Revision [16022]

This is an old revision of DanWestUserReg made by DanWest on 2007-01-31 14:06:51.

 

Admin User Registration

See Also
  • Need link to original action by DarTar here.
Last edited by DanWest
Wed, 31 Jan 2007 14:06 UTC [diff]

What

Since I was using Wikka as a content management system and did not want the general public to be able to register, I needed to have a method to register users under administrator control. I hack up the user registration action from DarTar. The main function is it allows you to register a user but does NOT log you in after doing so. So it allows you to add a new user to the database with all the validations but will not log you in to that user. It also checks to make sure you have 'write' access to the page the action is defined on as a basic permission trigger to allow you to register users.


Use

Installation

Code
Action: userreg.php (Or name it what you like)
<?php
/**
* Display a form for user registration.
*
* This action allows new users to register an account, if user registration is enabled.
* All the required fields are validated before the new user is created.
*
* @package        Actions
* @name        Register
*
* @author        {@link http://wikka.jsnx.com/DarTar Dario Taraborelli}
* @version        0.3
* @since        Wikka 1.1.X.X
* @output        form for user registration
*
* @todo
*            - CSS to style form;
*            - (optionally) drop WikiName restriction on usernames;
*            - use core functions to validate fields;
*            - use central error handler for printing error messages;
*            - decide best strategy to link hardcoded login/logout page;
*            - define welcome page where new users must be redirected;
*            - (optionally) add option for email-confirmation of registered users.
*/

 
// constants
define('MIN_PASSW_LENGTH', '5');
 
print $this->Format('===== New User Registration page ===== ----');
 
if ($user = $this->GetUser() && $this->HasAccess("write")) {
           
        // user is logged in
 
        // initializing variables
        $name = '';
        $email = '';
        $password = '';
        $confpassword = '';
        $error = '';
    $message = '';
   
        // Is this the result from a signup
        if ((isset($_GET['reg'])) && ($_GET['reg'] == '1')) {
 
                // print first login welcome screen
                $message = '--- **Registration successful!** ---';
        }
 
   
        // is user trying to register?
        if ($_POST) {
            // get POST values
            if (isset($_POST['name'])) $name = trim($_POST['name']);
            if (isset($_POST['email'])) $email = trim($_POST['email']);
            if (isset($_POST['password'])) $password = $_POST['password'];
            if (isset($_POST['confpassword'])) $confpassword = $_POST['confpassword'];
   
            // validate fields
            // note: all these validation checks should use core functions to preserve consistency
 
            if ($this->LoadUser($name))
            {
                $error = 'Sorry, this username already exists. Please choose a different name.';
                $validname = $this->Action('failed');
            } elseif ($this->ExistsPage($name))
            {
                $error = 'Sorry, this username is reserved for a page. Please choose a different name.';
                $validname = $this->Action('failed');
            } elseif (!$this->IsWikiName($name))
            {
                $error = 'Please fill in a valid username (formatted as a ##""WikiName""##).';
                $validname = $this->Action('failed');
            } elseif (!$email)  
            {
                $error = 'Please specify an email address.';
                $validname = $this->Action('done');
                $validemail = $this->Action('failed');
            } elseif (!preg_match("/^.+?\@.+?\..+$/", $email))
            {
                $error = 'That does not quite look like an email address.';
                $validname = $this->Action('done');
                $validemail = $this->Action('failed');
            } elseif (!$password)
            {
                $error = 'Please choose a password.';
                $validname = $this->Action('done');
                $validemail = $this->Action('done');
                $validpassword = $this->Action('failed');
            } elseif (strlen($password) < MIN_PASSW_LENGTH)
            {
                $error = 'Sorry, password too short (min. '.MIN_PASSW_LENGTH.' chars).';
                $validname = $this->Action('done');
                $validemail = $this->Action('done');
                $validpassword = $this->Action('failed');
            } elseif (preg_match("/ /", $password)) {
                $error = 'Sorry, spaces are not allowed in passwords.';
                $validname = $this->Action('done');
                $validemail = $this->Action('done');
                $validpassword = $this->Action('failed');
            } elseif (!$confpassword)
            {
                $error = 'You need to confirm password.';
                $validname = $this->Action('done');
                $validemail = $this->Action('done');
                $validpassword = $this->Action('failed');
                $validconfpassword = $this->Action('failed');
            } elseif ($confpassword != $password)
            {
                $error = 'Sorry, passwords do not match.';
                $validname = $this->Action('done');
                $validemail = $this->Action('done');
                $validpassword = $this->Action('failed');
                $validconfpassword = $this->Action('failed');
            } else
            {
                // all required fields are valid and non-empty
 
                // create user
                $this->Query("insert into ".$this->config["table_prefix"]."users set ".
                    "signuptime = now(), ".
                    "name = '".mysql_real_escape_string($name)."', ".
                    "email = '".mysql_real_escape_string($email)."', ".
                    "password = md5('".mysql_real_escape_string($password)."')");
 
                // log in
                if($dologin=="Y") {
            $this->SetUser($this->LoadUser($name));

                $this->Redirect($this->href('','','reg=1'));
    } else {
                // forward
                    $this->Redirect('','User ' . $name . ' Registration successful');
    }
            }
        }
       
        $intro = $this->Format(' --- To register, the following fields are required:
~-a **username** (it must be formatted like a ##""WikiName""##, for example: ##""JuliusCaesar""##);
~-a **valid email address** (this will only be used to retrieve your password in case you lose it);
~-a **valid password** (min. '
.MIN_PASSW_LENGTH.' characters, no space allowed).
--- ---'
);
 
        // build registration form
        $form  = $this->FormOpen();
        $form .= '    <table summary="Form to provide registration data: username, email and password">';
        $form .= '    <caption>Registration form</caption>';
        $form .= '    <tbody>';
   
        if (isset($error))
        {
            $form .= '<tr><td colspan="3" align="center"><em class="error">'.$this->Format($error).'</em></td></tr>';
        }
        if (isset($message))
        {
            $form .= '<tr><td colspan="3" align="center"><em class="error">'.$this->Format($message).'</em></td></tr>';
        }

        $form .= '        <tr>';
        $form .= '            <th align="right" scope="row"><label for="name">Username:</label></th>';
        $form .= '            <td><input name="name" id="name" size="40" value="'.$name.'" title="Choose a valid username (formatted as a WikiName)" /></td>';
        $form .= '            <td>'.$validname.'</td>';
        $form .= '        </tr>';
        $form .= '        <tr>';
        $form .= '            <th align="right" scope="row"><label for="email">User email address:</label></th>';
        $form .= '            <td><input name="email" id="email" size="40" value="'.$email.'" title="Fill in a valid email address"/></td>';
        $form .= '            <td align="left">'.$validemail.'</td>';
        $form .= '        </tr>';
        $form .= '        <tr>';
        $form .= '            <th align="right" scope="row"><label for="password">Password:</label></th>';
        $form .= '            <td><input type="password" name="password" id="password" size="40" title="Choose a valid password (min. '.MIN_PASSW_LENGTH.' chars, no space)" /></td>';
        $form .= '            <td align="left">'.$validpassword.'</td>';
        $form .= '        </tr>';
        $form .= '        <tr>';
        $form .= '            <th align="right" scope="row"><label for="confpassword">Confirm password:</label></th>';
        $form .= '            <td><input type="password" name="confpassword" id="confpassword" size="40" title="Type again your password for confirmation" /></td>';  
        $form .= '            <td align="left">'.$validconfpassword.'</td>';
        $form .= '        </tr>';
        $form .= '        <tr>';
        $form .= '            <td></td>';
        $form .= '            <td><input type="submit" value="Register" title="Register" /></td>';  
        $form .= '        </tr>';
        $form .= '    </tbody>';
        $form .= '    </table>';
        $form .= $this->FormClose();
 
        // output intro and form
        print $intro.$form;
   
} else {
    print $this->Format('--- ===You do not have authority to add users=== ---');
}
?>

To Do
There are 4 comments on this page. [Show comments]
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki