29 August 2005 * * @package webtrees * @subpackage Admin * @version $Id$ */ define('WT_SCRIPT_NAME', 'login_register.php'); require './includes/session.php'; require WT_ROOT.'includes/functions/functions_edit.php'; $REQUIRE_ADMIN_AUTH_REGISTRATION=get_site_setting('REQUIRE_ADMIN_AUTH_REGISTRATION'); $action =safe_POST('action'); $user_realname =safe_POST('user_realname'); $url =safe_POST('url', WT_REGEX_URL, 'index.php'); $time =safe_POST('time'); $user_name =safe_POST('user_name', WT_REGEX_USERNAME); $user_email =safe_POST('user_email', WT_REGEX_EMAIL); $user_password01=safe_POST('user_password01', WT_REGEX_PASSWORD); $user_password02=safe_POST('user_password02', WT_REGEX_PASSWORD); $user_language =safe_POST('user_language', array_keys(i18n::installed_languages()), WT_LOCALE); $user_gedcomid =safe_POST('user_gedcomid'); $user_comments =safe_POST('user_comments'); $user_password =safe_POST('user_password'); $user_hashcode =safe_POST('user_hashcode'); if (empty($action)) $action = safe_GET('action'); if (empty($user_name)) $user_name = safe_GET('user_name', WT_REGEX_USERNAME); if (empty($user_hashcode)) $user_hashcode = safe_GET('user_hashcode'); $message=""; switch ($action) { case "pwlost" : print_header(i18n::translate('Lost password request')); ?>
"; $user_id=get_user_id($user_name); if (!$user_id) { AddToLog("New password requests for user ".$user_name." that does not exist", 'auth'); echo ""; echo i18n::translate('Could not verify the information you entered. Please try again or contact the site administrator for more information.'); echo "
"; } else { if (getUserEmail($user_id)=='') { AddToLog("Unable to send password to user ".$user_name." because they do not have an email address", 'auth'); echo ""; echo i18n::translate('Could not verify the information you entered. Please try again or contact the site administrator for more information.'); echo "
"; } else { $passchars = "abcdefghijklmnopqrstuvqxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $user_new_pw = ""; $max = strlen($passchars)-1; for ($i=0; $i<8; $i++) { $index = rand(0,$max); $user_new_pw .= $passchars{$index}; } set_user_password($user_id, crypt($user_new_pw)); set_user_setting($user_id, 'pwrequested', 1); // switch language to user settings i18n::init(get_user_setting($user_id, 'language')); $newuserName=getUserFullName($user_id); $mail_body = ""; $mail_body .= i18n::translate('Hello %s ...', $newuserName) . "\r\n\r\n"; $mail_body .= i18n::translate('A new password was requested for your user name.') . "\r\n\r\n"; $mail_body .= i18n::translate('User name') . ": " . $user_name . "\r\n"; $mail_body .= i18n::translate('Password') . ": " . $user_new_pw . "\r\n\r\n"; $mail_body .= i18n::translate('Recommendation:') . "\r\n"; $mail_body .= i18n::translate('Please click on the link below or paste it into your browser, login with the new password, and change it immediately to keep the integrity of your data secure.') . "\r\n\r\n"; $mail_body .= i18n::translate('After you have logged in, select the «My Account» link under the «My Page» menu and fill in the password fields to change your password.') . "\r\n\r\n"; if ($TEXT_DIRECTION=="rtl") $mail_body .= "".WT_SERVER_NAME.WT_SCRIPT_PATH.""; else $mail_body .= WT_SERVER_NAME.WT_SCRIPT_PATH; require_once WT_ROOT.'includes/functions/functions_mail.php'; webtreesMail(getUserEmail($user_id), $WEBTREES_EMAIL, i18n::translate('Data request at %s', WT_SERVER_NAME.WT_SCRIPT_PATH), $mail_body); ?>

An email with your new password was sent to the address we have on file for %s.

Please check your email account; you should receive our message soon.

Recommendation:
You should login to this site with your new password as soon as possible, and you should change your password to maintain your data\'s security.', $user_name); ?>
"; break; case "register" : $_SESSION["good_to_send"] = true; if (!get_site_setting('USE_REGISTRATION_MODULE')) { header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH); exit; } $message = ""; if (!$user_name) { $message .= i18n::translate('You must enter a user name.')."
"; $user_name_false = true; } else $user_name_false = false; if (!$user_password01) { $message .= i18n::translate('You must enter a password.')."
"; $user_password01_false = true; } else $user_password01_false = false; if (!$user_password02) { $message .= i18n::translate('You must confirm the password.')."
"; $user_password02_false = true; } else $user_password02_false = false; if ($user_password01 != $user_password02) { $message .= i18n::translate('Passwords do not match.')."
"; $password_mismatch = true; } else $password_mismatch = false; if (!$user_realname) $user_realname_false = true; else $user_realname_false = false; if (!$user_email) $user_email_false = true; else $user_email_false = false; if (!$user_language) $user_language_false = true; else $user_language_false = false; if (!$user_comments) $user_comments_false = true; else $user_comments_false = false; if ($user_name_false == false && $user_password01_false == false && $user_password02_false == false && $user_realname_false == false && $user_email_false == false && $user_language_false == false && $user_comments_false == false && $password_mismatch == false) $action = "registernew"; else { print_header(i18n::translate('Request new user account')); // Empty user array in case any details might be left // and faulty users are requested and created $user = array(); ?>
"; echo i18n::translate('
Notice:
By completing and submitting this form, you agree:
  • to protect the privacy of living people listed on our site;
  • and in the text box below, to explain to whom you are related, or to provide us with information on someone who should be listed on our site.
'); echo "
"; echo "
"; } ?>
'; if ($REQUIRE_AUTHENTICATION && $SHOW_LIVING_NAMES>=WT_PRIV_PUBLIC) { ?>

0) echo $message; ?>
*
*
*
*
*
"; echo i18n::translate('Change language'), help_link('edituser_change_lang'); echo ''; echo edit_field_language('user_language', WT_LOCALE); echo '
*

Invalid page referer."; echo "

"; AddToLog('Invalid page referer while trying to register a user. Possible spam attack.', 'auth'); exit; } if ((!isset($_SESSION["good_to_send"]))||($_SESSION["good_to_send"]!==true)) { AddToLog('Invalid session reference while trying to register a user. Possible spam attack.', 'auth'); exit; } $_SESSION["good_to_send"] = false; if (isset($user_name)) { print_header(i18n::translate('New Account confirmation')); echo "
"; $user_created_ok = false; AddToLog("User registration requested for: ".$user_name, 'auth'); if (get_user_id($user_name)) { echo "".i18n::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.')."

"; echo "".i18n::translate('Back')."
"; } elseif (get_user_by_email($user_email)) { echo "".i18n::translate('Duplicate email address. A user with that email already exists.')."

"; echo "".i18n::translate('Back')."
"; } elseif ($user_password01 == $user_password02) { if ($user_id=create_user($user_name, $user_realname, $user_email, crypt($user_password01))) { set_user_setting($user_id, 'language', $user_language); set_user_setting($user_id, 'verified', 0); set_user_setting($user_id, 'verified_by_admin', !$REQUIRE_ADMIN_AUTH_REGISTRATION); set_user_setting($user_id, 'reg_timestamp', date('U')); set_user_setting($user_id, 'reg_hashcode', md5(crypt($user_name))); set_user_setting($user_id, 'contactmethod', "messaging2"); set_user_setting($user_id, 'defaulttab', get_gedcom_setting(WT_GED_ID, 'GEDCOM_DEFAULT_TAB')); set_user_setting($user_id, 'visibleonline', 1); set_user_setting($user_id, 'editaccount', 1); set_user_setting($user_id, 'auto_accept', 0); set_user_setting($user_id, 'canadmin', 0); set_user_setting($user_id, 'sessiontime', 0); if (!empty($user_gedcomid)) { set_user_gedcom_setting($user_id, $GEDCOM, 'gedcomid', $user_gedcomid); set_user_gedcom_setting($user_id, $GEDCOM, 'rootid', $user_gedcomid); } $user_created_ok = true; } else { echo "".i18n::translate('Unable to add user. Please try again.')."
"; echo "".i18n::translate('Back')."
"; } } else { echo "".i18n::translate('Passwords do not match.')."
"; echo "".i18n::translate('Back')."
"; } if ($user_created_ok) { // switch to the user's language i18n::init($user_language); $mail_body = ""; $mail_body .= i18n::translate('Hello %s ...', $user_realname) . "\r\n\r\n"; $mail_body .= i18n::translate('A request was received at %s to create a webtrees account with your email address %s.', WT_SERVER_NAME.WT_SCRIPT_PATH, $user_email) . " "; $mail_body .= i18n::translate('Information about the request is shown under the link below.') . "\r\n\r\n"; $mail_body .= i18n::translate('Please click on the following link and fill in the requested data to confirm your request and email address.') . "\r\n\r\n"; if ($TEXT_DIRECTION=="rtl") { $mail_body .= ""; } $mail_body .= WT_SERVER_NAME.WT_SCRIPT_PATH . "login_register.php?user_name=".urlencode($user_name)."&user_hashcode=".urlencode(get_user_setting($user_id, 'reg_hashcode'))."&action=userverify"; if ($TEXT_DIRECTION=="rtl") $mail_body .= ""; $mail_body .= "\r\n"; $mail_body .= i18n::translate('User name') . " " . $user_name . "\r\n"; $mail_body .= i18n::translate('Verification code:') . " " . get_user_setting($user_id, 'reg_hashcode') . "\r\n\r\n"; $mail_body .= i18n::translate('Comments').": " . $user_comments . "\r\n\r\n"; $mail_body .= i18n::translate('If you didn\'t request an account, you can just delete this message.') . " "; $mail_body .= i18n::translate('You won\'t get any more email from this site, because the account request will be deleted automatically after seven days.') . "\r\n"; require_once WT_ROOT.'includes/functions/functions_mail.php'; webtreesMail($user_email, $WEBTREES_EMAIL, i18n::translate('Your registration at %s', WT_SERVER_NAME.WT_SCRIPT_PATH), $mail_body); // switch language to webmaster settings $webmaster_user_id=get_gedcom_setting(WT_GED_ID, 'WEBMASTER_USER_ID'); i18n::init(get_user_setting($webmaster_user_id, 'language')); $mail_body = ""; $mail_body .= i18n::translate('Hello Administrator ...') . "\r\n\r\n"; $mail_body .= i18n::translate('A prospective user has registered with webtrees at %s.', WT_SERVER_NAME.WT_SCRIPT_PATH) . "\r\n\r\n"; $mail_body .= i18n::translate('User name') . " " . $user_name . "\r\n"; $mail_body .= i18n::translate('Real name') . " " . $user_realname . "\r\n"; $mail_body .= i18n::translate('Email Address:') . " " . $user_email . "\r\n\r\n"; $mail_body .= i18n::translate('Comments').": " . $user_comments . "\r\n\r\n"; $mail_body .= i18n::translate('The user has been sent an e-mail with the information necessary to confirm the access request') . "\r\n\r\n"; if ($REQUIRE_ADMIN_AUTH_REGISTRATION) $mail_body .= i18n::translate('You will be informed by e-mail when this prospective user has confirmed the request. You can then complete the process by activating the user name. The new user will not be able to login until you activate the account.') . "\r\n"; else $mail_body .= i18n::translate('You will be informed by e-mail when this prospective user has confirmed the request. After this, the user will be able to login without any action on your part.') . "\r\n"; $message = array(); $message["to"]=get_user_name($webmaster_user_id); $message["from"]=$user_name; $message["subject"] = i18n::translate('New registration at %s', WT_SERVER_NAME.WT_SCRIPT_PATH); $message["body"] = $mail_body; $message["created"] = $time; $message["method"] = get_user_setting($webmaster_user_id, 'contact_method'); addMessage($message); // switch language to user's settings i18n::init($user_language); ?>
Thank you for your registration.', $user_realname); ?>

%s. You must verify your account request by following instructions in the confirmation email. If you do not confirm your account request within seven days, your application will be rejected automatically. You will have to apply again.

After you have followed the instructions in the confirmation email, the administrator still has to approve your request before your account can be used.

To login to this site, you will need to know your user name and password.', $user_email); else echo i18n::translate('We will now send a confirmation email to the address %s. You must verify your account request by following instructions in the confirmation email. If you do not confirm your account request within seven days, your application will be rejected automatically. You will have to apply again.

After you have followed the instructions in the confirmation email, you can login. To login to this site, you will need to know your user name and password.', $user_email); ?>
"; } else { header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.'login.php'); exit; } break; case "userverify" : if (!get_site_setting('USE_REGISTRATION_MODULE')) { header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH); exit; } // Change to the new user's language $user_id=get_user_id($user_name); i18n::init(get_user_setting($user_id, 'language')); print_header(i18n::translate('User verification')); echo "
"; ?>
"; echo ""; echo ""; echo ""; } else { echo "

"; echo ""; echo i18n::translate('Data was not correct, please try again'); echo "

"; } } else { echo "

"; echo ""; echo i18n::translate('Could not verify the information you entered. Please try again or contact the site administrator for more information.'); echo "

"; } echo "
".i18n::translate('User verification')."
"; echo i18n::translate('The data for the user %s was checked.', $user_name); if ($user_id) { $pw_ok = (get_user_password($user_id) == crypt($user_password, get_user_password($user_id))); $hc_ok = (get_user_setting($user_id, 'reg_hashcode') == $user_hashcode); if (($pw_ok) && ($hc_ok)) { set_user_setting($user_id, 'verified', 1); set_user_setting($user_id, 'pwrequested', null); set_user_setting($user_id, 'reg_timestamp', date("U")); set_user_setting($user_id, 'reg_hashcode', null); if (!$REQUIRE_ADMIN_AUTH_REGISTRATION) { set_user_setting($user_id, 'verified_by_admin', 1); } AddToLog("User verified: ".$user_name, 'auth'); // switch language to webmaster settings $webmaster_user_id=get_gedcom_setting(WT_GED_ID, 'WEBMASTER_USER_ID'); i18n::init(get_user_setting($webmaster_user_id, 'language')); $mail_body = ""; $mail_body .= i18n::translate('Hello Administrator ...') . "\r\n\r\n"; $mail_body .= i18n::translate('User %s (%s) has confirmed their request for an account.', $user_name, getUserFullName($user_id)) . "\r\n\r\n"; if ($REQUIRE_ADMIN_AUTH_REGISTRATION) $mail_body .= i18n::translate('Please click on the link below to login to your site. You must Edit the user to activate the account so that he can login to your site.') . "\r\n"; else $mail_body .= i18n::translate('You do not have to take any action; the user can now login.') . "\r\n"; if ($TEXT_DIRECTION=="rtl") { $mail_body .= ""; } $mail_body .= WT_SERVER_NAME.WT_SCRIPT_PATH."useradmin.php?action=edituser&username=" . urlencode($user_name); if ($TEXT_DIRECTION=="rtl") $mail_body .= ""; $mail_body .= "\r\n"; $message = array(); $message["to"]=get_user_name($webmaster_user_id); $message["from"]=$user_name; $message["subject"] = i18n::translate('New user at %s', WT_SERVER_NAME.WT_SCRIPT_PATH); $message["body"] = $mail_body; $message["created"] = $time; $message["method"] = get_user_setting($webmaster_user_id, 'CONTACT_METHOD'); addMessage($message); i18n::init(WT_LOCALE); // Reset language echo "

".i18n::translate('You have confirmed your request to become a registered user.')."

"; if ($REQUIRE_ADMIN_AUTH_REGISTRATION) echo i18n::translate('The Administrator has been informed. As soon as he gives you permission to login, you can login with your user name and password.'); else echo i18n::translate('You can now login with your user name and password.'); echo "

"; echo "
"; break; default : header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.$url); break; } print_footer();