invite_actions.php

Revision 7, 8.2 kB (checked in by sven, 3 years ago)
snapshot of elgg 0.1.2a

Line
1	<?php
2
3	// Kill all old invitations
4
5	db_query("delete from invitations where added < " . (time() - (86400 * 7)));
6
7	// Get site name
8
9	$sitename = sitename;
10
11	// If $_REQUEST['action'] is specified, see what we can do ...
12
13	if (isset($_REQUEST['action'])) {
14
15	switch($_REQUEST['action']) {
16
17	// Add a new invite code
18	case "invite_invite": if (
19	isset($_REQUEST['invite_name'])
20	&& isset($_REQUEST['invite_email'])
21	&& isset($_REQUEST['invite_text'])
22	&& $_REQUEST['invite_name'] != ""
23	&& $_REQUEST['invite_email'] != ""
24	) {
25	$email = addslashes(stripslashes($_REQUEST['invite_email']));
26	$strippedname = stripslashes($_REQUEST['invite_name']);
27	$name = addslashes($strippedname);
28	$invitations = db_query("select count(ident) as num_invitations from invitations where email = '$email'");
29	$invitations = $invitations[0]->num_invitations;
30	if ($invitations == 0) {
31	$accounts = db_query("select ident, username from users where email = '$email'");
32	if (sizeof($accounts) ==0) {
33	$code = substr(md5(time() . $_SESSION['username']),0,7);
34	db_query("insert into invitations set name = '$name', email = '$email', code='$code', added = " . time() . ", owner = " . $_SESSION['userid']);
35	if ($_REQUEST['invite_text'] != "") {
36	$invitetext = "They included the following message:\n\n----------\n" . stripslashes($_REQUEST['invite_text']) . "\n----------";
37	}
38	$url = url . "_invite/join.php?invitecode=" . $code;
39	if (!logged_on) {
40	$greetingstext = "Thank you for registering with $sitename.";
41	$subjectline = "$sitename account verification";
42	$from_email = email;
43	} else {
44	$greetingstext = $_SESSION['name'] . " has invited you to join $sitename, a learning landscape system.";
45	$subjectline = $_SESSION['name'] . " has invited you to join $sitename";
46	$from_email = $_SESSION['email'];
47	}
48	$emailmessage = <<< END
49	Dear {$strippedname},
50
51	{$greetingstext} {$invitetext}
52
53	To join, visit the following URL:
54
55	{$url}
56
57	Your email address has not been passed onto any third parties, and will be removed from our system within seven days.
58
59	Regards,
60
61	The $sitename team.
62	END;
63	$emailmessage = wordwrap($emailmessage);
64	$messages[] = "Your invitation was sent to $strippedname at $email. It will be valid for seven days.";
65	mail($email,$subjectline,$emailmessage,"From: $sitename <".$from_email.">");
66	} else {
67	$messages[] = "User " . $accounts[0]->username . " already has that email address. Invitation not sent.";
68	}
69	} else {
70	$messages[] = "Someone with that email address has already been invited to the system. Invitation not sent.";
71	}
72	} else {
73	$messages[] = "Invitation failed: you must specify both a name and an email address.";
74	}
75	break;
76	// Join using an invitation
77	case "invite_join": if (
78	isset($_REQUEST['join_name']) &&
79	isset($_REQUEST['invitecode']) &&
80	isset($_REQUEST['over13']) &&
81	isset($_REQUEST['join_username']) &&
82	isset($_REQUEST['join_password1']) &&
83	isset($_REQUEST['join_password2'])
84	) {
85	$code = addslashes($_REQUEST['invitecode']);
86	$details = db_query("select * from invitations where code = '$code'");
87	if (sizeof($details) == 0) {
88	$messages[] = "Error! Invalid invite code.";
89	} else {
90	if ($_REQUEST['join_password1'] != $_REQUEST['join_password2']
91	\|\| strlen($_REQUEST['join_password1']) < 6
92	\|\| strlen($_REQUEST['join_password1']) > 16) {
93	$messages[] = "Error! Invalid password. Your passwords must match and be between 6 and 16 characters in length.";
94	} else {
95	if (!preg_match("/^[A-Za-z0-9]{3,12}$/",$_REQUEST['join_username'])) {
96	$messages[] = "Error! Your username must contain letters and numbers only, cannot be blank, and must be between 3 and 12 characters in length.";
97	} else {
98	$username = strtolower(addslashes($_REQUEST['join_username']));
99	$usernametaken = db_query("select count(ident) as taken from users where username = '$username'");
100	$usernametaken = $usernametaken[0]->taken;
101	if ($usernametaken > 0) {
102	$messages[] = "The username '$username' is already taken by another user. You will need to pick a different one.";
103	} else {
104	$name = addslashes($_REQUEST['join_name']);
105	$displaypassword = $_REQUEST['join_password1'];
106	$password = addslashes(md5($_REQUEST['join_password1']));
107	$details = $details[0];
108	$email = $details->email;
109	db_query("insert into users set name = '$name',
110	password='$password',
111	username = '$username',
112	email = '$email'");
113	$ident = db_id();
114	$owner = (int) $details->owner;
115	if ($owner != -1) {
116	db_query("insert into friends set owner = $owner, friend = $ident");
117	db_query("insert into friends set owner = $ident, friend = $owner");
118	}
119	if ($owner != 1) {
120	db_query("insert into friends set owner = $ident, friend = 1");
121	}
122	$_SESSION['messages'][] = "Your account was created! You can now log in using the username and password you supplied. You have been sent an email containing these details for reference purposes.";
123	db_query("delete from invitations where code = '$code'");
124	mail($email, "Your $sitename account", wordwrap("
125	Thanks for joining $sitename!
126
127	For your records, your $sitename username and password are:
128
129	Username: $username
130	Password: $displaypassword
131
132	You can log in at any time by visiting " . url . " and entering these details into the login form.
133
134	We hope you enjoy using the system.
135
136	Regards,
137	The $sitename Team"), "From: $sitename <".email.">");
138	header("Location: " . url);
139	exit();
140	}
141	}
142	}
143	}
144	} else {
145	$messages[] = "You must indicate that you are at least 13 years old to join.";
146	}
147	break;
148	// Request a new password
149	case "invite_password_request": if (isset($_REQUEST['password_request_name'])) {
150	$users = db_query("select ident, email from users where username = '".addslashes($_REQUEST['password_request_name'])."'");
151	if (sizeof($users) > 0) {
152	$code = substr(md5(time() . $_REQUEST['password_request_name']),0,7);
153	$ident = $users[0]->ident;
154	db_query("insert into password_requests set code = '$code', owner = $ident");
155	$url = url . "_invite/new_password.php?passwordcode=" . $code;
156	mail(stripslashes($users[0]->email), "Verify your $sitename account password request", wordwrap("
157	A request has been received to generate your account at
158	$sitename a new password.
159
160	To confirm this request and receive a new password by email, please
161	click the following link:
162
163	$url
164
165	Please let us know if you have any further problems.
166
167	Regards,
168	The $sitename Team"), "From: $sitename <".email.">");
169	$messages[] = "Your verification email was sent. Please check your inbox.";
170	} else {
171	$messages[] = "No user with that username was found.";
172	}
173	}
174	break;
175
176	}
177
178	}
179
180	?>

Note: See TracBrowser for help on using the browser.

root/releases/0.1.2a/units/invite/invite_actions.php

Download in other formats:

Developers

Discuss

Specialised

Featured