Commit f3cb254c authored by Dries's avatar Dries
Browse files

- Patch #23536 by chx: custom registration fields should appear on admin/user/create.

parent 2dddd9e5
......@@ -219,7 +219,7 @@ function profile_load_profile(&$user) {
}
function profile_save_profile(&$edit, &$user, $category) {
if (($_GET['q'] == 'user/register') ? 1 : 0) {
if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') {
$result = db_query('SELECT fid, name, type FROM {profile_fields} WHERE register = 1 AND visibility != %d ORDER BY category, weight', PROFILE_HIDDEN);
}
else {
......@@ -320,7 +320,7 @@ function _profile_form_explanation($field) {
function profile_form_profile($edit, $user, $category) {
if (($_GET['q'] == 'user/register') ? 1 : 0) {
if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') {
$result = db_query('SELECT * FROM {profile_fields} WHERE register = 1 ORDER BY category, weight');
}
else {
......@@ -431,7 +431,7 @@ function _profile_map_month($month) {
function profile_validate_profile($edit, $category) {
if (($_GET['q'] == 'user/register') ? 1 : 0) {
if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') {
$result = db_query('SELECT * FROM {profile_fields} WHERE register = 1 ORDER BY category, weight');
}
else {
......
......@@ -219,7 +219,7 @@ function profile_load_profile(&$user) {
}
function profile_save_profile(&$edit, &$user, $category) {
if (($_GET['q'] == 'user/register') ? 1 : 0) {
if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') {
$result = db_query('SELECT fid, name, type FROM {profile_fields} WHERE register = 1 AND visibility != %d ORDER BY category, weight', PROFILE_HIDDEN);
}
else {
......@@ -320,7 +320,7 @@ function _profile_form_explanation($field) {
function profile_form_profile($edit, $user, $category) {
if (($_GET['q'] == 'user/register') ? 1 : 0) {
if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') {
$result = db_query('SELECT * FROM {profile_fields} WHERE register = 1 ORDER BY category, weight');
}
else {
......@@ -431,7 +431,7 @@ function _profile_map_month($month) {
function profile_validate_profile($edit, $category) {
if (($_GET['q'] == 'user/register') ? 1 : 0) {
if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') {
$result = db_query('SELECT * FROM {profile_fields} WHERE register = 1 ORDER BY category, weight');
}
else {
......
......@@ -1032,8 +1032,10 @@ function user_pass_rehash($password, $timestamp, $login){
function user_register($edit = array()) {
global $user, $base_url;
// If we are already logged on, go to the user page instead.
if ($user->uid) {
$admin = user_access('administer users');
// If we aren't admin but already logged on, go to the user page instead.
if (!$admin && $user->uid) {
drupal_goto('user/'. $user->uid);
}
......@@ -1042,15 +1044,15 @@ function user_register($edit = array()) {
if (!form_get_errors()) {
$from = variable_get('site_mail', ini_get('sendmail_from'));
$pass = user_password();
$pass = $admin ? $edit['pass'] : user_password();
// TODO: Is this necessary? Won't session_write() replicate this?
unset($edit['session']);
if (array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session', 'status'))) {
if (!$admin && array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session', 'status'))) {
watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING);
drupal_goto('user/register');
}
$account = user_save('', array_merge($edit, array('pass' => $pass, 'init' => $edit['mail'], 'roles' => array(_user_authenticated_id()), 'status' => (variable_get('user_register', 1) == 1 ? 1 : 0))));
$account = user_save('', array_merge($edit, array('pass' => $pass, 'init' => $edit['mail'], 'roles' => array('authenticated user' => _user_authenticated_id()), 'status' => $admin || variable_get('user_register', 1))));
watchdog('user', t('New user: %name %email.', array('%name' => theme('placeholder', $edit['name']), '%email' => theme('placeholder', '<'. $edit['mail'] .'>'))), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $account->uid .'/edit'));
$variables = array('%username' => $edit['name'], '%site' => variable_get('site_name', 'drupal'), '%password' => $pass, '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $edit['mail'], '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE), '%login_url' => user_pass_reset_url($account));
......@@ -1067,7 +1069,12 @@ function user_register($edit = array()) {
return form($output);
}
else {
if ($account->status) {
if ($admin) {
drupal_set_message(t('Created a new user account. No e-mail has been sent.'));
drupal_goto('admin/user');
}
else if ($account->status) {
// Create new user account, no administrator approval required.
$subject = _user_mail_text('welcome_subject', $variables);
$body = _user_mail_text('welcome_body', $variables);
......@@ -1090,12 +1097,15 @@ function user_register($edit = array()) {
// Display the registration form.
$output .= variable_get('user_registration_help', '');
$affiliates = user_auth_help_links();
if (count($affiliates) > 0) {
if (!$admin && count($affiliates) > 0) {
$affiliates = implode(', ', $affiliates);
$output .= '<p>'. t('Note: if you have an account with one of our affiliates (%s), you may <a href="%login_uri">login now</a> instead of registering.', array('%s' => $affiliates, '%login_uri' => url('user'))) .'</p>';
}
$default = form_textfield(t('Username'), 'name', $edit['name'], 30, 64, t('Your full name or your preferred username; only letters, numbers and spaces are allowed.'), NULL, TRUE);
$default .= form_textfield(t('E-mail address'), 'mail', $edit['mail'], 30, 64, t('A password and instructions will be sent to this e-mail address, so make sure it is accurate.'), NULL, TRUE);
if ($admin) {
$default .= form_password(t('Password'), 'pass', $edit['pass'], 30, 55,t('Provide a password for the new account.'), NULL, TRUE);
}
$extra = _user_forms($edit, $account, $category, 'register');
// Only display form_group around default fields if there are other groups.
if ($extra) {
......@@ -1162,7 +1172,7 @@ function user_edit_validate($uid, &$edit) {
}
// Validate the user roles:
if (user_access('administer users')) {
if (user_access('administer users') && $_GET['q'] != 'admin/user/create') {
if (!$edit['roles']) {
form_set_error('roles', t('You must select at least one role.'));
$edit['roles'] = array();
......@@ -1378,34 +1388,6 @@ function user_configure_settings() {
return $output;
}
function user_admin_create($edit = array()) {
if ($edit) {
// Because the admin form doesn't have roles selection they need to be set to validate properly
$edit['roles'] = array(_user_authenticated_id() => 'authenticated user');
user_module_invoke('validate', $edit, $edit, 'account');
if (!form_get_errors()) {
watchdog('user', t('New user: %name %email.', array('%name' => theme('placeholder', $edit['name']), '%email' => theme('placeholder', '<'. $edit['mail'] .'>'))));
user_save('', array('name' => $edit['name'], 'pass' => $edit['pass'], 'init' => $edit['mail'], 'mail' => $edit['mail'], 'roles' => $edit['roles'], 'status' => 1));
drupal_set_message(t('Created a new user account. No e-mail has been sent.'));
drupal_goto('admin/user');
}
}
$output = form_textfield(t('Username'), 'name', $edit['name'], 30, 55, t('Provide the username of the new account.'), NULL, TRUE);
$output .= form_textfield(t('E-mail address'), 'mail', $edit['mail'], 30, 55, t('Provide the e-mail address associated with the new account.'), NULL, TRUE);
$output .= form_password(t('Password'), 'pass', $edit['pass'], 30, 55, t('Provide a password for the new account.'), NULL, TRUE);
$output .= form_submit(t('Create account'));
$output = form_group(t('Create new user account'), $output);
return form($output);
}
/**
* Menu callback: check an access rule
*/
......@@ -1765,9 +1747,9 @@ function user_admin() {
case t('Search'):
$output = search_form(url('admin/user/search'), $_POST['edit']['keys'], 'user') . search_data($_POST['edit']['keys'], 'user');
break;
case t('Create account'):
case t('Create new account'):
case 'create':
$output = user_admin_create($edit);
$output = user_register($edit);
break;
default:
$output = user_admin_account();
......
......@@ -1032,8 +1032,10 @@ function user_pass_rehash($password, $timestamp, $login){
function user_register($edit = array()) {
global $user, $base_url;
// If we are already logged on, go to the user page instead.
if ($user->uid) {
$admin = user_access('administer users');
// If we aren't admin but already logged on, go to the user page instead.
if (!$admin && $user->uid) {
drupal_goto('user/'. $user->uid);
}
......@@ -1042,15 +1044,15 @@ function user_register($edit = array()) {
if (!form_get_errors()) {
$from = variable_get('site_mail', ini_get('sendmail_from'));
$pass = user_password();
$pass = $admin ? $edit['pass'] : user_password();
// TODO: Is this necessary? Won't session_write() replicate this?
unset($edit['session']);
if (array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session', 'status'))) {
if (!$admin && array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session', 'status'))) {
watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING);
drupal_goto('user/register');
}
$account = user_save('', array_merge($edit, array('pass' => $pass, 'init' => $edit['mail'], 'roles' => array(_user_authenticated_id()), 'status' => (variable_get('user_register', 1) == 1 ? 1 : 0))));
$account = user_save('', array_merge($edit, array('pass' => $pass, 'init' => $edit['mail'], 'roles' => array('authenticated user' => _user_authenticated_id()), 'status' => $admin || variable_get('user_register', 1))));
watchdog('user', t('New user: %name %email.', array('%name' => theme('placeholder', $edit['name']), '%email' => theme('placeholder', '<'. $edit['mail'] .'>'))), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $account->uid .'/edit'));
$variables = array('%username' => $edit['name'], '%site' => variable_get('site_name', 'drupal'), '%password' => $pass, '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $edit['mail'], '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE), '%login_url' => user_pass_reset_url($account));
......@@ -1067,7 +1069,12 @@ function user_register($edit = array()) {
return form($output);
}
else {
if ($account->status) {
if ($admin) {
drupal_set_message(t('Created a new user account. No e-mail has been sent.'));
drupal_goto('admin/user');
}
else if ($account->status) {
// Create new user account, no administrator approval required.
$subject = _user_mail_text('welcome_subject', $variables);
$body = _user_mail_text('welcome_body', $variables);
......@@ -1090,12 +1097,15 @@ function user_register($edit = array()) {
// Display the registration form.
$output .= variable_get('user_registration_help', '');
$affiliates = user_auth_help_links();
if (count($affiliates) > 0) {
if (!$admin && count($affiliates) > 0) {
$affiliates = implode(', ', $affiliates);
$output .= '<p>'. t('Note: if you have an account with one of our affiliates (%s), you may <a href="%login_uri">login now</a> instead of registering.', array('%s' => $affiliates, '%login_uri' => url('user'))) .'</p>';
}
$default = form_textfield(t('Username'), 'name', $edit['name'], 30, 64, t('Your full name or your preferred username; only letters, numbers and spaces are allowed.'), NULL, TRUE);
$default .= form_textfield(t('E-mail address'), 'mail', $edit['mail'], 30, 64, t('A password and instructions will be sent to this e-mail address, so make sure it is accurate.'), NULL, TRUE);
if ($admin) {
$default .= form_password(t('Password'), 'pass', $edit['pass'], 30, 55,t('Provide a password for the new account.'), NULL, TRUE);
}
$extra = _user_forms($edit, $account, $category, 'register');
// Only display form_group around default fields if there are other groups.
if ($extra) {
......@@ -1162,7 +1172,7 @@ function user_edit_validate($uid, &$edit) {
}
// Validate the user roles:
if (user_access('administer users')) {
if (user_access('administer users') && $_GET['q'] != 'admin/user/create') {
if (!$edit['roles']) {
form_set_error('roles', t('You must select at least one role.'));
$edit['roles'] = array();
......@@ -1378,34 +1388,6 @@ function user_configure_settings() {
return $output;
}
function user_admin_create($edit = array()) {
if ($edit) {
// Because the admin form doesn't have roles selection they need to be set to validate properly
$edit['roles'] = array(_user_authenticated_id() => 'authenticated user');
user_module_invoke('validate', $edit, $edit, 'account');
if (!form_get_errors()) {
watchdog('user', t('New user: %name %email.', array('%name' => theme('placeholder', $edit['name']), '%email' => theme('placeholder', '<'. $edit['mail'] .'>'))));
user_save('', array('name' => $edit['name'], 'pass' => $edit['pass'], 'init' => $edit['mail'], 'mail' => $edit['mail'], 'roles' => $edit['roles'], 'status' => 1));
drupal_set_message(t('Created a new user account. No e-mail has been sent.'));
drupal_goto('admin/user');
}
}
$output = form_textfield(t('Username'), 'name', $edit['name'], 30, 55, t('Provide the username of the new account.'), NULL, TRUE);
$output .= form_textfield(t('E-mail address'), 'mail', $edit['mail'], 30, 55, t('Provide the e-mail address associated with the new account.'), NULL, TRUE);
$output .= form_password(t('Password'), 'pass', $edit['pass'], 30, 55, t('Provide a password for the new account.'), NULL, TRUE);
$output .= form_submit(t('Create account'));
$output = form_group(t('Create new user account'), $output);
return form($output);
}
/**
* Menu callback: check an access rule
*/
......@@ -1765,9 +1747,9 @@ function user_admin() {
case t('Search'):
$output = search_form(url('admin/user/search'), $_POST['edit']['keys'], 'user') . search_data($_POST['edit']['keys'], 'user');
break;
case t('Create account'):
case t('Create new account'):
case 'create':
$output = user_admin_create($edit);
$output = user_register($edit);
break;
default:
$output = user_admin_account();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment