function createuser() { global $_CONF, $_TABLES, $LANG01, $LANG04, $MESSAGE, $REMOTE_ADDR; $retval = ''; $retval = ''; $passwd = ''; $passwd_conf = ''; if ($_CONF['disable_new_user_registration']) { COM_setMsg($LANG04[122], 'error'); echo COM_refresh($_CONF['site_url']); } $email = isset($_POST['email']) ? COM_applyFilter($_POST['email']) : ''; $email_conf = isset($_POST['email_conf']) ? COM_applyFilter($_POST['email_conf']) : ''; $username = isset($_POST['username']) ? $_POST['username'] : ''; if (isset($_POST['passwd'])) { $passwd = trim($_POST['passwd']); } if (isset($_POST['passwd_conf'])) { $passwd_conf = trim($_POST['passwd_conf']); } $username = COM_truncate(trim($username), 48); if (!USER_validateUsername($username)) { $retval .= newuserform($LANG04[162]); return $retval; } $email = COM_truncate(trim($email), 96); $email_conf = trim($email_conf); if ($_CONF['registration_type'] == 1) { if (empty($passwd) || $passwd != $passwd_conf) { $retval .= newuserform($MESSAGE[67]); return $retval; } } $fullname = ''; if (!empty($_POST['fullname'])) { $fullname = COM_truncate(trim(USER_sanitizeName($_POST['fullname'])), 80); } if (!isset($_CONF['disallow_domains'])) { $_CONF['disallow_domains'] = ''; } if (COM_isEmail($email) && !empty($username) && $email === $email_conf && !USER_emailMatches($email, $_CONF['disallow_domains']) && strlen($username) <= 48) { $ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($username)); $ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($email)); if ($ucount == 0 and $ecount == 0) { // For glFusion, it would be okay to create this user now. But check // with a custom userform first, if one exists. if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $msg = CUSTOM_userCheck($username, $email); if (!empty($msg)) { // no, it's not okay with the custom userform $retval = CUSTOM_userForm($msg); return $retval; } } // Let plugins have a chance to decide what to do before creating the user, return errors. $spamCheckData = array('username' => $username, 'email' => $email, 'ip' => $REMOTE_ADDR); $msg = PLG_itemPreSave('registration', $spamCheckData); if (!empty($msg)) { $retval .= newuserform($msg); return $retval; } if ($_CONF['registration_type'] == 1 && !empty($passwd)) { $encryptedPasswd = SEC_encryptPassword($passwd); } else { $encryptedPasswd = ''; } $uid = USER_createAccount($username, $email, $encryptedPasswd, $fullname); if ($_CONF['usersubmission'] == 1) { if (DB_getItem($_TABLES['users'], 'status', "uid = " . (int) $uid) == USER_ACCOUNT_AWAITING_APPROVAL) { echo COM_refresh($_CONF['site_url'] . '/index.php?msg=48'); } else { $retval = emailpassword($username, $passwd, 1); } } else { $retval = emailpassword($username, $passwd); } return $retval; } else { $retval .= newuserform($LANG04[19]); } } else { if ($email !== $email_conf) { $msg = $LANG04[125]; $retval .= newuserform($msg); } else { // invalid username or email address if (empty($username) || strlen($username) > 48) { $msg = $LANG01[32]; // invalid username } else { $msg = $LANG04[18]; // invalid email address } $retval .= newuserform($msg); } } return $retval; }
/** * Create a new user * * Also calls the custom user registration (if enabled) and plugin functions. * * NOTE: Does NOT send out password emails. * * @param string $username user name (mandatory) * @param string $email user's email address (mandatory) * @param string $passwd password (optional, see above) * @param string $fullname user's full name (optional) * @param string $homepage user's home page (optional) * @param boolean $batchimport set to true when called from importuser() in admin/users.php (optional) * @return int new user's ID * */ function USER_createAccount($username, $email, $passwd = '', $fullname = '', $homepage = '', $remoteusername = '', $service = '', $batchimport = false) { global $_CONF, $_TABLES; $queueUser = false; $username = addslashes($username); $email = addslashes($email); $regdate = strftime('%Y-%m-%d %H:%M:%S', time()); $fields = 'username,email,regdate,cookietimeout'; $values = "'{$username}','{$email}','{$regdate}','{$_CONF['default_perm_cookie_timeout']}'"; if (!empty($passwd)) { $passwd = addslashes($passwd); $fields .= ',passwd'; $values .= ",'{$passwd}'"; } if (!empty($fullname)) { $fullname = addslashes($fullname); $fields .= ',fullname'; $values .= ",'{$fullname}'"; } if (!empty($homepage)) { $homepage = addslashes($homepage); $fields .= ',homepage'; $values .= ",'{$homepage}'"; } if ($_CONF['usersubmission'] == 1 && !SEC_hasRights('user.edit')) { $queueUser = true; if (!empty($_CONF['allow_domains'])) { if (USER_emailMatches($email, $_CONF['allow_domains'])) { $queueUser = false; } } if ($queueUser) { $fields .= ',status'; $values .= ',' . USER_ACCOUNT_AWAITING_APPROVAL; } } else { if (!empty($remoteusername)) { $fields .= ',remoteusername'; $values .= ",'{$remoteusername}'"; } if (!empty($service)) { $fields .= ',remoteservice'; $values .= ",'{$service}'"; } } DB_query("INSERT INTO {$_TABLES['users']} ({$fields}) VALUES ({$values})"); // Get the uid of the user, possibly given a service: if ($remoteusername != '') { $uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice='{$service}'"); } else { $uid = DB_getItem($_TABLES['users'], 'uid', "username = '******' AND remoteservice IS NULL"); } // Add user to Logged-in group (i.e. members) and the All Users group $normal_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Logged-in Users'"); $all_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='All Users'"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ({$normal_grp}, {$uid})"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ({$all_grp}, {$uid})"); DB_query("INSERT INTO {$_TABLES['userprefs']} (uid) VALUES ({$uid})"); if ($_CONF['emailstoriesperdefault'] == 1) { DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid},'')"); } else { DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid}, '-')"); } DB_query("INSERT INTO {$_TABLES['usercomment']} (uid,commentmode,commentlimit) VALUES ({$uid},'{$_CONF['comment_mode']}','{$_CONF['comment_limit']}')"); DB_query("INSERT INTO {$_TABLES['userinfo']} (uid) VALUES ({$uid})"); // call custom registration function and plugins if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCreate')) { CUSTOM_userCreate($uid, $batchimport); } PLG_createUser($uid); // Notify the admin? if (isset($_CONF['notification']) && in_array('user', $_CONF['notification'])) { if ($queueUser) { $mode = 'inactive'; } else { $mode = 'active'; } $username = COM_getDisplayName($uid, $username, $fullname, $remoteusername, $service); USER_sendNotification($username, $email, $uid, $mode); } return $uid; }
/** * Create a new user * Also calls the custom user registration (if enabled) and plugin functions. * NOTE: Does NOT send out password emails. * * @param string $username username (mandatory) * @param string $email user's email address (mandatory) * @param string $passwd password (optional, see above) * @param string $fullname user's full name (optional) * @param string $homepage user's home page (optional) * @param string $remoteUserName * @param string $service * @param boolean $batchImport set to true when called from importuser() in admin/users.php (optional) * @return int new user's ID */ function USER_createAccount($username, $email, $passwd = '', $fullname = '', $homepage = '', $remoteUserName = '', $service = '', $batchImport = false) { global $_CONF, $_TABLES; $queueUser = false; $username = DB_escapeString($username); $email = DB_escapeString($email); $regdate = strftime('%Y-%m-%d %H:%M:%S', time()); $fields = 'username,email,regdate,cookietimeout'; $values = "'{$username}','{$email}','{$regdate}','{$_CONF['default_perm_cookie_timeout']}'"; if (!empty($passwd)) { // Since no uid exists yet we can't use SEC_updateUserPassword and must handle things manually $salt = SEC_generateSalt(); $passwd = SEC_encryptPassword($passwd, $salt, $_CONF['pass_alg'], $_CONF['pass_stretch']); $fields .= ',passwd,salt,algorithm,stretch'; $values .= ",'{$passwd}','{$salt}','" . $_CONF['pass_alg'] . "','" . $_CONF['pass_stretch'] . "'"; } if (!empty($fullname)) { $fullname = DB_escapeString($fullname); $fields .= ',fullname'; $values .= ",'{$fullname}'"; } if (!empty($homepage)) { $homepage = DB_escapeString($homepage); $fields .= ',homepage'; $values .= ",'{$homepage}'"; } if ($_CONF['usersubmission'] == 1 && !SEC_hasRights('user.edit')) { $queueUser = true; if (!empty($_CONF['allow_domains'])) { if (USER_emailMatches($email, $_CONF['allow_domains'])) { $queueUser = false; } } if ($queueUser) { $fields .= ',status'; $values .= ',' . USER_ACCOUNT_AWAITING_APPROVAL; } } else { if (!empty($remoteUserName)) { $fields .= ',remoteusername'; $values .= ",'{$remoteUserName}'"; } if (!empty($service)) { $fields .= ',remoteservice'; $values .= ",'{$service}'"; } } DB_query("INSERT INTO {$_TABLES['users']} ({$fields}) VALUES ({$values})"); // Get the uid of the user, possibly given a service: if ($remoteUserName != '') { $uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice='{$service}'"); } else { $uid = DB_getItem($_TABLES['users'], 'uid', "username = '******' AND remoteservice IS NULL"); } // Add user to Logged-in group (i.e. members) and the All Users group $normal_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Logged-in Users'"); $all_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='All Users'"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$normal_grp}, {$uid})"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$all_grp}, {$uid})"); // any default groups? $result = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_default = 1"); $num_groups = DB_numRows($result); for ($i = 0; $i < $num_groups; $i++) { list($def_grp) = DB_fetchArray($result); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$def_grp}, {$uid})"); } DB_query("INSERT INTO {$_TABLES['userprefs']} (uid) VALUES ({$uid})"); if ($_CONF['emailstoriesperdefault'] == 1) { DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid},'')"); } else { DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid}, '-')"); } DB_query("INSERT INTO {$_TABLES['usercomment']} (uid,commentmode,commentorder,commentlimit) VALUES ({$uid},'{$_CONF['comment_mode']}','{$_CONF['comment_order']}','{$_CONF['comment_limit']}')"); DB_query("INSERT INTO {$_TABLES['userinfo']} (uid) VALUES ({$uid})"); // call custom registration function and plugins if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCreate')) { CUSTOM_userCreate($uid, $batchImport); } PLG_createUser($uid); // Notify the admin? if (isset($_CONF['notification']) && in_array('user', $_CONF['notification'])) { $mode = $queueUser ? 'inactive' : 'active'; $username = COM_getDisplayName($uid, $username, $fullname, $remoteUserName, $service); USER_sendNotification($username, $email, $uid, $mode); } return $uid; }
/** * Creates a user * Creates a user with the give username and email address * * @param string $username username to create user for * @param string $email email address to assign to user * @param string $email_conf confirmation email address check * @return string HTML for the form again if error occurs, otherwise nothing. */ function createuser($username, $email, $email_conf) { global $_CONF, $_TABLES, $LANG01, $LANG04; $retval = ''; $username = trim($username); $email = trim($email); $email_conf = trim($email_conf); if (!isset($_CONF['disallow_domains'])) { $_CONF['disallow_domains'] = ''; } if (COM_isEmail($email) && !empty($username) && $email === $email_conf && !USER_emailMatches($email, $_CONF['disallow_domains']) && strlen($username) <= 16) { $ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($username)); $ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($email)); if ($ucount == 0 && $ecount == 0) { // For Geeklog, it would be okay to create this user now. But check // with a custom userform first, if one exists. if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($username, $email); if (!empty($ret)) { // no, it's not okay with the custom userform $retval = COM_createHTMLDocument(CUSTOM_userForm($ret['string'])); return $retval; } } // Let plugins have a chance to decide what to do before creating the user, return errors. $msg = PLG_itemPreSave('registration', $username); if (!empty($msg)) { if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) { $retval .= CUSTOM_userForm($msg); } else { $retval .= newuserform($msg); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22])); return $retval; } $uid = USER_createAccount($username, $email); if ($_CONF['usersubmission'] == 1) { if (DB_getItem($_TABLES['users'], 'status', "uid = {$uid}") == USER_ACCOUNT_AWAITING_APPROVAL) { COM_redirect($_CONF['site_url'] . '/index.php?msg=48'); } else { $retval = emailpassword($username, 1); } } else { $retval = emailpassword($username, 1); } return $retval; } else { if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) { $retval .= CUSTOM_userForm($LANG04[19]); } else { $retval .= newuserform($LANG04[19]); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22])); } } elseif ($email !== $email_conf) { $msg = $LANG04[125]; if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) { $retval .= CUSTOM_userForm($msg); } else { $retval .= newuserform($msg); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22])); } else { // invalid username or email address if (empty($username) || strlen($username) > 16) { $msg = $LANG01[32]; // invalid username } else { $msg = $LANG04[18]; // invalid email address } if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) { $retval .= CUSTOM_userForm($msg); } else { $retval .= newuserform($msg); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22])); } return $retval; }
/** * Create a new user * * Also calls the custom user registration (if enabled) and plugin functions. * * NOTE: Does NOT send out password emails. * * @param string $username user name (mandatory) * @param string $email user's email address (mandatory) * @param string $passwd password (optional, see above) * @param string $fullname user's full name (optional) * @param string $homepage user's home page (optional) * @param boolean $batchimport set to true when called from importuser() in admin/users.php (optional) * @return int new user's ID * */ function USER_createAccount($username, $email, $passwd = '', $fullname = '', $homepage = '', $remoteusername = '', $service = '', $ignore = 0) { global $_CONF, $_USER, $_TABLES; $dt = new Date('now', $_USER['tzid']); $queueUser = false; $username = DB_escapeString($username); $email = DB_escapeString($email); $regdate = $dt->toMySQL(true); $fields = 'username,email,regdate,cookietimeout'; $values = "'{$username}','{$email}','{$regdate}','{$_CONF['default_perm_cookie_timeout']}'"; if (!empty($passwd)) { $passwd = DB_escapeString($passwd); $fields .= ',passwd'; $values .= ",'{$passwd}'"; } if (!empty($fullname)) { $fullname = DB_escapeString(strip_tags($fullname)); $fields .= ',fullname'; $values .= ",'{$fullname}'"; } if (!empty($homepage)) { $homepage = DB_escapeString($homepage); $fields .= ',homepage'; $values .= ",'{$homepage}'"; } $account_type = LOCAL_USER; if ($_CONF['usersubmission'] == 1 && !SEC_hasRights('user.edit')) { $queueUser = true; if (!empty($_CONF['allow_domains'])) { if (USER_emailMatches($email, $_CONF['allow_domains'])) { $queueUser = false; } } if ($queueUser) { $fields .= ',status'; $values .= ',' . USER_ACCOUNT_AWAITING_APPROVAL; } } else { if ($_CONF['registration_type'] == 1 && (empty($remoteusername) || empty($service))) { $fields .= ',status'; $values .= ',' . USER_ACCOUNT_AWAITING_VERIFICATION; } } if (!empty($remoteusername)) { $fields .= ',remoteusername'; $values .= ",'" . DB_escapeString($remoteusername) . "'"; $account_type = REMOTE_USER; } if (!empty($service)) { $fields .= ',remoteservice'; $values .= ",'" . DB_escapeString($service) . "'"; } $fields .= ',account_type'; $values .= ',' . $account_type; DB_query("INSERT INTO {$_TABLES['users']} ({$fields}) VALUES ({$values})"); // Get the uid of the user, possibly given a service: if ($remoteusername != '') { $uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice='" . DB_escapeString($service) . "'"); } else { $uid = DB_getItem($_TABLES['users'], 'uid', "username = '******' AND remoteservice IS NULL"); } // Add user to Logged-in group (i.e. members) and the All Users group $normal_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Logged-in Users'"); $all_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='All Users'"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ({$normal_grp}, {$uid})"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ({$all_grp}, {$uid})"); // any default groups? $result = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_default = 1"); $num_groups = DB_numRows($result); for ($i = 0; $i < $num_groups; $i++) { list($def_grp) = DB_fetchArray($result); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$def_grp}, {$uid})"); } DB_query("INSERT INTO {$_TABLES['userprefs']} (uid,tzid) VALUES ({$uid},'{$_CONF['timezone']}')"); if ($_CONF['emailstoriesperdefault'] == 1) { DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid},'')"); } else { DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid}, '-')"); } DB_query("INSERT INTO {$_TABLES['usercomment']} (uid,commentmode,commentlimit) VALUES ({$uid},'{$_CONF['comment_mode']}','{$_CONF['comment_limit']}')"); DB_query("INSERT INTO {$_TABLES['userinfo']} (uid) VALUES ({$uid})"); // call custom registration function and plugins if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCreate')) { CUSTOM_userCreate($uid, $batchimport); } if (function_exists('CUSTOM_userCreateHook')) { CUSTOM_userCreateHook($uid); } if ($ignore == 0) { PLG_createUser($uid); } // Notify the admin? if (isset($_CONF['notification']) && in_array('user', $_CONF['notification'])) { if ($queueUser) { $mode = 'inactive'; } else { $mode = 'active'; } USER_sendNotification($username, $email, $uid, $mode); } return $uid; }