From 7f4f5cd343c8481ab825948b12061563eb562d28 Mon Sep 17 00:00:00 2001
From: Sebastian Grewe <sebastian@grewe.ca>
Date: Mon, 15 Jul 2013 12:43:29 +0200
Subject: [PATCH] Make invitations configurable via admin panel

Invitations can now be configured through admin panel settings. By
default, invitations are enabled. Invitation system is also available if
registrations are disabled. To completely remove the ability of new
users to sign up, disable both registration and invitations.

Fixes #330
---
 public/include/config/global.inc.dist.php     |  7 +--
 .../include/pages/account/invitations.inc.php |  2 +-
 public/include/pages/admin/settings.inc.php   |  1 +
 public/include/pages/register.inc.php         |  2 +-
 .../include/pages/register/register.inc.php   | 46 +++++++++----------
 public/include/smarty_globals.inc.php         |  1 +
 .../mmcFE/admin/settings/default.tpl          | 10 ++++
 public/templates/mmcFE/global/navigation.tpl  |  2 +-
 8 files changed, 40 insertions(+), 31 deletions(-)

diff --git a/public/include/config/global.inc.dist.php b/public/include/config/global.inc.dist.php
index deeba5b9..e66197fe 100644
--- a/public/include/config/global.inc.dist.php
+++ b/public/include/config/global.inc.dist.php
@@ -131,24 +131,21 @@ $config['website']['mobile_theme'] = 'mobile';
  *
  *   Invitations will allow your users to invite new members to join the pool.
  *   After sending a mail to the invited user, they can register using the token
- *   created. Invitations can be enabled and disabled. They are listed on the accounts
- *   page.
+ *   created. Invitations can be enabled and disabled through the admin panel.
+ *   Sent invitations are listed on the account invitations page.
  *
  *   You can limit the number of registrations send per account via configuration
  *   variable.
  *
  *  Options:
  *    confirm_email  :  Send confirmation mail to user after registration
- *    invitations    :  Enable or disable the invitation system
  *    count          :  Maximum invitations a user is able to send
  *
  *  Defaults:
  *    confirm_email  :  true
- *    invitations    :  true
  *    count          :  5
  **/
 $config['accounts']['confirm_email']['enabled'] = true;
-$config['accounts']['invitations']['enabled'] = true;
 $config['accounts']['invitations']['count'] = 5;
 
 /**
diff --git a/public/include/pages/account/invitations.inc.php b/public/include/pages/account/invitations.inc.php
index cd8d644a..b12e2d4e 100644
--- a/public/include/pages/account/invitations.inc.php
+++ b/public/include/pages/account/invitations.inc.php
@@ -4,7 +4,7 @@
 if (!defined('SECURITY')) die('Hacking attempt');
 
 if ($user->isAuthenticated()) {
-  if ($config['accounts']['invitations']['enabled']) {
+  if (!$setting->getValue('disable_invitations')) {
     if ($invitation->getCountInvitations($_SESSION['USERDATA']['id']) >= $config['accounts']['invitations']['count']) {
       $_SESSION['POPUP'][] = array('CONTENT' => 'You have exceeded the allowed invitations of ' . $config['accounts']['invitations']['count'], 'TYPE' => 'errormsg');
     } else if (isset($_POST['do']) && $_POST['do'] == 'sendInvitation') {
diff --git a/public/include/pages/admin/settings.inc.php b/public/include/pages/admin/settings.inc.php
index dab1f096..9bc7ef3b 100644
--- a/public/include/pages/admin/settings.inc.php
+++ b/public/include/pages/admin/settings.inc.php
@@ -19,6 +19,7 @@ if (@$_REQUEST['do'] == 'save' && !empty($_REQUEST['data'])) {
 // Fetch settings to propagate to template
 $smarty->assign("MAINTENANCE", $setting->getValue('maintenance'));
 $smarty->assign("LOCKREGISTRATION", $setting->getValue('lock_registration'));
+$smarty->assign("DISABLEINVITATIONS", $setting->getValue('disable_invitations'));
 
 // Tempalte specifics
 $smarty->assign("CONTENT", "default.tpl");
diff --git a/public/include/pages/register.inc.php b/public/include/pages/register.inc.php
index d47c67ed..9b338b51 100644
--- a/public/include/pages/register.inc.php
+++ b/public/include/pages/register.inc.php
@@ -3,7 +3,7 @@
 // Make sure we are called from index.php
 if (!defined('SECURITY')) die('Hacking attempt');
 
-if ($setting->getValue('lock_registration')) {
+if ($setting->getValue('lock_registration') && !$config['accounts']['invitations']['enabled']) {
   $_SESSION['POPUP'][] = array('CONTENT' => 'Account registration is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
   $smarty->assign("CONTENT", "disabled.tpl");
 } else {
diff --git a/public/include/pages/register/register.inc.php b/public/include/pages/register/register.inc.php
index 9a099816..9e438853 100644
--- a/public/include/pages/register/register.inc.php
+++ b/public/include/pages/register/register.inc.php
@@ -13,33 +13,33 @@ if ($config['recaptcha']['enabled']) {
   );
 }
 
-// Check if recaptcha is enabled, process form data if valid
-if($config['recaptcha']['enabled'] && $_POST["recaptcha_response_field"] && $_POST["recaptcha_response_field"]!=''){
-  if ($rsp->is_valid) {
-    $smarty->assign("RECAPTCHA", recaptcha_get_html($config['recaptcha']['public_key']));
-    if ($setting->getValue('lock_registration')) {
-      $_SESSION['POPUP'][] = array('CONTENT' => 'Account registration is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
-    } else if ($user->register($_POST['username'], $_POST['password1'], $_POST['password2'], $_POST['pin'], $_POST['email1'], $_POST['email2'], $_POST['token']) && !$setting->getValue('lock_registration')) {
+if ($setting->getValue('disable_invitations') && $setting->getValue('lock_registration')) {
+  $_SESSION['POPUP'][] = array('CONTENT' => 'Account registration is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
+} else {
+  // Check if recaptcha is enabled, process form data if valid
+  if($config['recaptcha']['enabled'] && $_POST["recaptcha_response_field"] && $_POST["recaptcha_response_field"]!=''){
+    if ($rsp->is_valid) {
+      $smarty->assign("RECAPTCHA", recaptcha_get_html($config['recaptcha']['public_key']));
+      if ($user->register($_POST['username'], $_POST['password1'], $_POST['password2'], $_POST['pin'], $_POST['email1'], $_POST['email2'], $_POST['token'])) {
+        $config['accounts']['confirm_email']['enabled'] ? $_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mailbox to activate this account') : $_SESSION['POPUP'][] = array('CONTENT' => 'Account created, please login');
+      } else {
+        $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to create account: ' . $user->getError(), 'TYPE' => 'errormsg');
+      }
+    } else {
+      $smarty->assign("RECAPTCHA", recaptcha_get_html($config['recaptcha']['public_key'], $rsp->error));
+      $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid Captcha, please try again. (' . $rsp->error . ')', 'TYPE' => 'errormsg');
+    }
+    // Empty captcha
+  } else if ($config['recaptcha']['enabled']) {
+    $smarty->assign("RECAPTCHA", recaptcha_get_html($config['recaptcha']['public_key'], $rsp->error));
+    $_SESSION['POPUP'][] = array('CONTENT' => 'Empty Captcha, please try again.', 'TYPE' => 'errormsg');
+    // Captcha disabled
+  } else {
+    if ($user->register($_POST['username'], $_POST['password1'], $_POST['password2'], $_POST['pin'], $_POST['email1'], $_POST['email2'], $_POST['token'])) {
       $config['accounts']['confirm_email']['enabled'] ? $_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mailbox to activate this account') : $_SESSION['POPUP'][] = array('CONTENT' => 'Account created, please login');
     } else {
       $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to create account: ' . $user->getError(), 'TYPE' => 'errormsg');
     }
-  } else {
-    $smarty->assign("RECAPTCHA", recaptcha_get_html($config['recaptcha']['public_key'], $rsp->error));
-    $_SESSION['POPUP'][] = array('CONTENT' => 'Invalid Captcha, please try again. (' . $rsp->error . ')', 'TYPE' => 'errormsg');
-  }
-// Empty captcha
-} else if ($config['recaptcha']['enabled']) {
-  $smarty->assign("RECAPTCHA", recaptcha_get_html($config['recaptcha']['public_key'], $rsp->error));
-  $_SESSION['POPUP'][] = array('CONTENT' => 'Empty Captcha, please try again.', 'TYPE' => 'errormsg');
-// Captcha disabled
-} else {
-  if ($setting->getValue('lock_registration')) {
-    $_SESSION['POPUP'][] = array('CONTENT' => 'Account registration is currently disabled. Please try again later.', 'TYPE' => 'errormsg');
-  } else if ($user->register($_POST['username'], $_POST['password1'], $_POST['password2'], $_POST['pin'], $_POST['email1'], $_POST['email2'], $_POST['token']) && !$setting->getValue('lock_registration')) {
-    $config['accounts']['confirm_email']['enabled'] ? $_SESSION['POPUP'][] = array('CONTENT' => 'Please check your mailbox to activate this account') : $_SESSION['POPUP'][] = array('CONTENT' => 'Account created, please login');
-  } else {
-    $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to create account: ' . $user->getError(), 'TYPE' => 'errormsg');
   }
 }
 
diff --git a/public/include/smarty_globals.inc.php b/public/include/smarty_globals.inc.php
index d0d5dbbf..5f6ca959 100644
--- a/public/include/smarty_globals.inc.php
+++ b/public/include/smarty_globals.inc.php
@@ -49,6 +49,7 @@ $aGlobal = array(
   'config' => array(
     'website' => array( 'title' => $config['website']['title'], 'acl' => $config['website']['acl'] ),
     'accounts' => $config['accounts'],
+    'disable_invitations' => $setting->getValue('disable_invitations'),
     'price' => array( 'currency' => $config['price']['currency'] ),
     'targetdiff' => $config['difficulty'],
     'currency' => $config['currency'],
diff --git a/public/templates/mmcFE/admin/settings/default.tpl b/public/templates/mmcFE/admin/settings/default.tpl
index a2ffbd5b..154c39d1 100644
--- a/public/templates/mmcFE/admin/settings/default.tpl
+++ b/public/templates/mmcFE/admin/settings/default.tpl
@@ -30,6 +30,16 @@
           </select>
         </td>
       </tr>
+      <tr>
+        <td class="left">Disable Invitations</td>
+        <td class="center"><span id='tt'><img src='{$PATH}/images/questionmark.png' height='15px' width='15px' title='Enable or disable users to invite others. Configuration file defines number of allowed invitations.'></span></td>
+        <td>
+          <select name="data[disable_invitations]">
+            <option value="1">Yes</option>
+            <option value="0"{nocache}{if !$DISABLEINVITATIONS} selected{/if}{/nocache}>No</option>
+          </select>
+        </td>
+      </tr>
       <tr><td class="center" colspan="3"><input type="submit" value="Save" class="submit small" /></td></tr>
     </tbody>
   </table>
diff --git a/public/templates/mmcFE/global/navigation.tpl b/public/templates/mmcFE/global/navigation.tpl
index 4d3d3621..79d36af8 100644
--- a/public/templates/mmcFE/global/navigation.tpl
+++ b/public/templates/mmcFE/global/navigation.tpl
@@ -7,7 +7,7 @@
                 <li><a href="{$smarty.server.PHP_SELF}?page=account&action=workers">My Workers</a></li>
                 <li><a href="{$smarty.server.PHP_SELF}?page=account&action=transactions">Transactions</a></li>
                 <li><a href="{$smarty.server.PHP_SELF}?page=account&action=notifications">Notifications</a></li>
-                {if $GLOBAL.config.accounts.invitations}<li><a href="{$smarty.server.PHP_SELF}?page=account&action=invitations">Invitations</a></li>{/if}
+                {if !$GLOBAL.config.disable_invitations}<li><a href="{$smarty.server.PHP_SELF}?page=account&action=invitations">Invitations</a></li>{/if}
               </ul>
             </li>
             {/if}