register.php 12.6 KB
Newer Older
1
2
<?php
/**
Francois Marier's avatar
Francois Marier committed
3
 * Mahara: Electronic portfolio, weblog, resume builder and social networking
4
 * Copyright (C) 2006-2008 Catalyst IT Ltd (http://www.catalyst.net.nz)
5
 *
Francois Marier's avatar
Francois Marier committed
6
7
8
9
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
10
 *
Francois Marier's avatar
Francois Marier committed
11
12
13
14
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
15
 *
Francois Marier's avatar
Francois Marier committed
16
17
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18
19
20
 *
 * @package    mahara
 * @subpackage core
21
 * @author     Catalyst IT Ltd
22
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL
23
 * @copyright  (C) 2006-2008 Catalyst IT Ltd http://catalyst.net.nz
24
25
26
27
28
 *
 */

define('INTERNAL', 1);
define('PUBLIC', 1);
29
30
31
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'site');
define('SECTION_PAGE', 'register');
32
require('init.php');
33
require_once('pieforms/pieform.php');
Martyn Smith's avatar
Martyn Smith committed
34
define('TITLE', get_string('register'));
35
$key = param_alphanum('key', null);
36

37
38
39
40
41
42
43
44
45
46
47
48
/*
 * This page handles three different tasks:
 *   1) Showing a visitor the registration form
 *   2) Telling the visitor to check their e-mail for a message
 *   3) Given a key, display profile information to edit
 *
 * It uses the session to store some state
 */
if (!session_id()) {
    session_start();
}

49
50
// Logged in people can't register. If someone passes a key however, log the 
// user out and see if this key registers someone
Nigel McNie's avatar
Nigel McNie committed
51
if (is_logged_in()) {
52
53
54
55
56
57
    if ($key) {
        $USER->logout();
    }
    else {
        redirect();
    }
58
59
}

60
61
62
63
// Step two of registration (first as it's the easiest): the user has
// registered, show them a screen telling them this.
if (!empty($_SESSION['registered'])) {
    unset($_SESSION['registered']);
64
    die_info(get_string('registeredok', 'auth.internal'));
65
66
}

67
// Step three of registration - given a key register the user
68
if (isset($key)) {
69

70
71
72
73
74
    // Begin the registration form buliding
    if (!$registration = get_record_select('usr_registration', '"key" = ? AND expiry >= ?', array($key, db_format_timestamp(time())))) {
        die_info(get_string('registrationnosuchkey', 'auth.internal'));
    }

75
76
77
78
79
80
    // In case a new session has started, reset the session language
    // to the one selected during registration
    if (!empty($registration->lang)) {
        $SESSION->set('lang', $registration->lang);
    }

81
    function create_registered_user($profilefields=array()) {
82
        global $registration, $SESSION, $USER;
83
        require_once(get_config('libroot') . 'user.php');
84

85
        db_begin();
86
87
88
89

        // Move the user record to the usr table from the registration table
        $registrationid = $registration->id;
        unset($registration->id);
90
        unset($registration->expiry);
91
        if ($expirytime = get_config('defaultaccountlifetime')) {
92
93
            $registration->expiry = db_format_timestamp(time() + $expirytime);
        }
94
        $registration->lastlogin = db_format_timestamp(time());
95
96
97
98
99
100
101
102
103
104
105
106

        $authinstance = get_record('auth_instance', 'institution', $registration->institution, 'authname', 'internal');
        if (false == $authinstance) {
            // TODO: Specify exception
            throw new Exception('No internal auth instance for institution');
        }

        $user = new User();
        $user->active           = 1;
        $user->authinstance     = $authinstance->id;
        $user->firstname        = $registration->firstname;
        $user->lastname         = $registration->lastname;
107
        $user->email            = $registration->email;
108
109
110
        $user->username         = get_new_username($user->firstname . $user->lastname);
        $user->passwordchange   = 1;
        $user->salt             = substr(md5(rand(1000000, 9999999)), 2, 8);
111

112
        create_user($user, $profilefields);
113

114
115
116
117
118
119
120
121
122
123
124
125
126
127
        // If the institution is 'mahara' then don't do anything
        if ($registration->institution != 'mahara') {
            $institutions = get_records_select_array('institution', "name != 'mahara'");

            // If there is only one available, join it without requiring approval
            if (count($institutions) == 1) {
                $user->join_institution($registration->institution);
            }
            // Else, since there are multiple, request to join
            else {
                $user->add_institution_request($registration->institution);
            }
        }

128

129
130
131
        if (!empty($registration->lang) && $registration->lang != 'default') {
            set_account_preference($user->id, 'lang', $registration->lang);
        }
132
133

        // Delete the old registration record
134
135
        delete_records('usr_registration', 'id', $registrationid);

136
137
        db_commit();

138
        // Log the user in and send them to the homepage
139
140
        $USER = new LiveUser();
        $USER->reanimate($user->id, $authinstance->id);
Nigel McNie's avatar
Nigel McNie committed
141
142
143
144
145
146
147
148

        // A special greeting for special people
        if (in_array($user->username, array('waawaamilk', 'Mjollnir`', 'Ned', 'richardm', 'fmarier'))) {
            $SESSION->add_ok_msg('MAMA!!! Maharababy happy to see you :D :D!');
        }
        else if ($user->username == 'htaccess') {
            $SESSION->add_ok_msg('Welcome B-Quack, htaccess!');
        }
149
150
151
        else {
            $SESSION->add_ok_msg(get_string('registrationcomplete', 'mahara', get_config('sitename')));
        }
152
        $SESSION->set('resetusername', true);
153
        redirect();
154
    }
155
    create_registered_user();
156
157
}

158
159
160

// Default page - show the registration form

161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
$elements = array(
    'firstname' => array(
        'type' => 'text',
        'title' => get_string('firstname'),
        'rules' => array(
            'required' => true
        )
    ),
    'lastname' => array(
        'type' => 'text',
        'title' => get_string('lastname'),
        'rules' => array(
            'required' => true
        )
    ),
    'email' => array(
        'type' => 'text',
        'title' => get_string('emailaddress'),
        'rules' => array(
            'required' => true,
            'email' => true
        )
    )
);
185
186
187
$sql = 'SELECT
            i.*
        FROM
188
189
            {institution} i,
            {auth_instance} ai
190
191
        WHERE
            ai.authname = \'internal\' AND
192
193
            ai.institution = i.name AND
            i.registerallowed = 1';
194
195
$institutions = get_records_sql_array($sql, array());

196
197
198
199
200
if (count($institutions) > 1) {
    $options = array();
    foreach ($institutions as $institution) {
        $options[$institution->name] = $institution->displayname;
    }
201
    natcasesort($options);
202
203
204
    $elements['institution'] = array(
        'type' => 'select',
        'title' => get_string('institution'),
205
206
207
208
        'options' => $options,
        'rules' => array(
            'required' => true
        )
209
210
    );
}
211
212
213
214
else if ($institutions) { // Only one option - probably mahara ('No Institution') but that's not certain

    $institution = array_shift($institutions);

215
216
    $elements['institution'] = array(
        'type' => 'hidden',
217
        'value' => $institution->name
218
219
    );
}
220
221
222
else {
    die_info(get_string('registeringdisallowed'));
}
223
224
225

$elements['tandc'] = array(
    'type' => 'radio',
226
227
    'title' => get_string('iagreetothetermsandconditions', 'auth.internal'),
    'description' => get_string('youmustagreetothetermsandconditions', 'auth.internal'),
228
229
230
    'options' => array(
        'yes' => get_string('yes'),
        'no'  => get_string('no')
231
232
233
234
235
    ),
    'defaultvalue' => 'no',
    'rules' => array(
        'required' => true
    ),
236
237
238
    'separator' => ' &nbsp; '
);

239
240
241
242
243
244
245
246
247
$captcharequired = get_config('captcha_on_register_form');
if (is_null($captcharequired) || $captcharequired) {
    $elements['captcha'] = array(
        'type' => 'captcha',
        'title' => get_string('captchatitle'),
        'description' => get_string('captchadescription'),
        'rules' => array('required' => true)
    );
}
248
249

$elements['submit'] = array(
250
251
    'type' => 'submit',
    'value' => get_string('register'),
252
253
254
255
256
);

$form = array(
    'name' => 'register',
    'method' => 'post',
257
258
    'plugintype' => 'core',
    'pluginname' => 'register',
259
    'action' => '',
260
    'showdescriptiononerror' => false,
261
    'renderer' => 'table',
262
263
264
    'elements' => $elements
);

265
266
267
268
269
270
/**
 * @todo add note: because the form select thing will eventually enforce
 * that the result for $values['institution'] was in the original lot,
 * and because that only allows authmethods that use 'internal' auth, we
 * can guarantee that the auth method is internal
 */
271
function register_validate(Pieform $form, $values) {
272
    global $SESSION;
273
    $institution = $values['institution'];
274
    safe_require('auth', 'internal');
275
276
277
278

    // First name and last name must contain at least one non whitespace
    // character, so that there's something to read
    if (!$form->get_error('firstname') && !preg_match('/\S/', $values['firstname'])) {
279
        $form->set_error('firstname', $form->i18n('required'));
280
281
282
    }

    if (!$form->get_error('lastname') && !preg_match('/\S/', $values['lastname'])) {
283
        $form->set_error('lastname', $form->i18n('required'));
284
285
286
287
288
    }

    // The e-mail address cannot already be in the system
    if (!$form->get_error('email')
        && (record_exists('usr', 'email', $values['email'])
289
        || record_exists('artefact_internal_profile_email', 'email', $values['email']))) {
290
        $form->set_error('email', get_string('emailalreadytaken', 'auth.internal'));
291
292
293
294
    }
    
    // If the user hasn't agreed to the terms and conditions, don't bother
    if ($values['tandc'] != 'yes') {
295
        $form->set_error('tandc', get_string('youmaynotregisterwithouttandc', 'auth.internal'));
296
    }
297
298

    // CAPTCHA image
299
300
    $captcharequired = get_config('captcha_on_register_form');
    if ((is_null($captcharequired) || $captcharequired) && !$values['captcha']) {
301
302
        $form->set_error('captcha', get_string('captchaincorrect'));
    }
303

304
    $institution = get_record_sql('
305
        SELECT 
306
            i.name, i.maxuseraccounts, i.registerallowed, COUNT(u.id)
307
308
309
310
311
312
        FROM {institution} i
            LEFT OUTER JOIN {usr_institution} ui ON ui.institution = i.name
            LEFT OUTER JOIN {usr} u ON (ui.usr = u.id AND u.deleted = 0)
        WHERE
            i.name = ?
        GROUP BY
313
            i.name, i.maxuseraccounts, i.registerallowed', array($institution));
314

315
    if (!empty($institution->maxuseraccounts) && $institution->count >= $institution->maxuseraccounts) {
316
317
318
        $form->set_error('institution', get_string('institutionfull'));
    }

319
320
321
322
    if (!$institution->registerallowed) {
        $form->set_error('institution', get_string('registrationnotallowed'));
    }

323
324
}

325
function register_submit(Pieform $form, $values) {
326
    global $SESSION;
327
328
329
330

    // store password encrypted
    // don't die_info, since reloading the page shows the login form.
    // instead, redirect to some other page that says this
331
    safe_require('auth', 'internal');
332
    $values['key']   = get_random_key();
333
    // @todo the expiry date should be configurable
334
    $values['expiry'] = db_format_timestamp(time() + 86400);
335
    $values['lang'] = $SESSION->get('lang');
336
337
338
    try {
        insert_record('usr_registration', $values);

339
        $f = fopen('/tmp/donal.txt','w');
340
        fwrite($f, get_string('registeredemailmessagetext', 'auth.internal', $values['firstname'], get_config('sitename'), get_config('wwwroot'), $values['key'], get_config('sitename')));
341

342
        $user =(object) $values;
343
        $user->admin = 0;
344
        $user->staff = 0;
345
        email_user($user, null,
346
            get_string('registeredemailsubject', 'auth.internal', get_config('sitename')),
347
348
            get_string('registeredemailmessagetext', 'auth.internal', $values['firstname'], get_config('sitename'), get_config('wwwroot'), $values['key'], get_config('sitename')),
            get_string('registeredemailmessagehtml', 'auth.internal', $values['firstname'], get_config('sitename'), get_config('wwwroot'), $values['key'], get_config('wwwroot'), $values['key'], get_config('sitename')));
349
350
    }
    catch (EmailException $e) {
351
        log_warn($e);
352
        die_info(get_string('registrationunsuccessful', 'auth.internal'));
353
354
    }
    catch (SQLException $e) {
355
        log_warn($e);
356
        die_info(get_string('registrationunsuccessful', 'auth.internal'));
357
358
359
360
361
    }

    // Add a marker in the session to say that the user has registered
    $_SESSION['registered'] = true;

362
    redirect('/register.php');
363
364
}

365
$smarty = smarty();
366
$smarty->assign('register_form', pieform($form));
367
$smarty->assign('PAGEHEADING', hsc(get_string('register')));
368
369
370
$smarty->display('register.tpl');

?>