Click here to continue.";
$showSignupForm = false;
}
// process form
if (@$_REQUEST['save']) {
// error checking
$errorsAndAlerts = "";
if (!@$_REQUEST['fullname']) { $errorsAndAlerts .= "You must enter your full name!
\n"; }
if (!@$_REQUEST['email']) { $errorsAndAlerts .= "You must enter your email!
\n"; }
else if(!isValidEmail(@$_REQUEST['email'])) { $errorsAndAlerts .= "Please enter a valid email (example: user@example.com)
\n"; }
if (!@$_REQUEST['username']) { $errorsAndAlerts .= "You must choose a username!
\n"; }
// check for duplicate usernames and emails
if (!$errorsAndAlerts) {
$count = mysql_count($GLOBALS['WSM_ACCOUNTS_TABLE'], "`username` = '".mysql_escape(@$_REQUEST['username'])."'");
if ($count > 0 && @$_REQUEST['username']) { $errorsAndAlerts .= "That username is already in use, please choose another!
\n"; }
$count = mysql_count($GLOBALS['WSM_ACCOUNTS_TABLE'], "'".mysql_escape($_REQUEST['email'])."' IN (email, username)");
if ($count > 0) { $errorsAndAlerts .= "That email is already in use, please choose another!
\n"; }
}
// turn off strict mysql error checking for: STRICT_ALL_TABLES
mysqlStrictMode(false); // disable Mysql strict errors for when a field isn't defined below (can be caused when fields are added later)
// add user
if (!$errorsAndAlerts) {
// generate password
$password = substr(md5(uniqid(mt_rand(), true)), 15); // example output: c5560251ef0b3eef9
if (@$SETTINGS['advanced']['encryptPasswords']) { $passwordHash = getPasswordDigest($password); }
else { $passwordHash = $password; }
//
mysql_query("INSERT INTO `{$TABLE_PREFIX}" . @$GLOBALS['WSM_ACCOUNTS_TABLE'] . "` SET
fullname = '".mysql_escape( $_REQUEST['fullname'] )."',
email = '".mysql_escape( $_REQUEST['email'] )."',
username = '".mysql_escape( $_REQUEST['username'] )."',
password = '".mysql_escape( $passwordHash )."',
disabled = '0',
isAdmin = '0',
expiresDate = '0000-00-00 00:00:00',
neverExpires = '1',
createdDate = NOW(),
updatedDate = NOW(),
createdByUserNum = '0',
updatedByUserNum = '0'")
or die("MySQL Error Creating Record:
\n". htmlspecialchars(mysql_error()) . "\n");
$userNum = mysql_insert_id();
// If a table other than the standard accounts table has been set for this
// plugin, do not update the accesslist table
if (@$GLOBALS['WSM_ACCOUNTS_TABLE']=="accounts") {
// create accesslist entry
// replace '_sample' with the table you want the user to access
// replace '6' with the access level they should have: 0=none, 6=author, 9=editor
// replace '1' with the max listings they are allowed
mysql_query("INSERT INTO `{$TABLE_PREFIX}_accesslist`
(userNum, tableName, accessLevel, maxRecords, randomSaveId)
VALUES ($userNum, 'all', '1', NULL, '1234567890'),
($userNum, '_sample', '6', 1, '1234567890'),
($userNum, '_sample', '6', 1, '1234567890'),
($userNum, '_sample', '6', 1, '1234567890')") or die("MySQL Error Creating Access List:
\n". htmlspecialchars(mysql_error()) . "\n");
}
// send message
$emailTemplate = "emails/user-new-signup.php";
$emailHeaders = emailTemplate_load(array(
'template' => websiteLogin_pluginDir() . "/$emailTemplate",
'subject' => '', // set in template
'from' => '', // set in template
'to' => $_REQUEST['email'],
'placeholders' => array(
'username' => array_key_exists('username', $_REQUEST) ? $_REQUEST['username'] : $_REQUEST['email'], // if using email as username then show that instead
'password' => $password,
'loginUrl' => "http://" . $_SERVER['HTTP_HOST'] . $GLOBALS['WEBSITE_LOGIN_LOGIN_FORM_URL'],
),
));
$mailErrors = sendMessage($emailHeaders);
if ($mailErrors) { die("Mail Error: $mailErrors"); }
// show thanks
$errorsAndAlerts = "Thanks, We've created an account for you and emailed you your password.
\n";
$errorsAndAlerts .= "If you don't receive an email from us within a few minutes check your spam filter for messages from {$emailHeaders['from']}
\n";
$errorsAndAlerts .= "Click here to login.";
//If the user has successfully signed up, login them in.
redirectBrowserToURL('scratch.php?action=login&username='.$_REQUEST['username'].'&password='.$password);
}
}
?>
Sample User Signup Form