Add account registration feature

account.php

+<?php
+/*********************************************************************
+    profile.php
+
+    Manage client profile. This will allow a logged-in user to manage
+    his/her own public (non-internal) information
+
+    Peter Rotich <peter@osticket.com>
+    Jared Hancock <jared@osticket.com>
+    Copyright (c)  2006-2013 osTicket
+    http://www.osticket.com
+
+    Released under the GNU General Public License WITHOUT ANY WARRANTY.
+    See LICENSE.TXT for details.
+
+    vim: expandtab sw=4 ts=4 sts=4:
+    $Id: $
+**********************************************************************/
+require 'client.inc.php';
+
+$inc = 'register.inc.php';
+
+if (!$cfg || !$cfg->isClientRegistrationEnabled()) {
+    Http::redirect('index.php');
+}
+
+elseif ($_POST) {
+    $errors = array();
+    $user_form = UserForm::getUserForm()->getForm($_POST);
+    if (!$user_form->isValid(function($f) { return !$f->get('internal'); }))
+        $errors['err'] = 'Incomplete client information';
+    elseif (!$_POST['passwd1'])
+        $errors['passwd1'] = 'New password required';
+    elseif ($_POST['passwd2'] != $_POST['passwd1'])
+        $errors['passwd1'] = 'Passwords do not match';
+
+    elseif (!($user=User::fromForm($user_form)))
+        $errors['err'] = 'Unable to register account. See messages below';
+    else {
+        if (!($acct = ClientAccount::createForUser($user)))
+            $errors['err'] = 'Internal error. Unable to create new account';
+        elseif (!$acct->update($_POST, $errors))
+            $errors['err'] = 'Errors configuring your profile. See messages below';
+    }
+
+    if (!$errors) {
+        switch ($_POST['do']) {
+        case 'create':
+            $inc = 'register.confirm.inc.php';
+        }
+    }
+
+    if ($errors && $user)
+        $user->delete();
+}
+
+include(CLIENTINC_DIR.'header.inc.php');
+include(CLIENTINC_DIR.$inc);
+include(CLIENTINC_DIR.'footer.inc.php');
+

include/class.client.php

@@ -420,12 +420,14 @@ class ClientAccount extends ClientAccountModel {
                     $errors['err'] =
                         'Invalid reset token. Logout and try again';
             }
-            elseif (!$vars['cpasswd'])
-                $errors['cpasswd']='Current password required';
-            elseif (!$this->hasCurrentPassword($vars['cpasswd']))
-                $errors['cpasswd']='Invalid current password!';
-            elseif (!strcasecmp($vars['passwd1'], $vars['cpasswd']))
-                $errors['passwd1']='New password MUST be different from the current password!';
+            elseif ($this->get('passwd')) {
+                if (!$vars['cpasswd'])
+                    $errors['cpasswd']='Current password required';
+                elseif (!$this->hasCurrentPassword($vars['cpasswd']))
+                    $errors['cpasswd']='Invalid current password!';
+                elseif (!strcasecmp($vars['passwd1'], $vars['cpasswd']))
+                    $errors['passwd1']='New password MUST be different from the current password!';
+            }
         }
 
         if (!$vars['timezone_id'])
@@ -447,6 +449,10 @@ class ClientAccount extends ClientAccountModel {
         return $this->save();
     }
 
+    static function createForUser($user) {
+        return static::create(array('user_id'=>$user->getId()));
+    }
+
     static function lookupByUsername($username) {
         if (strpos($username, '@') !== false)
             $user = self::lookup(array('user__emails__address'=>$username));

include/class.config.php

@@ -241,6 +241,10 @@ class OsticketConfig extends Config {
         return $this->get('db_tz_offset');
     }
 
+    function getDefaultTimezoneId() {
+        return $this->get('default_timezone_id');
+    }
+
     /* Date & Time Formats */
     function observeDaylightSaving() {
         return ($this->get('enable_daylight_saving'));
@@ -523,6 +527,15 @@ class OsticketConfig extends Config {
         return $this->get('clients_only');
     }
 
+    function isClientRegistrationEnabled() {
+        return in_array($this->getClientRegistrationMode(),
+            array('public', 'auto'));
+    }
+
+    function getClientRegistrationMode() {
+        return $this->get('client_registration');
+    }
+
     function isCaptchaEnabled() {
         return (extension_loaded('gd') && function_exists('gd_info') && $this->get('enable_captcha'));
     }

include/class.user.php

@@ -292,6 +292,10 @@ class User extends UserModel {
             $this->set('updated', new SqlFunction('NOW'));
         return parent::save($refetch);
     }
+
+    function delete() {
+        return parent::delete() && $this->default_email->delete();
+    }
 }
 User::_inspect();
 

include/client/login.inc.php

@@ -7,7 +7,8 @@ $passwd=Format::input($_POST['lpasswd']?:$_GET['t']);
 <h1>Sign In</h1>
 <form action="login.php" method="post" id="clientLogin">
     <?php csrf_token(); ?>
-    <div style="width:50%;display:inline-block">
+<div style="display:table-row">
+    <div style="width:40%;display:table-cell">
     <strong><?php echo Format::htmlchars($errors['login']); ?></strong>
     <br>
     <div>
@@ -21,9 +22,17 @@ $passwd=Format::input($_POST['lpasswd']?:$_GET['t']);
     <p>
         <input class="btn" type="submit" value="Sign In">
     </p>
+    </div>
+<?php if ($cfg && $cfg->isClientRegistrationEnabled()) { ?>
+    <div style="display:table-cell;box-shadow: -9px 0 15px -12px rgba(0,0,0,0.3);padding-left: 2em;">
+        Not yet registered? <a href="account.php?do=create">Create an account</a>
+    </div>
+<?php } ?>
 </div>
 </form>
 <br>
 <p>
+<?php if ($cfg && !$cfg->isClientLoginRequired()) { ?>
 If this is your first time contacting us or you've lost the ticket number, please <a href="open.php">open a new ticket</a>.
+<?php } ?>
 </p>

include/client/register.confirm.inc.php

+<h1>Account Registration</h1>
+<p>
+<strong>Thanks for registering for an account.</strong>
+</p>
+<p>
+We've just sent you an email to the address you entered. Please follow the
+link in the email to confirm your account and gain access to your tickets.
+</p>
+

include/client/register.inc.php

+<?php
+$info = $_POST ?: array(
+    'timezone_id' => $cfg->getDefaultTimezoneId(),
+    'dst' => $cfg->observeDaylightSaving(),
+);
+?>
+<h1>Account Registration</h1>
+<p>
+Use the forms below to update the information we have on file for your
+account
+</p>
+<form action="account.php" method="post">
+  <?php csrf_token(); ?>
+  <input type="hidden" name="do" value="<?php echo $_REQUEST['do'] ?: 'create'; ?>" />
+<table width="800" class="padded">
+<?php
+    $cf = $user_form ?: UserForm::getInstance();
+    $cf->render(false);
+?>
+<tr>
+    <td colspan="2">
+        <div><hr><h3>Preferences</h3>
+        </div>
+    </td>
+</tr>
+    <td>Time Zone:</td>
+    <td>
+        <select name="timezone_id" id="timezone_id">
+            <?php
+            $sql='SELECT id, offset,timezone FROM '.TIMEZONE_TABLE.' ORDER BY id';
+            if(($res=db_query($sql)) && db_num_rows($res)){
+                while(list($id,$offset, $tz)=db_fetch_row($res)){
+                    $sel=($info['timezone_id']==$id)?'selected="selected"':'';
+                    echo sprintf('<option value="%d" %s>GMT %s - %s</option>',$id,$sel,$offset,$tz);
+                }
+            }
+            ?>
+        </select>
+        &nbsp;<span class="error"><?php echo $errors['timezone_id']; ?></span>
+    </td>
+</tr>
+<tr>
+    <td width="180">
+       Daylight Saving:
+    </td>
+    <td>
+        <input type="checkbox" name="dst" value="1" <?php echo $info['dst']?'checked="checked"':''; ?>>
+        Observe daylight saving
+        <em>(Current Time: <strong><?php echo Format::date($cfg->getDateTimeFormat(),Misc::gmtime(),$info['tz_offset'],$info['dst']); ?></strong>)</em>
+    </td>
+</tr>
+<tr>
+    <td colspan=2">
+        <div><hr><h3>Access Credentials</h3></div>
+    </td>
+</tr>
+<tr>
+    <td width="180">
+        Create a Password:
+    </td>
+    <td>
+        <input type="password" size="18" name="passwd1" value="<?php echo $info['passwd1']; ?>">
+        &nbsp;<span class="error">&nbsp;<?php echo $errors['passwd1']; ?></span>
+    </td>
+</tr>
+<tr>
+    <td width="180">
+        Confirm New Password:
+    </td>
+    <td>
+        <input type="password" size="18" name="passwd2" value="<?php echo $info['passwd2']; ?>">
+        &nbsp;<span class="error">&nbsp;<?php echo $errors['passwd2']; ?></span>
+    </td>
+</tr>
+</table>
+<hr>
+<p style="text-align: center;">
+    <input type="submit" value="Register"/>
+    <input type="button" value="Cancel" onclick="javascript:
+        window.location.href='index.php';"/>
+</p>
+</form>
+