invite_actions.php

Revision 258, 8.0 kB (checked in by benoit, 3 years ago)
created new function to create users (units/users/function_create_user.php) and modified exising code to use this function instead of individual queries
Property svn:eol-style set to `native`

Line
1	<?php
2
3	// Kill all old invitations
4
5	db_query("delete from invitations where added < " . (time() - (86400 * 7)));
6
7	// Get site name
8
9	$sitename = sitename;
10
11	// If $_REQUEST['action'] is specified, see what we can do ...
12
13	if (isset($_REQUEST['action'])) {
14
15	switch($_REQUEST['action']) {
16
17	// Add a new invite code
18	case "invite_invite":
19	if (
20	isset($_REQUEST['invite_name'])
21	&& isset($_REQUEST['invite_email'])
22	&& isset($_REQUEST['invite_text'])
23	&& $_REQUEST['invite_name'] != ""
24	&& $_REQUEST['invite_email'] != ""
25	) {
26	if (logged_on \|\| public_reg == true) {
27	$email = trim(stripslashes($_REQUEST['invite_email']));
28	if (preg_match ('/^[^ \@\n\r\t\']+\@[^ \@\n\r\t\']+\.[^ \@\n\r\t\'][^ \@\n\r\t\']+$/', $email)) {
29	$email = addslashes($email);
30	$strippedname = stripslashes($_REQUEST['invite_name']);
31	$name = addslashes($strippedname);
32	$invitations = db_query("select count(*) as num_invitations from invitations where email = '$email'");
33	$invitations = $invitations[0]->num_invitations;
34	if ($invitations == 0) {
35	$accounts = db_query("select ident, username from users where email = '$email'");
36	if (sizeof($accounts) ==0) {
37	$code = substr(md5(time() . $_SESSION['username']),0,7);
38	db_query("insert into invitations set name = '$name', email = '$email', code='$code', added = " . time() . ", owner = " . $_SESSION['userid']);
39	if ($_REQUEST['invite_text'] != "") {
40	$invitetext = gettext("They included the following message:") . "\n\n----------\n" . stripslashes($_REQUEST['invite_text']) . "\n----------";
41	}
42	$url = url . "_invite/join.php?invitecode=" . $code;
43	if (!logged_on) {
44	$greetingstext = sprintf(gettext("Thank you for registering with %s."),$sitename);
45	$subjectline = sprintf(gettext("%s account verification"),$sitename);
46	$from_email = email;
47	} else {
48	$greetingstext = $_SESSION['name'] . " " . gettext("has invited you to join") ." $sitename, ". gettext("a learning landscape system.") ."";
49	$subjectline = $_SESSION['name'] . " " . gettext("has invited you to join") ." $sitename";
50	$from_email = $_SESSION['email'];
51	}
52	$emailmessage = sprintf(gettext("Dear %s,\n\n%s %s\n\nTo join, visit the following URL:\n\n\t%s\n\nYour email address has not been passed onto any third parties, and will be removed from our system within seven days.\n\nRegards,\n\nThe %s team."),$strippedname,$greetingstext,$invitetext,$url, $sitename);
53	$emailmessage = wordwrap($emailmessage);
54	$messages[] = sprintf(gettext("Your invitation was sent to %s at %s. It will be valid for seven days."),$strippedname,$email);
55	mail($email,$subjectline,$emailmessage,"From: $sitename <".$from_email.">");
56	} else {
57	$messages[] = sprintf(gettext("User %s already has that email address. Invitation not sent."),$accounts[0]->username);
58	}
59	} else {
60	$messages[] = gettext("Someone with that email address has already been invited to the system. ");
61	}
62	} else {
63	$messages[] = gettext("Invitation failed: The email address was not valid.");
64	}
65	} else {
66	$messages[] = gettext("Invitation failed: you must specify both a name and an email address.");
67	}
68	}
69	break;
70
71
72
73	// Join using an invitation
74	case "invite_join":
75	if (
76	isset($_REQUEST['join_name']) &&
77	isset($_REQUEST['invitecode']) &&
78	isset($_REQUEST['over13']) &&
79	isset($_REQUEST['join_username']) &&
80	isset($_REQUEST['join_password1']) &&
81	isset($_REQUEST['join_password2'])
82	) {
83	$code = trim($_REQUEST['invitecode']);
84	$details = db_query("select * from invitations where code = '$code'");
85	if (sizeof($details) == 0) {
86	$messages[] = gettext("Error! Invalid invite code.");
87	} else {
88	if ($_REQUEST['join_password1'] != $_REQUEST['join_password2']
89	\|\| strlen($_REQUEST['join_password1']) < 6
90	\|\| strlen($_REQUEST['join_password1']) > 16) {
91	$messages[] = gettext("Error! Invalid password. Your passwords must match and be between 6 and 16 characters in length.");
92	} else {
93	if (!preg_match("/^[A-Za-z0-9]{3,12}$/",$_REQUEST['join_username'])) {
94	$messages[] = gettext("Error! Your username must contain letters and numbers only, cannot be blank, and must be between 3 and 12 characters in length.");
95	} else {
96	$username = strtolower(trim($_REQUEST['join_username']));
97	$usernametaken = db_query("select count(*) as taken from users where username = '$username'");
98	$usernametaken = $usernametaken[0]->taken;
99	if ($usernametaken > 0) {
100	$messages[] = gettext("The username '$username' is already taken by another user. You will need to pick a different one.");
101	} else {
102	$name = trim($_REQUEST['join_name']);
103	$displaypassword = $_REQUEST['join_password1'];
104	$password = md5($_REQUEST['join_password1']);
105	$details = $details[0];
106	$email = $details->email;
107	$ident = run("users:create", array("name" => $name,
108	"password" => $password,
109	"username" => $username,
110	"email" => $email));
111
112
113
114	$owner = (int) $details->owner;
115	if ($owner != -1) {
116	db_query("insert into friends set owner = $owner, friend = $ident");
117	db_query("insert into friends set owner = $ident, friend = $owner");
118	}
119	if ($owner != 1) {
120	db_query("insert into friends set owner = $ident, friend = 1");
121	}
122	$rssresult = run("weblogs:rss:publish", array($ident, false));
123	$rssresult = run("files:rss:publish", array($ident, false));
124	$rssresult = run("profile:rss:publish", array($ident, false));
125	$_SESSION['messages'][] = gettext("Your account was created! You can now log in using the username and password you supplied. You have been sent an email containing these details for reference purposes.");
126	db_query("delete from invitations where code = '$code'");
127	mail($email, sprintf(gettext("Your %s account"),$sitename), wordwrap(sprintf(gettext("Thanks for joining %s!\n\nFor your records, your %s username and password are:\n\n\tUsername: %s\n\tPassword: %s\n\nYou can log in at any time by visiting %s and entering these details into the login form.\n\nWe hope you enjoy using the system.\n\nRegards,\n\nThe %s Team"),$sitename,$sitename,$username,$displaypassword,url,$sitename)), "From: $sitename <".email.">");
128	header("Location: " . url);
129	exit();
130	}
131	}
132	}
133	}
134	} else {
135	$messages[] = gettext("You must indicate that you are at least 13 years old to join.");
136	}
137	break;
138
139
140
141	// Request a new password
142	case "invite_password_request":
143	if (isset($_REQUEST['password_request_name'])) {
144	$users = db_query("select ident, email from users where username = '".trim($_REQUEST['password_request_name'])."' and user_type = 'person'");
145	if (sizeof($users) > 0) {
146	$code = substr(md5(time() . $_REQUEST['password_request_name']),0,7);
147	$ident = $users[0]->ident;
148	db_query("insert into password_requests set code = '$code', owner = $ident");
149	$url = url . "_invite/new_password.php?passwordcode=" . $code;
150	mail(stripslashes($users[0]->email), sprintf(gettext("Verify your %s account password request"),$sitename), wordwrap(sprintf(gettext("A request has been received to generate your account at %s a new password.\n\nTo confirm this request and receive a new password by email, please click the following link:\n\n\t%s\n\nPlease let us know if you have any further problems.\n\nRegards,\n\nThe %s Team"),$sitename,$url,$sitename)), "From: $sitename <".email.">");
151	$messages[] = gettext("Your verification email was sent. Please check your inbox.");
152	} else {
153	$messages[] = gettext("No user with that username was found.");
154	}
155	}
156	break;
157
158	}
159
160	}
161
162	?>

Note: See TracBrowser for help on using the browser.

root/devel-backup/units/invite/invite_actions.php

Download in other formats:

Developers

Discuss

Specialised

Featured