Membership Plugin :: Create User

6 posts by 2 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: April 2, 2015   (RSS)

By jenolan - February 19, 2015

Hi I am ditching my wordpress site but I do not want existing people to have to re-register, so when they login I snaffle the WP data and now want to create their cmsb user record, doesn't seem to be an easy way to do this, also I would like to create the user based on a template for section access. I sthis hidden somewhere ;-)

yes I am going totally cmsb for sanity sake.

Cheers,
Larry

---
<?= "Jenolan(Larry) :: Coding Since 1973" ?>
Peace and Long Life

By Dave - February 21, 2015

Hi Larry, 

If you have the Website Membership plugin you can take a look at the signup form for reference.  It's code is here:  

Admin > Code Generator > Website Membership > Signup / Create an account

And here's the generated code from my desktop for reference: 

<?php
  
  // load viewer library
  $libraryPath = 'cmsb/lib/viewer_functions.php';
  $dirsToCheck = array('C:/wamp/www/sb/CMS Builder/','','../','../../','../../../');
  foreach ($dirsToCheck as $dir) { if (@include_once("$dir$libraryPath")) { break; }}
  if (!function_exists('getRecords')) { die("Couldn't load viewer library, check filepath in sourcecode."); }
  if (!@$GLOBALS['WEBSITE_MEMBERSHIP_PLUGIN']) { die("You must activate the Website Membership plugin before you can access this page."); }

  //
  $useUsernames   = true; // Set this to false to disallow usernames, email will be used as username instead
  $showSignupForm = true; // don't change this value

  // error checking
  $errorsAndAlerts = "";
  if (@$CURRENT_USER) {
    $errorsAndAlerts .= "You are already signed up! <a href='/'>Click here to continue</a>.<br/>\n";
    $showSignupForm = false;
  }

  // process form
  if (@$_POST['save']) {

    // redirect to profile page after after signing up
    setPrefixedCookie('lastUrl', $GLOBALS['WEBSITE_LOGIN_PROFILE_URL']);

    // error checking
    $emailAlreadyInUse    = mysql_count(accountsTable(), mysql_escapef("? IN (`username`, `email`)", @$_REQUEST['email']));
    $usernameAlreadyInUse = mysql_count(accountsTable(), mysql_escapef("? IN (`username`, `email`)", @$_REQUEST['username']));

    if     (!@$_REQUEST['fullname'])                       { $errorsAndAlerts .= "You must enter your full name!<br/>\n"; }
    if     (!@$_REQUEST['email'])                          { $errorsAndAlerts .= "You must enter your email!<br/>\n"; }
    elseif (!isValidEmail(@$_REQUEST['email']))            { $errorsAndAlerts .= "Please enter a valid email (example: user@example.com)<br/>\n"; }
    elseif ($emailAlreadyInUse)                            { $errorsAndAlerts .= "That email is already in use, please choose another!<br/>\n"; }
    if ($useUsernames) {
      if     (!@$_REQUEST['username'])                     { $errorsAndAlerts .= "You must choose a username!<br/>\n"; }
      elseif (preg_match("/\s+/", @$_REQUEST['username'])) { $errorsAndAlerts .= "Username cannot contain spaces!<br/>\n"; }
      elseif ($usernameAlreadyInUse)                       { $errorsAndAlerts .= "That username is already in use, please choose another!<br/>\n"; }
    }
    elseif (!$useUsernames) {
      if (@$_REQUEST['username'])                          { $errorsAndAlerts .= "Usernames are not allowed!<br/>\n"; }
    }

    // add user
    if (!$errorsAndAlerts) {

      // generate password
      $passwordText = wsm_generatePassword();
      $passwordHash = getPasswordDigest($passwordText);

      //
      $colsToValues = array();
      $colsToValues['createdDate=']     = 'NOW()';
      $colsToValues['updatedDate=']     = 'NOW()';
      $colsToValues['createdByUserNum'] = 0;
      $colsToValues['updatedByUserNum'] = 0;

      // fields defined by form:
      //$colsToValues['agree_tos']      = $_REQUEST['agree_tos'];
      $colsToValues['fullname']         = $_REQUEST['fullname'];
      $colsToValues['email']            = $_REQUEST['email'];
      $colsToValues['username']         = coalesce( @$_REQUEST['username'], $_REQUEST['email'] ); // email is saved as username if usernames not supported
      $colsToValues['password']         = $passwordHash;
      // ... add more form fields here by copying the above line!
      $userNum = mysql_insert(accountsTable(), $colsToValues, true);

      // set access rights for CMS so new users can access some CMS sections
      $setAccessRights = false; // set to true and set access tables below to use this
      if ($setAccessRights && accountsTable() == "accounts") { // this is only relevant if you're adding users to the CMS accounts table

        // NOTE: You can repeat this block to grant access to multiple sections
        mysql_insert('_accesslist', array(
          'userNum'      => $userNum,
          'tableName'    => '_sample',   // insert tablename you want to grant access to, or 'all' for all sections
          'accessLevel'  => '0',         // access level allowed: 0=none, 6=author, 9=editor
          'maxRecords'   => '',          // max listings allowed (leave blank for unlimited)
          'randomSaveId' => '123456789', // ignore - for internal use
        ));
      }

      // send message
      list($mailErrors, $fromEmail) = wsm_sendSignupEmail($userNum, $passwordText);
      if ($mailErrors) { alert("Mail Error: $mailErrors"); }

      // show thanks
      $errorsAndAlerts  = "Thanks, We've created an account for you and emailed you your password.<br/><br/>\n";
      $errorsAndAlerts .= "If you don't receive an email from us within a few minutes check your spam filter for messages from {$fromEmail}<br/><br/>\n";
      $errorsAndAlerts .= "<a href='{$GLOBALS['WEBSITE_LOGIN_LOGIN_FORM_URL']}'>Click here to login</a>.";

      $_REQUEST        = array(); // clear form values
      $showSignupForm  = false;
    }
  }

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
  <title></title>
  <meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
  <style type="text/css">
    body          { font-family: arial; }
    .instructions { border: 3px solid #000; background-color: #EEE; padding: 10px; text-align: left; margin: 25px}
  </style>
 </head>
<body>


<h1>Sample User Signup Form</h1>

<!-- USER SIGNUP FORM -->
  <?php if (@$errorsAndAlerts): ?>
    <div style="color: #C00; font-weight: bold; font-size: 13px;">
      <?php echo $errorsAndAlerts; ?><br/>
    </div>
  <?php endif ?>

<?php if ($showSignupForm): ?>
  <form method="post" action="?">
  <input type="hidden" name="save" value="1" />

  <table border="0" cellspacing="0" cellpadding="2">
   <tr>
    <td>Full Name</td>
    <td><input type="text" name="fullname" value="<?php echo htmlencode(@$_REQUEST['fullname']); ?>" size="50" /></td>
   </tr>
   <tr>
    <td>Email</td>
    <td><input type="text" name="email" value="<?php echo htmlencode(@$_REQUEST['email']); ?>" size="50" /></td>
   </tr>
<?php if ($useUsernames): ?>
   <tr>
    <td>Username</td>
    <td><input type="text" name="username" value="<?php echo htmlencode(@$_REQUEST['username']); ?>" size="50" /></td>
   </tr>
<?php endif ?>

   <tr>
    <td colspan="2" align="center">
      <br/><input class="button" type="submit" name="submit" value="Sign up &gt;&gt;" />
    </td>
   </tr>
  </table>

  </form>
<?php endif ?>
<!-- /USER SIGNUP FORM -->
</body>
</html>

Dave Edis - Senior Developer

interactivetools.com

By jenolan - April 1, 2015 - edited: April 1, 2015

ok I am a bit further with this .. I have the access to wordpress login available in my process, but I have an issue (yeah only one sure) you are using a password method and a check if already done lookup isPasswordDigest($password) and getPasswordDigest($password, $forceEncode = false) which is not compatible with what Wordpress has built using the generic password hasher library from http://www.openwall.com/phpass/ that's not the issue the problem is that there is no method to override the password functions without hacking (which I don't like doing it make upgrading hell later).

OK so the Wordpress way would be to put

if( ! function_exists( 'getPasswordDigest' ) )
{
    // add standard code here
}

Then I can add my own definition before the code is loaded and shazzam I can run any scheme I like ;-) able to do that for me please?

Thanks,
Larry

PS: Sorry need to include custom.php if it exists in init.php to allow the injection

---
<?= "Jenolan(Larry) :: Coding Since 1973" ?>
Peace and Long Life

By Dave - April 2, 2015

Hi Larry, 

Are you able to use this plugin filter from /lib/login_functions.php?

// Plugin filters
list($isValidLogin, $user, $updateLastLogin) = applyFilters('login_isValidLogin', array($isValidLogin, $user, $updateLastLogin));

You might be able to just bypass everything.  I could add plugin hooks to the two password functions, but I'm not sure we're not going to change those in the near future.

Let me know if the above will work for you.  Cheers!

Dave Edis - Senior Developer

interactivetools.com

By jenolan - April 2, 2015

In that the $user is not set if the password didn't match in the preceeding code... As mentioned by email some of the code needs work ;-)

---
<?= "Jenolan(Larry) :: Coding Since 1973" ?>
Peace and Long Life