Index: branches/5.2.x/core/units/users/users_event_handler.php
===================================================================
diff -u -N -r14585 -r14596
--- branches/5.2.x/core/units/users/users_event_handler.php	(.../users_event_handler.php)	(revision 14585)
+++ branches/5.2.x/core/units/users/users_event_handler.php	(.../users_event_handler.php)	(revision 14596)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: users_event_handler.php 14585 2011-09-24 12:04:17Z alex $
+* @version	$Id: users_event_handler.php 14596 2011-09-29 15:46:43Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -17,7 +17,7 @@
 	class UsersEventHandler extends kDBEventHandler
 	{
 		/**
-		 * Allows to override standart permission mapping
+		 * Allows to override standard permission mapping
 		 *
 		 */
 		function mapPermissions()
@@ -61,7 +61,10 @@
 		{
 			parent::OnItemBuild($event);
 
-			if ($event->Special == 'forgot') {
+			$object =& $event->getObject();
+			/* @var $object kDBItem */
+
+			if ( $event->Special == 'forgot' || $object->getFormName() == 'registration' ) {
 				$this->_makePasswordRequired($event);
 			}
 		}
@@ -70,8 +73,11 @@
 		 * Shows only admins when required
 		 *
 		 * @param kEvent $event
+		 * @return void
+		 * @access protected
+		 * @see kDBEventHandler::OnListBuild()
 		 */
-		function SetCustomQuery(&$event)
+		protected function SetCustomQuery(&$event)
 		{
 			$object =& $event->getObject();
 			/* @var $object kDBList */
@@ -110,44 +116,47 @@
 		}
 
 		/**
-		 * Checks permissions of user
+		 * Checks user permission to execute given $event
 		 *
 		 * @param kEvent $event
+		 * @return bool
+		 * @access public
 		 */
-		function CheckPermission(&$event)
+		public function CheckPermission(&$event)
 		{
-			if ($event->Name == 'OnLogin' || $event->Name == 'OnLogout') {
+			if ( $event->Name == 'OnLogin' || $event->Name == 'OnLogout' ) {
 				// permission is checked in OnLogin event directly
 				return true;
 			}
 
-			if (!$this->Application->isAdminUser) {
+			if ( !$this->Application->isAdminUser ) {
 				$user_id = $this->Application->RecallVar('user_id');
 				$items_info = $this->Application->GetVar($event->getPrefixSpecial(true));
 
-				if ($event->Name == 'OnCreate' && $user_id == USER_GUEST) {
+				if ( $event->Name == 'OnCreate' && $user_id == USER_GUEST ) {
 					// "Guest" can create new users
 					return true;
 				}
 
-				if ($event->Name == 'OnUpdate' && $user_id > 0) {
-					$user_dummy =& $this->Application->recallObject($event->Prefix.'.-item', null, Array('skip_autoload' => true));
+				if ( $event->Name == 'OnUpdate' && $user_id > 0 ) {
+					$user_dummy =& $this->Application->recallObject($event->Prefix . '.-item', null, Array ('skip_autoload' => true));
+					/* @var $user_dummy UsersItem */
 
 					foreach ($items_info as $id => $field_values) {
-						if ($id != $user_id) {
+						if ( $id != $user_id ) {
 							// registered users can update their record only
 							return false;
 						}
 
 						$user_dummy->Load($id);
 						$status_field = array_shift($this->Application->getUnitOption($event->Prefix, 'StatusField'));
 
-						if ($user_dummy->GetDBField($status_field) != STATUS_ACTIVE) {
+						if ( $user_dummy->GetDBField($status_field) != STATUS_ACTIVE ) {
 							// not active user is not allowed to update his record (he could not activate himself manually)
 							return false;
 						}
 
-						if (isset($field_values[$status_field]) && $user_dummy->GetDBField($status_field) != $field_values[$status_field]) {
+						if ( isset($field_values[$status_field]) && $user_dummy->GetDBField($status_field) != $field_values[$status_field] ) {
 							// user can't change status by himself
 							return false;
 						}
@@ -158,10 +167,10 @@
 
 				if ( $event->Name == 'OnResetLostPassword' && $event->Special == 'forgot' && $user_id == USER_GUEST ) {
 					// non-logged in users can reset their password, when reset code is valid
-					return is_numeric( $this->getPassedID($event) );
+					return is_numeric($this->getPassedID($event));
 				}
 
-				if ($event->Name == 'OnUpdate' && $user_id <= 0) {
+				if ( $event->Name == 'OnUpdate' && $user_id <= 0 ) {
 					// guests are not allowed to update their record, because they don't have it :)
 					return false;
 				}
@@ -232,7 +241,7 @@
 		 */
 		function OnLogin(&$event)
 		{
-			$object =& $event->getObject();
+			$object =& $event->getObject( Array ('form_name' => 'login') );
 			/* @var $object kDBItem */
 
 			$object->SetFieldsFromHash( $this->getSubmittedFields($event) );
@@ -279,6 +288,8 @@
 		function OnInpLogin(&$event)
 		{
 			$sync_manager =& $this->Application->recallObject('UsersSyncronizeManager', null, Array(), Array ('InPortalSyncronize'));
+			/* @var $sync_manager UsersSyncronizeManager */
+			
 			$sync_manager->performAction('LoginUser', $event->getEventParam('user'), $event->getEventParam('pass') );
 
 			if ($event->redirect && is_string($event->redirect)) {
@@ -295,6 +306,8 @@
 		function OnInpLogout(&$event)
 		{
 			$sync_manager =& $this->Application->recallObject('UsersSyncronizeManager', null, Array(), Array ('InPortalSyncronize'));
+			/* @var $sync_manager UsersSyncronizeManager */
+			
 			$sync_manager->performAction('LogoutUser');
 		}
 
@@ -308,232 +321,143 @@
 		}
 
 		/**
-		 * Redirects user after succesfull registration to confirmation template (on Front only)
+		 * Redirects user after successful registration to confirmation template (on Front only)
 		 *
 		 * @param kEvent $event
+		 * @return void
+		 * @access protected
 		 */
-		function OnAfterItemCreate(&$event)
+		protected function OnAfterItemCreate(&$event)
 		{
 			parent::OnAfterItemCreate($event);
 
 			$this->afterItemChanged($event);
 
-			$object =& $event->getObject();
-			/* @var $object kDBItem */
-
-			$primary_group_id = $object->GetDBField('PrimaryGroupId');
-
-			if ($primary_group_id) {
-				$ug_table = TABLE_PREFIX . 'UserGroup';
-
-				if ( $object->IsTempTable() ) {
-					$ug_table = $this->Application->GetTempName($ug_table, 'prefix:' . $event->Prefix);
-				}
-
-				$fields_hash = Array (
-					'PortalUserId' => $object->GetID(),
-					'GroupId' => $primary_group_id,
-				);
-
-				$this->Conn->doInsert($fields_hash, $ug_table, 'REPLACE');
-			}
+			$this->assignToPrimaryGroup($event);
 		}
 
 		/**
-		 * Login user if possible, if not then redirect to corresponding template
+		 * Performs user registration
 		 *
 		 * @param kEvent $event
 		 */
-		function autoLoginUser(&$event)
+		function OnCreate(&$event)
 		{
-			$object =& $event->getObject();
-			$this->Application->SetVar('u.current_id', $object->GetID());
+			if ( $this->Application->isAdmin ) {
+				parent::OnCreate($event);
 
-			if ( $object->GetDBField('Status') == STATUS_ACTIVE ) {
-				$user_helper =& $this->Application->recallObject('UserHelper');
-				/* @var $user_helper UserHelper */
-
-				if ( $user_helper->checkLoginPermission() ) {
-					$user_helper->loginUserById( $object->GetID() );
-				}
+				return ;
 			}
-		}
 
+			$object =& $event->getObject( Array('form_name' => 'registration') );
+			/* @var $object UsersItem */
 
-		/**
-		 * When creating user & user with such email exists then force to use OnUpdate insted of ?
-		 *
-		 * @param kEvent $event
-		 */
-		function OnSubstituteSubscriber(&$event)
-		{
-			$ret = false;
-			$object =& $event->getObject( Array('skip_autoload' => true) );
+			$field_values = $this->getSubmittedFields($event);
+			$user_email = getArrayValue($field_values, 'Email');
+			$subscriber_id = $user_email ? $this->getSubscriberByEmail($user_email) : false;
 
-			$items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) );
-
-			if ($items_info) {
-				list($id, $field_values) = each($items_info);
-				$user_email = isset($field_values['Email']) ? $field_values['Email'] : false;
-
-				if ($user_email) {
-					// check if is subscriber
-					$verify_user =& $this->Application->recallObject('u.verify', null, Array('skip_autoload' => true) );
-					$verify_user->Load($user_email, 'Email');
-
-					if ( $verify_user->isLoaded() && $verify_user->isSubscriberOnly() ) {
-						$items_info = Array( $verify_user->GetDBField('PortalUserId') => $field_values );
-						$this->Application->SetVar($event->getPrefixSpecial(true), $items_info);
-						$ret = true;
-					}
-				}
+			if ( $subscriber_id ) {
+				// update existing subscriber
+				$object->Load($subscriber_id);
+				$object->SetDBField('PrimaryGroupId', $this->Application->ConfigValue('User_NewGroup'));
+				$this->Application->SetVar($event->getPrefixSpecial(true), Array ($object->GetID() => $field_values));
 			}
 
-			if ( isset($event->MasterEvent) ) {
-				$event->MasterEvent->setEventParam('is_subscriber_only', $ret);
-			}
-			else {
-				$event->setEventParam('is_subscriber_only', $ret);
-			}
-		}
+			$object->SetFieldsFromHash($field_values);
 
+			$status = $object->isLoaded() ? $object->Update() : $object->Create();
 
-		/**
-		 * Enter description here...
-		 *
-		 * @param kEvent $event
-		 * @param bool $dry_run
-		 * @return bool
-		 */
-		function isSubscriberOnly(&$event, $dry_run = false)
-		{
-			$event->CallSubEvent('OnSubstituteSubscriber');
-			$is_subscriber = $event->getEventParam('is_subscriber_only');
-
-			if ($dry_run) {
-				return $is_subscriber;
+			if ( !$status ) {
+				$event->status = kEvent::erFAIL;
+				$event->redirect = false;
+				$object->setID( (int)$object->GetID() );
 			}
 
-			if ($is_subscriber) {
-				$object =& $event->getObject( Array('skip_autoload' => true) );
-				$this->OnUpdate($event);
+			$this->setNextTemplate($event, true);
 
-				if ($event->status == kEvent::erSUCCESS) {
-					$this->OnAfterItemCreate($event);
-					$object->SendEmailEvents();
+			if ( ($event->status == kEvent::erSUCCESS) && $event->redirect ) {
+				$this->assignToPrimaryGroup($event);
 
-					if (!$this->Application->isAdmin && $event->redirect) {
-						$this->autoLoginUser($event);
-					}
-				}
+				$object->SendEmailEvents();
+				$this->autoLoginUser($event);
 			}
-
-			return $is_subscriber;
 		}
 
 		/**
-		 * Creates new user
+		 * Returns subscribed user ID by given e-mail address
 		 *
-		 * @param kEvent $event
+		 * @param string $email
 		 */
-		function OnCreate(&$event)
+		function getSubscriberByEmail($email)
 		{
-			if (!$this->Application->isAdminUser) {
-				$this->setUserStatus($event);
-			}
+			$verify_user =& $this->Application->recallObject('u.verify', null, Array ('skip_autoload' => true));
+			/* @var $verify_user UsersItem */
 
-			if ( !$this->isSubscriberOnly($event) ) {
-				$object =& $event->getObject( Array('skip_autoload' => true) );
-				/* @var $object UsersItem */
+			$verify_user->Load($email, 'Email');
 
-				if ( $this->Application->ConfigValue('User_Password_Auto') ) {
-					$password = $object->generatePassword( rand(5, 8) );
-					$this->Application->SetVar('user_password', $password);
-				}
-
-				parent::OnCreate($event);
-
-				$this->Application->SetVar('u.current_id', $object->getID()); // for affil:OnRegisterAffiliate after hook
-
-				$this->setNextTemplate($event);
-
-				if (!$this->Application->isAdmin && ($event->status == kEvent::erSUCCESS) && $event->redirect) {
-					$object->SendEmailEvents();
-					$this->autoLoginUser($event);
-				}
-			}
+			return $verify_user->isLoaded() && $verify_user->isSubscriberOnly() ? $verify_user->GetID() : false;
 		}
 
 		/**
-		 * Set's new user status based on config options
+		 * Login user if possible, if not then redirect to corresponding template
 		 *
 		 * @param kEvent $event
 		 */
-		function setUserStatus(&$event)
+		function autoLoginUser(&$event)
 		{
-			$object =& $event->getObject( Array('skip_autoload' => true) );
+			$object =& $event->getObject();
+			$this->Application->SetVar('u.current_id', $object->GetID());
 
-			$new_users_allowed = $this->Application->ConfigValue('User_Allow_New');
+			if ( $object->GetDBField('Status') == STATUS_ACTIVE ) {
+				$user_helper =& $this->Application->recallObject('UserHelper');
+				/* @var $user_helper UserHelper */
 
-			switch ($new_users_allowed) {
-				case 1: // Immediate
-					$object->SetDBField('Status', STATUS_ACTIVE);
-					$next_template = $this->Application->GetVar('registration_confirm_template');
-					if ($next_template) {
-						$event->redirect = $next_template;
-					}
-					break;
-
-				case 3: // Upon Approval
-				case 4: // Email Activation
-					$next_template = $this->Application->GetVar('registration_confirm_pending_template');
-					if ($next_template) {
-						$event->redirect = $next_template;
-					}
-					$object->SetDBField('Status', STATUS_PENDING);
-					break;
-
-				case 2: // Not Allowed
-					$object->SetDBField('Status', STATUS_DISABLED);
-					break;
+				if ( $user_helper->checkLoginPermission() ) {
+					$user_helper->loginUserById( $object->GetID() );
+				}
 			}
 		}
 
 		/**
 		 * Set's new unique resource id to user
 		 *
 		 * @param kEvent $event
+		 * @return void
+		 * @access protected
 		 */
-		function OnBeforeItemCreate(&$event)
+		protected function OnBeforeItemCreate(&$event)
 		{
 			parent::OnBeforeItemCreate($event);
 
+			$this->beforeItemChanged($event);
+
 			$cs_helper =& $this->Application->recallObject('CountryStatesHelper');
 			/* @var $cs_helper kCountryStatesHelper */
 
-			if ( !$this->isSubscriberOnly($event, true) ) {
+			$object =& $event->getObject();
+			/* @var $object UsersItem */
+
+			if ( !$object->isSubscriberOnly() ) {
+				// don't checck state-to-country relations for subscribers
 				$cs_helper->CheckStateField($event, 'State', 'Country');
 			}
 
 			$this->_makePasswordRequired($event);
 
 			$cs_helper->PopulateStates($event, 'State', 'Country');
 
-			$object =& $event->getObject();
-			/* @var $object UsersItem */
-
 			if ( $this->Application->ConfigValue('Email_As_Login') ) {
-				$field_options = $object->GetFieldOptions('Email');
-				$field_options['error_msgs']['unique'] = $this->Application->Phrase('lu_user_and_email_already_exist');
-				$object->SetFieldOptions('Email', $field_options);
+				$error_msgs = $object->GetFieldOption('Email', 'error_msgs');
+				$error_msgs['unique'] = '!lu_user_and_email_already_exist!';
+				$object->SetFieldOption('Email', 'error_msgs', $error_msgs);
 			}
 
 			$this->setUserGroup($object);
 
 			$user_helper =& $this->Application->recallObject('UserHelper');
 			/* @var $user_helper UserHelper */
 
-			if (!$user_helper->checkBanRules($object)) {
+			if ( !$user_helper->checkBanRules($object) ) {
 				$object->SetError('Login', 'banned');
 			}
 		}
@@ -571,6 +495,34 @@
 		}
 
 		/**
+		 * Assigns a user to it's primary group
+		 *
+		 * @param kEvent $event
+		 */
+		protected function assignToPrimaryGroup(&$event)
+		{
+			$object =& $event->getObject();
+			/* @var $object kDBItem */
+
+			$primary_group_id = $object->GetDBField('PrimaryGroupId');
+
+			if ($primary_group_id) {
+				$ug_table = TABLE_PREFIX . 'UserGroup';
+
+				if ( $object->IsTempTable() ) {
+					$ug_table = $this->Application->GetTempName($ug_table, 'prefix:' . $event->Prefix);
+				}
+
+				$fields_hash = Array (
+					'PortalUserId' => $object->GetID(),
+					'GroupId' => $primary_group_id,
+				);
+
+				$this->Conn->doInsert($fields_hash, $ug_table, 'REPLACE');
+			}
+		}
+
+		/**
 		 * Set's new unique resource id to user
 		 *
 		 * @param kEvent $event
@@ -595,10 +547,9 @@
 		 */
 		function OnRecommend(&$event)
 		{
-			$object =& $event->getObject();
+			$object =& $event->getObject( Array ('form_name' => 'recommend') );
 			/* @var $object kDBItem */
 
-			$object->setRequired('RecommendEmail');
 			$object->SetFieldsFromHash( $this->getSubmittedFields($event) );
 
 			if ( !$object->ValidateField('RecommendEmail') ) {
@@ -633,13 +584,15 @@
 		 */
 		function OnUpdateAddress(&$event)
 		{
-			$object =& $event->getObject( Array('skip_autoload' => true) );
+			$object =& $event->getObject(Array ('skip_autoload' => true));
+			/* @var $object kDBItem */
 
-			$items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) );
+			$items_info = $this->Application->GetVar($event->getPrefixSpecial(true));
 
-			if ($items_info) {
+			if ( $items_info ) {
 				list ($id, $field_values) = each($items_info);
-				if ($id > 0) {
+				
+				if ( $id > 0 ) {
 					$object->Load($id);
 				}
 
@@ -663,35 +616,29 @@
 		 */
 		function OnSubscribeQuery(&$event)
 		{
-			$user_email = $this->Application->GetVar('subscriber_email');
+			$object =& $event->getObject( Array ('form_name' => 'subscription') );
+			/* @var $object UsersItem */
 
-			if ( preg_match('/^(' . REGEX_EMAIL_USER . '@' . REGEX_EMAIL_DOMAIN . ')$/i', $user_email) ) {
-				$object =& $this->Application->recallObject($this->Prefix . '.subscriber', null, Array('skip_autoload' => true));
-				/* @var $object UsersItem */
+			$object->SetFieldsFromHash( $this->getSubmittedFields($event) );
 
-				$object->Load($user_email, 'Email');
-				$event->SetRedirectParam('subscriber_email', $user_email);
+			if ( !$object->ValidateField('SubscriberEmail') ) {
+				$event->status = kEvent::erFAIL;
 
-				if ( $object->isLoaded() ) {
-					if ( $this->isSubscribed($object) ) {
-						$event->redirect = $this->Application->GetVar('unsubscribe_template');
-					}
-					else {
-						$event->redirect = $this->Application->GetVar('subscribe_template');
-					}
-				}
-				else {
-					$event->redirect = $this->Application->GetVar('subscribe_template');
-				}
+				return ;
 			}
-			else {
-				// used for error reporting only -> rewrite code + theme (by Alex)
-				$object =& $this->Application->recallObject('u', null, Array('skip_autoload' => true)); // TODO: change theme too
-				/* @var $object UsersItem */
 
-				$object->SetError('SubscribeEmail', 'invalid_email', 'lu_InvalidEmail');
-				$event->status = kEvent::erFAIL;
+			$user_email = $object->GetDBField('SubscriberEmail');
+			$object->Load($user_email, 'Email');
+			$event->SetRedirectParam('subscriber_email', $user_email);
+
+			if ( $object->isLoaded() && $object->isSubscribed() ) {
+				$event->redirect = $this->Application->GetVar('unsubscribe_template');
 			}
+			else {
+				$event->redirect = $this->Application->GetVar('subscribe_template');
+			}
+
+			$event->SetRedirectParam('pass', 'm');
 		}
 
 		/**
@@ -701,50 +648,59 @@
 		 */
 		function OnSubscribeUser(&$event)
 		{
-			$object = &$this->Application->recallObject($this->Prefix . '.subscriber', null, Array('skip_autoload' => true));
+			$object =& $event->getObject( Array ('form_name' => 'subscription') );
 			/* @var $object UsersItem */
 
 			$user_email = $this->Application->GetVar('subscriber_email');
+			$object->SetDBField('SubscriberEmail', $user_email);
 
-			if ( preg_match('/^(' . REGEX_EMAIL_USER . '@' . REGEX_EMAIL_DOMAIN . ')$/i', $user_email) ) {
-				$this->RemoveRequiredFields($object);
-				$object->Load($user_email, 'Email');
+			if ( !$object->ValidateField('SubscriberEmail') ) {
+				$event->status = kEvent::erFAIL;
 
-				if ( $object->isLoaded() ) {
-					if ( $this->isSubscribed($object) ) {
-						if ( $event->getEventParam('no_unsubscribe') ) {
-							// for customization code from FormsEventHandler
-							return ;
-						}
+				return ;
+			}
 
-						if ( $object->isSubscriberOnly() ) {
-							$this->Application->SetVar($object->getPrefixSpecial(true) . '_id', $object->GetID());
-							$delete_event = new kEvent($object->getPrefixSpecial() . ':OnDelete');
-							$this->Application->HandleEvent($delete_event);
-						}
-						else {
-							$this->RemoveSubscriberGroup( $object->GetID() );
-						}
+			$this->RemoveRequiredFields($object);
+			$object->Load($user_email, 'Email');
 
-						$event->redirect = $this->Application->GetVar('unsubscribe_ok_template');
+			if ( $object->isLoaded() ) {
+				if ( $object->isSubscribed() ) {
+					if ( $event->getEventParam('no_unsubscribe') ) {
+						// for customization code from FormsEventHandler
+						return ;
 					}
+
+					if ( $object->isSubscriberOnly() ) {
+						$temp_handler =& $this->Application->recallObject($event->Prefix . '_TempHandler', 'kTempTablesHandler');
+						/* @var $temp_handler kTempTablesHandler */
+
+						$temp_handler->DeleteItems($event->Prefix, '', Array($object->GetID()));
+					}
 					else {
-						$this->AddSubscriberGroup($object);
-						$event->redirect = $this->Application->GetVar('subscribe_ok_template');
+						$this->RemoveSubscriberGroup( $object->GetID() );
 					}
+
+					$event->redirect = $this->Application->GetVar('unsubscribe_ok_template');
 				}
 				else {
-					$object->generatePassword();
+					$this->AddSubscriberGroup($object);
+					$event->redirect = $this->Application->GetVar('subscribe_ok_template');
+				}
+			}
+			else {
+				$object->generatePassword();
+				$object->SetDBField('Email', $user_email);
 
-					$object->SetDBField('Email', $user_email);
+				if ( $object->isRequired('Login') )	{
 					$object->SetDBField('Login', $user_email);
-					$object->SetDBField('Status', STATUS_ACTIVE); // make user subscriber Active by default
-					$object->SetDBField('ip', $_SERVER['REMOTE_ADDR']);
+				}
 
-					if ( $object->Create() ) {
-						$this->AddSubscriberGroup($object);
-						$event->redirect = $this->Application->GetVar('subscribe_ok_template');
-					}
+				$object->SetDBField('Status', STATUS_ACTIVE); // make user subscriber Active by default
+				$object->SetDBField('ip', $_SERVER['REMOTE_ADDR']);
+
+				if ( $object->Create() ) {
+					$this->AddSubscriberGroup($object);
+					$event->redirect = $this->Application->GetVar('subscribe_ok_template');
 				}
 			}
 		}
@@ -787,30 +743,14 @@
 		}
 
 		/**
-		 * Checks user subscription status
-		 *
-		 * @param kDBItem $object
-		 * @return bool
-		 */
-		function isSubscribed(&$object)
-		{
-			$group_id = $this->Application->ConfigValue('User_SubscriberGroup');
-
-			$sql = 'SELECT GroupId
-					FROM ' . TABLE_PREFIX . 'UserGroup
-					WHERE (PortalUserId = ' . $object->GetID() . ') AND (GroupId = ' . $group_id . ')';
-
-			return $this->Conn->GetOne($sql);
-		}
-
-		/**
-		 * Checks, that user can reset his password
-		 *
+		 * Validates forgot password form and sends password reset confirmation e-mail
+		 * 
 		 * @param kEvent $event
+		 * @return void
 		 */
 		function OnForgotPassword(&$event)
 		{
-			$object =& $event->getObject();
+			$object =& $event->getObject( Array ('form_name' => 'forgot_password') );
 			/* @var $object kDBItem */
 
 			$object->SetFieldsFromHash( $this->getSubmittedFields($event) );
@@ -873,28 +813,34 @@
 		{
 			parent::OnUpdate($event);
 
-			$this->setNextTemplate($event);
+			if ( !$this->Application->isAdmin ) {
+				$this->setNextTemplate($event);
+			}
 		}
 
 		/**
 		 * Checks state against country
 		 *
 		 * @param kEvent $event
+		 * @return void
+		 * @access protected
 		 */
-		function OnBeforeItemUpdate(&$event)
+		protected function OnBeforeItemUpdate(&$event)
 		{
 			parent::OnBeforeItemUpdate($event);
 
+			$this->beforeItemChanged($event);
+
 			$cs_helper =& $this->Application->recallObject('CountryStatesHelper');
 			/* @var $cs_helper kCountryStatesHelper */
 
 			$cs_helper->CheckStateField($event, 'State', 'Country');
 			$cs_helper->PopulateStates($event, 'State', 'Country');
 
-			if ($event->Special == 'forgot') {
-				$object =& $event->getObject();
-				/* @var $object kDBItem */
+			$object =& $event->getObject();
+			/* @var $object kDBItem */
 
+			if ($event->Special == 'forgot') {
 				$object->SetDBField('PwResetConfirm', '');
 				$object->SetDBField('PwRequestTime_date', NULL);
 				$object->SetDBField('PwRequestTime_time', NULL);
@@ -909,26 +855,72 @@
 		}
 
 		/**
-		 * Enter description here...
+		 * Occurs before item is changed
 		 *
 		 * @param kEvent $event
 		 */
-		function setNextTemplate(&$event)
+		function beforeItemChanged(&$event)
 		{
-			if ($this->Application->isAdmin) {
-				return ;
+			$object =& $event->getObject();
+			/* @var $object UsersItem */
+
+			if ( !$this->Application->isAdmin && $object->getFormName() == 'registration' ) {
+				// sets new user's status based on config options
+				$status_map = Array (1 => STATUS_ACTIVE, 2 => STATUS_DISABLED, 3 => STATUS_PENDING, 4 => STATUS_PENDING);
+				$object->SetDBField('Status', $status_map[ $this->Application->ConfigValue('User_Allow_New') ]);
+
+				if ( $this->Application->ConfigValue('User_Password_Auto') ) {
+					$object->generatePassword( rand(5, 8) );
+				}
+
+				if ( $this->Application->ConfigValue('RegistrationCaptcha') ) {
+					$captcha_helper =& $this->Application->recallObject('CaptchaHelper');
+					/* @var $captcha_helper kCaptchaHelper */
+
+					$captcha_helper->validateCode($event, false);
+				}
+
+				if ( $event->Name == 'OnBeforeItemUpdate' ) {
+					// when a subscriber-only users performs normal registration, then assign him to Member group
+					$this->setUserGroup($object);
+				}
 			}
+		}
 
+		/**
+		 * Sets redirect template based on user status & user request contents
+		 *
+		 * @param kEvent $event
+		 * @param bool $for_registration
+		 */
+		function setNextTemplate(&$event, $for_registration = false)
+		{
 			$event->SetRedirectParam('opener', 's');
+
 			$object =& $event->getObject();
+			/* @var $object UsersItem */
 
-			if ($object->GetDBField('Status') == STATUS_ACTIVE) {
+			$next_template = false;
+
+			if ( $object->GetDBField('Status') == STATUS_ACTIVE && $this->Application->GetVar('next_template') ) {
 				$next_template = $this->Application->GetVar('next_template');
+			}
+			elseif ( $for_registration ) {
+				switch ( $this->Application->ConfigValue('User_Allow_New') ) {
+					case 1: // Immediate
+						$next_template = $this->Application->GetVar('registration_confirm_template');
+						break;
 
-				if ($next_template) {
-					$event->redirect = $next_template;
+					case 3: // Upon Approval
+					case 4: // Email Activation
+						$next_template = $this->Application->GetVar('registration_confirm_pending_template');
+						break;
 				}
 			}
+
+			if ($next_template) {
+				$event->redirect = $next_template;
+			}
 		}
 
 		/**
@@ -982,17 +974,21 @@
 		}
 
 		/**
-		 * Enter description here...
+		 * Used to keep user registration form data, while showing affiliate registration form fields
 		 *
 		 * @param kEvent $event
+		 * @return void
+		 * @access protected
 		 */
-		function OnRefreshForm(&$event)
+		protected function OnRefreshForm(&$event)
 		{
 			$event->redirect = false;
-			$item_info = $this->Application->GetVar($event->getPrefixSpecial());
+			$item_info = $this->Application->GetVar( $event->getPrefixSpecial(true) );
 			list($id, $fields) = each($item_info);
 
-			$object =& $event->getObject( Array('skip_autoload' => true) );
+			$object =& $event->getObject( Array ('skip_autoload' => true) );
+			/* @var $object kDBItem */
+
 			$object->setID($id);
 			$object->IgnoreValidation = true;
 			$object->SetFieldsFromHash($fields);
@@ -1075,36 +1071,42 @@
 		 * Allows to change root password
 		 *
 		 * @param kEvent $event
+		 * @return void
+		 * @access protected
 		 */
-		function OnUpdatePassword(&$event)
+		protected function OnUpdatePassword(&$event)
 		{
-			$items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) );
-			if (!$items_info) return ;
+			$items_info = $this->Application->GetVar($event->getPrefixSpecial(true));
+			if ( !$items_info ) {
+				return;
+			}
+
 			list ($id, $field_values) = each($items_info);
 			$user_id = $this->Application->RecallVar('user_id');
-			if ($id == $user_id && ($user_id > 0 || $user_id == USER_ROOT)) {
-				$user_dummy =& $this->Application->recallObject($event->Prefix.'.-item', null, Array('skip_autoload' => true));
+
+			if ( $id == $user_id && ($user_id > 0 || $user_id == USER_ROOT) ) {
+				$user_dummy =& $this->Application->recallObject($event->Prefix . '.-item', null, Array ('skip_autoload' => true));
 				/* @var $user_dummy kDBItem */
 
 				$user_dummy->Load($id);
-				$status_field = array_shift($this->Application->getUnitOption($event->Prefix, 'StatusField'));
+				$status_field = array_shift( $this->Application->getUnitOption($event->Prefix, 'StatusField') );
 
-				if ($user_dummy->GetDBField($status_field) != STATUS_ACTIVE) {
+				if ( $user_dummy->GetDBField($status_field) != STATUS_ACTIVE ) {
 					// not active user is not allowed to update his record (he could not activate himself manually)
-					return false;
+					return ;
 				}
 			}
 
-			if ($user_id == USER_ROOT) {
-				$object =& $event->getObject( Array('skip_autoload' => true) );
+			if ( $user_id == USER_ROOT ) {
+				$object =& $event->getObject(Array ('skip_autoload' => true));
 				/* @var $object UsersItem */
 
 				// put salt to user's config
 				$field_options = $object->GetFieldOptions('RootPassword');
 				$field_options['salt'] = 'b38';
 
 				// this is internal hack to allow root/root passwords for dev
-				if ($this->Application->isDebugMode() && $field_values['RootPassword'] == 'root') {
+				if ( $this->Application->isDebugMode() && $field_values['RootPassword'] == 'root' ) {
 					$field_options['min_length'] = 4;
 				}
 
@@ -1116,65 +1118,35 @@
 
 				$this->RemoveRequiredFields($object);
 				$object->SetDBField('RootPassword', $this->Application->ConfigValue('RootPass'));
-	 			$object->SetFieldsFromHash($field_values);
-	 			$object->setID(-1);
-	 			$status = $object->Validate();
-				if ($status) {
+				$object->SetFieldsFromHash($field_values);
+				$object->setID(-1);
+
+				if ( $object->Validate() ) {
 					// validation on, password match too
-					$fields_hash = 	Array (
-						'VariableValue' => $object->GetDBField('RootPassword')
-					);
+					$fields_hash = Array ('VariableValue' => $object->GetDBField('RootPassword'));
 					$conf_table = $this->Application->getUnitOption('conf', 'TableName');
 					$this->Conn->doUpdate($fields_hash, $conf_table, 'VariableName = "RootPass"');
 					$event->SetRedirectParam('opener', 'u');
 				}
 				else {
 					$event->status = kEvent::erFAIL;
 					$event->redirect = false;
-					return;
+					return ;
 				}
 			}
 			else {
 				$object =& $event->getObject();
 				$object->SetFieldsFromHash($field_values);
 
-				if (!$object->Update()) {
+				if ( !$object->Update() ) {
 					$event->status = kEvent::erFAIL;
 					$event->redirect = false;
 				}
 			}
 
 			$event->SetRedirectParam('opener', 'u');
-			$event->redirect == true;
 		}
 
-		/**
-		 * Apply custom processing to item
-		 *
-		 * @param kEvent $event
-		 */
-		function customProcessing(&$event, $type)
-		{
-			if ($event->Name == 'OnCreate' && $type == 'before') {
-				$object =& $event->getObject();
-				/* @var $object kDBItem */
-
-				// if auto password has not been set already - store real one - to be used in email events
-				if (!$this->Application->GetVar('user_password')) {
-					$this->Application->SetVar('user_password', $object->GetDirtyField('Password'));
-					$object->SetDBField('Password_plain', $object->GetDirtyField('Password'));
-				}
-
-				// validate here, because subscribing procedure should not validate captcha code
-				if ($this->Application->ConfigValue('RegistrationCaptcha')) {
-					$captcha_helper =& $this->Application->recallObject('CaptchaHelper');
-					/* @var $captcha_helper kCaptchaHelper */
-
-					$captcha_helper->validateCode($event, false);
-				}
-			}
-		}
-
 		function OnMassResetSettings(&$event)
 		{
 			if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
@@ -1243,7 +1215,7 @@
 		 *
 		 * @param kEvent $event
 		 */
-		function afterItemChanged(&$event)
+		protected function afterItemChanged(&$event)
 		{
 			$this->saveUserImages($event);
 
@@ -1263,16 +1235,17 @@
 		 * Stores user's original Status before overwriting with data from temp table
 		 *
 		 * @param kEvent $event
+		 * @return void
+		 * @access protected
 		 */
-		function OnBeforeDeleteFromLive(&$event)
+		protected function OnBeforeDeleteFromLive(&$event)
 		{
-			$user_status = $this->Application->GetVar('user_status');
-			if (!$user_status) {
-				$user_status = Array ();
-			}
+			parent::OnBeforeDeleteFromLive($event);
 
 			$user_id = $event->getEventParam('id');
-			if ($user_id > 0) {
+			$user_status = $this->Application->GetVar('user_status', Array ());
+
+			if ( $user_id > 0 ) {
 				$user_status[$user_id] = $this->getUserStatus($user_id);
 				$this->Application->SetVar('user_status', $user_status);
 			}
@@ -1375,7 +1348,8 @@
 		{
 			parent::OnAfterConfigRead($event);
 
-			$fields = $this->Application->getUnitOption($event->Prefix, 'Fields');
+			$forms = $this->Application->getUnitOption($event->Prefix, 'Forms');
+			$form_fields =& $forms['default']['Fields'];
 
 			// 1. arrange user registration countries
 			$site_helper =& $this->Application->recallObject('SiteHelper');
@@ -1389,15 +1363,15 @@
 
 			if ($first_country) {
 				// update user country dropdown sql
-				$fields['Country']['options_sql'] = preg_replace('/ORDER BY (.*)/', 'ORDER BY IF (CountryStateId = '.$first_country.', 1, 0) DESC, \\1', $fields['Country']['options_sql']);
+				$form_fields['Country']['options_sql'] = preg_replace('/ORDER BY (.*)/', 'ORDER BY IF (CountryStateId = '.$first_country.', 1, 0) DESC, \\1', $form_fields['Country']['options_sql']);
 			}
 
 			$max_username = $this->Application->ConfigValue('MaxUserName');
 			$fields['Login']['min_len'] = $this->Application->ConfigValue('Min_UserName');
 			$fields['Login']['max_len'] = $max_username ? $max_username : 255;
 
 			// 2. set default user registration group
-			$fields['PrimaryGroupId']['default'] = $this->Application->ConfigValue('User_NewGroup');
+			$form_fields['PrimaryGroupId']['default'] = $this->Application->ConfigValue('User_NewGroup');
 
 			// 3. allow avatar upload on Front-End
 			$file_helper =& $this->Application->recallObject('FileHelper');
@@ -1407,7 +1381,7 @@
 
 			if ($this->Application->isAdminUser) {
 				// 4. when in administrative console, then create all users with Active status
-				$fields['Status']['default'] = STATUS_ACTIVE;
+				$form_fields['Status']['default'] = STATUS_ACTIVE;
 
 				// 5. remove groups tab on editing forms when AdvancedUserManagement config variable not set
 				if (!$this->Application->ConfigValue('AdvancedUserManagement')) {
@@ -1430,10 +1404,10 @@
 
 			if ( !$this->Application->ConfigValue('Email_As_Login') ) {
 				// Login becomes required only, when it's used in registration process
-				$fields['Login']['required'] = 1;
+				$form_fields['Login']['required'] = 1;
 			}
 
-			$this->Application->setUnitOption($event->Prefix, 'Fields', $fields);
+			$this->Application->setUnitOption($event->Prefix, 'Forms', $forms);
 		}
 
 		/**
@@ -1460,9 +1434,13 @@
 		 * When cloning users, reset password (set random)
 		 *
 		 * @param kEvent $event
+		 * @return void
+		 * @access protected
 		 */
-		function OnBeforeClone(&$event)
+		protected function OnBeforeClone(&$event)
 		{
+			parent::OnBeforeClone($event);
+			
 			$object =& $event->getObject();
 			/* @var $object UsersItem */
 
@@ -1539,8 +1517,10 @@
 		 * Loads user images
 		 *
 		 * @param kEvent $event
+		 * @return void
+		 * @access protected
 		 */
-		function OnAfterItemLoad(&$event)
+		protected function OnAfterItemLoad(&$event)
 		{
 			parent::OnAfterItemLoad($event);
 
@@ -1582,21 +1562,23 @@
 		 * Makes password required for new users
 		 *
 		 * @param kEvent $event
+		 * @return void
+		 * @access protected
 		 */
 		function OnPreCreate(&$event)
 		{
 			parent::OnPreCreate($event);
 
-			if ($event->status != kEvent::erSUCCESS) {
-				return ;
+			if ( $event->status != kEvent::erSUCCESS ) {
+				return;
 			}
 
 			$object =& $event->getObject();
 			/* @var $object kDBItem */
 
 			$user_type = $this->Application->GetVar('user_type');
 
-			if ($user_type) {
+			if ( $user_type ) {
 				$object->SetDBField('UserType', $user_type);
 
 				if ( $user_type == UserType::ADMIN ) {
@@ -1616,41 +1598,27 @@
 		 *
 		 * @param kEvent $event
 		 */
-		function OnNew(&$event)
-		{
-			parent::OnNew($event);
-
-			if ($event->status == kEvent::erSUCCESS) {
-				$this->_makePasswordRequired($event);
-			}
-		}
-
-		/**
-		 * Makes password required for new users
-		 *
-		 * @param kEvent $event
-		 */
 		function _makePasswordRequired(&$event)
 		{
 			$object =& $event->getObject();
 			/* @var $object kDBItem */
 
 			$required_fields = Array ('Password', 'Password_plain', 'VerifyPassword', 'VerifyPassword_plain');
-			foreach ($required_fields as $required_field) {
-				$object->setRequired($required_field);
-			}
+			$object->setRequired($required_fields);
 		}
 
 		/**
 		 * Load item if id is available
 		 *
 		 * @param kEvent $event
+		 * @return void
+		 * @access protected
 		 */
-		function LoadItem(&$event)
+		protected function LoadItem(&$event)
 		{
 			$id = $this->getPassedID($event);
 
-			if ($id < 0) {
+			if ( $id < 0 ) {
 				// when root, guest and so on
 
 				$object =& $event->getObject();