} else {
$continue = false;
}
}
}
}
if ($continue) {
$participant = $_REQUEST;
unset($_SESSION['pauthdata']['pw_provided']);
unset($_SESSION['pauthdata']['submitted_checked_pw']);
unset($_SESSION['captcha_string']);
$new_id = participant__create_participant_id($participant);
$participant['participant_id'] = $new_id['participant_id'];
$participant['participant_id_crypt'] = $new_id['participant_id_crypt'];
if ($settings['subject_authentication'] != 'token') {
$participant['password_crypted'] = unix_crypt($participant['password']);
}
$participant['confirmation_token'] = create_random_token(get_entropy($participant));
$participant['creation_time'] = time();
$participant['last_profile_update'] = $participant['creation_time'];
$participant['status_id'] = 0;
$participant['subpool_id'] = $_SESSION['subpool_id'];
if (!isset($participant['language']) || !$participant['language']) {
$participant['language'] = $settings['public_standard_language'];
}
$done = orsee_db_save_array($participant, "participants", $participant['participant_id'], "participant_id");
if ($done) {
log__participant("subscribe", $participant['lname'] . ', ' . $participant['fname']);
$proceed = false;
$done = experimentmail__confirmation_mail($participant);
message(lang('successfully_registered'));
function admin__set_password($password, $userid)
{
$pars = array(':admin_id' => $userid, ':password' => unix_crypt($password));
$query = "UPDATE " . table('admin') . " \n \tSET password_crypt= :password,\n \tpw_update_requested = 0 \n \tWHERE admin_id= :admin_id";
$done = or_query($query, $pars);
}
function participant__set_password($password, $participant_id)
{
$pars = array(':participant_id' => $participant_id, ':password' => unix_crypt($password));
$query = "UPDATE " . table('participants') . "\n SET password_crypted= :password\n WHERE participant_id= :participant_id";
$done = or_query($query, $pars);
}
message(lang('password_reset_provided_email_address_not_correct'));
$continue = false;
redirect("public/participant_reset_pw.php");
}
}
if ($continue) {
$pw_ok = participant__check_password($_REQUEST['password'], $_REQUEST['password2']);
if (!$pw_ok) {
//if passwords not ok: save email address to session, show message, redirect
$continue = false;
redirect("public/participant_reset_pw.php");
}
}
if ($continue) {
//if all ok, save new password (reset reset_request, token), reset token, password, email address, set OK, redirect
$participant['password_crypted'] = unix_crypt($_REQUEST['password']);
$pars = array(':password' => $participant['password_crypted'], ':participant_id' => $participant['participant_id']);
$query = "UPDATE " . table('participants') . " \n\t\t\t\t\tSET password_crypted = :password,\n\t\t\t\t\tpwreset_token= NULL\n\t\t\t\t\tWHERE participant_id = :participant_id";
$participant = or_query($query, $pars);
unset($_SESSION['pw_reset_token']);
unset($_SESSION['captcha_string']);
unset($_SESSION['reset_email_address']);
$_SESSION['password_has_been_changed'] = true;
redirect("public/participant_reset_pw.php");
}
}
}
if ($proceed) {
if (isset($_SESSION['pw_reset_token']) && $_SESSION['pw_reset_token']) {
// show form, captcha
echo ' <center>';
if ($continue) {
foreach (array('fname', 'lname', 'adminname') as $k) {
$_REQUEST[$k] = trim($_REQUEST[$k]);
}
$pars = array(':adminname' => $_REQUEST['adminname']);
$query = "SELECT admin_id FROM " . table('admin') . " \n\t\t\t\t\tWHERE adminname = :adminname";
$existing_admin = orsee_query($query, $pars);
if (isset($existing_admin['admin_id']) && $existing_admin['admin_id'] != $admin_id) {
$continue = false;
message(lang('error_username_exists'));
}
}
if ($continue) {
if ($_REQUEST['password']) {
// no password strength checks when account created by super-admin?
$_REQUEST['password_crypt'] = unix_crypt($_REQUEST['password']);
message(lang('password_changed'));
} else {
unset($_REQUEST['password']);
}
if (!$admin_id) {
$admin_id = time();
}
$done = orsee_db_save_array($_REQUEST, "admin", $admin_id, "admin_id");
message(lang('changes_saved'));
log__admin("admin_edit", $_REQUEST['adminname']);
if ($admin_id == $expadmindata['admin_id']) {
$nl = "&new_language=" . $_REQUEST['language'];
} else {
$nl = "";
}