function profile($userId, $forEditRegistrant = false)
{
global $sourceFolder, $moduleFolder;
if (isset($_POST['profileimgaction']) && $_POST['profileimgaction'] == 'uploadnew') {
require_once "{$sourceFolder}/upload.lib.php";
//Upload profile image
$allowableTypes = array('jpeg', 'jpg', 'png', 'gif');
$fakeModuleComponentId = $userId;
$uploadSuccess = submitFileUploadForm($fakeModuleComponentId, "profile", $userId, 512 * 1024, $allowableTypes, 'profileimage');
if (!is_array($uploadSuccess) && $uploadSuccess === false) {
displayerror("Profile image could not be uploaded. Maximum size should be 512 KB.");
} else {
if (is_array($uploadSuccess)) {
//Deleting old profile image
$profileimgnames = getUploadedFiles($fakeModuleComponentId, 'profile');
foreach ($profileimgnames as $img) {
if ($img['upload_filename'] != $uploadSuccess[0]) {
deleteFile($fakeModuleComponentId, 'profile', $img['upload_filename']);
}
}
}
}
} else {
if (isset($_POST['profileimgaction']) && $_POST['profileimgaction'] == 'noimage') {
require_once "{$sourceFolder}/upload.lib.php";
$fakeModuleComponentId = $userId;
$profileimgnames = getUploadedFiles($fakeModuleComponentId, 'profile');
foreach ($profileimgnames as $img) {
deleteFile($fakeModuleComponentId, 'profile', $img['upload_filename']);
}
}
}
/// Retrieve existing information
$profileQuery = 'SELECT `user_name`, `user_fullname`, `user_password` FROM `' . MYSQL_DATABASE_PREFIX . 'users` WHERE `user_id` = \'' . $userId . "'";
$profileResult = mysql_query($profileQuery);
if (!$profileResult) {
displayerror('An error occurred while trying to process your request.<br />' . mysql_error() . '<br />' . $profileQuery);
return '';
}
$profileRow = mysql_fetch_row($profileResult);
$newUserName = $userName = $profileRow[0];
$newUserFullname = $userFullname = $profileRow[1];
$userPassword = $profileRow[2];
require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php";
require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php";
/// Check if the user is trying to see the profile form, or has already submitted it
if (isset($_POST['btnSubmitProfile'])) {
if ($forEditRegistrant || !isProfileFormCaptchaEnabled() || submitCaptcha()) {
if (!$forEditRegistrant) {
$passwordValidated = false;
if (isset($_POST['user_password']) && $_POST['user_password'] != '' && md5($_POST['user_password']) == $userPassword) {
$passwordValidated = true;
}
}
$updates = array();
if (isset($_POST['user_name']) && $_POST['user_name'] != '' && $_POST['user_name'] != $userName) {
$updates[] = "`user_name` = '" . escape($_POST['user_name']) . "'";
$newUserName = escape($_POST['user_name']);
}
if (isset($_POST['user_fullname']) && $_POST['user_fullname'] != '' && $_POST['user_fullname'] != $userFullname) {
$updates[] = "`user_fullname` = '" . escape($_POST['user_fullname']) . "'";
$newUserFullname = escape($_POST['user_fullname']);
}
$errors = true;
if (!$forEditRegistrant && $_POST['user_newpassword'] != '') {
if (!$passwordValidated) {
displayerror('Error! The current password you entered was incorrect.');
} elseif ($_POST['user_newpassword'] != $_POST['user_newrepassword']) {
displayerror('Error! The New Password you entered does not match the password you typed in the Confirmation Box.');
} elseif ($_POST['user_newpassword'] == $_POST['user_password']) {
displayerror('Error! The old and new passwords are the same.');
} else {
$updates[] = "`user_password` = MD5('" . escape($_POST['user_newpassword']) . "')";
$errors = false;
}
} else {
$errors = false;
}
if (count($updates) > 0) {
$profileQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'users` SET ' . join($updates, ', ') . " WHERE `user_id` = '{$userId}'";
$profileResult = mysql_query($profileQuery);
if (!$profileResult) {
displayerror('An error was encountered while attempting to process your request.');
$errors = true;
}
$userName = $newUserName;
$userFullname = $newUserFullname;
if (!$forEditRegistrant) {
setAuth($userId);
}
}
$errors = !submitRegistrationForm(0, $userId, true, true) || $errors;
if (!$errors) {
displayinfo('All fields updated successfully!<br />' . '<input type="button" onclick="history.go(-2)" value="Go back" />');
}
}
}
return getProfileForm($userId, $userName, $userFullname, $forEditRegistrant);
}
public function actionEditregistrants()
{
/**
* After view registrants completes, generateFormDataRow() will be used here also
* then manually prepend the "delete" button and "edit" button columns
*
* After generateFormDataTable() completes, move the code to generate the top header row (with the sort
* by this column images) to a new function and call it here also and manually prepened two <th>s of
* delete and edit
*
* The delete button should point to a subaction through get vars
*
* Clicking edit button, should do something like edit in 2nd form in "editform" does with a twist :
* to generate the edit form simply call generateRegistrationForm($moduleCompId,$userId,$action=)
* with action ./+editregistrants&subaction=editregistrant&useremail=<useremail>
*
* and when submitted call submitRegistrationForm()
*/
global $sourceFolder, $moduleFolder;
if (isset($_GET['subaction']) && isset($_GET['useremail'])) {
if ($_GET['subaction'] == 'edit') {
if (isset($_POST['submitreg_form_' . $this->moduleComponentId])) {
submitRegistrationForm($this->moduleComponentId, getUserIdFromEmail(escape($_GET['useremail'])), true, true);
}
return '<a href="./+editregistrants">« Back</a><br />' . generateRegistrationForm($this->moduleComponentId, $this->userId, './+editregistrants&subaction=edit&useremail=' . escape($_GET['useremail']), true) . '<br /><a href="./+editregistrants">« Back</a><br />';
} elseif ($_GET['subaction'] == 'delete') {
if ($_GET['useremail'] == "Anonymous") {
$userIdTemp = escape($_GET['registrantid']);
} else {
$userIdTemp = getUserIdFromEmail(escape($_GET['useremail']));
}
if (!unregisterUser($this->moduleComponentId, $userIdTemp)) {
displayerror('Error! User with the given e-mail ' . escape($_GET['useremail']) . ' was not found.');
}
}
} elseif (isset($_GET['subaction']) && $_GET['subaction'] == 'getsuggestions' && isset($_GET['forwhat'])) {
echo $this->getUnregisteredUsersFromPattern(escape($_GET['forwhat']));
disconnect();
exit;
} elseif (isset($_POST['btnAddUserToForm']) && isset($_POST['useremail'])) {
$hyphenPos = strpos($_POST['useremail'], '-');
if ($hyphenPos >= 0) {
$userEmail = escape(trim(substr($_POST['useremail'], 0, $hyphenPos - 1)));
} else {
$userEmail = escape($_POST['useremail']);
}
$targetUserId = getUserIdFromEmail($userEmail);
if ($targetUserId > 0) {
if (verifyUserRegistered($this->moduleComponentId, $targetUserId)) {
displayerror('The given user is already registered to this form.');
} else {
registerUser($this->moduleComponentId, $targetUserId);
}
} else {
displayerror('A user registered with the e-mail ID you entered was not found.');
}
} elseif (isset($_POST['btnEmptyRegistrants'])) {
$registeredUsers = form::getRegisteredUserArray($this->moduleComponentId);
$registeredUserCount = count($registeredUsers);
for ($i = 0; $i < $registeredUserCount; $i++) {
unregisterUser($this->moduleComponentId, $registeredUsers[$i], true);
}
displayinfo('All registrations to this form have been deleted.');
}
$sortField = 'registrationdate';
/// Default Values
$sortOrder = 'asc';
if (isset($_GET['sortfield'])) {
$sortField = escape($_GET['sortfield']);
}
if (isset($_GET['sortorder']) && ($_GET['sortorder'] == 'asc' || $_GET['sortorder'] == 'desc')) {
$sortOrder = escape($_GET['sortorder']);
}
global $ICONS;
$html = generateFormDataTable($this->moduleComponentId, $sortField, $sortOrder, 'editregistrants');
return "<fieldset><legend>{$ICONS['Form Registrants']['small']}Edit Form Registrants</legend>{$html}</fieldset>";
}
function handleUserMgmt()
{
global $urlRequestRoot, $cmsFolder, $moduleFolder, $templateFolder, $sourceFolder;
require_once "{$sourceFolder}/{$moduleFolder}/form/viewregistrants.php";
if (isset($_GET['userid'])) {
$_GET['userid'] = escape($_GET['userid']);
}
if (isset($_POST['editusertype'])) {
$_POST['editusertype'] = escape($_POST['editusertype']);
}
if (isset($_POST['user_selected_activate'])) {
foreach ($_POST as $key => $var) {
if (substr($key, 0, 9) == "selected_") {
if (!mysql_query("UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1 WHERE user_id='" . substr($key, 9) . "'")) {
$result = mysql_query("SELECT `user_fullname` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='" . substr($key, 9) . "'");
if ($result) {
$row = mysql_fetch_assoc($result);
displayerror("Couldn't activate user, {$row['user_fullname']}");
}
}
}
}
return registeredUsersList($_POST['editusertype'], "edit", false);
}
if (isset($_POST['user_selected_deactivate'])) {
foreach ($_POST as $key => $var) {
if (substr($key, 0, 9) == "selected_") {
if ((int) substr($key, 9) == ADMIN_USERID) {
displayerror("You cannot deactivate administrator!");
continue;
}
if (!mysql_query("UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id='" . substr($key, 9) . "'")) {
$result = mysql_query("SELECT `user_fullname` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='" . substr($key, 9) . "'");
if ($result) {
$row = mysql_fetch_assoc($result);
displayerror("Couldn't deactivate user, {$row['user_fullname']}");
}
}
}
}
return registeredUsersList($_POST['editusertype'], "edit", false);
}
if (isset($_POST['user_selected_delete'])) {
$done = true;
foreach ($_POST as $key => $var) {
if (substr($key, 0, 9) == "selected_") {
if ((int) substr($key, 9) == ADMIN_USERID) {
displayerror("You cannot delete administrator!");
continue;
}
$query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '" . substr($key, 9) . "'";
if (mysql_query($query)) {
$query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "openid_users` WHERE `user_id` = '" . substr($key, 9) . "'";
if (!mysql_query($query)) {
$done = false;
}
} else {
$done = false;
}
}
}
if (!$done) {
displayerror("Some problem in deleting selected users");
}
return registeredUsersList($_POST['editusertype'], "edit", false);
}
if (isset($_POST['user_activate'])) {
$query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1 WHERE user_id='{$_GET['userid']}'";
if (mysql_query($query)) {
displayInfo("User Successfully Activated!");
} else {
displayerror("User Not Activated!");
}
return registeredUsersList($_POST['editusertype'], "edit", false);
} else {
if (isset($_POST['activate_all_users'])) {
$query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1";
if (mysql_query($query)) {
displayInfo("All users activated successfully!");
} else {
displayerror("Users Not Deactivated!");
}
return;
} else {
if (isset($_POST['user_deactivate'])) {
if ($_GET['userid'] == ADMIN_USERID) {
displayError("You cannot deactivate administrator!");
return registeredUsersList($_POST['editusertype'], "edit", false);
}
$query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id='{$_GET['userid']}'";
if (mysql_query($query)) {
displayInfo("User Successfully Deactivated!");
} else {
displayerror("User Not Deactivated!");
}
return registeredUsersList($_POST['editusertype'], "edit", false);
} else {
if (isset($_POST['deactivate_all_users'])) {
$query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id != " . ADMIN_USERID;
if (mysql_query($query)) {
displayInfo("All users deactivated successfully except Administrator!");
} else {
displayerror("Users Not Deactivated!");
}
return;
} else {
if (isset($_POST['user_delete'])) {
$userId = $_GET['userid'];
if ($userId == ADMIN_USERID) {
displayError("You cannot delete administrator!");
return registeredUsersList($_POST['editusertype'], "edit", false);
}
$query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '{$userId}'";
if (mysql_query($query)) {
$query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "openid_users` WHERE `user_id` = '{$userId}'";
if (mysql_query($query)) {
displayinfo("User Successfully Deleted!");
} else {
displayerror("User not deleted from OpenID database!");
}
} else {
displayerror("User Not Deleted!");
}
return registeredUsersList($_POST['editusertype'], "edit", false);
} else {
if (isset($_POST['user_info']) || isset($_POST['user_info_update'])) {
if (isset($_POST['user_info_update'])) {
$updates = array();
$userId = $_GET['userid'];
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='{$userId}'";
$row = mysql_fetch_assoc(mysql_query($query));
$errors = false;
if (isset($_POST['user_name']) && $row['user_name'] != $_POST['user_name']) {
$chkquery = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_name`='" . escape($_POST['user_name']) . "'";
$result = mysql_query($chkquery) or die("failed : {$chkquery}");
if (mysql_num_rows($result) > 0) {
displayerror("User Name already exists in database!");
$errors = true;
}
}
if (isset($_POST['user_name']) && $_POST['user_name'] != '' && $_POST['user_name'] != $row['user_name']) {
$updates[] = "`user_name` = '" . escape($_POST['user_name']) . "'";
}
if (isset($_POST['user_email']) && $_POST['user_email'] != '' && $_POST['user_email'] != $row['user_email']) {
$updates[] = "`user_email` = '" . escape($_POST['user_email']) . "'";
}
if (isset($_POST['user_fullname']) && $_POST['user_fullname'] != '' && $_POST['user_fullname'] != $row['user_fullname']) {
$updates[] = "`user_fullname` = '" . escape($_POST['user_fullname']) . "'";
}
if ($_POST['user_password'] != '') {
if ($_POST['user_password'] != $_POST['user_password2']) {
displayerror('Error! The New Password you entered does not match the password you typed in the Confirmation Box.');
$errors = true;
} else {
if (md5($_POST['user_password']) != $row['user_password']) {
$updates[] = "`user_password` = MD5('{$_POST['user_password']}')";
}
}
}
if (isset($_POST['user_regdate']) && $_POST['user_regdate'] != '' && $_POST['user_regdate'] != $row['user_regdate']) {
$updates[] = "`user_regdate` = '" . escape($_POST['user_regdate']) . "'";
}
if (isset($_POST['user_lastlogin']) && $_POST['user_lastlogin'] != '' && $_POST['user_lastlogin'] != $row['user_lastlogin']) {
$updates[] = "`user_lastlogin` = '" . escape($_POST['user_lastlogin']) . "'";
}
if ($_GET['userid'] != ADMIN_USERID && (isset($_POST['user_activated']) ? 1 : 0) != $row['user_activated']) {
$checked = isset($_POST['user_activated']) ? 1 : 0;
$updates[] = "`user_activated` = {$checked}";
}
if (isset($_POST['user_loginmethod']) && $_POST['user_loginmethod'] != '' && $_POST['user_loginmethod'] != $row['user_loginmethod']) {
$updates[] = "`user_loginmethod` = '" . escape($_POST['user_loginmethod']) . "'";
if ($_POST['user_loginmethod'] != 'db') {
displaywarning("Please make sure " . strtoupper(escape($_POST['user_loginmethod'])) . " is configured properly, otherwise the user will not be able to login to the website.");
}
}
if (!$errors) {
if (count($updates) > 0) {
$profileQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'users` SET ' . join($updates, ', ') . " WHERE `user_id` = " . escape($_GET['userid']) . "'";
$profileResult = mysql_query($profileQuery);
if (!$profileResult) {
displayerror('An error was encountered while attempting to process your request.' . $profileQuery);
$errors = true;
}
}
global $sourceFolder, $moduleFolder;
require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php";
require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php";
if (!$errors && !submitRegistrationForm(0, $userId, true, true)) {
displayerror('An error was encountered while attempting to process your request.' . $profileQuery);
$errors = true;
} else {
displayinfo('All fields updated successfully!');
}
}
}
$userid = $_GET['userid'];
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`={$userid}";
$columnList = getColumnList(0, false, false, false, false, false);
$xcolumnIds = array_keys($columnList);
$xcolumnNames = array_values($columnList);
$row = mysql_fetch_assoc(mysql_query($query));
$userfieldprettynames = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method");
$userinfo = "<fieldset><legend>Edit User Information</legend><form name='user_info_edit' action='./+admin&subaction=useradmin&userid={$userid}' method='post'>";
$usertablefields = array_merge(getTableFieldsName('users'), $xcolumnNames);
for ($i = 0; $i < count($usertablefields); $i++) {
if (isset($_POST[$usertablefields[$i] . '_sel'])) {
$userinfo .= "<input type='hidden' name='{$usertablefields[$i]}_sel' value='checked'/>";
}
}
$userinfo .= "<input type='hidden' name='not_first_time' />";
$userinfo .= userProfileForm($userfieldprettynames, $row, false, true);
$userinfo .= "<input type='submit' value='Update' name='user_info_update' />\n\t\t<input type='reset' value='Reset' /></form></fieldset>";
return $userinfo;
} else {
if (isset($_POST['view_reg_users']) || isset($_POST['save_reg_users_excel'])) {
return registeredUsersList("all", "view", false);
} else {
if (isset($_POST['edit_reg_users'])) {
return registeredUsersList("all", "edit", false);
} else {
if (isset($_POST['view_activated_users']) || isset($_POST['save_activated_users_excel'])) {
return registeredUsersList("activated", "view", false);
} else {
if (isset($_POST['edit_activated_users'])) {
return registeredUsersList("activated", "edit", false);
} else {
if (isset($_POST['view_nonactivated_users']) || isset($_POST['save_nonactivated_users_excel'])) {
return registeredUsersList("nonactivated", "view", false);
} else {
if (isset($_POST['edit_nonactivated_users'])) {
return registeredUsersList("nonactivated", "edit", false);
} else {
if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'search') {
$results = "";
$userfieldprettynames = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method");
$usertablefields = getTableFieldsName('users');
$first = true;
$qstring = "";
foreach ($usertablefields as $field) {
if (isset($_POST[$field]) && $_POST[$field] != '') {
if ($first == false) {
$qstring .= $_POST['user_search_op'] == 'and' ? " AND " : " OR ";
}
$val = escape($_POST[$field]);
if ($field == 'user_activated') {
${$field . '_lastval'} = $val = isset($_POST[$field]) ? 1 : 0;
} else {
${$field . '_lastval'} = $val;
}
$qstring .= "`{$field}` LIKE CONVERT( _utf8 '%{$val}%'USING latin1 ) ";
$first = false;
}
}
if ($qstring != "") {
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE {$qstring} ";
$resultSearch = mysql_query($query);
if (mysql_num_rows($resultSearch) > 0) {
$num = mysql_num_rows($resultSearch);
$userInfo = array();
while ($row = mysql_fetch_assoc($resultSearch)) {
$userInfo['user_id'][] = $row['user_id'];
$userInfo['user_name'][] = $row['user_name'];
$userInfo['user_email'][] = $row['user_email'];
$userInfo['user_fullname'][] = $row['user_fullname'];
$userInfo['user_password'][] = $row['user_password'];
$userInfo['user_lastlogin'][] = $row['user_lastlogin'];
$userInfo['user_regdate'][] = $row['user_regdate'];
$userInfo['user_activated'][] = $row['user_activated'];
$userInfo['user_loginmethod'][] = $row['user_loginmethod'];
}
$results = registeredUsersList("all", "edit", false, $userInfo);
} else {
displayerror("No users matched your query!");
}
}
$searchForm = "<form name='user_search_form' action='./+admin&subaction=useradmin&subsubaction=search' method='POST'><h3>Search User</h3>";
$xcolumnNames = array_keys(getColumnList(0, false, false, false, false, false));
$usertablefields2 = array_merge($usertablefields, $xcolumnNames);
for ($i = 0; $i < count($usertablefields2); $i++) {
if (isset($_POST[$usertablefields2[$i] . '_sel'])) {
$searchForm .= "<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>";
}
}
$searchForm .= "<input type='hidden' name='not_first_time' />";
$infoarray = array();
foreach ($usertablefields as $field) {
if (isset(${$field . '_lastval'})) {
$infoarray[$field] = ${$field . '_lastval'};
} else {
$infoarray[$field] = "";
}
}
$searchForm .= userProfileForm($userfieldprettynames, $infoarray, true, false);
$searchForm .= "Operation : <input type='radio' name='user_search_op' value='and' />AND <input type='radio' name='user_search_op' value='or' checked='true' />OR<br/><br/><input type='submit' onclick name='user_search_submit' value='Search' /><input type='reset' value='Clear' /></form>";
return $results . $searchForm;
} else {
if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'create') {
$userfieldprettynamesarray = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method");
$usertablefields = getTableFieldsName('users');
if (isset($_POST['create_user_submit'])) {
$incomplete = false;
foreach ($usertablefields as $field) {
if ($field != 'user_regdate' && $field != 'user_lastlogin' && $field != 'user_activated' && (isset($_POST[$field]) && $_POST[$field] == "")) {
displayerror("New user could not be created. Some fields are missing!{$field}");
$incomplete = true;
break;
}
${$field} = escape($_POST[$field]);
}
if (!$incomplete) {
$user_id = $_GET['userid'];
$chkquery = "SELECT COUNT(user_id) FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='{$user_id}' OR `user_name`='{$user_name}' OR `user_email`='{$user_email}'";
$result = mysql_query($chkquery);
$row = mysql_fetch_row($result);
if ($row[0] > 0) {
displayerror("Another user with the same name or email already exists!");
} else {
if ($user_password != $_POST['user_password2']) {
displayerror("Passwords mismatch!");
} else {
if (isset($_POST['user_activated'])) {
$user_activated = 1;
}
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` (`user_id` ,`user_name` ,`user_email` ,`user_fullname` ,`user_password` ,`user_regdate` ,`user_lastlogin` ,`user_activated`,`user_loginmethod`)VALUES ('{$user_id}' ,'{$user_name}' ,'{$user_email}' ,'{$user_fullname}' , MD5('{$user_password}') ,CURRENT_TIMESTAMP , '', '{$user_activated}','{$user_loginmethod}')";
$result = mysql_query($query) or die(mysql_error());
global $sourceFolder, $moduleFolder;
require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php";
require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php";
if (mysql_affected_rows() && submitRegistrationForm(0, $user_id, true, true)) {
displayinfo("User {$user_fullname} Successfully Created!");
} else {
displayerror("Failed to create user");
}
}
}
}
}
$nextUserId = getNextUserId();
$userForm = "<form name='user_create_form' action='./+admin&subaction=useradmin&subsubaction=create&userid={$nextUserId}' method='POST'><h3>Create New User</h3>";
$xcolumnNames = array_values(getColumnList(0, false, false, false, false, false));
$usertablefields2 = array_merge($usertablefields, $xcolumnNames);
$calpath = "{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}";
$userForm .= '<link rel="stylesheet" type="text/css" media="all" href="' . $calpath . '/form/calendar/calendar.css" title="Aqua" />' . '<script type="text/javascript" src="' . $calpath . '/form/calendar/calendar.js"></script>';
for ($i = 0; $i < count($usertablefields2); $i++) {
if (isset($_POST[$usertablefields2[$i] . '_sel'])) {
$userForm .= "<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>";
}
}
$userForm .= "<input type='hidden' name='not_first_time' />";
$infoarray = array();
foreach ($usertablefields as $field) {
$infoarray[$field] = "";
}
$infoarray['user_id'] = $nextUserId;
$userForm .= userProfileForm($userfieldprettynamesarray, $infoarray, false, true);
$userForm .= "<input type='submit' onclick name='create_user_submit' value='Create' /><input type='reset' value='Clear' /></form>";
return $userForm;
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
function register()
{
///registration formmessenger
global $uploadFolder, $sourceFolder, $moduleFolder, $urlRequestRoot;
require "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php";
require "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php";
if (!isset($_GET['key']) && !isset($_GET['reSendKey']) && !isset($_POST['user_email'])) {
return getRegistrationForm();
} elseif (isset($_GET['reSendKey']) && !isset($_POST['resend_key_email']) && SEND_MAIL_ON_REGISTRATION) {
$reSendForm = <<<FORM
<form class="cms-registrationform" method="POST" name="user_resend_key" onsubmit="return checkForm(this)" action="./+login&subaction=register&reSendKey">
<fieldset>
<legend>Resend Activation Link</legend>
<table>
\t\t<tr>
\t\t\t<td><label for="resend_key_email" class="labelrequired">Email</label></td>
\t\t\t<td><input type="text" name="resend_key_email" id="resend_key_email" class="required" onchange="if(this.length!=0) return checkEmail(this);"/><br /></td>
\t\t</tr>
\t\t<tr>
\t\t\t<td colspan="2"> </td>
\t\t</tr>
\t\t<tr>
\t\t\t<td><input type="submit" id="submitbutton" value="Submit"></td>
\t\t\t<td><a href="./+login&subaction=register">Sign Up</a> <a href="./+login">Login?</a></td>
\t\t</tr>
\t</table>
\t</fieldset>
</form>
FORM;
return $reSendForm;
} elseif (isset($_POST['resend_key_email'])) {
$email = escape($_POST['resend_key_email']);
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='{$email}' ";
$result = mysql_query($query) or displayerror(mysql_error() . "registration L:131");
if (!mysql_num_rows($result)) {
displayinfo("This email-id has not yet been registered. Kindly <a href=\"./+login&subaction=register\">register</a>.");
} else {
$temp = mysql_fetch_assoc($result);
if ($temp['user_activated'] == 1) {
displayinfo("E-mail {$email} has already been verified.<a href=\"./+login\"> Login</a> <a href=\"./+login&subaction=resetPasswd\">Forgot Password?</a>");
} else {
$key = getVerificationKey($email, $temp['user_password'], $temp['user_regdate']);
// send mail code starts here - see common.lib.php for more
$from = "from: " . CMS_TITLE . " <" . CMS_EMAIL . ">";
$to = "{$email}";
$mailtype = "activation_mail";
$messenger = new messenger(false);
global $onlineSiteUrl;
$messenger->assign_vars(array('ACTIVATE_URL' => "{$onlineSiteUrl}/+login&subaction=register&verify={$to}&key={$key}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
if ($messenger->mailer($to, $mailtype, $key, $from)) {
displayinfo("Activation link resent. Kindly check your e-mail for activation link.");
} else {
displayerror("Activation link resending failure. Kindly contact administrator");
}
// send mail code ends here
}
}
} elseif (isset($_GET['key'])) {
$emailId = escape($_GET['verify']);
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='{$emailId}'";
$result = mysql_query($query) or displayerror(mysql_error() . "registration L:76");
$temp = mysql_fetch_assoc($result);
if ($temp['user_activated'] == 1) {
displayinfo("E-mail " . escape($_GET[verify]) . " has already been verified");
} else {
if ($_GET['key'] == getVerificationKey($_GET['verify'], $temp['user_password'], $temp['user_regdate'])) {
$query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_activated`=1 WHERE `user_email`='{$emailId}'";
mysql_query($query) or die(mysql_error());
if (mysql_affected_rows() > 0) {
displayinfo("Your e-mail " . escape($_GET[verify]) . " has been verified. Now you can fill your profile information by clicking <a href=\"./+profile\">here</a> or by clicking on the preferences link in the action bar any time you are logged in.");
} else {
displayerror("Verification error for " . escape($_GET[verify]) . ". Please contact administrator");
}
} else {
displayerror("Verification error for " . escape($_GET[verify]) . ". Please contact administrator");
}
}
} else {
if ($_POST['user_email'] == "" || $_POST['user_password'] == "") {
displayerror("Blank e-mail/password NOT allowed");
return getRegistrationForm();
}
if ($_POST['user_name'] == "" || $_POST['user_fullname'] == "") {
displayerror("Please fill in your user name and Full name");
return getRegistrationForm();
}
if (!preg_match("/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/i", $_POST['user_email'])) {
displayerror("Invalid Email Id");
return getRegistrationForm();
}
if ($_POST['user_password'] != $_POST['user_repassword']) {
displayerror("Passwords are not same");
return getRegistrationForm();
}
if (submitCaptcha() == false) {
return getRegistrationForm();
}
/*For new registrations*/
$umail = escape($_POST['user_email']);
$umail = trim($umail);
$isValid = check_email($umail);
if (!$isValid) {
displayerror("Your E-Mail Provoider has been blackilisted. Please Use another email id or contact the website administrator");
return getRegistrationForm();
}
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='" . $umail . "'";
$result = mysql_query($query) or displayerror(mysql_error() . "in registration L:115");
if (mysql_num_rows($result)) {
displaywarning("Email already exists in database. Please use a different e-mail.");
return getRegistrationForm();
} else {
$passwd = md5($_POST['user_password']);
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`) " . "VALUES ('" . escape($_POST['user_name']) . "', '" . escape($_POST['user_email']) . "', '" . escape($_POST['user_fullname']) . "', '{$passwd}', " . ACTIVATE_USER_ON_REG . ")";
$result = mysql_query($query);
$query1 = "SELECT `user_id` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email` ='" . escape($_POST['user_email']) . "' LIMIT 1";
$result1 = mysql_query($query1);
$result1 = mysql_fetch_array($result1);
$form_result = submitRegistrationForm(0, $result1[0], true, true);
if (!$form_result) {
$query1 = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '" . $result1[0] . "'";
$result = mysql_query($query1);
return getRegistrationForm();
}
if ($result) {
if (ACTIVATE_USER_ON_REG) {
displayinfo("You have been successfully registered. You can now <a href=\"./+login\">log in</a>.");
} else {
displayinfo("Your registration was successful but your account is not activated yet. Kindly check your email, or wait for the website administrator to activate you.");
}
}
if (SEND_MAIL_ON_REGISTRATION) {
$email = $umail;
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='{$email}' ";
$result = mysql_query($query) or displayerror(mysql_error() . "registration L:211");
$temp = mysql_fetch_assoc($result);
$key = getVerificationKey($email, $temp['user_password'], $temp['user_regdate']);
// send mail code starts here - see common.lib.php for more
$from = "from: " . CMS_TITLE . " <" . CMS_EMAIL . ">";
$to = "{$email}";
$mailtype = "activation_mail";
$messenger = new messenger(false);
global $onlineSiteUrl;
$messenger->assign_vars(array('ACTIVATE_URL' => "{$onlineSiteUrl}/+login&subaction=register&verify={$to}&key={$key}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
if ($messenger->mailer($to, $mailtype, $key, $from)) {
displayinfo("Kindly check your e-mail for activation link.");
} else {
displayerror("Activation link sending failure. Kindly contact administrator");
}
// send mail code ends here
}
}
}
}
