[Phplib-users] User Self-Registration

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Some years ago Daniel Cunningham wrote:

(this is an extract from the original message:
http://marc.theaimsgroup.com/?l=phplib&m=94101973230198 )

>    ...
>

>    I'd like for my users to be able to push a button and go to another
>    form and setup a username/password for their account.  In
>    other words, self-registration, using a form, and overrides of the
>    auth_registerform()  and auth_doregister() methods.

>    There are great examples of the former ( auth_loginform() and
>    auth_validatelogin()  ) but not the latter ( auth_registerform()
>    and auth_doregister() ).  There are also examples for an admin
>    type user to add user records, but that's not what we want.

>    We just want a form with straight-forward self-service non-privileged
>    "enter your own test username and password" , and once we've
>    validated the username against other entries in the auth_users table,
>    we would setup a username/password and priv="user" entry.

>    And also hopefully synchronize this auth_user entry with the
>    existing session ID so that the user is not forced to re-login via
>    the auth_login() and auth_validatelogin() methods.

Im interested in the same. Finally he ofers us his own implementation. Has
anybody a better solution? anymore about it?

Thanks in advance.  Sorry for my english, my spanish is better.

    Virilo Tejedor. Email: vi...@su...

(See original message in
http://marc.theaimsgroup.com/?l=phplib&m=94116860709576 )

Hi All:

Regarding the user self-registration, I am glad to see other
developers were wondering the same.  Before I received the
example from Mr. Masserelli, I pushed through with my own
code to get the same effect.  But I am not confident that I
worked entirely with the flow of how things are done in PHPLIB,
so I am eager to review Mr. Masserelli's work.

Here's how I (ahem) "solved" it for our particular application:

   (1) 	We already had routines to register information
	on "customers" (using a different table than
	the PHPLIB user object does).  In one of these
	routines, I do the following:

<?php
  require( "../include/nbdcPhpLib-7/php/prepend.php3" );
  page_open( array(	"sess" => "nbdcSession",
			"auth" => "nbdcAuth",
			"perm" => "nbdcPerm" ) );
?>

<?php
  // We do more stuff, and we include a file with this
  // code inside its "createInitialAccount(...) routine.
?>

<?php

	// Inside the utilityTblCustomers.inc file, we call
	// this createInitialAccount(...) routine:

function createInitialAccount(	$strTestLID,	// Login ID
				$strTestPWD, 	// Password
				$strTestReminder )
{
	global	$bDebug;
	global	$nbdcSession;
	global	$sess;

	if ( $bDebug )
	{
		print( "\n<BR>Entering createInitialAccount..." );
		echo "\n<BR>nbdcSession=$nbdcSession";
		echo "\n<BR>strTestLID=$strTestLID";
		echo "\n<BR>strTestPWD=$strTestPWD";
		echo "\n<BR>strTestReminder=$strTestReminder";
	}

    	// $u_id = md5( uniqid( $nbdcSession ) );
    	$u_id = $nbdcSession;

	// Assume the proposed op will fail!
	$bIsValid = FALSE;

	if ( testUniqueLID( $strTestLID, 0 ) == TRUE )
	{
		// String-ify (and eliminate spurious quotes in) the SQL fields:
		$fieldUID = s( $u_id );
		$fieldLID = s( $strTestLID );
		$fieldPWD = s( $strTestPWD );
		$fieldReminder = s( $strTestReminder );
		$fieldPerm = s( "user" );

		// Deal with the fact that we might be *modifying*
		// an account (especially if the user is clicking a
		// back button to perform a "re-do" on their info.
		if ( testUniqueUID( $nbdcSession, 0 ) == TRUE )
		{
			// Setup the query:
			$strQuery = "INSERT INTO auth_user VALUES ( ";
			$strQuery .= " $fieldUID ";
			$strQuery .= ", $fieldLID ";
			$strQuery .= ", $fieldPWD ";
			$strQuery .= ", $fieldReminder ";
			$strQuery .= ", $fieldPerm ";
			$strQuery .= " )";
		}
		else
		{
			$strQuery = "UPDATE auth_user SET ";
			$strQuery .= "  password = $fieldPWD";
			$strQuery .= ", reminder = $fieldReminder";
			$strQuery .= " WHERE username = $fieldLID";
		}

		// Prolog: Prepare for upcoming SQL calls!...
		openDBConnection();
			// NB: Ensure closeDBConnection() gets called!
			// NB This is a local routine, *not* PHPLIB code!

		// Output a pre-query diagnostic Trace in HTML:
		if ( $bDebug )
		{
			echo( "\n<P>Query = " ); echo( "\"$strQuery\"...<BR>" );
		}

		// Run the freakin' query, already!
		$result = doQuery( $strQuery );
		if ( $result )
		{
			$bIsValid = TRUE;
			$nResultingCustID = a( mysql_insert_id() );

			// Output a post-query diagnostic Trace in HTML:
			if ( $bDebug )
			{
				printf( "\n<BR>...created Customer ID: %d", $nResultingCustID );
			}

			// Make a new auth object so the newly
			// created username/password will NOT
			// be forced to re-login.  Note that we're
			// we push the expiration time forward
			// by a minute to avoid being invalidated.
			// This whole section needs review to
			// make sure it's being done the "best"
			// way for working within PHPLIB!...
			global $auth;
			$auth = new nbdcAuth;

			$auth->auth["uname"] = $fieldLID;
			$auth->auth["uid"] = $fieldUID;

			$tsNewTime = time() + 600;
			$auth->auth["exp"] = $tsNewTime;
			$auth->auth["perm"] = "user";

			$sess->register("auth");

		}
		else
		{
			print "\n<BR>Could not initiate creation of customer account!";
		}

		// Epilogue: Close the connection AFTER the table is displayed
		closeDBConnection(); // Equiv. to: mysql_close();

	} // end of re-test for testUniqueLID(...)

	if ( $bDebug )
	{
		print( "\n<BR>...Exiting createInitialAccount." );
	}

	return $bIsValid;

} // end of function createInitialAccount(...)

?>

Also, more thought need to be given to users who "go back"
in their page sequences to "correct" things.  For example,
at our site, we pre-validate the proposed login ID by checking
it against existing usernames.  Well, if the user decides to
click back, then our local testUniqueLID(...) routine will fail.
This is easily corrected with a parallel routine

	function createInitialAccount(	$strTestLID,	// Login ID
					$strTestPWD, 	// Password
					$strTestReminder )

	that makes a call to test for the existing (hopefully)
	singleton Login ID, namely:

		if ( testUniqueUID( $nbdcSession, 1 ) == TRUE )

	...instead of:

		if ( testUniqueUID( $nbdcSession, 0 ) == TRUE )

Hopefully, we'll get to that soon.

If anyone would like details, I could make it available within
a few more days (as soon as the site I am working on this
for is done with its "shake down" of the initial development
phase)?

But actually, I am hoping to re-do this in a more "elegant"
manner, once I understand PHPLIB better (in other words,
I feel like I brute-forced it instead of finessing it!).

Thanks to everybody for the help they provided.  My thoughts?
PHPLIB is pretty damn "Kewel" (as we say out here on the
west coast of California).

Uhhhhh, that's a good thing!   :-)

-- Daniel Cunningham