MDL-22388 Added some checks to kill these scripts dead with an unequivocal notice...
[moodle.git] / login / signup_form.php
1 <?php
3 if (!defined('MOODLE_INTERNAL')) {
4     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
5 }
7 require_once($CFG->libdir.'/formslib.php');
8 require_once($CFG->dirroot.'/user/profile/lib.php');
10 class login_signup_form extends moodleform {
11     function definition() {
12         global $USER, $CFG;
14         $mform =& $this->_form;
16         $mform->addElement('header', '', get_string('createuserandpass'), '');
19         $mform->addElement('text', 'username', get_string('username'), 'maxlength="100" size="12"');
20         $mform->setType('username', PARAM_NOTAGS);
21         $mform->addRule('username', get_string('missingusername'), 'required', null, 'server');
23         if (!empty($CFG->passwordpolicy)){
24             $mform->addElement('static', 'passwordpolicyinfo', '', print_password_policy());
25         }
26         $mform->addElement('passwordunmask', 'password', get_string('password'), 'maxlength="32" size="12"');
27         $mform->setType('password', PARAM_RAW);
28         $mform->addRule('password', get_string('missingpassword'), 'required', null, 'server');
30         $mform->addElement('header', '', get_string('supplyinfo'),'');
32         $mform->addElement('text', 'email', get_string('email'), 'maxlength="100" size="25"');
33         $mform->setType('email', PARAM_NOTAGS);
34         $mform->addRule('email', get_string('missingemail'), 'required', null, 'server');
36         $mform->addElement('text', 'email2', get_string('emailagain'), 'maxlength="100" size="25"');
37         $mform->setType('email2', PARAM_NOTAGS);
38         $mform->addRule('email2', get_string('missingemail'), 'required', null, 'server');
40         $nameordercheck = new object();
41         $nameordercheck->firstname = 'a';
42         $nameordercheck->lastname  = 'b';
43         if (fullname($nameordercheck) == 'b a' ) {  // See MDL-4325
44             $mform->addElement('text', 'lastname',  get_string('lastname'),  'maxlength="100" size="30"');
45             $mform->addElement('text', 'firstname', get_string('firstname'), 'maxlength="100" size="30"');
46         } else {
47             $mform->addElement('text', 'firstname', get_string('firstname'), 'maxlength="100" size="30"');
48             $mform->addElement('text', 'lastname',  get_string('lastname'),  'maxlength="100" size="30"');
49         }
51         $mform->setType('firstname', PARAM_TEXT);
52         $mform->addRule('firstname', get_string('missingfirstname'), 'required', null, 'server');
54         $mform->setType('lastname', PARAM_TEXT);
55         $mform->addRule('lastname', get_string('missinglastname'), 'required', null, 'server');
57         $mform->addElement('text', 'city', get_string('city'), 'maxlength="20" size="20"');
58         $mform->setType('city', PARAM_TEXT);
59         $mform->addRule('city', get_string('missingcity'), 'required', null, 'server');
61         $country = get_string_manager()->get_list_of_countries();
62         $default_country[''] = get_string('selectacountry');
63         $country = array_merge($default_country, $country);
64         $mform->addElement('select', 'country', get_string('country'), $country);
65         $mform->addRule('country', get_string('missingcountry'), 'required', null, 'server');
67         if( !empty($CFG->country) ){
68             $mform->setDefault('country', $CFG->country);
69         }else{
70             $mform->setDefault('country', '');
71         }
73         if (signup_captcha_enabled()) {
74             $mform->addElement('recaptcha', 'recaptcha_element', get_string('recaptcha', 'auth'), array('https' => $CFG->loginhttps));
75             $mform->setHelpButton('recaptcha_element', array('recaptcha', get_string('recaptcha', 'auth')));
76         }
78         profile_signup_fields($mform);
80         if (!empty($CFG->sitepolicy)) {
81             $mform->addElement('header', '', get_string('policyagreement'), '');
82             $mform->addElement('static', 'policylink', '', '<a href="'.$CFG->sitepolicy.'" onclick="this.target=\'_blank\'">'.get_String('policyagreementclick').'</a>');
83             $mform->addElement('checkbox', 'policyagreed', get_string('policyaccept'));
84             $mform->addRule('policyagreed', get_string('policyagree'), 'required', null, 'server');
85         }
87         // buttons
88         $this->add_action_buttons(true, get_string('createaccount'));
90     }
92     function definition_after_data(){
93         $mform =& $this->_form;
94         $mform->applyFilter('username', 'trim');
95     }
97     function validation($data, $files) {
98         global $CFG, $DB;
99         $errors = parent::validation($data, $files);
101         $authplugin = get_auth_plugin($CFG->registerauth);
103         if ($DB->record_exists('user', array('username'=>$data['username'], 'mnethostid'=>$CFG->mnet_localhost_id))) {
104             $errors['username'] = get_string('usernameexists');
105         } else {
106             //check allowed characters
107             if ($data['username'] !== moodle_strtolower($data['username'])) {
108                 $errors['username'] = get_string('usernamelowercase');
109             } else {                
110                 $string = clean_param($data['username'], PARAM_USERNAME);
111                 if (strcmp($data['username'], $string)) {
112                     $errors['username'] = get_string('invalidusername');
113                 }
114                 
115             }
116         }
118         //check if user exists in external db
119         //TODO: maybe we should check all enabled plugins instead
120         if ($authplugin->user_exists($data['username'])) {
121             $errors['username'] = get_string('usernameexists');
122         }
125         if (! validate_email($data['email'])) {
126             $errors['email'] = get_string('invalidemail');
128         } else if ($DB->record_exists('user', array('email'=>$data['email']))) {
129             $errors['email'] = get_string('emailexists').' <a href="forgot_password.php">'.get_string('newpassword').'?</a>';
130         }
131         if (empty($data['email2'])) {
132             $errors['email2'] = get_string('missingemail');
134         } else if ($data['email2'] != $data['email']) {
135             $errors['email2'] = get_string('invalidemail');
136         }
137         if (!isset($errors['email'])) {
138             if ($err = email_is_not_allowed($data['email'])) {
139                 $errors['email'] = $err;
140             }
142         }
144         $errmsg = '';
145         if (!check_password_policy($data['password'], $errmsg)) {
146             $errors['password'] = $errmsg;
147         }
149         if (signup_captcha_enabled()) {
150             $recaptcha_element = $this->_form->getElement('recaptcha_element');
151             if (!empty($this->_form->_submitValues['recaptcha_challenge_field'])) {
152                 $challenge_field = $this->_form->_submitValues['recaptcha_challenge_field'];
153                 $response_field = $this->_form->_submitValues['recaptcha_response_field'];
154                 if (true !== ($result = $recaptcha_element->verify($challenge_field, $response_field))) {
155                     $errors['recaptcha'] = $result;
156                 }
157             } else {
158                 $errors['recaptcha'] = get_string('missingrecaptchachallengefield');
159             }
160         }
162         return $errors;
165     }