From f3cb254cb7a7a8598db2b413b7a9a10e8febe87d Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Thu, 8 Sep 2005 19:32:31 +0000
Subject: [PATCH] - Patch #23536 by chx: custom registration fields should
appear on admin/user/create.
---
modules/profile.module | 6 ++--
modules/profile/profile.module | 6 ++--
modules/user.module | 58 ++++++++++++----------------------
modules/user/user.module | 58 ++++++++++++----------------------
4 files changed, 46 insertions(+), 82 deletions(-)
diff --git a/modules/profile.module b/modules/profile.module
index ffef5f58afaf..60b0159c8cd6 100644
--- a/modules/profile.module
+++ b/modules/profile.module
@@ -219,7 +219,7 @@ function profile_load_profile(&$user) {
}
function profile_save_profile(&$edit, &$user, $category) {
- if (($_GET['q'] == 'user/register') ? 1 : 0) {
+ if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') {
$result = db_query('SELECT fid, name, type FROM {profile_fields} WHERE register = 1 AND visibility != %d ORDER BY category, weight', PROFILE_HIDDEN);
}
else {
@@ -320,7 +320,7 @@ function _profile_form_explanation($field) {
function profile_form_profile($edit, $user, $category) {
- if (($_GET['q'] == 'user/register') ? 1 : 0) {
+ if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') {
$result = db_query('SELECT * FROM {profile_fields} WHERE register = 1 ORDER BY category, weight');
}
else {
@@ -431,7 +431,7 @@ function _profile_map_month($month) {
function profile_validate_profile($edit, $category) {
- if (($_GET['q'] == 'user/register') ? 1 : 0) {
+ if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') {
$result = db_query('SELECT * FROM {profile_fields} WHERE register = 1 ORDER BY category, weight');
}
else {
diff --git a/modules/profile/profile.module b/modules/profile/profile.module
index ffef5f58afaf..60b0159c8cd6 100644
--- a/modules/profile/profile.module
+++ b/modules/profile/profile.module
@@ -219,7 +219,7 @@ function profile_load_profile(&$user) {
}
function profile_save_profile(&$edit, &$user, $category) {
- if (($_GET['q'] == 'user/register') ? 1 : 0) {
+ if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') {
$result = db_query('SELECT fid, name, type FROM {profile_fields} WHERE register = 1 AND visibility != %d ORDER BY category, weight', PROFILE_HIDDEN);
}
else {
@@ -320,7 +320,7 @@ function _profile_form_explanation($field) {
function profile_form_profile($edit, $user, $category) {
- if (($_GET['q'] == 'user/register') ? 1 : 0) {
+ if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') {
$result = db_query('SELECT * FROM {profile_fields} WHERE register = 1 ORDER BY category, weight');
}
else {
@@ -431,7 +431,7 @@ function _profile_map_month($month) {
function profile_validate_profile($edit, $category) {
- if (($_GET['q'] == 'user/register') ? 1 : 0) {
+ if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') {
$result = db_query('SELECT * FROM {profile_fields} WHERE register = 1 ORDER BY category, weight');
}
else {
diff --git a/modules/user.module b/modules/user.module
index fcfa6c924fd7..6a39def8f994 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -1032,8 +1032,10 @@ function user_pass_rehash($password, $timestamp, $login){
function user_register($edit = array()) {
global $user, $base_url;
- // If we are already logged on, go to the user page instead.
- if ($user->uid) {
+ $admin = user_access('administer users');
+
+ // If we aren't admin but already logged on, go to the user page instead.
+ if (!$admin && $user->uid) {
drupal_goto('user/'. $user->uid);
}
@@ -1042,15 +1044,15 @@ function user_register($edit = array()) {
if (!form_get_errors()) {
$from = variable_get('site_mail', ini_get('sendmail_from'));
- $pass = user_password();
+ $pass = $admin ? $edit['pass'] : user_password();
// TODO: Is this necessary? Won't session_write() replicate this?
unset($edit['session']);
- if (array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session', 'status'))) {
+ if (!$admin && array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session', 'status'))) {
watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING);
drupal_goto('user/register');
}
- $account = user_save('', array_merge($edit, array('pass' => $pass, 'init' => $edit['mail'], 'roles' => array(_user_authenticated_id()), 'status' => (variable_get('user_register', 1) == 1 ? 1 : 0))));
+ $account = user_save('', array_merge($edit, array('pass' => $pass, 'init' => $edit['mail'], 'roles' => array('authenticated user' => _user_authenticated_id()), 'status' => $admin || variable_get('user_register', 1))));
watchdog('user', t('New user: %name %email.', array('%name' => theme('placeholder', $edit['name']), '%email' => theme('placeholder', '<'. $edit['mail'] .'>'))), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $account->uid .'/edit'));
$variables = array('%username' => $edit['name'], '%site' => variable_get('site_name', 'drupal'), '%password' => $pass, '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $edit['mail'], '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE), '%login_url' => user_pass_reset_url($account));
@@ -1067,7 +1069,12 @@ function user_register($edit = array()) {
return form($output);
}
else {
- if ($account->status) {
+ if ($admin) {
+ drupal_set_message(t('Created a new user account. No e-mail has been sent.'));
+
+ drupal_goto('admin/user');
+ }
+ else if ($account->status) {
// Create new user account, no administrator approval required.
$subject = _user_mail_text('welcome_subject', $variables);
$body = _user_mail_text('welcome_body', $variables);
@@ -1090,12 +1097,15 @@ function user_register($edit = array()) {
// Display the registration form.
$output .= variable_get('user_registration_help', '');
$affiliates = user_auth_help_links();
- if (count($affiliates) > 0) {
+ if (!$admin && count($affiliates) > 0) {
$affiliates = implode(', ', $affiliates);
$output .= '<p>'. t('Note: if you have an account with one of our affiliates (%s), you may <a href="%login_uri">login now</a> instead of registering.', array('%s' => $affiliates, '%login_uri' => url('user'))) .'</p>';
}
$default = form_textfield(t('Username'), 'name', $edit['name'], 30, 64, t('Your full name or your preferred username; only letters, numbers and spaces are allowed.'), NULL, TRUE);
$default .= form_textfield(t('E-mail address'), 'mail', $edit['mail'], 30, 64, t('A password and instructions will be sent to this e-mail address, so make sure it is accurate.'), NULL, TRUE);
+ if ($admin) {
+ $default .= form_password(t('Password'), 'pass', $edit['pass'], 30, 55,t('Provide a password for the new account.'), NULL, TRUE);
+ }
$extra = _user_forms($edit, $account, $category, 'register');
// Only display form_group around default fields if there are other groups.
if ($extra) {
@@ -1162,7 +1172,7 @@ function user_edit_validate($uid, &$edit) {
}
// Validate the user roles:
- if (user_access('administer users')) {
+ if (user_access('administer users') && $_GET['q'] != 'admin/user/create') {
if (!$edit['roles']) {
form_set_error('roles', t('You must select at least one role.'));
$edit['roles'] = array();
@@ -1378,34 +1388,6 @@ function user_configure_settings() {
return $output;
}
-function user_admin_create($edit = array()) {
-
- if ($edit) {
- // Because the admin form doesn't have roles selection they need to be set to validate properly
- $edit['roles'] = array(_user_authenticated_id() => 'authenticated user');
- user_module_invoke('validate', $edit, $edit, 'account');
-
- if (!form_get_errors()) {
- watchdog('user', t('New user: %name %email.', array('%name' => theme('placeholder', $edit['name']), '%email' => theme('placeholder', '<'. $edit['mail'] .'>'))));
-
- user_save('', array('name' => $edit['name'], 'pass' => $edit['pass'], 'init' => $edit['mail'], 'mail' => $edit['mail'], 'roles' => $edit['roles'], 'status' => 1));
-
- drupal_set_message(t('Created a new user account. No e-mail has been sent.'));
-
- drupal_goto('admin/user');
- }
- }
-
- $output = form_textfield(t('Username'), 'name', $edit['name'], 30, 55, t('Provide the username of the new account.'), NULL, TRUE);
- $output .= form_textfield(t('E-mail address'), 'mail', $edit['mail'], 30, 55, t('Provide the e-mail address associated with the new account.'), NULL, TRUE);
- $output .= form_password(t('Password'), 'pass', $edit['pass'], 30, 55, t('Provide a password for the new account.'), NULL, TRUE);
- $output .= form_submit(t('Create account'));
-
- $output = form_group(t('Create new user account'), $output);
-
- return form($output);
-}
-
/**
* Menu callback: check an access rule
*/
@@ -1765,9 +1747,9 @@ function user_admin() {
case t('Search'):
$output = search_form(url('admin/user/search'), $_POST['edit']['keys'], 'user') . search_data($_POST['edit']['keys'], 'user');
break;
- case t('Create account'):
+ case t('Create new account'):
case 'create':
- $output = user_admin_create($edit);
+ $output = user_register($edit);
break;
default:
$output = user_admin_account();
diff --git a/modules/user/user.module b/modules/user/user.module
index fcfa6c924fd7..6a39def8f994 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -1032,8 +1032,10 @@ function user_pass_rehash($password, $timestamp, $login){
function user_register($edit = array()) {
global $user, $base_url;
- // If we are already logged on, go to the user page instead.
- if ($user->uid) {
+ $admin = user_access('administer users');
+
+ // If we aren't admin but already logged on, go to the user page instead.
+ if (!$admin && $user->uid) {
drupal_goto('user/'. $user->uid);
}
@@ -1042,15 +1044,15 @@ function user_register($edit = array()) {
if (!form_get_errors()) {
$from = variable_get('site_mail', ini_get('sendmail_from'));
- $pass = user_password();
+ $pass = $admin ? $edit['pass'] : user_password();
// TODO: Is this necessary? Won't session_write() replicate this?
unset($edit['session']);
- if (array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session', 'status'))) {
+ if (!$admin && array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session', 'status'))) {
watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING);
drupal_goto('user/register');
}
- $account = user_save('', array_merge($edit, array('pass' => $pass, 'init' => $edit['mail'], 'roles' => array(_user_authenticated_id()), 'status' => (variable_get('user_register', 1) == 1 ? 1 : 0))));
+ $account = user_save('', array_merge($edit, array('pass' => $pass, 'init' => $edit['mail'], 'roles' => array('authenticated user' => _user_authenticated_id()), 'status' => $admin || variable_get('user_register', 1))));
watchdog('user', t('New user: %name %email.', array('%name' => theme('placeholder', $edit['name']), '%email' => theme('placeholder', '<'. $edit['mail'] .'>'))), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $account->uid .'/edit'));
$variables = array('%username' => $edit['name'], '%site' => variable_get('site_name', 'drupal'), '%password' => $pass, '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $edit['mail'], '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE), '%login_url' => user_pass_reset_url($account));
@@ -1067,7 +1069,12 @@ function user_register($edit = array()) {
return form($output);
}
else {
- if ($account->status) {
+ if ($admin) {
+ drupal_set_message(t('Created a new user account. No e-mail has been sent.'));
+
+ drupal_goto('admin/user');
+ }
+ else if ($account->status) {
// Create new user account, no administrator approval required.
$subject = _user_mail_text('welcome_subject', $variables);
$body = _user_mail_text('welcome_body', $variables);
@@ -1090,12 +1097,15 @@ function user_register($edit = array()) {
// Display the registration form.
$output .= variable_get('user_registration_help', '');
$affiliates = user_auth_help_links();
- if (count($affiliates) > 0) {
+ if (!$admin && count($affiliates) > 0) {
$affiliates = implode(', ', $affiliates);
$output .= '<p>'. t('Note: if you have an account with one of our affiliates (%s), you may <a href="%login_uri">login now</a> instead of registering.', array('%s' => $affiliates, '%login_uri' => url('user'))) .'</p>';
}
$default = form_textfield(t('Username'), 'name', $edit['name'], 30, 64, t('Your full name or your preferred username; only letters, numbers and spaces are allowed.'), NULL, TRUE);
$default .= form_textfield(t('E-mail address'), 'mail', $edit['mail'], 30, 64, t('A password and instructions will be sent to this e-mail address, so make sure it is accurate.'), NULL, TRUE);
+ if ($admin) {
+ $default .= form_password(t('Password'), 'pass', $edit['pass'], 30, 55,t('Provide a password for the new account.'), NULL, TRUE);
+ }
$extra = _user_forms($edit, $account, $category, 'register');
// Only display form_group around default fields if there are other groups.
if ($extra) {
@@ -1162,7 +1172,7 @@ function user_edit_validate($uid, &$edit) {
}
// Validate the user roles:
- if (user_access('administer users')) {
+ if (user_access('administer users') && $_GET['q'] != 'admin/user/create') {
if (!$edit['roles']) {
form_set_error('roles', t('You must select at least one role.'));
$edit['roles'] = array();
@@ -1378,34 +1388,6 @@ function user_configure_settings() {
return $output;
}
-function user_admin_create($edit = array()) {
-
- if ($edit) {
- // Because the admin form doesn't have roles selection they need to be set to validate properly
- $edit['roles'] = array(_user_authenticated_id() => 'authenticated user');
- user_module_invoke('validate', $edit, $edit, 'account');
-
- if (!form_get_errors()) {
- watchdog('user', t('New user: %name %email.', array('%name' => theme('placeholder', $edit['name']), '%email' => theme('placeholder', '<'. $edit['mail'] .'>'))));
-
- user_save('', array('name' => $edit['name'], 'pass' => $edit['pass'], 'init' => $edit['mail'], 'mail' => $edit['mail'], 'roles' => $edit['roles'], 'status' => 1));
-
- drupal_set_message(t('Created a new user account. No e-mail has been sent.'));
-
- drupal_goto('admin/user');
- }
- }
-
- $output = form_textfield(t('Username'), 'name', $edit['name'], 30, 55, t('Provide the username of the new account.'), NULL, TRUE);
- $output .= form_textfield(t('E-mail address'), 'mail', $edit['mail'], 30, 55, t('Provide the e-mail address associated with the new account.'), NULL, TRUE);
- $output .= form_password(t('Password'), 'pass', $edit['pass'], 30, 55, t('Provide a password for the new account.'), NULL, TRUE);
- $output .= form_submit(t('Create account'));
-
- $output = form_group(t('Create new user account'), $output);
-
- return form($output);
-}
-
/**
* Menu callback: check an access rule
*/
@@ -1765,9 +1747,9 @@ function user_admin() {
case t('Search'):
$output = search_form(url('admin/user/search'), $_POST['edit']['keys'], 'user') . search_data($_POST['edit']['keys'], 'user');
break;
- case t('Create account'):
+ case t('Create new account'):
case 'create':
- $output = user_admin_create($edit);
+ $output = user_register($edit);
break;
default:
$output = user_admin_account();
--
GitLab