function profile($userId, $forEditRegistrant = false) { global $sourceFolder, $moduleFolder; if (isset($_POST['profileimgaction']) && $_POST['profileimgaction'] == 'uploadnew') { require_once "{$sourceFolder}/upload.lib.php"; //Upload profile image $allowableTypes = array('jpeg', 'jpg', 'png', 'gif'); $fakeModuleComponentId = $userId; $uploadSuccess = submitFileUploadForm($fakeModuleComponentId, "profile", $userId, 512 * 1024, $allowableTypes, 'profileimage'); if (!is_array($uploadSuccess) && $uploadSuccess === false) { displayerror("Profile image could not be uploaded. Maximum size should be 512 KB."); } else { if (is_array($uploadSuccess)) { //Deleting old profile image $profileimgnames = getUploadedFiles($fakeModuleComponentId, 'profile'); foreach ($profileimgnames as $img) { if ($img['upload_filename'] != $uploadSuccess[0]) { deleteFile($fakeModuleComponentId, 'profile', $img['upload_filename']); } } } } } else { if (isset($_POST['profileimgaction']) && $_POST['profileimgaction'] == 'noimage') { require_once "{$sourceFolder}/upload.lib.php"; $fakeModuleComponentId = $userId; $profileimgnames = getUploadedFiles($fakeModuleComponentId, 'profile'); foreach ($profileimgnames as $img) { deleteFile($fakeModuleComponentId, 'profile', $img['upload_filename']); } } } /// Retrieve existing information $profileQuery = 'SELECT `user_name`, `user_fullname`, `user_password` FROM `' . MYSQL_DATABASE_PREFIX . 'users` WHERE `user_id` = \'' . $userId . "'"; $profileResult = mysql_query($profileQuery); if (!$profileResult) { displayerror('An error occurred while trying to process your request.<br />' . mysql_error() . '<br />' . $profileQuery); return ''; } $profileRow = mysql_fetch_row($profileResult); $newUserName = $userName = $profileRow[0]; $newUserFullname = $userFullname = $profileRow[1]; $userPassword = $profileRow[2]; require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php"; require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php"; /// Check if the user is trying to see the profile form, or has already submitted it if (isset($_POST['btnSubmitProfile'])) { if ($forEditRegistrant || !isProfileFormCaptchaEnabled() || submitCaptcha()) { if (!$forEditRegistrant) { $passwordValidated = false; if (isset($_POST['user_password']) && $_POST['user_password'] != '' && md5($_POST['user_password']) == $userPassword) { $passwordValidated = true; } } $updates = array(); if (isset($_POST['user_name']) && $_POST['user_name'] != '' && $_POST['user_name'] != $userName) { $updates[] = "`user_name` = '" . escape($_POST['user_name']) . "'"; $newUserName = escape($_POST['user_name']); } if (isset($_POST['user_fullname']) && $_POST['user_fullname'] != '' && $_POST['user_fullname'] != $userFullname) { $updates[] = "`user_fullname` = '" . escape($_POST['user_fullname']) . "'"; $newUserFullname = escape($_POST['user_fullname']); } $errors = true; if (!$forEditRegistrant && $_POST['user_newpassword'] != '') { if (!$passwordValidated) { displayerror('Error! The current password you entered was incorrect.'); } elseif ($_POST['user_newpassword'] != $_POST['user_newrepassword']) { displayerror('Error! The New Password you entered does not match the password you typed in the Confirmation Box.'); } elseif ($_POST['user_newpassword'] == $_POST['user_password']) { displayerror('Error! The old and new passwords are the same.'); } else { $updates[] = "`user_password` = MD5('" . escape($_POST['user_newpassword']) . "')"; $errors = false; } } else { $errors = false; } if (count($updates) > 0) { $profileQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'users` SET ' . join($updates, ', ') . " WHERE `user_id` = '{$userId}'"; $profileResult = mysql_query($profileQuery); if (!$profileResult) { displayerror('An error was encountered while attempting to process your request.'); $errors = true; } $userName = $newUserName; $userFullname = $newUserFullname; if (!$forEditRegistrant) { setAuth($userId); } } $errors = !submitRegistrationForm(0, $userId, true, true) || $errors; if (!$errors) { displayinfo('All fields updated successfully!<br />' . '<input type="button" onclick="history.go(-2)" value="Go back" />'); } } } return getProfileForm($userId, $userName, $userFullname, $forEditRegistrant); }
public function actionEditregistrants() { /** * After view registrants completes, generateFormDataRow() will be used here also * then manually prepend the "delete" button and "edit" button columns * * After generateFormDataTable() completes, move the code to generate the top header row (with the sort * by this column images) to a new function and call it here also and manually prepened two <th>s of * delete and edit * * The delete button should point to a subaction through get vars * * Clicking edit button, should do something like edit in 2nd form in "editform" does with a twist : * to generate the edit form simply call generateRegistrationForm($moduleCompId,$userId,$action=) * with action ./+editregistrants&subaction=editregistrant&useremail=<useremail> * * and when submitted call submitRegistrationForm() */ global $sourceFolder, $moduleFolder; if (isset($_GET['subaction']) && isset($_GET['useremail'])) { if ($_GET['subaction'] == 'edit') { if (isset($_POST['submitreg_form_' . $this->moduleComponentId])) { submitRegistrationForm($this->moduleComponentId, getUserIdFromEmail(escape($_GET['useremail'])), true, true); } return '<a href="./+editregistrants">« Back</a><br />' . generateRegistrationForm($this->moduleComponentId, $this->userId, './+editregistrants&subaction=edit&useremail=' . escape($_GET['useremail']), true) . '<br /><a href="./+editregistrants">« Back</a><br />'; } elseif ($_GET['subaction'] == 'delete') { if ($_GET['useremail'] == "Anonymous") { $userIdTemp = escape($_GET['registrantid']); } else { $userIdTemp = getUserIdFromEmail(escape($_GET['useremail'])); } if (!unregisterUser($this->moduleComponentId, $userIdTemp)) { displayerror('Error! User with the given e-mail ' . escape($_GET['useremail']) . ' was not found.'); } } } elseif (isset($_GET['subaction']) && $_GET['subaction'] == 'getsuggestions' && isset($_GET['forwhat'])) { echo $this->getUnregisteredUsersFromPattern(escape($_GET['forwhat'])); disconnect(); exit; } elseif (isset($_POST['btnAddUserToForm']) && isset($_POST['useremail'])) { $hyphenPos = strpos($_POST['useremail'], '-'); if ($hyphenPos >= 0) { $userEmail = escape(trim(substr($_POST['useremail'], 0, $hyphenPos - 1))); } else { $userEmail = escape($_POST['useremail']); } $targetUserId = getUserIdFromEmail($userEmail); if ($targetUserId > 0) { if (verifyUserRegistered($this->moduleComponentId, $targetUserId)) { displayerror('The given user is already registered to this form.'); } else { registerUser($this->moduleComponentId, $targetUserId); } } else { displayerror('A user registered with the e-mail ID you entered was not found.'); } } elseif (isset($_POST['btnEmptyRegistrants'])) { $registeredUsers = form::getRegisteredUserArray($this->moduleComponentId); $registeredUserCount = count($registeredUsers); for ($i = 0; $i < $registeredUserCount; $i++) { unregisterUser($this->moduleComponentId, $registeredUsers[$i], true); } displayinfo('All registrations to this form have been deleted.'); } $sortField = 'registrationdate'; /// Default Values $sortOrder = 'asc'; if (isset($_GET['sortfield'])) { $sortField = escape($_GET['sortfield']); } if (isset($_GET['sortorder']) && ($_GET['sortorder'] == 'asc' || $_GET['sortorder'] == 'desc')) { $sortOrder = escape($_GET['sortorder']); } global $ICONS; $html = generateFormDataTable($this->moduleComponentId, $sortField, $sortOrder, 'editregistrants'); return "<fieldset><legend>{$ICONS['Form Registrants']['small']}Edit Form Registrants</legend>{$html}</fieldset>"; }
function handleUserMgmt() { global $urlRequestRoot, $cmsFolder, $moduleFolder, $templateFolder, $sourceFolder; require_once "{$sourceFolder}/{$moduleFolder}/form/viewregistrants.php"; if (isset($_GET['userid'])) { $_GET['userid'] = escape($_GET['userid']); } if (isset($_POST['editusertype'])) { $_POST['editusertype'] = escape($_POST['editusertype']); } if (isset($_POST['user_selected_activate'])) { foreach ($_POST as $key => $var) { if (substr($key, 0, 9) == "selected_") { if (!mysql_query("UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1 WHERE user_id='" . substr($key, 9) . "'")) { $result = mysql_query("SELECT `user_fullname` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='" . substr($key, 9) . "'"); if ($result) { $row = mysql_fetch_assoc($result); displayerror("Couldn't activate user, {$row['user_fullname']}"); } } } } return registeredUsersList($_POST['editusertype'], "edit", false); } if (isset($_POST['user_selected_deactivate'])) { foreach ($_POST as $key => $var) { if (substr($key, 0, 9) == "selected_") { if ((int) substr($key, 9) == ADMIN_USERID) { displayerror("You cannot deactivate administrator!"); continue; } if (!mysql_query("UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id='" . substr($key, 9) . "'")) { $result = mysql_query("SELECT `user_fullname` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='" . substr($key, 9) . "'"); if ($result) { $row = mysql_fetch_assoc($result); displayerror("Couldn't deactivate user, {$row['user_fullname']}"); } } } } return registeredUsersList($_POST['editusertype'], "edit", false); } if (isset($_POST['user_selected_delete'])) { $done = true; foreach ($_POST as $key => $var) { if (substr($key, 0, 9) == "selected_") { if ((int) substr($key, 9) == ADMIN_USERID) { displayerror("You cannot delete administrator!"); continue; } $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '" . substr($key, 9) . "'"; if (mysql_query($query)) { $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "openid_users` WHERE `user_id` = '" . substr($key, 9) . "'"; if (!mysql_query($query)) { $done = false; } } else { $done = false; } } } if (!$done) { displayerror("Some problem in deleting selected users"); } return registeredUsersList($_POST['editusertype'], "edit", false); } if (isset($_POST['user_activate'])) { $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1 WHERE user_id='{$_GET['userid']}'"; if (mysql_query($query)) { displayInfo("User Successfully Activated!"); } else { displayerror("User Not Activated!"); } return registeredUsersList($_POST['editusertype'], "edit", false); } else { if (isset($_POST['activate_all_users'])) { $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1"; if (mysql_query($query)) { displayInfo("All users activated successfully!"); } else { displayerror("Users Not Deactivated!"); } return; } else { if (isset($_POST['user_deactivate'])) { if ($_GET['userid'] == ADMIN_USERID) { displayError("You cannot deactivate administrator!"); return registeredUsersList($_POST['editusertype'], "edit", false); } $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id='{$_GET['userid']}'"; if (mysql_query($query)) { displayInfo("User Successfully Deactivated!"); } else { displayerror("User Not Deactivated!"); } return registeredUsersList($_POST['editusertype'], "edit", false); } else { if (isset($_POST['deactivate_all_users'])) { $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id != " . ADMIN_USERID; if (mysql_query($query)) { displayInfo("All users deactivated successfully except Administrator!"); } else { displayerror("Users Not Deactivated!"); } return; } else { if (isset($_POST['user_delete'])) { $userId = $_GET['userid']; if ($userId == ADMIN_USERID) { displayError("You cannot delete administrator!"); return registeredUsersList($_POST['editusertype'], "edit", false); } $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '{$userId}'"; if (mysql_query($query)) { $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "openid_users` WHERE `user_id` = '{$userId}'"; if (mysql_query($query)) { displayinfo("User Successfully Deleted!"); } else { displayerror("User not deleted from OpenID database!"); } } else { displayerror("User Not Deleted!"); } return registeredUsersList($_POST['editusertype'], "edit", false); } else { if (isset($_POST['user_info']) || isset($_POST['user_info_update'])) { if (isset($_POST['user_info_update'])) { $updates = array(); $userId = $_GET['userid']; $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='{$userId}'"; $row = mysql_fetch_assoc(mysql_query($query)); $errors = false; if (isset($_POST['user_name']) && $row['user_name'] != $_POST['user_name']) { $chkquery = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_name`='" . escape($_POST['user_name']) . "'"; $result = mysql_query($chkquery) or die("failed : {$chkquery}"); if (mysql_num_rows($result) > 0) { displayerror("User Name already exists in database!"); $errors = true; } } if (isset($_POST['user_name']) && $_POST['user_name'] != '' && $_POST['user_name'] != $row['user_name']) { $updates[] = "`user_name` = '" . escape($_POST['user_name']) . "'"; } if (isset($_POST['user_email']) && $_POST['user_email'] != '' && $_POST['user_email'] != $row['user_email']) { $updates[] = "`user_email` = '" . escape($_POST['user_email']) . "'"; } if (isset($_POST['user_fullname']) && $_POST['user_fullname'] != '' && $_POST['user_fullname'] != $row['user_fullname']) { $updates[] = "`user_fullname` = '" . escape($_POST['user_fullname']) . "'"; } if ($_POST['user_password'] != '') { if ($_POST['user_password'] != $_POST['user_password2']) { displayerror('Error! The New Password you entered does not match the password you typed in the Confirmation Box.'); $errors = true; } else { if (md5($_POST['user_password']) != $row['user_password']) { $updates[] = "`user_password` = MD5('{$_POST['user_password']}')"; } } } if (isset($_POST['user_regdate']) && $_POST['user_regdate'] != '' && $_POST['user_regdate'] != $row['user_regdate']) { $updates[] = "`user_regdate` = '" . escape($_POST['user_regdate']) . "'"; } if (isset($_POST['user_lastlogin']) && $_POST['user_lastlogin'] != '' && $_POST['user_lastlogin'] != $row['user_lastlogin']) { $updates[] = "`user_lastlogin` = '" . escape($_POST['user_lastlogin']) . "'"; } if ($_GET['userid'] != ADMIN_USERID && (isset($_POST['user_activated']) ? 1 : 0) != $row['user_activated']) { $checked = isset($_POST['user_activated']) ? 1 : 0; $updates[] = "`user_activated` = {$checked}"; } if (isset($_POST['user_loginmethod']) && $_POST['user_loginmethod'] != '' && $_POST['user_loginmethod'] != $row['user_loginmethod']) { $updates[] = "`user_loginmethod` = '" . escape($_POST['user_loginmethod']) . "'"; if ($_POST['user_loginmethod'] != 'db') { displaywarning("Please make sure " . strtoupper(escape($_POST['user_loginmethod'])) . " is configured properly, otherwise the user will not be able to login to the website."); } } if (!$errors) { if (count($updates) > 0) { $profileQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'users` SET ' . join($updates, ', ') . " WHERE `user_id` = " . escape($_GET['userid']) . "'"; $profileResult = mysql_query($profileQuery); if (!$profileResult) { displayerror('An error was encountered while attempting to process your request.' . $profileQuery); $errors = true; } } global $sourceFolder, $moduleFolder; require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php"; require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php"; if (!$errors && !submitRegistrationForm(0, $userId, true, true)) { displayerror('An error was encountered while attempting to process your request.' . $profileQuery); $errors = true; } else { displayinfo('All fields updated successfully!'); } } } $userid = $_GET['userid']; $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`={$userid}"; $columnList = getColumnList(0, false, false, false, false, false); $xcolumnIds = array_keys($columnList); $xcolumnNames = array_values($columnList); $row = mysql_fetch_assoc(mysql_query($query)); $userfieldprettynames = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method"); $userinfo = "<fieldset><legend>Edit User Information</legend><form name='user_info_edit' action='./+admin&subaction=useradmin&userid={$userid}' method='post'>"; $usertablefields = array_merge(getTableFieldsName('users'), $xcolumnNames); for ($i = 0; $i < count($usertablefields); $i++) { if (isset($_POST[$usertablefields[$i] . '_sel'])) { $userinfo .= "<input type='hidden' name='{$usertablefields[$i]}_sel' value='checked'/>"; } } $userinfo .= "<input type='hidden' name='not_first_time' />"; $userinfo .= userProfileForm($userfieldprettynames, $row, false, true); $userinfo .= "<input type='submit' value='Update' name='user_info_update' />\n\t\t<input type='reset' value='Reset' /></form></fieldset>"; return $userinfo; } else { if (isset($_POST['view_reg_users']) || isset($_POST['save_reg_users_excel'])) { return registeredUsersList("all", "view", false); } else { if (isset($_POST['edit_reg_users'])) { return registeredUsersList("all", "edit", false); } else { if (isset($_POST['view_activated_users']) || isset($_POST['save_activated_users_excel'])) { return registeredUsersList("activated", "view", false); } else { if (isset($_POST['edit_activated_users'])) { return registeredUsersList("activated", "edit", false); } else { if (isset($_POST['view_nonactivated_users']) || isset($_POST['save_nonactivated_users_excel'])) { return registeredUsersList("nonactivated", "view", false); } else { if (isset($_POST['edit_nonactivated_users'])) { return registeredUsersList("nonactivated", "edit", false); } else { if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'search') { $results = ""; $userfieldprettynames = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method"); $usertablefields = getTableFieldsName('users'); $first = true; $qstring = ""; foreach ($usertablefields as $field) { if (isset($_POST[$field]) && $_POST[$field] != '') { if ($first == false) { $qstring .= $_POST['user_search_op'] == 'and' ? " AND " : " OR "; } $val = escape($_POST[$field]); if ($field == 'user_activated') { ${$field . '_lastval'} = $val = isset($_POST[$field]) ? 1 : 0; } else { ${$field . '_lastval'} = $val; } $qstring .= "`{$field}` LIKE CONVERT( _utf8 '%{$val}%'USING latin1 ) "; $first = false; } } if ($qstring != "") { $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE {$qstring} "; $resultSearch = mysql_query($query); if (mysql_num_rows($resultSearch) > 0) { $num = mysql_num_rows($resultSearch); $userInfo = array(); while ($row = mysql_fetch_assoc($resultSearch)) { $userInfo['user_id'][] = $row['user_id']; $userInfo['user_name'][] = $row['user_name']; $userInfo['user_email'][] = $row['user_email']; $userInfo['user_fullname'][] = $row['user_fullname']; $userInfo['user_password'][] = $row['user_password']; $userInfo['user_lastlogin'][] = $row['user_lastlogin']; $userInfo['user_regdate'][] = $row['user_regdate']; $userInfo['user_activated'][] = $row['user_activated']; $userInfo['user_loginmethod'][] = $row['user_loginmethod']; } $results = registeredUsersList("all", "edit", false, $userInfo); } else { displayerror("No users matched your query!"); } } $searchForm = "<form name='user_search_form' action='./+admin&subaction=useradmin&subsubaction=search' method='POST'><h3>Search User</h3>"; $xcolumnNames = array_keys(getColumnList(0, false, false, false, false, false)); $usertablefields2 = array_merge($usertablefields, $xcolumnNames); for ($i = 0; $i < count($usertablefields2); $i++) { if (isset($_POST[$usertablefields2[$i] . '_sel'])) { $searchForm .= "<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>"; } } $searchForm .= "<input type='hidden' name='not_first_time' />"; $infoarray = array(); foreach ($usertablefields as $field) { if (isset(${$field . '_lastval'})) { $infoarray[$field] = ${$field . '_lastval'}; } else { $infoarray[$field] = ""; } } $searchForm .= userProfileForm($userfieldprettynames, $infoarray, true, false); $searchForm .= "Operation : <input type='radio' name='user_search_op' value='and' />AND <input type='radio' name='user_search_op' value='or' checked='true' />OR<br/><br/><input type='submit' onclick name='user_search_submit' value='Search' /><input type='reset' value='Clear' /></form>"; return $results . $searchForm; } else { if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'create') { $userfieldprettynamesarray = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method"); $usertablefields = getTableFieldsName('users'); if (isset($_POST['create_user_submit'])) { $incomplete = false; foreach ($usertablefields as $field) { if ($field != 'user_regdate' && $field != 'user_lastlogin' && $field != 'user_activated' && (isset($_POST[$field]) && $_POST[$field] == "")) { displayerror("New user could not be created. Some fields are missing!{$field}"); $incomplete = true; break; } ${$field} = escape($_POST[$field]); } if (!$incomplete) { $user_id = $_GET['userid']; $chkquery = "SELECT COUNT(user_id) FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='{$user_id}' OR `user_name`='{$user_name}' OR `user_email`='{$user_email}'"; $result = mysql_query($chkquery); $row = mysql_fetch_row($result); if ($row[0] > 0) { displayerror("Another user with the same name or email already exists!"); } else { if ($user_password != $_POST['user_password2']) { displayerror("Passwords mismatch!"); } else { if (isset($_POST['user_activated'])) { $user_activated = 1; } $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` (`user_id` ,`user_name` ,`user_email` ,`user_fullname` ,`user_password` ,`user_regdate` ,`user_lastlogin` ,`user_activated`,`user_loginmethod`)VALUES ('{$user_id}' ,'{$user_name}' ,'{$user_email}' ,'{$user_fullname}' , MD5('{$user_password}') ,CURRENT_TIMESTAMP , '', '{$user_activated}','{$user_loginmethod}')"; $result = mysql_query($query) or die(mysql_error()); global $sourceFolder, $moduleFolder; require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php"; require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php"; if (mysql_affected_rows() && submitRegistrationForm(0, $user_id, true, true)) { displayinfo("User {$user_fullname} Successfully Created!"); } else { displayerror("Failed to create user"); } } } } } $nextUserId = getNextUserId(); $userForm = "<form name='user_create_form' action='./+admin&subaction=useradmin&subsubaction=create&userid={$nextUserId}' method='POST'><h3>Create New User</h3>"; $xcolumnNames = array_values(getColumnList(0, false, false, false, false, false)); $usertablefields2 = array_merge($usertablefields, $xcolumnNames); $calpath = "{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}"; $userForm .= '<link rel="stylesheet" type="text/css" media="all" href="' . $calpath . '/form/calendar/calendar.css" title="Aqua" />' . '<script type="text/javascript" src="' . $calpath . '/form/calendar/calendar.js"></script>'; for ($i = 0; $i < count($usertablefields2); $i++) { if (isset($_POST[$usertablefields2[$i] . '_sel'])) { $userForm .= "<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>"; } } $userForm .= "<input type='hidden' name='not_first_time' />"; $infoarray = array(); foreach ($usertablefields as $field) { $infoarray[$field] = ""; } $infoarray['user_id'] = $nextUserId; $userForm .= userProfileForm($userfieldprettynamesarray, $infoarray, false, true); $userForm .= "<input type='submit' onclick name='create_user_submit' value='Create' /><input type='reset' value='Clear' /></form>"; return $userForm; } } } } } } } } } } } } } } }
function register() { ///registration formmessenger global $uploadFolder, $sourceFolder, $moduleFolder, $urlRequestRoot; require "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php"; require "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php"; if (!isset($_GET['key']) && !isset($_GET['reSendKey']) && !isset($_POST['user_email'])) { return getRegistrationForm(); } elseif (isset($_GET['reSendKey']) && !isset($_POST['resend_key_email']) && SEND_MAIL_ON_REGISTRATION) { $reSendForm = <<<FORM <form class="cms-registrationform" method="POST" name="user_resend_key" onsubmit="return checkForm(this)" action="./+login&subaction=register&reSendKey"> <fieldset> <legend>Resend Activation Link</legend> <table> \t\t<tr> \t\t\t<td><label for="resend_key_email" class="labelrequired">Email</label></td> \t\t\t<td><input type="text" name="resend_key_email" id="resend_key_email" class="required" onchange="if(this.length!=0) return checkEmail(this);"/><br /></td> \t\t</tr> \t\t<tr> \t\t\t<td colspan="2"> </td> \t\t</tr> \t\t<tr> \t\t\t<td><input type="submit" id="submitbutton" value="Submit"></td> \t\t\t<td><a href="./+login&subaction=register">Sign Up</a> <a href="./+login">Login?</a></td> \t\t</tr> \t</table> \t</fieldset> </form> FORM; return $reSendForm; } elseif (isset($_POST['resend_key_email'])) { $email = escape($_POST['resend_key_email']); $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='{$email}' "; $result = mysql_query($query) or displayerror(mysql_error() . "registration L:131"); if (!mysql_num_rows($result)) { displayinfo("This email-id has not yet been registered. Kindly <a href=\"./+login&subaction=register\">register</a>."); } else { $temp = mysql_fetch_assoc($result); if ($temp['user_activated'] == 1) { displayinfo("E-mail {$email} has already been verified.<a href=\"./+login\"> Login</a> <a href=\"./+login&subaction=resetPasswd\">Forgot Password?</a>"); } else { $key = getVerificationKey($email, $temp['user_password'], $temp['user_regdate']); // send mail code starts here - see common.lib.php for more $from = "from: " . CMS_TITLE . " <" . CMS_EMAIL . ">"; $to = "{$email}"; $mailtype = "activation_mail"; $messenger = new messenger(false); global $onlineSiteUrl; $messenger->assign_vars(array('ACTIVATE_URL' => "{$onlineSiteUrl}/+login&subaction=register&verify={$to}&key={$key}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl)); if ($messenger->mailer($to, $mailtype, $key, $from)) { displayinfo("Activation link resent. Kindly check your e-mail for activation link."); } else { displayerror("Activation link resending failure. Kindly contact administrator"); } // send mail code ends here } } } elseif (isset($_GET['key'])) { $emailId = escape($_GET['verify']); $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='{$emailId}'"; $result = mysql_query($query) or displayerror(mysql_error() . "registration L:76"); $temp = mysql_fetch_assoc($result); if ($temp['user_activated'] == 1) { displayinfo("E-mail " . escape($_GET[verify]) . " has already been verified"); } else { if ($_GET['key'] == getVerificationKey($_GET['verify'], $temp['user_password'], $temp['user_regdate'])) { $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_activated`=1 WHERE `user_email`='{$emailId}'"; mysql_query($query) or die(mysql_error()); if (mysql_affected_rows() > 0) { displayinfo("Your e-mail " . escape($_GET[verify]) . " has been verified. Now you can fill your profile information by clicking <a href=\"./+profile\">here</a> or by clicking on the preferences link in the action bar any time you are logged in."); } else { displayerror("Verification error for " . escape($_GET[verify]) . ". Please contact administrator"); } } else { displayerror("Verification error for " . escape($_GET[verify]) . ". Please contact administrator"); } } } else { if ($_POST['user_email'] == "" || $_POST['user_password'] == "") { displayerror("Blank e-mail/password NOT allowed"); return getRegistrationForm(); } if ($_POST['user_name'] == "" || $_POST['user_fullname'] == "") { displayerror("Please fill in your user name and Full name"); return getRegistrationForm(); } if (!preg_match("/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/i", $_POST['user_email'])) { displayerror("Invalid Email Id"); return getRegistrationForm(); } if ($_POST['user_password'] != $_POST['user_repassword']) { displayerror("Passwords are not same"); return getRegistrationForm(); } if (submitCaptcha() == false) { return getRegistrationForm(); } /*For new registrations*/ $umail = escape($_POST['user_email']); $umail = trim($umail); $isValid = check_email($umail); if (!$isValid) { displayerror("Your E-Mail Provoider has been blackilisted. Please Use another email id or contact the website administrator"); return getRegistrationForm(); } $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='" . $umail . "'"; $result = mysql_query($query) or displayerror(mysql_error() . "in registration L:115"); if (mysql_num_rows($result)) { displaywarning("Email already exists in database. Please use a different e-mail."); return getRegistrationForm(); } else { $passwd = md5($_POST['user_password']); $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`) " . "VALUES ('" . escape($_POST['user_name']) . "', '" . escape($_POST['user_email']) . "', '" . escape($_POST['user_fullname']) . "', '{$passwd}', " . ACTIVATE_USER_ON_REG . ")"; $result = mysql_query($query); $query1 = "SELECT `user_id` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email` ='" . escape($_POST['user_email']) . "' LIMIT 1"; $result1 = mysql_query($query1); $result1 = mysql_fetch_array($result1); $form_result = submitRegistrationForm(0, $result1[0], true, true); if (!$form_result) { $query1 = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '" . $result1[0] . "'"; $result = mysql_query($query1); return getRegistrationForm(); } if ($result) { if (ACTIVATE_USER_ON_REG) { displayinfo("You have been successfully registered. You can now <a href=\"./+login\">log in</a>."); } else { displayinfo("Your registration was successful but your account is not activated yet. Kindly check your email, or wait for the website administrator to activate you."); } } if (SEND_MAIL_ON_REGISTRATION) { $email = $umail; $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='{$email}' "; $result = mysql_query($query) or displayerror(mysql_error() . "registration L:211"); $temp = mysql_fetch_assoc($result); $key = getVerificationKey($email, $temp['user_password'], $temp['user_regdate']); // send mail code starts here - see common.lib.php for more $from = "from: " . CMS_TITLE . " <" . CMS_EMAIL . ">"; $to = "{$email}"; $mailtype = "activation_mail"; $messenger = new messenger(false); global $onlineSiteUrl; $messenger->assign_vars(array('ACTIVATE_URL' => "{$onlineSiteUrl}/+login&subaction=register&verify={$to}&key={$key}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl)); if ($messenger->mailer($to, $mailtype, $key, $from)) { displayinfo("Kindly check your e-mail for activation link."); } else { displayerror("Activation link sending failure. Kindly contact administrator"); } // send mail code ends here } } } }