// all checks passed $user = new User(); $user->setCreatedAt(time()); $user->setEmail($data->email); if (!$invitation) { $user->setPwd($data->pwd); } if ($currUser->isAdmin() && !empty($data->role)) { // Only sysadmin can set a sysadmin role if ($data->role == "sysadmin") { if (!$currUser->isSysAdmin()) { error(403, 'Permission denied'); return; } } $user->SetRole($data->role); } $user->setLanguage(DatawrapperSession::getLanguage()); $user->setActivateToken(hash_hmac('sha256', $data->email . '/' . time(), DW_TOKEN_SALT)); $user->save(); $result = $user->toArray(); DatawrapperHooks::execute(DatawrapperHooks::USER_SIGNUP, $user); // send an email $name = $data->email; $domain = $GLOBALS['dw_config']['domain']; $protocol = !empty($_SERVER['HTTPS']) ? "https" : "http"; if ($invitation) { // send account invitation link $invitationLink = $protocol . '://' . $domain . '/account/invite/' . $user->getActivateToken(); include ROOT_PATH . 'lib/templates/invitation-email.php'; dw_send_support_email($data->email, sprintf(__('You have been invited to Datawrapper on %s'), $domain), $invitation_mail, array('name' => $user->guessName(), 'invitation_link' => $invitationLink));