IMathAS/newinstructor.php.dist at master · githubapprentice/IMathAS · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<?php

	require("config.php");
	$pagetitle = "New instructor account request";
	$placeinhead = "<link rel=\"stylesheet\" href=\"$imasroot/infopages.css\" type=\"text/css\">\n";
	$nologo = true;
	require("header.php");
	$pagetitle = "Instructor Account Request";
	require("infoheader.php");

	if (isset($_POST['firstname'])) {
		if (!isset($_POST['agree'])) {
			echo "<p>You must agree to the Terms and Conditions to set up an account</p>";
		} else if ($loginformat!='' && !preg_match($loginformat,$_POST['username'])) {
			echo "<p>Username is invalid</p>";
		} else if (!preg_match('/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/',$_POST['email'])) {
			echo '<p>Invalid email address</p>';
		} else if ($_POST['firstname']=='' || $_POST['lastname']=='' || $_POST['email']=='' || $_POST['school']=='' || $_POST['phone']=='' || $_POST['username']=='' || $_POST['password']=='') {
			echo "<p>Please provide all requested information</p>";

		} else if ($_POST['password']!=$_POST['password2']) {
			echo "<p>Passwords entered do not match.</p>";
		} else {
			//DB $query = "SELECT id FROM imas_users WHERE SID='{$_POST['username']}'";
			//DB $result = mysql_query($query) or die("Query failed : " . mysql_error());
			//DB if (mysql_num_rows($result)>0) {
			$stm = $DBH->prepare("SELECT id FROM imas_users WHERE SID=:SID");
			$stm->execute(array(':SID'=>$_POST['username']));
			if ($stm->rowCount()>0) {
				echo "<p>Username <b>{$_POST['username']}</b> is already in use.  Please try another</p>\n";
			} else {
				if (isset($CFG['GEN']['homelayout'])) {
					$homelayout = $CFG['GEN']['homelayout'];
				} else {
					$homelayout = '|0,1,2||0,1';
				}

				if (isset($CFG['GEN']['newpasswords'])) {
					require_once("./includes/password.php");
					$md5pw = password_hash($_POST['password'], PASSWORD_DEFAULT);
				} else {
					$md5pw = md5($_POST['password']);
				}
				//DB $query = "INSERT INTO imas_users (SID, password, rights, FirstName, LastName, email, homelayout) ";
				//DB $query .= "VALUES ('{$_POST['username']}','$md5pw',0,'{$_POST['firstname']}','{$_POST['lastname']}','{$_POST['email']}','$homelayout');";
				//DB mysql_query($query) or die("Query failed : " . mysql_error());
				//DB $newuserid = mysql_insert_id();
				$query = "INSERT INTO imas_users (SID, password, rights, FirstName, LastName, email, homelayout) ";
				$query .= "VALUES (:SID, :password, :rights, :FirstName, :LastName, :email, :homelayout);";
				$stm = $DBH->prepare($query);
				$stm->execute(array(':SID'=>$_POST['username'], ':password'=>$md5pw, ':rights'=>12, ':FirstName'=>$_POST['firstname'], ':LastName'=>$_POST['lastname'], ':email'=>$_POST['email'], ':homelayout'=>$homelayout));
				$newuserid = $DBH->lastInsertId();
				if (isset($CFG['GEN']['enrollonnewinstructor'])) {
					$valbits = array();
					foreach ($CFG['GEN']['enrollonnewinstructor'] as $ncid) {
					  $ncid = intval($ncid);
						$valbits[] = "($newuserid,$ncid)";
					}
					//DB $query = "INSERT INTO imas_students (userid,courseid) VALUES ".implode(',',$valbits);
					//DB mysql_query($query) or die("Query failed : " . mysql_error());

					$stm = $DBH->query("INSERT INTO imas_students (userid,courseid) VALUES ".implode(',',$valbits)); //known INTs - safe
				}
				$headers  = 'MIME-Version: 1.0' . "\r\n";
				$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
				$headers .= "From: $installname <$sendfrom>\r\n";
				$subject = "New Instructor Account Request";
				$message = "Name: {$_POST['firstname']} {$_POST['lastname']} <br/>\n";
				$message .= "Email: {$_POST['email']} <br/>\n";
				$message .= "School: {$_POST['school']} <br/>\n";
				$message .= "Phone: {$_POST['phone']} <br/>\n";
				$message .= "Username: {$_POST['username']} <br/>\n";
				mail($sendfrom,$subject,$message,$headers);

				$now = time();
				//DB $query = "INSERT INTO imas_log (time, log) VALUES ($now, 'New Instructor Request: $newuserid:: School: {$_POST['school']} <br/> Phone: {$_POST['phone']} <br/>')";
				//DB mysql_query($query) or die("Query failed : " . mysql_error());
				$stm = $DBH->prepare("INSERT INTO imas_log (time, log) VALUES (:now, :log)");
				$stm->execute(array(':now'=>$now, ':log'=>"New Instructor Request: $newuserid:: School: {$_POST['school']} <br/> Phone: {$_POST['phone']} <br/>"));


				$message = "<p>Your new account request has been sent.</p>  ";
				$message .= "<p>This request is processed by hand, so please be patient.</p>";
				mail($_POST['email'],$subject,$message,$headers);

				echo $message;
				require("footer.php");
				exit;
			}
		}
	}
	if (isset($_POST['firstname'])) {$firstname=$_POST['firstname'];} else {$firstname='';}
	if (isset($_POST['lastname'])) {$lasname=$_POST['lastname'];} else {$lastname='';}
	if (isset($_POST['email'])) {$email=$_POST['email'];} else {$email='';}
	if (isset($_POST['phone'])) {$phone=$_POST['phone'];} else {$phone='';}
	if (isset($_POST['school'])) {$school=$_POST['school'];} else {$school='';}
	if (isset($_POST['username'])) {$username=$_POST['username'];} else {$username='';}

	echo "<h3>New Instructor Account Request</h3>\n";
	echo "<form method=post action=\"newinstructor.php\">\n";
	echo "<span class=form>First Name</span><span class=formright><input type=text name=firstname value=\"$firstname\" size=40></span><br class=form />\n";
	echo "<span class=form>Last Name</span><span class=formright><input type=text name=lastname value=\"$lastname\" size=40></span><br class=form />\n";
	echo "<span class=form>Email Address</span><span class=formright><input type=text name=email value=\"$email\" size=40></span><br class=form />\n";
	echo "<span class=form>Phone Number</span><span class=formright><input type=text name=phone value=\"$phone\" size=40></span><br class=form />\n";
	echo "<span class=form>School/College</span><span class=formright><input type=text name=school value=\"$school\" size=40></span><br class=form />\n";
	echo "<span class=form>Requested Username</span><span class=formright><input type=text name=username value=\"$username\" size=40></span><br class=form />\n";
	echo "<span class=form>Requested Password</span><span class=formright><input type=password name=password size=40></span><br class=form />\n";
	echo "<span class=form>Retype Password</span><span class=formright><input type=password name=password2 size=40></span><br class=form />\n";
	echo "<span class=form>I have read and agree to the Terms of Use (below)</span><span class=formright><input type=checkbox name=agree></span><br class=form />\n";
	echo "<div class=submit><input type=submit value=\"Request Account\"></div>\n";
	echo "</form>\n";
	echo "<h4>Terms of Use</h4>\n";
	echo "<p><em>This software is made available with <strong>no warranty</strong> and <strong>no guarantees</strong>.  The ";
	echo "server or software might crash or mysteriously lose all your data.  Your account or this service may be terminated without warning.  ";
	echo "No official support is provided. </em></p>\n";
	echo "<p><em>Copyrighted materials should not be posted or used in questions without the permission of the copyright owner.  You shall be solely ";
	echo "responsible for your own user created content and the consequences of posting or publishing them.  This site expressly disclaims any and all liability in ";
	echo "connection with user created content.</em></p>";
	require("footer.php");
?>