2 /************************************************************************/
\r
4 /************************************************************************/
\r
5 /* Copyright (c) 2002-2008 by Greg Gay, Joel Kronenberg & Heidi Hazelton*/
\r
6 /* Adaptive Technology Resource Centre / University of Toronto */
\r
7 /* http://atutor.ca */
\r
9 /* This program is free software. You can redistribute it and/or */
\r
10 /* modify it under the terms of the GNU General Public License */
\r
11 /* as published by the Free Software Foundation. */
\r
12 /************************************************************************/
\r
15 define('AT_INCLUDE_PATH', '../include/');
\r
16 require(AT_INCLUDE_PATH.'vitals.inc.php');
\r
17 admin_authenticate(AT_ADMIN_PRIV_USERS);
\r
19 if (isset($_POST['cancel'])) {
\r
20 header('Location: '.AT_BASE_HREF.'admin/users.php');
\r
24 if (isset($_POST['submit'])) {
\r
25 $missing_fields = array();
\r
27 //check if student id (public field) is already being used
\r
28 if (!$_POST['overwrite'] && !empty($_POST['student_id'])) {
\r
29 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."master_list WHERE public_field='$_POST[student_id]' && member_id<>0",$db);
\r
30 if (mysql_num_rows($result) != 0) {
\r
31 $msg->addError('CREATE_MASTER_USED');
\r
35 /* login name check */
\r
36 if ($_POST['login'] == '') {
\r
37 $missing_fields[] = _AT('login_name');
\r
39 /* check for special characters */
\r
40 if (!(preg_match("/^[a-zA-Z0-9_.-]([a-zA-Z0-9_.-])*$/i", $_POST['login']))) {
\r
41 $msg->addError('LOGIN_CHARS');
\r
43 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."members WHERE login='$_POST[login]'",$db);
\r
44 if (mysql_num_rows($result) != 0) {
\r
46 $msg->addError('LOGIN_EXISTS');
\r
48 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."admins WHERE login='$_POST[login]'",$db);
\r
49 if (mysql_num_rows($result) != 0) {
\r
50 $msg->addError('LOGIN_EXISTS');
\r
56 /* password check: */
\r
57 $_POST['password'] = $_POST['form_password_hidden'];
\r
59 /* password check: password is verified front end by javascript. here is to handle the errors from javascript */
\r
60 if ($_POST['password_error'] <> "")
\r
62 $pwd_errors = explode(",", $_POST['password_error']);
\r
64 foreach ($pwd_errors as $pwd_error)
\r
66 if ($pwd_error == "missing_password")
\r
67 $missing_fields[] = _AT('password');
\r
69 $msg->addError($pwd_error);
\r
74 if ($_POST['email'] == '') {
\r
75 $missing_fields[] = _AT('email');
\r
76 } else if (!preg_match("/^[a-z0-9\._-]+@+[a-z0-9\._-]+\.+[a-z]{2,6}$/i", $_POST['email'])) {
\r
77 $msg->addError('EMAIL_INVALID');
\r
80 $_POST['email'] = $addslashes($_POST['email']);
\r
81 $result = mysql_query("SELECT member_id FROM ".TABLE_PREFIX."members WHERE email LIKE '$_POST[email]'",$db);
\r
82 if (mysql_num_rows($result) != 0) {
\r
83 $msg->addError('EMAIL_EXISTS');
\r
86 if (!$_POST['first_name']) {
\r
87 $missing_fields[] = _AT('first_name');
\r
90 if (!$_POST['last_name']) {
\r
91 $missing_fields[] = _AT('last_name');
\r
94 $_POST['first_name'] = str_replace('<', '', $_POST['first_name']);
\r
95 $_POST['second_name'] = str_replace('<', '', $_POST['second_name']);
\r
96 $_POST['last_name'] = str_replace('<', '', $_POST['last_name']);
\r
98 // check if first+last is unique
\r
100 * http://www.atutor.ca/atutor/mantis/view.php?id=3760
\r
101 if ($_POST['first_name'] && $_POST['last_name']) {
\r
102 $first_name_sql = $addslashes($_POST['first_name']);
\r
103 $last_name_sql = $addslashes($_POST['last_name']);
\r
104 $second_name_sql = $addslashes($_POST['second_name']);
\r
106 $sql = "SELECT member_id FROM ".TABLE_PREFIX."members WHERE first_name='$first_name_sql' AND second_name='$second_name_sql' AND last_name='$last_name_sql' LIMIT 1";
\r
107 $result = mysql_query($sql, $db);
\r
108 if (mysql_fetch_assoc($result)) {
\r
109 $msg->addError('FIRST_LAST_NAME_UNIQUE');
\r
115 $_POST['login'] = strtolower($_POST['login']);
\r
117 //check date of birth
\r
118 $mo = intval($_POST['month']);
\r
119 $day = intval($_POST['day']);
\r
120 $yr = intval($_POST['year']);
\r
122 /* let's us take (one or) two digit years (ex. 78 = 1978, 3 = 2003) */
\r
123 if ($yr < date('y')) {
\r
125 } else if ($yr < 1900) {
\r
129 $dob = $yr.'-'.$mo.'-'.$day;
\r
131 if ($mo && $day && $yr && !checkdate($mo, $day, $yr)) {
\r
132 $msg->addError('DOB_INVALID');
\r
133 } else if (!$mo || !$day || !$yr) {
\r
134 $dob = '0000-00-00';
\r
135 $yr = $mo = $day = 0;
\r
138 if ($missing_fields) {
\r
139 $missing_fields = implode(', ', $missing_fields);
\r
140 $msg->addError(array('EMPTY_FIELDS', $missing_fields));
\r
143 if (!$msg->containsErrors()) {
\r
144 if (($_POST['website']) && (!strstr($_POST['website'], '://'))) {
\r
145 $_POST['website'] = 'http://' . $_POST['website'];
\r
147 if ($_POST['website'] == 'http://') {
\r
148 $_POST['website'] = '';
\r
150 $_POST['postal'] = strtoupper(trim($_POST['postal']));
\r
152 if (isset($_POST['private_email'])) {
\r
153 $_POST['private_email'] = 1;
\r
155 $_POST['private_email'] = 0;
\r
157 $_POST['password'] = $addslashes($_POST['password']);
\r
158 $_POST['website'] = $addslashes($_POST['website']);
\r
159 $_POST['first_name'] = $addslashes($_POST['first_name']);
\r
160 $_POST['second_name'] = $addslashes($_POST['second_name']);
\r
161 $_POST['last_name'] = $addslashes($_POST['last_name']);
\r
162 $_POST['address'] = $addslashes($_POST['address']);
\r
163 $_POST['postal'] = $addslashes($_POST['postal']);
\r
164 $_POST['city'] = $addslashes($_POST['city']);
\r
165 $_POST['province'] = $addslashes($_POST['province']);
\r
166 $_POST['country'] = $addslashes($_POST['country']);
\r
167 $_POST['phone'] = $addslashes($_POST['phone']);
\r
168 $_POST['status'] = intval($_POST['status']);
\r
169 $_POST['gender'] = $addslashes($_POST['gender']);
\r
171 $now = date('Y-m-d H:i:s'); // we use this later for the email confirmation.
\r
173 /* insert into the db. (the last 0 for status) */
\r
174 $sql = "INSERT INTO ".TABLE_PREFIX."members VALUES (NULL,'$_POST[login]','$_POST[password]','$_POST[email]','$_POST[website]','$_POST[first_name]', '$_POST[second_name]', '$_POST[last_name]', '$dob', '$_POST[gender]', '$_POST[address]','$_POST[postal]','$_POST[city]','$_POST[province]','$_POST[country]', '$_POST[phone]',$_POST[status], '$_config[pref_defaults]', '$now','$_config[default_language]', $_config[pref_inbox_notify], $_POST[private_email], '0000-00-00 00:00:00')";
\r
176 $result = mysql_query($sql, $db);
\r
178 $m_id = mysql_insert_id($db);
\r
180 require(AT_INCLUDE_PATH.'header.inc.php');
\r
181 $msg->addError('DB_NOT_UPDATED');
\r
183 require(AT_INCLUDE_PATH.'footer.inc.php');
\r
187 if (defined('AT_MASTER_LIST') && AT_MASTER_LIST) {
\r
188 $student_id = $addslashes($_POST['student_id']);
\r
189 $student_pin = md5($addslashes($_POST['student_pin']));
\r
191 $sql = "UPDATE ".TABLE_PREFIX."master_list SET member_id=$m_id WHERE public_field='$student_id'";
\r
192 mysql_query($sql, $db);
\r
193 if (mysql_affected_rows($db) == 0) {
\r
194 $sql = "REPLACE INTO ".TABLE_PREFIX."master_list VALUES ('$student_id', '$student_pin', $m_id)";
\r
195 mysql_query($sql, $db);
\r
201 if ($_POST['pref'] == 'access') {
\r
202 $_SESSION['member_id'] = $m_id;
\r
204 unset($_SESSION['member_id']);
\r
208 require(AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php');
\r
209 $mail = new ATutorMailer();
\r
210 $mail->AddAddress($_POST['email']);
\r
211 $mail->From = $_config['contact_email'];
\r
213 if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION && ($_POST['status'] == AT_STATUS_UNCONFIRMED)) {
\r
214 $code = substr(md5($_POST['email'] . $now . $m_id), 0, 10);
\r
215 $confirmation_link = AT_BASE_HREF . 'confirm.php?id='.$m_id.SEP.'m='.$code;
\r
217 /* send the email confirmation message: */
\r
218 $mail->Subject = $_config['site_name'] . ': ' . _AT('email_confirmation_subject');
\r
219 $body .= _AT('admin_new_account_confirm', $_config['site_name'], $confirmation_link)."\n\n";
\r
222 $mail->Subject = $_config['site_name'].": "._AT('account_information');
\r
223 $body .= _AT('admin_new_account', $_config['site_name'])."\n\n";
\r
225 $body .= _AT('web_site') .' : '.AT_BASE_HREF."\n";
\r
226 $body .= _AT('login_name') .' : '.$_POST['login'] . "\n";
\r
227 // $body .= _AT('password') .' : '.$_POST['password'] . "\n";
\r
228 $mail->Body = $body;
\r
231 $msg->addFeedback('PROFILE_CREATED_ADMIN');
\r
232 header('Location: '.AT_BASE_HREF.'admin/users.php');
\r
237 $onload = 'document.form.login.focus();';
\r
239 $savant->assign('languageManager', $languageManager);
\r
241 if (!isset($_POST['status'])) {
\r
242 if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION) {
\r
243 $_POST['status'] = AT_STATUS_UNCONFIRMED;
\r
245 $_POST['status'] = AT_STATUS_STUDENT;
\r
249 $savant->display('registration.tmpl.php');
\r