hook("preuserpreferencesform"); if (getval("save", "") != "") { if (hook('saveadditionaluserpreferences')) { # The above hook may return true in order to prevent the password from being updated } else { if (!$password_reset_mode && hash('sha256', md5("RS" . $username . getvalescaped("currentpassword", ""))) != $userpassword) { $error3 = $lang["wrongpassword"]; } else { if (getval("password", "") != getval("password2", "")) { $error2 = true; } else { $message = change_password(getvalescaped("password", "")); if ($message === true) { if ($password_reset_mode && $last_active == "" && $email != "") { // This account has just been created, probably an auto approved account. Send the welcome email email_user_welcome($email, $username, $lang["hidden"], $usergroup); redirect($baseurl_short . "pages/done.php?text=password_changed¬loggedin=true"); exit; } redirect($baseurl_short . "pages/" . ($use_theme_as_home ? 'themes.php' : $default_home_page)); exit; } else { $error = true; } } } } } include "../../include/header.php"; ?> <div class="BasicsBox">
function save_user($ref) { global $lang, $allow_password_email; # Save user details, data is taken from the submitted form. if (getval("deleteme", "") != "") { sql_query("delete from user where ref='{$ref}'"); include dirname(__FILE__) . "/dash_functions.php"; empty_user_dash($ref); return true; } else { # Username or e-mail address already exists? $c = sql_value("select count(*) value from user where ref<>'{$ref}' and (username='******' or email='" . getvalescaped("email", "") . "')", 0); if ($c > 0 && getvalescaped("email", "") != "") { return false; } $password = getvalescaped("password", ""); if (getval("suggest", "") != "") { $password = make_password(); } elseif ($password != $lang["hidden"]) { $message = check_password($password); if ($message !== true) { return $message; } } $expires = "'" . getvalescaped("account_expires", "") . "'"; if ($expires == "''") { $expires = "null"; } $passsql = ""; if ($password != $lang["hidden"]) { # Save password. if (getval("suggest", "") == "") { $password = md5("RS" . getvalescaped("username", "") . $password); } $passsql = ",password='******',password_last_change=now()"; } $additional_sql = hook("additionaluserfieldssave"); sql_query("update user set username='******'" . $passsql . ",fullname='" . getvalescaped("fullname", "") . "',email='" . getvalescaped("email", "") . "',usergroup='" . getvalescaped("usergroup", "") . "',account_expires={$expires},ip_restrict='" . getvalescaped("ip_restrict", "") . "',comments='" . getvalescaped("comments", "") . "',approved='" . (getval("approved", "") == "" ? "0" : "1") . "' {$additional_sql} where ref='{$ref}'"); } if ($allow_password_email && getval("emailme", "") != "") { email_user_welcome(getval("email", ""), getval("username", ""), getval("password", ""), getvalescaped("usergroup", "")); } elseif (getval("emailresetlink", "") != "") { email_reset_link(getvalescaped("email", ""), true); } return true; }
function auto_create_user_account() { # Automatically creates a user account (which requires approval unless $auto_approve_accounts is true). global $applicationname,$user_email,$email_from,$baseurl,$email_notify,$lang,$custom_registration_fields,$custom_registration_required,$user_account_auto_creation_usergroup,$registration_group_select,$auto_approve_accounts,$auto_approve_domains; # Add custom fields $c=""; if (isset($custom_registration_fields)) { $custom=explode(",",$custom_registration_fields); # Required fields? if (isset($custom_registration_required)) {$required=explode(",",$custom_registration_required);} for ($n=0;$n<count($custom);$n++) { if (isset($required) && in_array($custom[$n],$required) && getval("custom" . $n,"")=="") { return false; # Required field was not set. } $c.=i18n_get_translated($custom[$n]) . ": " . getval("custom" . $n,"") . "\n\n"; } } # Required fields (name, email) not set? if (getval("name","")=="") {return $lang['requiredfields'];} if (getval("email","")=="") {return $lang['requiredfields'];} # Work out which user group to set. Allow a hook to change this, if necessary. $altgroup=hook("auto_approve_account_switch_group"); if ($altgroup!==false) { $usergroup=$altgroup; } else { $usergroup=$user_account_auto_creation_usergroup; } if ($registration_group_select) { $usergroup=getvalescaped("usergroup","",true); # Check this is a valid selectable usergroup (should always be valid unless this is a hack attempt) if (sql_value("select allow_registration_selection value from usergroup where ref='$usergroup'",0)!=1) {exit("Invalid user group selection");} } $username=escape_check(make_username(getval("name",""))); #check if account already exists $check=sql_value("select email value from user where email = '$user_email'",""); if ($check!=""){return $lang["useremailalreadyexists"];} # Prepare to create the user. $email=trim(getvalescaped("email","")) ; $password=make_password(); # Work out if we should automatically approve this account based on $auto_approve_accounts or $auto_approve_domains $approve=false; if ($auto_approve_accounts==true) { $approve=true; } elseif (count($auto_approve_domains)>0) { # Check e-mail domain. foreach ($auto_approve_domains as $domain=>$set_usergroup) { // If a group is not specified the variables don't get set correctly so we need to correct this if (is_numeric($domain)){$domain=$set_usergroup;$set_usergroup="";} if (substr(strtolower($email),strlen($email)-strlen($domain)-1)==("@" . strtolower($domain))) { # E-mail domain match. $approve=true; # If user group is supplied, set this if (is_numeric($set_usergroup)) {$usergroup=$set_usergroup;} } } } # Create the user sql_query("insert into user (username,password,fullname,email,usergroup,comments,approved) values ('" . $username . "','" . $password . "','" . getvalescaped("name","") . "','" . $email . "','" . $usergroup . "','" . escape_check($c) . "'," . (($approve)?1:0) . ")"); $new=sql_insert_id(); if ($approve) { # Auto approving, send mail direct to user email_user_welcome($email,$username,$password,$usergroup); } else { # Not auto approving. # Build a message to send to an admin notifying of unapproved user $message=$lang["userrequestnotification1"] . "\n\n" . $lang["name"] . ": " . getval("name","") . "\n\n" . $lang["email"] . ": " . getval("email","") . "\n\n" . $lang["comment"] . ": " . getval("userrequestcomment","") . "\n\n" . $lang["ipaddress"] . ": '" . $_SERVER["REMOTE_ADDR"] . "'\n\n" . $c . "\n\n" . $lang["userrequestnotification3"] . "\n$baseurl?u=" . $new; send_mail($email_notify,$applicationname . ": " . $lang["requestuserlogin"] . " - " . getval("name",""),$message,"",$user_email,"","",getval("name","")); } return true; }