new StringType('username', 32), 'email' => new StringType('email', 64), )); $this->csrfTokenRequired = true; $this->loginRequired = true; $this->requiredGroup = USER_GROUP_ADMIN; } public function execute($values = array()) { if(!parent::execute($values)) { return false; } $username = $this->getParam('username'); $email = $this->getParam('email'); if (!$this->userExists($username, $email) || !$this->success) { return false; } //add to DB $token = generateRandomString(36); $valid_until = (new DateTime())->modify("+48 hour"); $sql = $this->user->getSQL(); $res = $sql->insert("UserInvitation", array("username", "email", "token", "valid_until")) ->addRow($username, $email, $token, $valid_until) ->execute(); $this->success = ($res !== FALSE); $this->lastError = $sql->getLastError(); //send validation mail if($this->success) { $request = new SendMail($this->user); $link = "http://localhost/acceptInvitation?token=$token"; $this->success = $request->execute(array( "from" => "webmaster@romanh.de", "to" => $email, "subject" => "Account Invitation for web-base@localhost", "body" => "Hello,
you were invited to create an account on web-base@localhost. Click on the following link to confirm the registration, it is 48h valid from now. If the invitation was not intended, you can simply ignore this email.

$link" ) ); $this->lastError = $request->getLastError(); } return $this->success; } private function userExists($username, $email) { $sql = $this->user->getSQL(); $res = $sql->select("User.name", "User.email") ->from("User") ->where(new Compare("User.name", $username), new Compare("User.email", $email)) ->execute(); $this->success = ($res !== FALSE); $this->lastError = $sql->getLastError(); if ($this->success && !empty($res)) { $row = $res[0]; if (strcasecmp($username, $row['name']) === 0) { return $this->createError("This username is already taken."); } else if (strcasecmp($username, $row['email']) === 0) { return $this->createError("This email address is already in use."); } } return $this->success; } }