createform';
} else {
$user = User::create($username, $realname, $emailaddress, $pass1);
$user->setSetting('reg_timestamp', date('U'))->setSetting('sessiontime', '0')->setSetting('theme', $user_theme)->setSetting('language', $user_language)->setSetting('contactmethod', $new_contact_method)->setSetting('comment', $new_comment)->setSetting('auto_accept', $new_auto_accept)->setSetting('canadmin', $canadmin)->setSetting('visibleonline', $visibleonline)->setSetting('editaccount', $editaccount)->setSetting('verified', $verified)->setSetting('verified_by_admin', $verified_by_admin);
foreach (WT_Tree::getAll() as $tree) {
$tree->userPreference($user->getUserId(), 'gedcomid', WT_Filter::post('gedcomid' . $tree->tree_id, WT_REGEX_XREF));
$tree->userPreference($user->getUserId(), 'rootid', WT_Filter::post('rootid' . $tree->tree_id, WT_REGEX_XREF));
$tree->userPreference($user->getUserId(), 'canedit', WT_Filter::post('canedit' . $tree->tree_id, implode('|', array_keys($ALL_EDIT_OPTIONS))));
if (WT_Filter::post('gedcomid' . $tree->tree_id, WT_REGEX_XREF)) {
$tree->userPreference($user->getUserId(), 'RELATIONSHIP_PATH_LENGTH', WT_Filter::postInteger('RELATIONSHIP_PATH_LENGTH' . $tree->tree_id, 0, 10, 0));
} else {
// Do not allow a path length to be set if the individual ID is not
$tree->userPreference($user->getUserId(), 'RELATIONSHIP_PATH_LENGTH', null);
}
}
Log::addAuthenticationLog("User ->{$username}<- created");
header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH . WT_SCRIPT_NAME);
WT_Session::writeClose();
/**
* If the Facebook username or email is associated with an account, login to it. Otherwise, register a new account.
*
* @param object $facebookUser Facebook user
* @param string $url (optional) URL to redirect to afterwards.
*/
private function login_or_register(&$facebookUser, $url = '')
{
$REQUIRE_ADMIN_AUTH_REGISTRATION = WT_Site::getPreference('REQUIRE_ADMIN_AUTH_REGISTRATION');
if ($this->getSetting('require_verified', 1) && empty($facebookUser->verified)) {
$this->error_page(WT_I18N::translate('Only verified Facebook accounts are authorized. Please verify your account on Facebook and then try again'));
}
if (empty($facebookUser->username)) {
$facebookUser->username = $facebookUser->id;
}
$user_id = $this->get_user_id_from_facebook_username($facebookUser->username);
if (!$user_id) {
if (!isset($facebookUser->email)) {
$this->error_page(WT_I18N::translate('You must grant access to your email address via Facebook in order to use this website. Please uninstall the application on Facebook and try again.'));
}
$user = User::findByIdentifier($facebookUser->email);
if ($user) {
$user_id = $user->getUserId();
}
}
if ($user_id) {
// This is an existing user so log them in if they are approved
$login_result = $this->login($user_id);
$message = '';
switch ($login_result) {
case -1:
// not validated
$message = WT_I18N::translate('This account has not been verified. Please check your email for a verification message.');
break;
case -2:
// not approved
$message = WT_I18N::translate('This account has not been approved. Please wait for an administrator to approve it.');
break;
default:
$user = User::find($user_id);
$user->setPreference(self::user_setting_facebook_username, $this->cleanseFacebookUsername($facebookUser->username));
// redirect to the homepage/$url
header('Location: ' . WT_SCRIPT_PATH . $url);
return;
}
$this->error_page($message);
} else {
// This is a new Facebook user who may or may not already have a manual account
if (!WT_Site::getPreference('USE_REGISTRATION_MODULE')) {
$this->error_page('<p>' . WT_I18N::translate('The administrator has disabled registrations.') . '</p>');
}
// check if the username is already in use
$username = $this->cleanseFacebookUsername($facebookUser->username);
$wt_username = substr($username, 0, 32);
// Truncate the username to 32 characters to match the DB.
if (User::findByIdentifier($wt_username)) {
// fallback to email as username since we checked above that a user with the email didn't exist.
$wt_username = $facebookUser->email;
$wt_username = substr($wt_username, 0, 32);
// Truncate the username to 32 characters to match the DB.
}
// Generate a random password since the user shouldn't need it and can always reset it.
$password = md5(uniqid(rand(), TRUE));
$hashcode = md5(uniqid(rand(), true));
$preApproved = unserialize($this->getSetting('preapproved'));
// From login.php:
Log::addAuthenticationLog('User registration requested for: ' . $wt_username);
if ($user = User::create($wt_username, $facebookUser->name, $facebookUser->email, $password)) {
$verifiedByAdmin = !$REQUIRE_ADMIN_AUTH_REGISTRATION || isset($preApproved[$username]);
$user->setPreference(self::user_setting_facebook_username, $this->cleanseFacebookUsername($facebookUser->username))->setPreference('language', WT_LOCALE)->setPreference('verified', '1')->setPreference('verified_by_admin', $verifiedByAdmin ? '1' : '0')->setPreference('reg_timestamp', date('U'))->setPreference('reg_hashcode', $hashcode)->setPreference('contactmethod', 'messaging2')->setPreference('visibleonline', '1')->setPreference('editaccount', '1')->setPreference('auto_accept', '0')->setPreference('canadmin', '0')->setPreference('sessiontime', $verifiedByAdmin ? WT_TIMESTAMP : '0')->setPreference('comment', @$facebookUser->birthday . "\n " . "https://www.facebook.com/" . $this->cleanseFacebookUsername($facebookUser->username));
// Apply pre-approval settings
if (isset($preApproved[$username])) {
$userSettings = $preApproved[$username];
foreach ($userSettings as $gedcom => $userGedcomSettings) {
foreach (array('gedcomid', 'rootid', 'canedit') as $userPref) {
if (empty($userGedcomSettings[$userPref])) {
continue;
}
// Use a direct DB query instead of $tree->setUserPreference since we
// can't get a reference to the WT_Tree since it checks permissions but
// we are trying to give the permissions.
WT_DB::prepare("REPLACE INTO `##user_gedcom_setting` (user_id, gedcom_id, setting_name, setting_value) VALUES (?, ?, ?, LEFT(?, 255))")->execute(array($user->getUserId(), $gedcom, $userPref, $userGedcomSettings[$userPref]));
}
}
// Remove the pre-approval record
unset($preApproved[$username]);
$this->setSetting('preapproved', serialize($preApproved));
}
// We need jQuery below
global $controller;
$controller = new WT_Controller_Page();
$controller->setPageTitle($this->getTitle())->pageHeader();
echo '<form id="verify-form" name="verify-form" method="post" action="', WT_LOGIN_URL, '" class="ui-autocomplete-loading" style="width:16px;height:16px;padding:0">';
echo $this->hidden_input("action", "verify_hash");
echo $this->hidden_input("user_name", $wt_username);
echo $this->hidden_input("user_password", $password);
echo $this->hidden_input("user_hashcode", $hashcode);
echo WT_Filter::getCsrf();
echo '</form>';
if ($verifiedByAdmin) {
$controller->addInlineJavaScript('
function verify_hash_success() {
// now the account is approved but not logged in. Now actually login for the user.
window.location = "' . $this->getConnectURL($url) . '";
}
function verify_hash_failure() {
alert("' . WT_I18N::translate("There was an error verifying your account. Contact the site administrator if you are unable to access the site.") . '");
window.location = "' . WT_SCRIPT_PATH . '";
}
$(document).ready(function() {
$.post("' . WT_LOGIN_URL . '", $("#verify-form").serialize(), verify_hash_success).fail(verify_hash_failure);
});
');
} else {
echo '<script>document.getElementById("verify-form").submit()</script>';
}
} else {
Log::addErrorLog("Facebook: Couldn't create the user account");
$this->error_page('<p>' . WT_I18N::translate('Unable to create your account. Please try again.') . '</p>' . '<div class="back"><a href="javascript:history.back()">' . WT_I18N::translate('Back') . '</a></div>');
}
}
}
