Fixes #617, #2271 User validation removed from core to UserValidationByEmail plugin. Without a validation plugin, users can login immediately.

Fixes #2243 Removed "You have validated your email" email. Users are logged in immediately after registration or validating email.
Refs #2409 Added register, user plugin hook that is called only on self registration. Can be used to halt registration.


git-svn-id: http://code.elgg.org/elgg/trunk@6983 36083f99-b078-4883-b0ff-0f9b5a30f544

1 files changed, 28 insertions, 30 deletions

diff --git a/actions/register.php b/actions/register.php
index a5043fed9..9c4efa9f6 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -2,10 +2,8 @@
 /**
  * Elgg registration action
  *
- * @package Elgg
- * @subpackage Core
- * @author Curverider Ltd
- * @link http://elgg.org/
+ * @package Elgg.Core
+ * @subpackage User.Account
  */
 
 global $CONFIG;
@@ -19,11 +17,6 @@ $name = get_input('name');
 $friend_guid = (int) get_input('friend_guid',0);
 $invitecode = get_input('invitecode');
 
-$admin = get_input('admin');
-if (is_array($admin)) {
-	$admin = $admin[0];
-}
-
 if ($CONFIG->allow_registration) {
 	try {
 		if (trim($password) == "" || trim($password2) == "") {
@@ -35,37 +28,41 @@ if ($CONFIG->allow_registration) {
 		}
 
 		$guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode);
+
 		if ($guid) {
 			$new_user = get_entity($guid);
 
-			// @todo - consider removing registering admins since this is done
-			// through the useradd action
-			if (($guid) && ($admin)) {
-				// Only admins can make someone an admin
-				admin_gatekeeper();
-				$new_user->makeAdmin();
-			}
-
-			// Send user validation request on register only
-			global $registering_admin;
-			if (!$registering_admin) {
-				request_user_validation($guid);
-			}
+			// allow plugins to respond to self registration
+			// note: To catch all new users, even those created by an admin,
+			// register for the create, user event instead.
+			// only passing vars that aren't in ElggUser.
+			$params = array(
+				'user' => $new_user,
+				'password' => $password,
+				'friend_guid' => $friend_guid,
+				'invitecode' => $invitecode
+			);
 
+			// if this user is admin, that means it was the first
+			// registered user.  Don't trigger this hook.
+			// @todo This can be removed in the new installer
 			if (!$new_user->isAdmin()) {
-				// Now disable if not an admin
-				// Don't do a recursive disable.  Any entities owned by the user at this point
-				// are products of plugins that hook into create user and might need
-				// access to the entities.
-				$new_user->disable('new_user', false);
+				// @todo should registration be allowed no matter what the plugins return?
+				if (!trigger_plugin_hook('register', 'user', $params, TRUE)) {
+					$new_user->delete();
+					// @todo this is a generic messages. We could have plugins
+					// throw a RegistrationException, but that is very odd
+					// for the plugin hooks system.
+					throw new RegistrationException(elgg_echo('registerbad'));
+				}
 			}
 
-			system_message(sprintf(elgg_echo("registerok"),$CONFIG->sitename));
+			system_message(sprintf(elgg_echo("registerok"), $CONFIG->sitename));
 
 			// Forward on success, assume everything else is an error...
 			// If just registered admin user, login the user in and forward to the
 			// plugins simple settings page.
-			if (!datalist_get('first_admin_login')) {
+			if (!datalist_get('first_admin_login') && $new_user->isAdmin()) {
 				login($new_user);
 				// remove the "you've registered!" system_message();
 				$_SESSION['msg']['messages'] = array();
@@ -76,6 +73,7 @@ if ($CONFIG->allow_registration) {
 				datalist_set('first_admin_login', time());
 				forward('pg/admin/plugins/simple');
 			} else {
+				login($new_user);
 				forward();
 			}
 		} else {
@@ -88,4 +86,4 @@ if ($CONFIG->allow_registration) {
 	register_error(elgg_echo('registerdisabled'));
 }
 
-forward(REFERER);
+forward(REFERER);
\ No newline at end of file