Register a user from a small PHP file hidden somewhere.

Started by madturnip, March 09, 2012, 08:24:10 PM

I am looking for a way to register a user and give him/her a group, username, password, email, and activate status.  However, I don't want to have to login to SMF to do that.  I am building a small program, which I could just link to the database, however I want the registration to all take place on the site itself.   The file would be hidden somewhere that only I would know about.

Just a small PHP script that would allow text boxes, maybe a drop down for groups available, and then a submit button.  Voila!  Done....

Is this difficult or something rather simple...


I figured in the PHP file the credentials of the ADMIN could be placed in the file using a variable so that it can authenticate automatically and create the new user when the submit button is pressed.  I had help from someone who helped me create a POST version of this and it worked quite well.   I would think being able to create a user would be possible with ease too.



// Using SSI?
if (file_exists(dirname(__FILE__) . '/SSI.php') && !defined('SMF'))
require_once(dirname(__FILE__) . '/SSI.php');
elseif (!
die('<strong>Error:</strong> Cannot install - please make sure that this file in the same directory as SMF\'s SSI.php file.');

// Call our template


// Globalize everything we'll need...
global $sourcedir$scripturl$fileName$possibleBoards$errors$smcFunc;

// Our Logic

// Now the HTML
echo '<form action="'$fileName'" method="post">
<!-- NAME -->
<br /><br />
<label for="name">
<span style="font-weight: bold;'
, isset($errors['name']) ? ' color: #ff0000;' '''">*Name:</span>
<input type="text" maxlength="255" id="name" name="name" size="40"'
, isset($_POST['name']) && !empty($_POST['name']) ? ' value="' $_POST['name'] . '"' ''' />
<!-- EMAIL -->
<br /><br />
<label for="email">
<input type="text" maxlength="255" id="email" name="email" size="40"'
, isset($_POST['email']) && !empty($_POST['email']) ? ' value="' $_POST['email'] . '"' ''' />
<!-- SUBJECT -->
<br /><br />
<label for="subject">
<span style="font-weight: bold;'
, isset($errors['subject']) ? ' color: #ff0000;' '''">*Subject:</span>
<input type="text" maxlength="255" id="subject" name="subject" size="40"'
, isset($_POST['subject']) && !empty($_POST['subject']) ? ' value="' $_POST['subject'] . '"' ''' />
<!-- BOARD ID -->
<br /><br />
<label for="id_board">
<strong>Board to Post in:</strong>
<select id="id_board" name="id_board" style="padding: 4px;">'
if (!empty($possibleBoards))
foreach ($possibleBoards as $key => $value)
echo '<option value="' $key '"', isset($_POST['id_board']) && $_POST['id_board'] == $key ' selected="selected"' '''>' $value '&nbsp;&nbsp;</option>';
echo '<option value="">No Boards Available</option>';
echo '
<!-- BODY -->
<br /><br />
<label for="body">
<span style="font-weight: bold;'
, isset($errors['body']) ? ' color: #ff0000;' '''">*Body:</span>
<textarea id="body" name="body" cols="50" rows="5">'
, isset($_POST['body']) && !empty($_POST['body']) ? $_POST['body'] : '''</textarea>
<span class="smalltext" style="margin-left: 70px; display: block;">BBC is Enabled</span>
<br />
<!-- SUBMIT -->
<input type="submit" value="Submit" />
<span class="smalltext">* = Required Fields</span>'



// Globalize everything we'll need...
global $sourcedir$scripturl$fileName$smcFunc$possibleBoards$errors;

// Subs-Post for createPost();
require_once($sourcedir '/Subs-Post.php');

// File Name with ".php"
$fileName '.php';

// Allow smileys? true : false;
$smileysEnabled true;

// Default Board
$defaultBoard 1;

// Possible boards?
$possibleBoards = array();
$query $smcFunc['db_query']('''
SELECT id_board, name
FROM {db_prefix}boards'
while ($row $smcFunc['db_fetch_assoc']($query))
$possibleBoards[$row['id_board']] = $row['name'];

// Submitting...
if (isset($_POST['name']))
// Validation
$errors = array();
if (isset($_POST['name']) && empty($_POST['name']))
$errors['name'] = 1;
if (isset($_POST['subject']) && empty($_POST['subject']))
$errors['subject'] = 1;
if (isset($_POST['body']) && empty($_POST['body']))
$errors['body'] = 1;

if (!in_array(1$errors))

// Message Options
$msgOptions = array(
'body' => !empty($_POST['body']) ? $smcFunc['htmlspecialchars']($_POST['body']) : '',
'subject' => !empty($_POST['subject']) ? $smcFunc['htmlspecialchars']($_POST['subject']) : '',
'attachments' => array(),
'icon' => 'xx',
'smileys_enabled' => isset($smileysEnabled) ? $smileysEnabled true,


// Topic Options
$topicOptions = array(
'board' => !empty($_POST['id_board']) ? (int) $_POST['id_board'] : $defaultBoard,
'mark_as_read' => false,
'lock_mode' => 0,
'poll' => 0,
'sticky_mode' => 0,

// Poster Options
$posterOptions = array(
'email' => !empty($_POST['email']) ? $_POST['email'] : '',
'ip' => $_SERVER['remote_addr'],
'name' => $_POST['name'],
'update_post_count' => true,
'id' => 1,

// Create...

// Then redirect






I am willing to pay for an example.   

As I am not a coder.....


Do you want this within the other form, or seperate? I have HTML with a bit of PHP code here,
echo '<form action="" method="post">
    <input type="text" name="username" />
    <input type="password" name="passwrd" />
    <input type="text" name="email" />
    <select name="group">';
    foreach ($groups as $key => $value)
        echo '<option value="' . $key . '">' . $value . '</option>';
echo '</select>
    <input type="submit" name="submit" value="Submit" />

And a PHP function you can use,
function registerMember() {
    global $smcFunc, $sourcedir, $groups;
    $groups = array();
    $request = $smcFunc['db_query'](
        'SELECT id_group, group_name
        FROM {db_prefix}membergroups');
    while ($row = $smcFunc['fetch_assoc']($request))
        groups[$row['id_group']] = $row['group_name'];
    // Only do this part if the submit button was pressed
    if (isset($_POST['submit'])) {
        // Make sure we include the registration function
        require_once($sourcedir . '/Subs-Members.php');
        // Sanitize some data
        $username = !empty($_POST['user']) ?
            $smcFunc['htmlspecialchars']($_POST['user'], ENT_QUOTES) : '';
        $email = !empty($_POST['email']) ?
            $smcFunc['htmlspecialchars']($_POST['email'], ENT_QUOTES) : '';
        $password = !empty($_POST['passwrd']) ?
            $smcFunc['htmlspecialchars']($_POST['passwrd'], ENT_QUOTES) : '';
    $regOptions = array(
    'interface' => 'admin',
    'username' => $username,
    'email' => $email,
    'password' => $password,
    'password_check' => $password,
    'openid' => '',
    'auth_method' => '',
    'check_reserved_name' => true,
    'check_password_strength' => false,
    'check_email_ban' => false,
    'send_welcome_email' => !empty($modSettings['send_welcomeEmail']),
    'require' => 'nothing',
    'extra_register_vars' => array(),
    'theme_vars' => array(),
            'memberGroup' => !empty($_POST['group']) && is_numeric($_POST['group']) ?
                $_POST['group'] : -1,

If you can get back to my with what you want me to do with the input, I can show you where to put these.


I was looking for a seperate php file to use...     So any help or example final product would be awesome....

Thanks a million by the way!


The code I posted for the user post above was just an example of a script someone wrote for me a year + ago.   Just to clarify.

I was looking for a seperate PHP script for the registration part.


$memberID = registerMember($regOptions, true);


If you can get back to my with what you want me to do with the input, I can show you where to put these.

Would like it in a sep. php file not included in the example I gave above for posting.   I read what I wrote above and it was confusing....

Any help is appreciated....


That is the exact thing I did, except it's in a function and I'm making sure the data is safe...

Here is the entire file,
if (file_exists(dirname(__FILE__) . '/SSI.php') && !defined('SMF'))
require_once(dirname(__FILE__) . '/SSI.php');
elseif (!defined('SMF'))
die('<strong>Error:</strong> Please make sure that this file in the same directory as SMF\'s SSI.php file.');

function loadLogic() {
    global $smcFunc, $sourcedir, $groups, $modSettings;

    $request = $smcFunc['db_query']('',
        'SELECT id_group, group_name
        FROM {db_prefix}membergroups');
    while ($row = $smcFunc['fetch_assoc']($request))
        $groups[$row['id_group']] = $row['group_name'];
    // Only do this part if the submit button was pressed
    if (isset($_POST['submit'])) {
        // Make sure we include the registration function
        require_once($sourcedir . '/Subs-Members.php');
        // Sanitize some data
        $username = !empty($_POST['user']) ?
            $smcFunc['htmlspecialchars']($_POST['user'], ENT_QUOTES) : '';
        $email = !empty($_POST['email']) ?
            $smcFunc['htmlspecialchars']($_POST['email'], ENT_QUOTES) : '';
        $password = !empty($_POST['passwrd']) ?
            $smcFunc['htmlspecialchars']($_POST['passwrd'], ENT_QUOTES) : '';
    $regOptions = array(
    'interface' => 'admin',
    'username' => $username,
    'email' => $email,
    'password' => $password,
    'password_check' => $password,
    'openid' => '',
    'auth_method' => '',
    'check_reserved_name' => true,
    'check_password_strength' => false,
    'check_email_ban' => false,
    'send_welcome_email' => !empty($modSettings['send_welcomeEmail']),
    'require' => 'nothing',
    'extra_register_vars' => array(),
    'theme_vars' => array(),
            'memberGroup' => !empty($_POST['group']) && is_numeric($_POST['group']) ?
                $_POST['group'] : -1,

$groups = array();

echo '<form action="" method="post">
    <input type="text" name="username" />
    <input type="password" name="passwrd" />
    <input type="text" name="email" />
    <select name="group">';
    foreach ($groups as $key => $value)
        echo '<option value="' . $key . '">' . $value . '</option>';
echo '</select>
    <input type="submit" name="submit" value="Submit" />


I get an error on this line of code:

groups[$row['id_group']] = $row['group_name'];

Below is the test.php file, but line 11 throws an error.  When I place $ in front of groups it then errors out on line 7 with this message:

Fatal error: Function name must be a string in /home/mcrider/public_html/test.php on line 7



function loadLogic() {

$request $smcFunc['db_query'](
'SELECT id_group, group_name
        FROM {db_prefix}membergroups'
    while (
$row $smcFunc['fetch_assoc']($request))
groups[$row['id_group']] = $row['group_name'];
// Only do this part if the submit button was pressed
if (isset($_POST['submit'])) {
// Make sure we include the registration function
require_once($sourcedir '/Subs-Members.php');
// Sanitize some data
$username = !empty($_POST['user']) ? 
$smcFunc['htmlspecialchars']($_POST['user'], ENT_QUOTES) : '';
$email = !empty($_POST['email']) ? 
$smcFunc['htmlspecialchars']($_POST['email'], ENT_QUOTES) : '';
$password = !empty($_POST['passwrd']) ? 
$smcFunc['htmlspecialchars']($_POST['passwrd'], ENT_QUOTES) : '';
$regOptions = array(
'interface' => 'admin',
'username' => $username,
'email' => $email,
'password' => $password,
'password_check' => $password,
'openid' => '',
'auth_method' => '',
'check_reserved_name' => true,
'check_password_strength' => false,
'check_email_ban' => false,
'send_welcome_email' => !empty($modSettings['send_welcomeEmail']),
'require' => 'nothing',
'extra_register_vars' => array(),
'theme_vars' => array(),
'memberGroup' => !empty($_POST['group']) && is_numeric($_POST['group']) ?
$_POST['group'] : -1,

$groups = array();

'<form action="" method="post">
    <input type="text" name="username" />
    <input type="password" name="passwrd" />
    <input type="text" name="email" />
    <select name="group">'
    foreach (
$groups as $key => $value)
'<option value="' $key '">' $value '</option>';
    <input type="submit" name="submit" value="Submit" />


refer to Reply 10 above...   I did that and it errors out:

Fatal error: Function name must be a string in /home/mcrider/public_html/test.php on line 7

I am sorry man! I am a total noob if I am doing something wrong.  I just added the <?php and ?> to the file and expected it to work.  Maybe it was suppose to have other code with it.  Again, I apologize for being very unskilled when it comes to PHP programing.


Ok it got passed the error....    Now, however, it give the following error:

QuoteWarning: Missing argument 2 for smf_db_query(), called in /home/mcrider/public_html/forum/test.php on line 14 and defined in /home/mcrider/public_html/forum/Sources/Subs-Db-mysql.php on line 221
Database Error
Query was empty
File: /home/mcrider/public_html/forum/test.php
Line: 14


*sigh* Writing code from memory isn't as effective as I thought... I'm confident this is it. Try it again.


Fatal error: Function name must be a string in /home/mcrider/public_html/forum/test.php on line 15



Try this. >:(
if (file_exists(dirname(__FILE__) . '/SSI.php') && !defined('SMF'))
 require_once(dirname(__FILE__) . '/SSI.php');
elseif (!
 die('<strong>Error:</strong> Please make sure that this file in the same directory as SMF\'s SSI.php file.');

loadLogic() {

$request $smcFunc['db_query'](''
'SELECT id_group, group_name
        FROM {db_prefix}membergroups'
    while (
$row $smcFunc['db_fetch_assoc']($request))
$groups[$row['id_group']] = $row['group_name'];

// Only do this part if the submit button was pressed
if (isset($_POST['submit'])) {
// Make sure we include the registration function
require_once($sourcedir '/Subs-Members.php');
// Sanitize some data
$username = !empty($_POST['user']) ? 
$smcFunc['htmlspecialchars']($_POST['user'], ENT_QUOTES) : '';
$email = !empty($_POST['email']) ? 
$smcFunc['htmlspecialchars']($_POST['email'], ENT_QUOTES) : '';
$password = !empty($_POST['passwrd']) ? 
$smcFunc['htmlspecialchars']($_POST['passwrd'], ENT_QUOTES) : '';
$regOptions = array(
'interface' => 'admin',
'username' => $username,
'email' => $email,
'password' => $password,
'password_check' => $password,
'openid' => '',
'auth_method' => '',
'check_reserved_name' => true,
'check_password_strength' => false,
'check_email_ban' => false,
'send_welcome_email' => !empty($modSettings['send_welcomeEmail']),
'require' => 'nothing',
'extra_register_vars' => array(),
'theme_vars' => array(),
'memberGroup' => !empty($_POST['group']) && is_numeric($_POST['group']) ?
$_POST['group'] : -1,

$groups = array();

'<form action="" method="post">
    <input type="text" name="username" />
    <input type="password" name="passwrd" />
    <input type="text" name="email" />
    <select name="group">'
    foreach (
$groups as $key => $value)
'<option value="' $key '">' $value '</option>';
    <input type="submit" name="submit" value="Submit" />


had to make a few changes to the username area, but it worked.  Thank you....



        // Sanitize some data
        $username = !empty($_POST['user']) ?
            $smcFunc['htmlspecialchars']($_POST['user'], ENT_QUOTES) : '';

and here:
<input type="text" name="username" />

They didn't match - so it didn't work.   Simple overlook....   Again thanks.



Ok it works...  and does what is suppose to.

However, how do I register a user with whatever group access without having to be logged into the forum with 'KEEP ME LOGGED IN' checked.

I know I can change:  'interface' => 'admin',  to 'interface' => 'guest',   --- but that will not allow me to select the proper group.  No matter what they will be a plain jane registered account.

If I am logged into the forum and run this same script with 'interface' => 'admin', it works just fine.   However that defeats the purpose of the script in the first place.

Any work-around for this?


Shoot that is quite a pain in the arse...
I rewrote the function to take care of this. It will update the primary group of the added member (assuming that's what you intended).
function loadLogic() {
    global $smcFunc, $sourcedir, $groups, $modSettings;

    $request = $smcFunc['db_query']('',
        'SELECT id_group, group_name
        FROM {db_prefix}membergroups');
    while ($row = $smcFunc['db_fetch_assoc']($request))
        $groups[$row['id_group']] = $row['group_name'];

    // Only do this part if the submit button was pressed
    if (isset($_POST['submit'])) {
        // Make sure we include the registration function
        require_once($sourcedir . '/Subs-Members.php');
        // Sanitize some data
        $username = !empty($_POST['user']) ?
            $smcFunc['htmlspecialchars']($_POST['user'], ENT_QUOTES) : '';
        $email = !empty($_POST['email']) ?
            $smcFunc['htmlspecialchars']($_POST['email'], ENT_QUOTES) : '';
        $password = !empty($_POST['passwrd']) ?
            $smcFunc['htmlspecialchars']($_POST['passwrd'], ENT_QUOTES) : '';
        $group_id = !empty($_POST['group']) && is_numeric($_POST['group']) ?
                $_POST['group'] : 0;
    $regOptions = array(
    'interface' => 'guest',
    'username' => $username,
    'email' => $email,
    'password' => $password,
    'password_check' => $password,
    'openid' => '',
    'auth_method' => '',
    'check_reserved_name' => true,
    'check_password_strength' => false,
    'check_email_ban' => false,
    'send_welcome_email' => !empty($modSettings['send_welcomeEmail']),
    'require' => 'nothing',
    'extra_register_vars' => array(),
    'theme_vars' => array(),
        $id_member = registerMember($regOptions);
            'UPDATE {db_prefix}members SET id_group = {int:group_id} WHERE id_member =
               'group_id' => $group_id, 'id_member' => $id_member,

