}
switch ($action) {
case 'register':
/*
* Do the registration:
*/
param('pass1', 'string', '');
param('pass2', 'string', '');
// Call plugin event to allow catching input in general and validating own things from DisplayRegisterFormFieldset event
$Plugins->trigger_event('RegisterFormSent', array('login' => &$login, 'email' => &$email, 'locale' => &$locale, 'pass1' => &$pass1, 'pass2' => &$pass2));
if ($Messages->count('error')) {
// a Plugin has added an error
break;
}
// Check profile params:
profile_check_params(array('login' => $login, 'pass1' => $pass1, 'pass2' => $pass2, 'email' => $email, 'pass_required' => true));
// We want all logins to be lowercase to guarantee uniqueness regardless of the database case handling for UNIQUE indexes:
$login = strtolower($login);
$UserCache =& get_Cache('UserCache');
if ($UserCache->get_by_login($login)) {
// The login is already registered
param_error('login', sprintf(T_('The login «%s» is already registered, please choose another one.'), $login));
}
if ($Messages->count('error')) {
break;
}
$DB->begin();
$new_User =& new User();
$new_User->set('login', $login);
$new_User->set('pass', md5($pass1));
// encrypted
*/
if (!is_logged_in()) {
// must be logged in!
bad_request_die(T_('You are not logged in.'));
}
if ($checkuser_id != $current_User->ID) {
// Can only edit your own profile
bad_request_die('You are not logged in under the same account you are trying to modify.');
}
if ($demo_mode && ($current_User->ID == 1 || $current_User->login == 'demouser')) {
bad_request_die('Demo mode: you can\'t edit the admin/demouser profile!<br />[<a href="javascript:history.go(-1)">' . T_('Back to profile') . '</a>]');
}
/**
* Additional checks:
*/
profile_check_params(array('nickname' => $newuser_nickname, 'icq' => $newuser_icq, 'email' => $newuser_email, 'url' => $newuser_url, 'pass1' => $pass1, 'pass2' => $pass2, 'pass_required' => false), $current_User);
if ($Messages->count('error')) {
header('Content-type: text/html; charset=' . $io_charset);
// TODO: dh> these error should get displayed with the profile form itself, or at least there should be a "real HTML page" here (without JS-backlink)
$Messages->display(T_('Cannot update profile. Please correct the following errors:'), '[<a href="javascript:history.go(-1)">' . T_('Back to profile') . '</a>]');
debug_info();
exit;
}
// Do the update:
$updatepassword = '';
if (!empty($pass1)) {
$newuser_pass = md5($pass1);
$current_User->set('pass', $newuser_pass);
}
$current_User->set('firstname', $newuser_firstname);
$current_User->set('lastname', $newuser_lastname);
}
if ($registration_require_firstname) {
$paramsList['firstname'] = $firstname;
}
if ($registration_require_lastname) {
$paramsList['lastname'] = $lastname;
}
if ($registration_require_gender == 'required') {
$paramsList['gender'] = $gender;
}
if ($Settings->get('newusers_canregister') == 'invite') {
// Invitation code must be not empty when user can register ONLY with this code
$paramsList['invitation'] = get_param('invitation');
}
// Check profile params:
profile_check_params($paramsList);
if ($is_quick && !$Messages->has_errors()) {
// Generate a login and password for quick registration
$pass1 = generate_random_passwd(10);
// Get the login from email address:
$login = preg_replace('/^([^@]+)@(.+)$/', '$1', utf8_strtolower($email));
$login = preg_replace('/[\'"><@\\s]/', '', $login);
if ($Settings->get('strict_logins')) {
// We allow only the plain ACSII characters, digits, the chars _ and .
$login = preg_replace('/[^A-Za-z0-9_.]/', '', $login);
} else {
// We allow any character that is not explicitly forbidden in Step 1
// Enforce additional limitations
$login = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $login);
// Kill octets
$login = preg_replace('/&.+?;/', '', $login);
*/
if (!is_logged_in()) {
// must be logged in!
bad_request_die(T_('You are not logged in.'));
}
if ($checkuser_id != $current_User->ID) {
// Can only edit your own profile
bad_request_die('You are not logged in under the same account you are trying to modify.');
}
if ($demo_mode && ($current_User->ID == 1 || $current_User->login == 'demouser')) {
bad_request_die('Demo mode: you can\'t edit the admin/demouser profile!<br />[<a href="javascript:history.go(-1)">' . T_('Back to profile') . '</a>]');
}
/**
* Additional checks:
*/
profile_check_params(array('email' => array($newuser_email, 'newuser_email')));
if ($Messages->count('error')) {
// TODO: dh> display errors with the form itself
header('Content-type: text/html; charset=' . $io_charset);
$Messages->display(T_('Cannot update profile. Please correct the following errors:'), '[<a href="javascript:history.go(-1)">' . T_('Back to profile') . '</a>]');
debug_info();
exit;
}
// Do the profile update:
$current_User->set_email($newuser_email);
$current_User->set('notify', $newuser_notify);
$current_User->dbupdate();
// Work the blogs:
$subscription_values = array();
$unsubscribed = array();
$subs_blog_IDs = explode(',', $subs_blog_IDs);
