science-ation/user_new.php
dave 1dc1b47d05 - Fix multirole creation. If a user tries to create an account, and they
already exist, they will be guided through the process of adding a role to
  their existing account.
- Do a database update, and merge anyone who has managed to create 2 accounts
  into a single account.
- Still testing this, but it seems to be working
2007-12-12 03:01:44 +00:00

255 lines
8.2 KiB
PHP

<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2007 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require_once("common.inc.php");
require_once("user.inc.php");
$type = false;
/*
if(isset($_SESSION['users_type'])) {
send_header("Registration", array());
echo i18n("Please logout before creating a new user\n");
send_footer();
exit;
}
*/
$type = $_GET['type'];
if(!in_array($type, $user_types)) {
send_header("Registration");
echo i18n("Invalid new registration\n");
send_footer();
exit;
}
$notice = $_GET['notice'];
$action = $_GET['action'];
if($action == '') $action = $_POST['action'];
switch($type) {
case 'volunteer':
// returns "notopenyet", "closed", or "open"
$reg_open = user_volunteer_registration_status();
$reg_mode = 'open';
$reg_single_password = '';
$password_expiry_days = $config['volunteer_password_expiry_days'];
$welcome_email = "volunteer_welcome";
break;
case 'committee':
$reg_open = 'notpermitted';
$reg_mode = 'closed';
$reg_single_password = '';
$password_expiry_days = 0;
$welcome_email = false;
break;
case 'judge':
$reg_open = user_judge_registration_status();
$reg_mode = $config['judge_registration_type'];
$reg_single_password = $config['judge_registration_singlepassword'];
$password_expiry_days = $config['judges_password_expiry_days'];
$welcome_email = "register_judges_welcome";
break;
case 'student':
$reg_open = 'closed';
// $reg_mode = $config['judge_registration_type'];
// $reg_single_password = $config['judge_registration_singlepassword'];
$password_expiry_days = 0;
$welcome_email = "register_students_welcome";
break;
default:
exit;
}
$data_fn = '';
$data_ln = '';
$data_email = '';
if($reg_open != "open") {
send_header("{$user_what[$type]} - Registration",
array("{$user_what[$type]} Login" => "user_login.php?type=$type") );
echo i18n("{$user_what[$type]} registration is not open");
echo "<br />";
send_footer();
exit;
}
if($reg_mode == 'invite') {
send_header("{$user_what[$type]} - Registration",
array("{$user_what[$type]} Login" => "user_login.php?type=$type") );
echo i18n("{$user_what[$type]} is by invitation only. You can not create a new account. In order to register you must have your account created for you by the science fair committee.")."<br />";
echo i18n("Once your account is created you'll be invited via email to login and complete your {$user_what[$type]} registration information. If you have been invited already, you need to use login using the email address that you were invited with. If you need an invitation, please contact the science fair committee by sending us an email: <a href=\"mailto:%1\">%1</a>.",
array($config['fairname'],$config['fairmanageremail']));
echo "<br />";
echo "<br />";
echo "<a href=\"user_login.php?type=$type\">Back to Login</a>";
send_footer();
exit;
}
if($action == 'new') {
$create = true;
$data_fn = mysql_escape_string(stripslashes($_POST['fn']));
$data_ln = mysql_escape_string(stripslashes($_POST['ln']));
$data_email = stripslashes($_POST['email']);
$sql_email = mysql_escape_string($data_email);
$registrationpassword = $_POST['registrationpassword'];
/* Strict validate the email */
if(!user_valid_email($data_email)) {
$notice = 'email_invalid';
$data_email = '';
$create = false;
}
/* See if this email already exists */
$q = mysql_query("SELECT id,types FROM users WHERE email='$sql_email' OR username='$sql_email'");
if(mysql_num_rows($q) > 0) {
/* It already exists, make sure they're not already in this role */
$r = mysql_fetch_object($q);
$types = split(',', $r->types);
if(in_array($type, $types)) {
$notice = 'role_exists';
$create = false;
} else {
/* If they're already logged in, we can go ahead and
* add this role. We've passed all the required checks
* for creating a new user of this role.
* The user has already been warned about being logged
* out. */
if(isset($_SESSION['users_id'])) {
/* User create does last minute checks, like
* ensuring a student doesn't try to also
* register as a judge */
$u = user_load($_SESSION['users_id']);
$u = user_create($type, $u);
$_SESSION['users_type'] = $type;
header("location: user_login.php?action=logout&notice=login_multirole&redirect=roleattached");
exit;
}
/* forward the user to the login page for whatever role
* they already have (it doesn't matter), and
* setup a login role_add redirect */
header("location: user_login.php?type={$types[0]}&notice=multirole&redirect=roleadd&redirectdata=$type");
exit;
}
}
if($data_fn == '' or $data_ln == '') {
$notice = 'name_invalid';
$create = false;
}
if($create == true) {
/* Generate a password */
$password = '';
$pchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for($x=0;$x<12;$x++) $password .= $pchars{rand(0,61)};
/* Add the user */
$u = user_create($type);
$u['firstname'] = $data_fn;
$u['lastname'] = $data_ln;
$u['username'] = $data_email;
$u['password'] = $password;
$u['email'] = $data_email;
user_save($u);
/* Send the email */
email_send($welcome_email, $data_email,
array("FAIRNAME"=>i18n($config['fairname'])),
array("PASSWORD"=>$password,
"EMAIL"=>$data_email)
);
/* now redirect to the login page */
header("Location: user_login.php?type=$type&notice=created_sent");
exit;
}
}
send_header("{$user_what[$type]} - Registration",
array("{$user_what[$type]} Login" => "user_login.php?type=$type") );
switch($notice) {
case 'email_invalid':
echo '<br />';
echo error(i18n("The email address is invalid"));
echo '<br />';
break;
case 'name_invalid':
echo '<br />';
echo error(i18n("You must enter your first and last name"));
echo '<br />';
break;
case 'role_exists':
echo '<br />';
echo error(i18n("That email address has an existing {$user_what[$type]} registration"));
echo notice(i18n("Use the 'recover password' option on the {$user_what[$type]} login page if you have forgotten your password"));
echo '<br />';
break;
}
?>
<form method="post" action="user_new.php?type=<?=$type?>">
<input type="hidden" name="action" value="new" />
<table><tr><td>
<?=i18n("First Name")?>:</td><td><input type="text" size="20" name="fn" value="<?=$data_fn?>" />
</td></tr><tr><td>
<?=i18n("Last Name")?>:</td><td><input type="text" size="20" name="ln" value="<?=$data_ln?>" />
</td></tr><tr><td>
<?=i18n("Email")?>:</td><td><input type="text" size="20" name="email" value="<?=$data_email?>" />
</td></tr>
<?
if($reg_mode == 'singlepassword') {
echo "<tr><td>";
echo i18n("{$user_what[$type]} Password").":</td><td><input type=\"password\" size=\"20\" name=\"registrationpassword\" />";
echo "</td></tr>";
}
?>
<tr><td colspan=2>
<input type="submit" value=<?=i18n("Register")?> />
</td></tr>
</table>
</form>
<?
echo "<br />";
echo i18n("When you click the 'Register' button, your password will be randomly created and emailed to you. When you login for the first time you will be prompted to change your password. It can sometimes take several minutes for the email to send, so be patient.");
echo "<br />";
if($reg_mode == 'singlepassword') {
echo "<br />";
echo i18n("{$user_what[$type]} registration is protected by a password. You must know the <b>$what Password</b> in order to create an account. Please contact the committee to obtain the password if you wish to register.");
echo "<br />";
}
send_footer();
?>