You are here

Home » API reference » Subuser 6 » subuser.pages.inc

function subuser_create_form_submit in Subuser 6

Modified copy of user_register_submit().

Just changed permission line, and removed uid == 1 case, which should never occur.

File

./subuser.pages.inc, line 269
Allows users of a particular role to create sub user account in another role.

Code

function subuser_create_form_submit($form, &$form_state) {
  global $base_url;
  $admin = user_access('create subuser');
  $mail = $form_state['values']['mail'];
  $name = $form_state['values']['name'];
  if (!variable_get('user_email_verification', TRUE) || $admin) {
    $pass = $form_state['values']['pass'];
  }
  else {
    $pass = user_password();
  }
  $notify = isset($form_state['values']['notify']) ? $form_state['values']['notify'] : NULL;
  $from = variable_get('site_mail', ini_get('sendmail_from'));
  if (isset($form_state['values']['roles'])) {

    // Remove unset roles.
    $roles = array_filter($form_state['values']['roles']);
  }
  else {
    $roles = array();
  }
  $parent_user_id = $form_state['values']['parent_user'];
  $parent_user = user_load($parent_user_id);
  $can_copy_parent_roles = variable_get('subuser_copy_parent_roles', 0);
  if ($can_copy_parent_roles) {
    $exempt_role = variable_get('subuser_cascade_exempt_rid', NULL);
    $parent_roles = $parent_user->roles;

    // Remove exempt role if it exists.
    if (!empty($exempt_role) && array_key_exists($exempt_role, $parent_roles)) {
      unset($parent_roles[$exempt_role]);
    }
    $roles += $parent_roles;
  }

  // Provide a hook to allow other modules a chance to change the roles as they see fit.
  foreach (module_implements('subuser_create_alter_roles') as $module) {
    $func = $module . '_subuser_create_alter_roles';
    $func($roles, $parent_user);
  }
  if (!$admin && array_intersect(array_keys($form_state['values']), array(
    'uid',
    'roles',
    'init',
    'session',
    'status',
  ))) {
    watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING);
    $form_state['redirect'] = 'user/register';
    return;
  }

  // The unset below is needed to prevent these form values from being saved as
  // user data.
  unset($form_state['values']['form_token'], $form_state['values']['submit'], $form_state['values']['op'], $form_state['values']['notify'], $form_state['values']['form_id'], $form_state['values']['affiliates'], $form_state['values']['destination']);
  $merge_data = array(
    'pass' => $pass,
    'init' => $mail,
    'roles' => $roles,
  );
  if (!$admin) {

    // Set the user's status because it was not displayed in the form.
    $merge_data['status'] = variable_get('user_register', 1) == 1;
  }
  $account = user_save('', array_merge($form_state['values'], $merge_data));

  // Terminate if an error occured during user_save().
  if (!$account) {
    drupal_set_message(t("Error saving user account."), 'error');
    $form_state['redirect'] = '';
    return;
  }
  $form_state['user'] = $account;
  watchdog('user', 'New user: %name (%email).', array(
    '%name' => $name,
    '%email' => $mail,
  ), WATCHDOG_NOTICE, l(t('edit'), 'user/' . $account->uid . '/edit'));

  // Add plain text password into user account to generate mail tokens.
  $account->password = $pass;
  if ($admin && !$notify) {
    drupal_set_message(t('Created a new user account for <a href="@url">%name</a>. No e-mail has been sent.', array(
      '@url' => url("user/{$account->uid}"),
      '%name' => $account->name,
    )));
  }
  elseif (!variable_get('user_email_verification', TRUE) && $account->status && !$admin) {

    // No e-mail verification is required, create new user account, and login
    // user immediately.
    _user_mail_notify('register_no_approval_required', $account);
    if (user_authenticate(array_merge($form_state['values'], $merge_data))) {
      drupal_set_message(t('Registration successful. You are now logged in.'));
    }
    $form_state['redirect'] = '';
    return;
  }
  elseif ($account->status || $notify) {

    // Create new user account, no administrator approval required.
    $op = $notify ? 'register_admin_created' : 'register_no_approval_required';
    _user_mail_notify($op, $account);
    if ($notify) {
      drupal_set_message(t('Password and further instructions have been e-mailed to the new user <a href="@url">%name</a>.', array(
        '@url' => url("user/{$account->uid}"),
        '%name' => $account->name,
      )));
    }
    else {
      drupal_set_message(t('Your password and further instructions have been sent to your e-mail address.'));
      $form_state['redirect'] = '';
      return;
    }
  }
  else {

    // Create new user account, administrator approval required.
    _user_mail_notify('register_pending_approval', $account);
    drupal_set_message(t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.<br />In the meantime, a welcome message with further instructions has been sent to your e-mail address.'));
    $form_state['redirect'] = '';
    return;
  }
}