$form_pass1 = Filter::post('form_pass1', WT_REGEX_PASSWORD);
$form_pass2 = Filter::post('form_pass2', WT_REGEX_PASSWORD);
$form_email = Filter::postEmail('form_email');
$form_rootid = Filter::post('form_rootid', WT_REGEX_XREF);
$form_theme = Filter::post('form_theme');
$form_language = Filter::post('form_language');
$form_timezone = Filter::post('form_timezone');
$form_contact_method = Filter::post('form_contact_method');
$form_visible_online = Filter::postBool('form_visible_online');
// Respond to form action
if ($form_action && Filter::checkCsrf()) {
switch ($form_action) {
case 'update':
if ($form_username !== Auth::user()->getUserName() && User::findByUserName($form_username)) {
FlashMessages::addMessage(I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.'));
} elseif ($form_email !== Auth::user()->getEmail() && User::findByEmail($form_email)) {
FlashMessages::addMessage(I18N::translate('Duplicate email address. A user with that email already exists.'));
} else {
// Change username
if ($form_username !== Auth::user()->getUserName()) {
Log::addAuthenticationLog('User ' . Auth::user()->getUserName() . ' renamed to ' . $form_username);
Auth::user()->setUserName($form_username);
}
// Change password
if ($form_pass1 && $form_pass1 === $form_pass2) {
Auth::user()->setPassword($form_pass1);
}
// Change other settings
Auth::user()->setRealName($form_realname)->setEmail($form_email)->setPreference('language', $form_language)->setPreference('TIMEZONE', $form_timezone)->setPreference('contactmethod', $form_contact_method)->setPreference('visibleonline', $form_visible_online ? '1' : '0');
if ($form_theme === null) {
Auth::user()->deletePreference('theme');
$pass2 = Filter::post('pass2', WT_REGEX_PASSWORD);
$theme = Filter::post('theme', implode('|', array_keys(Theme::themeNames())), '');
$language = Filter::post('language');
$timezone = Filter::post('timezone');
$contact_method = Filter::post('contact_method');
$comment = Filter::post('comment');
$auto_accept = Filter::postBool('auto_accept');
$canadmin = Filter::postBool('canadmin');
$visible_online = Filter::postBool('visible_online');
$verified = Filter::postBool('verified');
$approved = Filter::postBool('approved');
if ($user_id === 0) {
// Create a new user
if (User::findByUserName($username)) {
FlashMessages::addMessage(I18N::translate('Duplicate username. A user with that username already exists. Please choose another username.'));
} elseif (User::findByEmail($email)) {
FlashMessages::addMessage(I18N::translate('Duplicate email address. A user with that email already exists.'));
} elseif ($pass1 !== $pass2) {
FlashMessages::addMessage(I18N::translate('The passwords do not match.'));
} else {
$user = User::create($username, $real_name, $email, $pass1);
$user->setPreference('reg_timestamp', date('U'))->setPreference('sessiontime', '0');
Log::addAuthenticationLog('User ->' . $username . '<- created');
}
} else {
$user = User::find($user_id);
if ($user && $username && $real_name) {
$user->setEmail($email);
$user->setUserName($username);
$user->setRealName($real_name);
if ($pass1 !== null && $pass1 === $pass2) {
}
header('Location: ' . WT_BASE_URL . WT_SCRIPT_NAME);
return;
break;
case 'register':
if (!Site::getPreference('USE_REGISTRATION_MODULE')) {
header('Location: ' . WT_BASE_URL);
return;
}
$controller->setPageTitle(I18N::translate('Request new user account'));
// The form parameters are mandatory, and the validation errors are shown in the client.
if (Session::get('good_to_send') && $user_name && $user_password01 && $user_password01 == $user_password02 && $user_realname && $user_email && $user_comments) {
// These validation errors cannot be shown in the client.
if (User::findByUserName($user_name)) {
FlashMessages::addMessage(I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.'));
} elseif (User::findByEmail($user_email)) {
FlashMessages::addMessage(I18N::translate('Duplicate email address. A user with that email already exists.'));
} elseif (preg_match('/(?!' . preg_quote(WT_BASE_URL, '/') . ')(((?:ftp|http|https):\\/\\/)[a-zA-Z0-9.-]+)/', $user_comments, $match)) {
FlashMessages::addMessage(I18N::translate('You are not allowed to send messages that contain external links.') . ' ' . I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]));
Log::addAuthenticationLog('Possible spam registration from "' . $user_name . '"/"' . $user_email . '" comments="' . $user_comments . '"');
} else {
// Everything looks good - create the user
$controller->pageHeader();
Log::addAuthenticationLog('User registration requested for: ' . $user_name);
$user = User::create($user_name, $user_realname, $user_email, $user_password01);
$user->setPreference('language', WT_LOCALE)->setPreference('verified', '0')->setPreference('verified_by_admin', 0)->setPreference('reg_timestamp', date('U'))->setPreference('reg_hashcode', md5(Uuid::uuid4()))->setPreference('contactmethod', 'messaging2')->setPreference('comment', $user_comments)->setPreference('visibleonline', '1')->setPreference('auto_accept', '0')->setPreference('canadmin', '0')->setPreference('sessiontime', '0');
// Generate an email in the admin’s language
$webmaster = User::find($WT_TREE->getPreference('WEBMASTER_USER_ID'));
I18N::init($webmaster->getPreference('language'));
$mail1_body = I18N::translate('Hello administrator…') . Mail::EOL . Mail::EOL . I18N::translate('A prospective user has registered with webtrees at %s.', WT_BASE_URL . ' ' . $WT_TREE->getTitleHtml()) . Mail::EOL . Mail::EOL . I18N::translate('Username') . ' ' . Filter::escapeHtml($user->getUserName()) . Mail::EOL . I18N::translate('Real name') . ' ' . $user->getRealNameHtml() . Mail::EOL . I18N::translate('Email address') . ' ' . Filter::escapeHtml($user->getEmail()) . Mail::EOL . I18N::translate('Comments') . ' ' . Filter::escapeHtml($user_comments) . Mail::EOL . Mail::EOL . I18N::translate('The user has been sent an e-mail with the information necessary to confirm the access request.') . Mail::EOL . Mail::EOL . I18N::translate('You will be informed by e-mail when this prospective user has confirmed the request. You can then complete the process by activating the user name. The new user will not be able to login until you activate the account.');
$mail1_subject = I18N::translate('New registration at %s', WT_BASE_URL . ' ' . $WT_TREE->getTitle());
