function createuser()
{
global $_CONF, $_TABLES, $LANG01, $LANG04, $MESSAGE, $REMOTE_ADDR;
$retval = '';
$retval = '';
$passwd = '';
$passwd_conf = '';
if ($_CONF['disable_new_user_registration']) {
COM_setMsg($LANG04[122], 'error');
echo COM_refresh($_CONF['site_url']);
}
$email = isset($_POST['email']) ? COM_applyFilter($_POST['email']) : '';
$email_conf = isset($_POST['email_conf']) ? COM_applyFilter($_POST['email_conf']) : '';
$username = isset($_POST['username']) ? $_POST['username'] : '';
if (isset($_POST['passwd'])) {
$passwd = trim($_POST['passwd']);
}
if (isset($_POST['passwd_conf'])) {
$passwd_conf = trim($_POST['passwd_conf']);
}
$username = COM_truncate(trim($username), 48);
if (!USER_validateUsername($username)) {
$retval .= newuserform($LANG04[162]);
return $retval;
}
$email = COM_truncate(trim($email), 96);
$email_conf = trim($email_conf);
if ($_CONF['registration_type'] == 1) {
if (empty($passwd) || $passwd != $passwd_conf) {
$retval .= newuserform($MESSAGE[67]);
return $retval;
}
}
$fullname = '';
if (!empty($_POST['fullname'])) {
$fullname = COM_truncate(trim(USER_sanitizeName($_POST['fullname'])), 80);
}
if (!isset($_CONF['disallow_domains'])) {
$_CONF['disallow_domains'] = '';
}
if (COM_isEmail($email) && !empty($username) && $email === $email_conf && !USER_emailMatches($email, $_CONF['disallow_domains']) && strlen($username) <= 48) {
$ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($username));
$ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($email));
if ($ucount == 0 and $ecount == 0) {
// For glFusion, it would be okay to create this user now. But check
// with a custom userform first, if one exists.
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$msg = CUSTOM_userCheck($username, $email);
if (!empty($msg)) {
// no, it's not okay with the custom userform
$retval = CUSTOM_userForm($msg);
return $retval;
}
}
// Let plugins have a chance to decide what to do before creating the user, return errors.
$spamCheckData = array('username' => $username, 'email' => $email, 'ip' => $REMOTE_ADDR);
$msg = PLG_itemPreSave('registration', $spamCheckData);
if (!empty($msg)) {
$retval .= newuserform($msg);
return $retval;
}
if ($_CONF['registration_type'] == 1 && !empty($passwd)) {
$encryptedPasswd = SEC_encryptPassword($passwd);
} else {
$encryptedPasswd = '';
}
$uid = USER_createAccount($username, $email, $encryptedPasswd, $fullname);
if ($_CONF['usersubmission'] == 1) {
if (DB_getItem($_TABLES['users'], 'status', "uid = " . (int) $uid) == USER_ACCOUNT_AWAITING_APPROVAL) {
echo COM_refresh($_CONF['site_url'] . '/index.php?msg=48');
} else {
$retval = emailpassword($username, $passwd, 1);
}
} else {
$retval = emailpassword($username, $passwd);
}
return $retval;
} else {
$retval .= newuserform($LANG04[19]);
}
} else {
if ($email !== $email_conf) {
$msg = $LANG04[125];
$retval .= newuserform($msg);
} else {
// invalid username or email address
if (empty($username) || strlen($username) > 48) {
$msg = $LANG01[32];
// invalid username
} else {
$msg = $LANG04[18];
// invalid email address
}
$retval .= newuserform($msg);
}
}
return $retval;
}
/**
* Create a new user
*
* Also calls the custom user registration (if enabled) and plugin functions.
*
* NOTE: Does NOT send out password emails.
*
* @param string $username user name (mandatory)
* @param string $email user's email address (mandatory)
* @param string $passwd password (optional, see above)
* @param string $fullname user's full name (optional)
* @param string $homepage user's home page (optional)
* @param boolean $batchimport set to true when called from importuser() in admin/users.php (optional)
* @return int new user's ID
*
*/
function USER_createAccount($username, $email, $passwd = '', $fullname = '', $homepage = '', $remoteusername = '', $service = '', $batchimport = false)
{
global $_CONF, $_TABLES;
$queueUser = false;
$username = addslashes($username);
$email = addslashes($email);
$regdate = strftime('%Y-%m-%d %H:%M:%S', time());
$fields = 'username,email,regdate,cookietimeout';
$values = "'{$username}','{$email}','{$regdate}','{$_CONF['default_perm_cookie_timeout']}'";
if (!empty($passwd)) {
$passwd = addslashes($passwd);
$fields .= ',passwd';
$values .= ",'{$passwd}'";
}
if (!empty($fullname)) {
$fullname = addslashes($fullname);
$fields .= ',fullname';
$values .= ",'{$fullname}'";
}
if (!empty($homepage)) {
$homepage = addslashes($homepage);
$fields .= ',homepage';
$values .= ",'{$homepage}'";
}
if ($_CONF['usersubmission'] == 1 && !SEC_hasRights('user.edit')) {
$queueUser = true;
if (!empty($_CONF['allow_domains'])) {
if (USER_emailMatches($email, $_CONF['allow_domains'])) {
$queueUser = false;
}
}
if ($queueUser) {
$fields .= ',status';
$values .= ',' . USER_ACCOUNT_AWAITING_APPROVAL;
}
} else {
if (!empty($remoteusername)) {
$fields .= ',remoteusername';
$values .= ",'{$remoteusername}'";
}
if (!empty($service)) {
$fields .= ',remoteservice';
$values .= ",'{$service}'";
}
}
DB_query("INSERT INTO {$_TABLES['users']} ({$fields}) VALUES ({$values})");
// Get the uid of the user, possibly given a service:
if ($remoteusername != '') {
$uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice='{$service}'");
} else {
$uid = DB_getItem($_TABLES['users'], 'uid', "username = '******' AND remoteservice IS NULL");
}
// Add user to Logged-in group (i.e. members) and the All Users group
$normal_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Logged-in Users'");
$all_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='All Users'");
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ({$normal_grp}, {$uid})");
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ({$all_grp}, {$uid})");
DB_query("INSERT INTO {$_TABLES['userprefs']} (uid) VALUES ({$uid})");
if ($_CONF['emailstoriesperdefault'] == 1) {
DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid},'')");
} else {
DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid}, '-')");
}
DB_query("INSERT INTO {$_TABLES['usercomment']} (uid,commentmode,commentlimit) VALUES ({$uid},'{$_CONF['comment_mode']}','{$_CONF['comment_limit']}')");
DB_query("INSERT INTO {$_TABLES['userinfo']} (uid) VALUES ({$uid})");
// call custom registration function and plugins
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCreate')) {
CUSTOM_userCreate($uid, $batchimport);
}
PLG_createUser($uid);
// Notify the admin?
if (isset($_CONF['notification']) && in_array('user', $_CONF['notification'])) {
if ($queueUser) {
$mode = 'inactive';
} else {
$mode = 'active';
}
$username = COM_getDisplayName($uid, $username, $fullname, $remoteusername, $service);
USER_sendNotification($username, $email, $uid, $mode);
}
return $uid;
}
/**
* Create a new user
* Also calls the custom user registration (if enabled) and plugin functions.
* NOTE: Does NOT send out password emails.
*
* @param string $username username (mandatory)
* @param string $email user's email address (mandatory)
* @param string $passwd password (optional, see above)
* @param string $fullname user's full name (optional)
* @param string $homepage user's home page (optional)
* @param string $remoteUserName
* @param string $service
* @param boolean $batchImport set to true when called from importuser() in admin/users.php (optional)
* @return int new user's ID
*/
function USER_createAccount($username, $email, $passwd = '', $fullname = '', $homepage = '', $remoteUserName = '', $service = '', $batchImport = false)
{
global $_CONF, $_TABLES;
$queueUser = false;
$username = DB_escapeString($username);
$email = DB_escapeString($email);
$regdate = strftime('%Y-%m-%d %H:%M:%S', time());
$fields = 'username,email,regdate,cookietimeout';
$values = "'{$username}','{$email}','{$regdate}','{$_CONF['default_perm_cookie_timeout']}'";
if (!empty($passwd)) {
// Since no uid exists yet we can't use SEC_updateUserPassword and must handle things manually
$salt = SEC_generateSalt();
$passwd = SEC_encryptPassword($passwd, $salt, $_CONF['pass_alg'], $_CONF['pass_stretch']);
$fields .= ',passwd,salt,algorithm,stretch';
$values .= ",'{$passwd}','{$salt}','" . $_CONF['pass_alg'] . "','" . $_CONF['pass_stretch'] . "'";
}
if (!empty($fullname)) {
$fullname = DB_escapeString($fullname);
$fields .= ',fullname';
$values .= ",'{$fullname}'";
}
if (!empty($homepage)) {
$homepage = DB_escapeString($homepage);
$fields .= ',homepage';
$values .= ",'{$homepage}'";
}
if ($_CONF['usersubmission'] == 1 && !SEC_hasRights('user.edit')) {
$queueUser = true;
if (!empty($_CONF['allow_domains'])) {
if (USER_emailMatches($email, $_CONF['allow_domains'])) {
$queueUser = false;
}
}
if ($queueUser) {
$fields .= ',status';
$values .= ',' . USER_ACCOUNT_AWAITING_APPROVAL;
}
} else {
if (!empty($remoteUserName)) {
$fields .= ',remoteusername';
$values .= ",'{$remoteUserName}'";
}
if (!empty($service)) {
$fields .= ',remoteservice';
$values .= ",'{$service}'";
}
}
DB_query("INSERT INTO {$_TABLES['users']} ({$fields}) VALUES ({$values})");
// Get the uid of the user, possibly given a service:
if ($remoteUserName != '') {
$uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice='{$service}'");
} else {
$uid = DB_getItem($_TABLES['users'], 'uid', "username = '******' AND remoteservice IS NULL");
}
// Add user to Logged-in group (i.e. members) and the All Users group
$normal_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Logged-in Users'");
$all_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='All Users'");
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$normal_grp}, {$uid})");
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$all_grp}, {$uid})");
// any default groups?
$result = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_default = 1");
$num_groups = DB_numRows($result);
for ($i = 0; $i < $num_groups; $i++) {
list($def_grp) = DB_fetchArray($result);
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$def_grp}, {$uid})");
}
DB_query("INSERT INTO {$_TABLES['userprefs']} (uid) VALUES ({$uid})");
if ($_CONF['emailstoriesperdefault'] == 1) {
DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid},'')");
} else {
DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid}, '-')");
}
DB_query("INSERT INTO {$_TABLES['usercomment']} (uid,commentmode,commentorder,commentlimit) VALUES ({$uid},'{$_CONF['comment_mode']}','{$_CONF['comment_order']}','{$_CONF['comment_limit']}')");
DB_query("INSERT INTO {$_TABLES['userinfo']} (uid) VALUES ({$uid})");
// call custom registration function and plugins
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCreate')) {
CUSTOM_userCreate($uid, $batchImport);
}
PLG_createUser($uid);
// Notify the admin?
if (isset($_CONF['notification']) && in_array('user', $_CONF['notification'])) {
$mode = $queueUser ? 'inactive' : 'active';
$username = COM_getDisplayName($uid, $username, $fullname, $remoteUserName, $service);
USER_sendNotification($username, $email, $uid, $mode);
}
return $uid;
}
/**
* Creates a user
* Creates a user with the give username and email address
*
* @param string $username username to create user for
* @param string $email email address to assign to user
* @param string $email_conf confirmation email address check
* @return string HTML for the form again if error occurs, otherwise nothing.
*/
function createuser($username, $email, $email_conf)
{
global $_CONF, $_TABLES, $LANG01, $LANG04;
$retval = '';
$username = trim($username);
$email = trim($email);
$email_conf = trim($email_conf);
if (!isset($_CONF['disallow_domains'])) {
$_CONF['disallow_domains'] = '';
}
if (COM_isEmail($email) && !empty($username) && $email === $email_conf && !USER_emailMatches($email, $_CONF['disallow_domains']) && strlen($username) <= 16) {
$ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($username));
$ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($email));
if ($ucount == 0 && $ecount == 0) {
// For Geeklog, it would be okay to create this user now. But check
// with a custom userform first, if one exists.
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($username, $email);
if (!empty($ret)) {
// no, it's not okay with the custom userform
$retval = COM_createHTMLDocument(CUSTOM_userForm($ret['string']));
return $retval;
}
}
// Let plugins have a chance to decide what to do before creating the user, return errors.
$msg = PLG_itemPreSave('registration', $username);
if (!empty($msg)) {
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) {
$retval .= CUSTOM_userForm($msg);
} else {
$retval .= newuserform($msg);
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22]));
return $retval;
}
$uid = USER_createAccount($username, $email);
if ($_CONF['usersubmission'] == 1) {
if (DB_getItem($_TABLES['users'], 'status', "uid = {$uid}") == USER_ACCOUNT_AWAITING_APPROVAL) {
COM_redirect($_CONF['site_url'] . '/index.php?msg=48');
} else {
$retval = emailpassword($username, 1);
}
} else {
$retval = emailpassword($username, 1);
}
return $retval;
} else {
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) {
$retval .= CUSTOM_userForm($LANG04[19]);
} else {
$retval .= newuserform($LANG04[19]);
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22]));
}
} elseif ($email !== $email_conf) {
$msg = $LANG04[125];
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) {
$retval .= CUSTOM_userForm($msg);
} else {
$retval .= newuserform($msg);
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22]));
} else {
// invalid username or email address
if (empty($username) || strlen($username) > 16) {
$msg = $LANG01[32];
// invalid username
} else {
$msg = $LANG04[18];
// invalid email address
}
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) {
$retval .= CUSTOM_userForm($msg);
} else {
$retval .= newuserform($msg);
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22]));
}
return $retval;
}
/**
* Create a new user
*
* Also calls the custom user registration (if enabled) and plugin functions.
*
* NOTE: Does NOT send out password emails.
*
* @param string $username user name (mandatory)
* @param string $email user's email address (mandatory)
* @param string $passwd password (optional, see above)
* @param string $fullname user's full name (optional)
* @param string $homepage user's home page (optional)
* @param boolean $batchimport set to true when called from importuser() in admin/users.php (optional)
* @return int new user's ID
*
*/
function USER_createAccount($username, $email, $passwd = '', $fullname = '', $homepage = '', $remoteusername = '', $service = '', $ignore = 0)
{
global $_CONF, $_USER, $_TABLES;
$dt = new Date('now', $_USER['tzid']);
$queueUser = false;
$username = DB_escapeString($username);
$email = DB_escapeString($email);
$regdate = $dt->toMySQL(true);
$fields = 'username,email,regdate,cookietimeout';
$values = "'{$username}','{$email}','{$regdate}','{$_CONF['default_perm_cookie_timeout']}'";
if (!empty($passwd)) {
$passwd = DB_escapeString($passwd);
$fields .= ',passwd';
$values .= ",'{$passwd}'";
}
if (!empty($fullname)) {
$fullname = DB_escapeString(strip_tags($fullname));
$fields .= ',fullname';
$values .= ",'{$fullname}'";
}
if (!empty($homepage)) {
$homepage = DB_escapeString($homepage);
$fields .= ',homepage';
$values .= ",'{$homepage}'";
}
$account_type = LOCAL_USER;
if ($_CONF['usersubmission'] == 1 && !SEC_hasRights('user.edit')) {
$queueUser = true;
if (!empty($_CONF['allow_domains'])) {
if (USER_emailMatches($email, $_CONF['allow_domains'])) {
$queueUser = false;
}
}
if ($queueUser) {
$fields .= ',status';
$values .= ',' . USER_ACCOUNT_AWAITING_APPROVAL;
}
} else {
if ($_CONF['registration_type'] == 1 && (empty($remoteusername) || empty($service))) {
$fields .= ',status';
$values .= ',' . USER_ACCOUNT_AWAITING_VERIFICATION;
}
}
if (!empty($remoteusername)) {
$fields .= ',remoteusername';
$values .= ",'" . DB_escapeString($remoteusername) . "'";
$account_type = REMOTE_USER;
}
if (!empty($service)) {
$fields .= ',remoteservice';
$values .= ",'" . DB_escapeString($service) . "'";
}
$fields .= ',account_type';
$values .= ',' . $account_type;
DB_query("INSERT INTO {$_TABLES['users']} ({$fields}) VALUES ({$values})");
// Get the uid of the user, possibly given a service:
if ($remoteusername != '') {
$uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice='" . DB_escapeString($service) . "'");
} else {
$uid = DB_getItem($_TABLES['users'], 'uid', "username = '******' AND remoteservice IS NULL");
}
// Add user to Logged-in group (i.e. members) and the All Users group
$normal_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Logged-in Users'");
$all_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='All Users'");
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ({$normal_grp}, {$uid})");
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ({$all_grp}, {$uid})");
// any default groups?
$result = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_default = 1");
$num_groups = DB_numRows($result);
for ($i = 0; $i < $num_groups; $i++) {
list($def_grp) = DB_fetchArray($result);
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$def_grp}, {$uid})");
}
DB_query("INSERT INTO {$_TABLES['userprefs']} (uid,tzid) VALUES ({$uid},'{$_CONF['timezone']}')");
if ($_CONF['emailstoriesperdefault'] == 1) {
DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid},'')");
} else {
DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid}, '-')");
}
DB_query("INSERT INTO {$_TABLES['usercomment']} (uid,commentmode,commentlimit) VALUES ({$uid},'{$_CONF['comment_mode']}','{$_CONF['comment_limit']}')");
DB_query("INSERT INTO {$_TABLES['userinfo']} (uid) VALUES ({$uid})");
// call custom registration function and plugins
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCreate')) {
CUSTOM_userCreate($uid, $batchimport);
}
if (function_exists('CUSTOM_userCreateHook')) {
CUSTOM_userCreateHook($uid);
}
if ($ignore == 0) {
PLG_createUser($uid);
}
// Notify the admin?
if (isset($_CONF['notification']) && in_array('user', $_CONF['notification'])) {
if ($queueUser) {
$mode = 'inactive';
} else {
$mode = 'active';
}
USER_sendNotification($username, $email, $uid, $mode);
}
return $uid;
}
