diff -Naur drupal-4.6.2/modules/profile.module drupal-4.6.2-mod/modules/profile.module --- drupal-4.6.2/modules/profile.module 2005-05-31 21:30:07.000000000 -0700 +++ drupal-4.6.2-mod/modules/profile.module 2005-07-05 23:11:28.750553051 -0700 @@ -153,7 +153,7 @@ } function profile_save_profile(&$edit, &$user, $category) { - if (($_GET['q'] == 'user/register') ? 1 : 0) { + if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') { $result = db_query('SELECT fid, name, type FROM {profile_fields} WHERE register = 1 ORDER BY category, weight'); } else { @@ -250,7 +250,7 @@ function profile_form_profile($edit, $user, $category) { - if (($_GET['q'] == 'user/register') ? 1 : 0) { + if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') { $result = db_query('SELECT * FROM {profile_fields} WHERE register = 1 ORDER BY category, weight'); } else { @@ -350,7 +350,7 @@ function profile_validate_profile($edit, $category) { - if (($_GET['q'] == 'user/register') ? 1 : 0) { + if ($_GET['q'] == 'user/register' || $_GET['q'] == 'admin/user/create') { $result = db_query('SELECT * FROM {profile_fields} WHERE register = 1 ORDER BY category, weight'); } else { @@ -366,7 +366,7 @@ } } } - else if ($field->required && !user_access('administer users')) { + else if ($field->required) { form_set_error($field->name, t('The field %field is required.', array('%field' => theme('placeholder', $field->title)))); } } diff -Naur drupal-4.6.2/modules/user.module drupal-4.6.2-mod/modules/user.module --- drupal-4.6.2/modules/user.module 2005-06-01 13:16:04.000000000 -0700 +++ drupal-4.6.2-mod/modules/user.module 2005-07-05 23:02:55.608625576 -0700 @@ -960,8 +960,10 @@ function user_register($edit = array()) { global $user, $base_url; - // If we are already logged on, go to the user page instead. - if ($user->uid) { + $admin = user_access('administer users'); + + // If we aren't admin but already logged on, go to the user page instead. + if (!$admin && $user->uid) { drupal_goto('user/'. $user->uid); } @@ -970,15 +972,15 @@ if (!form_get_errors()) { $from = variable_get('site_mail', ini_get('sendmail_from')); - $pass = user_password(); + $pass = $admin ? $edit['pass'] : user_password(); // TODO: Is this necessary? Won't session_write() replicate this? unset($edit['session']); - if (array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session', 'status'))) { + if (!$admin && array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session', 'status'))) { watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING); drupal_goto('user/register'); } - $account = user_save('', array_merge($edit, array('pass' => $pass, 'init' => $edit['mail'], 'roles' => array(_user_authenticated_id()), 'status' => (variable_get('user_register', 1) == 1 ? 1 : 0)))); + $account = user_save('', array_merge($edit, array('pass' => $pass, 'init' => $edit['mail'], 'roles' => array('authenticated user' => _user_authenticated_id()), 'status' => $admin || variable_get('user_register', 1)))); watchdog('user', t('New user: %name %email.', array('%name' => theme('placeholder', $edit['name']), '%email' => theme('placeholder', '<'. $edit['mail'] .'>'))), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $account->uid .'/edit')); $variables = array('%username' => $edit['name'], '%site' => variable_get('site_name', 'drupal'), '%password' => $pass, '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $edit['mail'], '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE)); @@ -995,7 +997,12 @@ return form($output); } else { - if ($account->status) { + if ($admin) { + drupal_set_message(t('Created a new user account. No e-mail has been sent.')); + + drupal_goto('admin/user'); + } + else if ($account->status) { // Create new user account, no administrator approval required. $subject = _user_mail_text('welcome_subject', $variables); $body = _user_mail_text('welcome_body', $variables); @@ -1018,12 +1025,21 @@ // Display the registration form. $output .= variable_get('user_registration_help', ''); $affiliates = user_auth_help_links(); - if (count($affiliates) > 0) { + if (!$admin && count($affiliates) > 0) { $affiliates = implode(', ', $affiliates); $output .= '

'. t('Note: if you have an account with one of our affiliates (%s), you may login now instead of registering.', array('%s' => $affiliates, '%login_uri' => url('user'))) .'

'; } - $default = form_textfield(t('Username'), 'name', $edit['name'], 30, 64, t('Your full name or your preferred username; only letters, numbers and spaces are allowed.'), NULL, TRUE); - $default .= form_textfield(t('E-mail address'), 'mail', $edit['mail'], 30, 64, t('A password and instructions will be sent to this e-mail address, so make sure it is accurate.'), NULL, TRUE); + if ($admin) { + $descriptions = array('name' => t('Provide the username of the new account.'), 'mail' => t('Provide the e-mail address associated with the new account.'), 'pass' => t('Provide a password for the new account.')); + } + else { + $descriptions = array('name' => t('Your full name or your preferred username; only letters, numbers and spaces are allowed.'), 'mail' => t('A password and instructions will be sent to this e-mail address, so make sure it is accurate.')); + } + $default = form_textfield(t('Username'), 'name', $edit['name'], 30, 64, $descriptions['name'], NULL, TRUE); + $default .= form_textfield(t('E-mail address'), 'mail', $edit['mail'], 30, 64, $descriptions['mail'], NULL, TRUE); + if ($admin) { + $default .= form_password(t('Password'), 'pass', $edit['pass'], 30, 55, $descriptions['pass'], NULL, TRUE); + } $extra = _user_forms($edit, $account, $category, 'register'); // Only display form_group around default fields if there are other groups. if ($extra) { @@ -1090,7 +1106,7 @@ } // Validate the user roles: - if (user_access('administer users')) { + if (user_access('administer users') && $_GET['q'] != 'admin/user/create') { if (!$edit['roles']) { form_set_error('roles', t('You must select at least one role.')); $edit['roles'] = array(); @@ -1304,34 +1320,6 @@ return $output; } -function user_admin_create($edit = array()) { - - if ($edit) { - // Because the admin form doesn't have roles selection they need to be set to validate properly - $edit['roles'] = array(_user_authenticated_id() => 'authenticated user'); - user_module_invoke('validate', $edit, $edit, 'account'); - - if (!form_get_errors()) { - watchdog('user', t('New user: %name %email.', array('%name' => theme('placeholder', $edit['name']), '%email' => theme('placeholder', '<'. $edit['mail'] .'>')))); - - user_save('', array('name' => $edit['name'], 'pass' => $edit['pass'], 'init' => $edit['mail'], 'mail' => $edit['mail'], 'roles' => $edit['roles'], 'status' => 1)); - - drupal_set_message(t('Created a new user account. No e-mail has been sent.')); - - return; - } - } - - $output = form_textfield(t('Username'), 'name', $edit['name'], 30, 55, t('Provide the username of the new account.'), NULL, TRUE); - $output .= form_textfield(t('E-mail address'), 'mail', $edit['mail'], 30, 55, t('Provide the e-mail address associated with the new account.'), NULL, TRUE); - $output .= form_password(t('Password'), 'pass', $edit['pass'], 30, 55, t('Provide a password for the new account.'), NULL, TRUE); - $output .= form_submit(t('Create account')); - - $output = form_group(t('Create new user account'), $output); - - return form($output); -} - /** * Menu callback: check an access rule */ @@ -1687,9 +1675,9 @@ case t('Search'): $output = search_form(url('admin/user/search'), $_POST['edit']['keys'], 'user') . search_data($_POST['edit']['keys'], 'user'); break; - case t('Create account'): + case t('Create new account'): case 'create': - $output = user_admin_create($edit); + $output = user_register($edit); break; default: $output = user_admin_account();