Index: modules/user.module =================================================================== RCS file: /cvs/drupal/drupal/modules/user.module,v retrieving revision 1.484 diff -u -F^f -r1.484 user.module --- modules/user.module 21 Jun 2005 18:58:27 -0000 1.484 +++ modules/user.module 25 Jun 2005 22:22:50 -0000 @@ -1021,8 +1021,10 @@ function user_pass_rehash($password, $ti function user_register($edit = array()) { global $user, $base_url; - // If we are already logged on, go to the user page instead. - if ($user->uid) { + $admin = user_access('administer users'); + + // If we aren't admin but already logged on, go to the user page instead. + if (!$admin && $user->uid) { drupal_goto('user/'. $user->uid); } @@ -1031,15 +1033,15 @@ function user_register($edit = array()) if (!form_get_errors()) { $from = variable_get('site_mail', ini_get('sendmail_from')); - $pass = user_password(); + $pass = $admin ? $edit['pass'] : user_password(); // TODO: Is this necessary? Won't session_write() replicate this? unset($edit['session']); - if (array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session', 'status'))) { + if (!$admin && array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session', 'status'))) { watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING); drupal_goto('user/register'); } - $account = user_save('', array_merge($edit, array('pass' => $pass, 'init' => $edit['mail'], 'roles' => array(_user_authenticated_id()), 'status' => (variable_get('user_register', 1) == 1 ? 1 : 0)))); + $account = user_save('', array_merge($edit, array('pass' => $pass, 'init' => $edit['mail'], 'roles' => array('authenticated user' => _user_authenticated_id()), 'status' => $admin || variable_get('user_register', 1)))); watchdog('user', t('New user: %name %email.', array('%name' => theme('placeholder', $edit['name']), '%email' => theme('placeholder', '<'. $edit['mail'] .'>'))), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $account->uid .'/edit')); $variables = array('%username' => $edit['name'], '%site' => variable_get('site_name', 'drupal'), '%password' => $pass, '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $edit['mail'], '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE), '%login_url' => user_pass_reset_url($account)); @@ -1056,7 +1058,12 @@ function user_register($edit = array()) return form($output); } else { - if ($account->status) { + if ($admin) { + drupal_set_message(t('Created a new user account. No e-mail has been sent.')); + + drupal_goto('admin/user'); + } + else if ($account->status) { // Create new user account, no administrator approval required. $subject = _user_mail_text('welcome_subject', $variables); $body = _user_mail_text('welcome_body', $variables); @@ -1079,12 +1086,21 @@ function user_register($edit = array()) // Display the registration form. $output .= variable_get('user_registration_help', ''); $affiliates = user_auth_help_links(); - if (count($affiliates) > 0) { + if (!$admin && count($affiliates) > 0) { $affiliates = implode(', ', $affiliates); $output .= '

'. t('Note: if you have an account with one of our affiliates (%s), you may login now instead of registering.', array('%s' => $affiliates, '%login_uri' => url('user'))) .'

'; } - $default = form_textfield(t('Username'), 'name', $edit['name'], 30, 64, t('Your full name or your preferred username; only letters, numbers and spaces are allowed.'), NULL, TRUE); - $default .= form_textfield(t('E-mail address'), 'mail', $edit['mail'], 30, 64, t('A password and instructions will be sent to this e-mail address, so make sure it is accurate.'), NULL, TRUE); + if ($admin) { + $descriptions = array('name' => t('Provide the username of the new account.'), 'mail' => t('Provide the e-mail address associated with the new account.'), 'pass' => t('Provide a password for the new account.')); + } + else { + $descriptions = array('name' => t('Your full name or your preferred username; only letters, numbers and spaces are allowed.'), 'mail' => t('A password and instructions will be sent to this e-mail address, so make sure it is accurate.')); + } + $default = form_textfield(t('Username'), 'name', $edit['name'], 30, 64, $descriptions['name'], NULL, TRUE); + $default .= form_textfield(t('E-mail address'), 'mail', $edit['mail'], 30, 64, $descriptions['mail'], NULL, TRUE); + if ($admin) { + $default .= form_password(t('Password'), 'pass', $edit['pass'], 30, 55, $descriptions['pass'], NULL, TRUE); + } $extra = _user_forms($edit, $account, $category, 'register'); // Only display form_group around default fields if there are other groups. if ($extra) { @@ -1151,7 +1167,7 @@ function user_edit_validate($uid, &$edit } // Validate the user roles: - if (user_access('administer users')) { + if (user_access('administer users') && $_GET['q'] != 'admin/user/create') { if (!$edit['roles']) { form_set_error('roles', t('You must select at least one role.')); $edit['roles'] = array(); @@ -1365,34 +1381,6 @@ function user_configure_settings() { return $output; } -function user_admin_create($edit = array()) { - - if ($edit) { - // Because the admin form doesn't have roles selection they need to be set to validate properly - $edit['roles'] = array(_user_authenticated_id() => 'authenticated user'); - user_module_invoke('validate', $edit, $edit, 'account'); - - if (!form_get_errors()) { - watchdog('user', t('New user: %name %email.', array('%name' => theme('placeholder', $edit['name']), '%email' => theme('placeholder', '<'. $edit['mail'] .'>')))); - - user_save('', array('name' => $edit['name'], 'pass' => $edit['pass'], 'init' => $edit['mail'], 'mail' => $edit['mail'], 'roles' => $edit['roles'], 'status' => 1)); - - drupal_set_message(t('Created a new user account. No e-mail has been sent.')); - - drupal_goto('admin/user'); - } - } - - $output = form_textfield(t('Username'), 'name', $edit['name'], 30, 55, t('Provide the username of the new account.'), NULL, TRUE); - $output .= form_textfield(t('E-mail address'), 'mail', $edit['mail'], 30, 55, t('Provide the e-mail address associated with the new account.'), NULL, TRUE); - $output .= form_password(t('Password'), 'pass', $edit['pass'], 30, 55, t('Provide a password for the new account.'), NULL, TRUE); - $output .= form_submit(t('Create account')); - - $output = form_group(t('Create new user account'), $output); - - return form($output); -} - /** * Menu callback: check an access rule */ @@ -1753,9 +1741,9 @@ function user_admin() { case t('Search'): $output = search_form(url('admin/user/search'), $_POST['edit']['keys'], 'user') . search_data($_POST['edit']['keys'], 'user'); break; - case t('Create account'): + case t('Create new account'): case 'create': - $output = user_admin_create($edit); + $output = user_register($edit); break; default: $output = user_admin_account(); Index: modules/profile.module =================================================================== RCS file: /cvs/drupal/drupal/modules/profile.module,v retrieving revision 1.99 diff -u -F^f -r1.99 profile.module --- modules/profile.module 6 Jun 2005 14:07:04 -0000 1.99 +++ modules/profile.module 25 Jun 2005 22:22:51 -0000 @@ -215,7 +215,7 @@ function profile_load_profile(&$user) { } function profile_save_profile(&$edit, &$user, $category) { - if (($_GET['q'] == 'user/register') ? 1 : 0) { + if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') { $result = db_query('SELECT fid, name, type FROM {profile_fields} WHERE register = 1 AND visibility != %d ORDER BY category, weight', PROFILE_HIDDEN); } else { @@ -316,7 +316,7 @@ function _profile_form_explanation($fiel function profile_form_profile($edit, $user, $category) { - if (($_GET['q'] == 'user/register') ? 1 : 0) { + if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') { $result = db_query('SELECT * FROM {profile_fields} WHERE register = 1 ORDER BY category, weight'); } else { @@ -416,7 +416,7 @@ function _profile_map_month($month) { function profile_validate_profile($edit, $category) { - if (($_GET['q'] == 'user/register') ? 1 : 0) { + if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') { $result = db_query('SELECT * FROM {profile_fields} WHERE register = 1 ORDER BY category, weight'); } else {