Now we want to do such a survey and save the database. We are using the plugin loginbyemailonly and change the file register.php (views \ default \ Account \ forms \ register.php) which was created in the fields. And the file register.php (actions \ register.php) we have a code that takes data from the form and teriocamente runs to save the database. It also created the fields in the database. It's just not safe.
code REGISTER.PHP in VIEW
$username = get_input('u');
$email = get_input('e');
$name = get_input('n');
$admin_option = false;
$loggedin_user = get_loggedin_user();
if ($loggedin_user && $loggedin_user->isAdmin() && isset($vars['show_admin'])) {
$admin_option = true;
}
$form_body = "<p><label>" . elgg_echo('name') . "<br />" . elgg_view('input/text' , array('internalname' => 'name', 'class' => "general-textarea", 'value' => $name)) . "</label><br />";
$form_body .= "<label>" . elgg_echo('email') . "<br />" . elgg_view('input/text' , array('internalname' => 'email', 'class' => "general-textarea", 'value' => $email)) . "</label><br />";
//$form_body .= "<label>" . elgg_echo('username') . "<br />" . elgg_view('input/text' , array('internalname' => 'username', 'class' => "general-textarea", 'value' => $username)) . "</label><br />";
$form_body .= "<label>" . elgg_echo('password') . "<br />" . elgg_view('input/password' , array('internalname' => 'password', 'class' => "general-textarea")) . "</label><br />";
$form_body .= "<label>" . elgg_echo('passwordagain') . "<br />" . elgg_view('input/password' , array('internalname' => 'password2', 'class' => "general-textarea")) . "</label><br />";
// - ucrz i 18/09/2010 i 19:26
$form_body .= "
<script>
function abrir1(){ document.getElementById('perguntas').style.display='block'; document.getElementById('ver1').style.display='block'; document.getElementById('ver2').style.display='none'; }
function abrir2(){ document.getElementById('perguntas').style.display='block'; document.getElementById('ver2').style.display='block'; document.getElementById('ver1').style.display='none'; }
</script>
";
$form_body .= elgg_echo('<label>Você é profissional de tradução</label><br />');
$form_body .= elgg_echo('<input name="p1" id="p1" type="radio" value="s" onclick="abrir1()" /> Sim <input name="p1" id="p1" type="radio" value="n" onclick="abrir2()" /> Não<br />');
$form_body .= "<div id=\"perguntas\" style=\"display:none; background:#f8f8f8; padding:10px;\">";
// fluxo caso sim
$form_body .= "<div id=\"ver1\" style=\"display:none;\">";
$form_body .= elgg_echo('<label>Você é um tradutor juramentado?</label><br />');
$form_body .= elgg_echo('<input name="p2" id="p2" type="radio" value="sim" /> Sim <input name="p2" id="p2" type="radio" value="não" /> Não<br /><br />');
$form_body .= "<label> Para quais idiomais você traduz?<br />" . elgg_view('input/text' , array('internalname' => 'p3', 'class' => "general-textarea", 'value' => '')) . "</label><br />";
$form_body .= "<label> Com que frequência você recebe trabalhos para traduzir?<br />" . elgg_view('input/text' , array('internalname' => 'p4', 'class' => "general-textarea", 'value' => '')) . "</label><br />";
$form_body .= "</div>";
// fluxo caso não
$form_body .= "<div id=\"ver2\" style=\"display:none;\"><br />";
$form_body .= "<label> Indique quais são suas áreas de interesse<br />" . elgg_view('input/text' , array('internalname' => 'p5', 'class' => "general-textarea", 'value' => '')) . "</label><br />";
$form_body .= "</div>";
$form_body .= "</div>";
// ucrz f 19/09/2010 f 19:26
// Add captcha hook
$form_body .= elgg_view('input/captcha');
if ($admin_option) {
$form_body .= elgg_view('input/checkboxes', array('internalname' => "admin", 'options' => array(elgg_echo('admin_option'))));
}
// view to extend to add more fields to the registration form
$form_body .= elgg_view('register/extend');
$form_body .= elgg_view('input/hidden', array('internalname' => 'friend_guid', 'value' => $vars['friend_guid']));
$form_body .= elgg_view('input/hidden', array('internalname' => 'invitecode', 'value' => $vars['invitecode']));
$form_body .= elgg_view('input/hidden', array('internalname' => 'action', 'value' => 'register'));
$form_body .= elgg_view('input/submit', array('internalname' => 'submit', 'value' => elgg_echo('register'))) . "</p>";
?>
<div id="register-box" style="border:1px solid #000;">
<h2><?php echo elgg_echo('register'); ?></h2>
<?php echo elgg_view('input/form', array('action' => "{$vars['url']}action/register", 'body' => $form_body)) ?>
</div>
code REGISTer.PHP in ACTION
// ucrz i 19/11/2010 14:55
global $CONFIG;
//moved to the top for error handeling
$qs = explode('?',$_SERVER['HTTP_REFERER']);
$qs = $qs[0];
$qs .= "?u=" . urlencode($username) . "&e=" . urlencode($email) . "&n=" . urlencode($name) . "&friend_guid=" . $friend_guid;
// Get variables
$password = get_input('password');
$password2 = get_input('password2');
$email = get_input('email');
$name = get_input('name');
$friend_guid = (int) get_input('friend_guid',0);
$invitecode = get_input('invitecode');
//-------------------------
$pp1 = get_input('p1');
$pp2 = get_input('p2');
$pp3 = get_input('p3');
$pp4 = get_input('p4');
$pp5 = get_input('p5');
//-------------------------
//Lets add in some real error handeling.. why not
if(strlen($name)<2){
register_error(elgg_echo('register:error:nameshort'));
forward($qs);
die();
}
if(strlen($email)<3){
register_error(elgg_echo('register:error:emailshort'));
forward($qs);
die();
}
if(strlen($password)<3 || strlen($password2)<3 ){
register_error(elgg_echo('register:error:passwordshort'));
forward($qs);
die();
}
if($password != $password2){
register_error(elgg_echo('register:error:passwordmatch'));
forward($qs);
die();
}
if(get_user_by_email($email) != false){
register_error(elgg_echo('register:error:emailtaken'));
forward($qs);
die();
}
//generate username
$username = $name;
$username = strToLower(preg_replace("/[^a-zA-Z]/", "", $username));
$uNum="";
while(get_user_by_username($username.$uNum)!==false){
$uNum++;
}
$username.=$uNum;
$admin = get_input('admin');
if (is_array($admin)) {
$admin = $admin[0];
}
if (!$CONFIG->disable_registration) {
// For now, just try and register the user
try {
$guid = register_user($username, $password, $name, $email, $friend_guid, $invitecode, $invitecode, $pp1, $pp2, $pp3, $pp4, $pp5, false);
if (((trim($password) != "") && (strcmp($password, $password2) == 0)) && ($guid)) {
$new_user = get_entity($guid);
if (($guid) && ($admin)) {
// Only admins can make someone an admin
admin_gatekeeper();
$new_user->makeAdmin();
}
// Send user validation request on register only
global $registering_admin;
if (!$registering_admin) {
request_user_validation($guid);
}
if (!$new_user->isAdmin()) {
// Now disable if not an admin
// Don't do a recursive disable. Any entities owned by the user at this point
// are products of plugins that hook into create user and might need
// access to the entities.
$new_user->disable('new_user', false);
}
system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename));
// Forward on success, assume everything else is an error...
forward();
} else {
register_error(elgg_echo("registerbad"));
}
} catch (RegistrationException $r) {
register_error($r->getMessage());
}
} else {
register_error(elgg_echo('registerdisabled'));
}
forward($qs);
// ucrz f 19/11/2010 14:55
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
- Cash@costelloc
Cash - 0 likes
You must log in to post replies.If you want to save information to the database with Elgg, you'll need to learn Elgg's data model including how to save metadata. See the Elgg Docs (the wiki).