} else {
// Copy these values through to the next step
echo '<input type="hidden" name="wtname" value="', Filter::escapeHtml($_POST['wtname']), '">';
echo '<input type="hidden" name="wtuser" value="', Filter::escapeHtml($_POST['wtuser']), '">';
echo '<input type="hidden" name="wtpass" value="', Filter::escapeHtml($_POST['wtpass']), '">';
echo '<input type="hidden" name="wtpass2" value="', Filter::escapeHtml($_POST['wtpass2']), '">';
echo '<input type="hidden" name="wtemail" value="', Filter::escapeHtml($_POST['wtemail']), '">';
}
////////////////////////////////////////////////////////////////////////////////
// Step six We have a database connection and a writable folder. Do it!
////////////////////////////////////////////////////////////////////////////////
try {
// Create/update the database tables.
Database::updateSchema('\\Fisharebest\\Webtrees\\Schema', 'WT_SCHEMA_VERSION', 30);
// Create the admin user
$admin = User::create($_POST['wtuser'], $_POST['wtname'], $_POST['wtemail'], $_POST['wtpass']);
$admin->setPreference('canadmin', '1');
$admin->setPreference('language', WT_LOCALE);
$admin->setPreference('verified', '1');
$admin->setPreference('verified_by_admin', '1');
$admin->setPreference('auto_accept', '0');
$admin->setPreference('visibleonline', '1');
// Write the config file. We already checked that this would work.
$config_ini_php = '; <' . '?php exit; ?' . '> DO NOT DELETE THIS LINE' . PHP_EOL . 'dbhost="' . addcslashes($_POST['dbhost'], '"') . '"' . PHP_EOL . 'dbport="' . addcslashes($_POST['dbport'], '"') . '"' . PHP_EOL . 'dbuser="******"') . '"' . PHP_EOL . 'dbpass="******"') . '"' . PHP_EOL . 'dbname="' . addcslashes($_POST['dbname'], '"') . '"' . PHP_EOL . 'tblpfx="' . addcslashes($_POST['tblpfx'], '"') . '"' . PHP_EOL;
file_put_contents(WT_DATA_DIR . 'config.ini.php', $config_ini_php);
// Done - start using webtrees!
echo '<script>document.location=document.location;</script>';
echo '</form></body></html>';
} catch (PDOException $ex) {
echo '<p class="bad">', I18N::translate('An unexpected database error occurred.'), '</p>', '<pre>', $ex->getMessage(), '</pre>', '<p class="info">', I18N::translate('The webtrees developers would be very interested to learn about this error. If you contact them, they will help you resolve the problem.'), '</p>';
}
$controller->setPageTitle(I18N::translate('Request new user account'));
// The form parameters are mandatory, and the validation errors are shown in the client.
if (Session::get('good_to_send') && $user_name && $user_password01 && $user_password01 == $user_password02 && $user_realname && $user_email && $user_comments) {
// These validation errors cannot be shown in the client.
if (User::findByUserName($user_name)) {
FlashMessages::addMessage(I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.'));
} elseif (User::findByEmail($user_email)) {
FlashMessages::addMessage(I18N::translate('Duplicate email address. A user with that email already exists.'));
} elseif (preg_match('/(?!' . preg_quote(WT_BASE_URL, '/') . ')(((?:ftp|http|https):\\/\\/)[a-zA-Z0-9.-]+)/', $user_comments, $match)) {
FlashMessages::addMessage(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]));
Log::addAuthenticationLog('Possible spam registration from "' . $user_name . '"/"' . $user_email . '" comments="' . $user_comments . '"');
} else {
// Everything looks good - create the user
$controller->pageHeader();
Log::addAuthenticationLog('User registration requested for: ' . $user_name);
$user = User::create($user_name, $user_realname, $user_email, $user_password01);
$user->setPreference('language', WT_LOCALE)->setPreference('verified', '0')->setPreference('verified_by_admin', 0)->setPreference('reg_timestamp', date('U'))->setPreference('reg_hashcode', md5(Uuid::uuid4()))->setPreference('contactmethod', 'messaging2')->setPreference('comment', $user_comments)->setPreference('visibleonline', '1')->setPreference('auto_accept', '0')->setPreference('canadmin', '0')->setPreference('sessiontime', '0');
// Generate an email in the admin’s language
$webmaster = User::find($WT_TREE->getPreference('WEBMASTER_USER_ID'));
I18N::init($webmaster->getPreference('language'));
$mail1_body = I18N::translate('Hello administrator…') . Mail::EOL . Mail::EOL . I18N::translate('A prospective user has registered with webtrees at %s.', WT_BASE_URL . ' ' . $WT_TREE->getTitleHtml()) . Mail::EOL . Mail::EOL . I18N::translate('Username') . ' ' . Filter::escapeHtml($user->getUserName()) . Mail::EOL . I18N::translate('Real name') . ' ' . $user->getRealNameHtml() . Mail::EOL . I18N::translate('Email address') . ' ' . Filter::escapeHtml($user->getEmail()) . Mail::EOL . I18N::translate('Comments') . ' ' . Filter::escapeHtml($user_comments) . Mail::EOL . Mail::EOL . I18N::translate('The user has been sent an e-mail with the information necessary to confirm the access request.') . Mail::EOL . Mail::EOL . I18N::translate('You will be informed by e-mail when this prospective user has confirmed the request. You can then complete the process by activating the user name. The new user will not be able to login until you activate the account.');
$mail1_subject = I18N::translate('New registration at %s', WT_BASE_URL . ' ' . $WT_TREE->getTitle());
I18N::init(WT_LOCALE);
echo '<div id="login-register-page">';
// Generate an email in the user’s language
$mail2_body = I18N::translate('Hello %s…', $user->getRealNameHtml()) . Mail::EOL . Mail::EOL . I18N::translate('You (or someone claiming to be you) has requested an account at %1$s using the email address %2$s.', WT_BASE_URL . ' ' . $WT_TREE->getTitleHtml(), $user->getEmail()) . ' ' . I18N::translate('Information about the request is shown under the link below.') . Mail::EOL . I18N::translate('Please click on the following link and fill in the requested data to confirm your request and email address.') . Mail::EOL . Mail::EOL . '<a href="' . WT_LOGIN_URL . '?user_name=' . Filter::escapeUrl($user->getUserName()) . '&user_hashcode=' . $user->getPreference('reg_hashcode') . '&action=userverify&ged=' . $WT_TREE->getNameUrl() . '">' . WT_LOGIN_URL . "?user_name=" . Filter::escapeHtml($user->getUserName()) . "&user_hashcode=" . urlencode($user->getPreference('reg_hashcode')) . '&action=userverify&ged=' . $WT_TREE->getNameHtml() . '</a>' . Mail::EOL . Mail::EOL . I18N::translate('Username') . " - " . Filter::escapeHtml($user->getUserName()) . Mail::EOL . I18N::translate('Verification code') . " - " . $user->getPreference('reg_hashcode') . Mail::EOL . I18N::translate('Comments') . " - " . $user->getPreference('comment') . Mail::EOL . I18N::translate('If you didn’t request an account, you can just delete this message.') . Mail::EOL;
$mail2_subject = I18N::translate('Your registration at %s', WT_BASE_URL);
$mail2_to = $user->getEmail();
$mail2_from = $WT_TREE->getPreference('WEBTREES_EMAIL');
// Send user message by email only
Mail::send($WT_TREE, $mail2_to, $mail2_to, $mail2_from, $mail2_from, $mail2_subject, $mail2_body);
$comment = Filter::post('comment');
$auto_accept = Filter::postBool('auto_accept');
$canadmin = Filter::postBool('canadmin');
$visible_online = Filter::postBool('visible_online');
$verified = Filter::postBool('verified');
$approved = Filter::postBool('approved');
if ($user_id === 0) {
// Create a new user
if (User::findByUserName($username)) {
FlashMessages::addMessage(I18N::translate('Duplicate username. A user with that username already exists. Please choose another username.'));
} elseif (User::findByEmail($email)) {
FlashMessages::addMessage(I18N::translate('Duplicate email address. A user with that email already exists.'));
} elseif ($pass1 !== $pass2) {
FlashMessages::addMessage(I18N::translate('The passwords do not match.'));
} else {
$user = User::create($username, $real_name, $email, $pass1);
$user->setPreference('reg_timestamp', date('U'))->setPreference('sessiontime', '0');
Log::addAuthenticationLog('User ->' . $username . '<- created');
}
} else {
$user = User::find($user_id);
if ($user && $username && $real_name) {
$user->setEmail($email);
$user->setUserName($username);
$user->setRealName($real_name);
if ($pass1 !== null && $pass1 === $pass2) {
$user->setPassword($pass1);
}
}
}
if ($user) {
echo '<input type="hidden" name="wtpass2" value="', Filter::escapeHtml($_POST['wtpass2']), '">';
echo '<input type="hidden" name="wtemail" value="', Filter::escapeHtml($_POST['wtemail']), '">';
}
////////////////////////////////////////////////////////////////////////////////
// Step six We have a database connection and a writable folder. Do it!
////////////////////////////////////////////////////////////////////////////////
try {
// Create/update the database tables.
Database::updateSchema('\\Fisharebest\\Webtrees\\Schema', 'WT_SCHEMA_VERSION', 30);
// If we are re-installing, then this user may already exist.
$admin = User::findByIdentifier($_POST['wtemail']);
if ($admin === null) {
$admin = User::findByIdentifier($_POST['wtuser']);
}
// Create the user
if ($admin === null) {
$admin = User::create($_POST['wtuser'], $_POST['wtname'], $_POST['wtemail'], $_POST['wtpass'])->setPreference('language', WT_LOCALE)->setPreference('visibleonline', '1');
} else {
$admin->setPassword($_POST['wtpass']);
}
// Make the user an administrator
$admin->setPreference('canadmin', '1')->setPreference('verified', '1')->setPreference('verified_by_admin', '1');
// Write the config file. We already checked that this would work.
$config_ini_php = '; <' . '?php exit; ?' . '> DO NOT DELETE THIS LINE' . PHP_EOL . 'dbhost="' . addcslashes($_POST['dbhost'], '"') . '"' . PHP_EOL . 'dbport="' . addcslashes($_POST['dbport'], '"') . '"' . PHP_EOL . 'dbuser="******"') . '"' . PHP_EOL . 'dbpass="******"') . '"' . PHP_EOL . 'dbname="' . addcslashes($_POST['dbname'], '"') . '"' . PHP_EOL . 'tblpfx="' . addcslashes($_POST['tblpfx'], '"') . '"' . PHP_EOL;
file_put_contents(WT_DATA_DIR . 'config.ini.php', $config_ini_php);
// Done - start using webtrees!
echo '<script>document.location=document.location;</script>';
echo '</form></body></html>';
} catch (PDOException $ex) {
echo '<p class="bad">', I18N::translate('An unexpected database error occurred.'), '</p>', '<pre>', $ex->getMessage(), '</pre>', '<p class="info">', I18N::translate('The webtrees developers would be very interested to learn about this error. If you contact them, they will help you resolve the problem.'), '</p>';
}
