defr/drupal/core: modules/user/user.module annotate

annotate modules/user/user.module @ 12:4ca9f57cc4d4

Added tag 6.5 for changeset 589fb7c02327

author	Franck Deroche <webmaster@defr.org>
date	Tue, 23 Dec 2008 14:32:19 +0100
parents	589fb7c02327
children	4347c45bb494

rev	line source
webmaster@1	1 <?php
webmaster@11	2 // $Id: user.module,v 1.892.2.8 2008/10/08 20:12:18 goba Exp $
webmaster@1	3
webmaster@1	4 /**
webmaster@1	5 * @file
webmaster@1	6 * Enables the user registration and login system.
webmaster@1	7 */
webmaster@1	8
webmaster@1	9 define('USERNAME_MAX_LENGTH', 60);
webmaster@1	10 define('EMAIL_MAX_LENGTH', 64);
webmaster@1	11
webmaster@1	12 /**
webmaster@1	13 * Invokes hook_user() in every module.
webmaster@1	14 *
webmaster@1	15 * We cannot use module_invoke() for this, because the arguments need to
webmaster@1	16 * be passed by reference.
webmaster@1	17 */
webmaster@1	18 function user_module_invoke($type, &$array, &$user, $category = NULL) {
webmaster@1	19 foreach (module_list() as $module) {
webmaster@1	20 $function = $module .'_user';
webmaster@1	21 if (function_exists($function)) {
webmaster@1	22 $function($type, $array, $user, $category);
webmaster@1	23 }
webmaster@1	24 }
webmaster@1	25 }
webmaster@1	26
webmaster@1	27 /**
webmaster@1	28 * Implementation of hook_theme().
webmaster@1	29 */
webmaster@1	30 function user_theme() {
webmaster@1	31 return array(
webmaster@1	32 'user_picture' => array(
webmaster@1	33 'arguments' => array('account' => NULL),
webmaster@1	34 'template' => 'user-picture',
webmaster@1	35 ),
webmaster@1	36 'user_profile' => array(
webmaster@1	37 'arguments' => array('account' => NULL),
webmaster@1	38 'template' => 'user-profile',
webmaster@1	39 'file' => 'user.pages.inc',
webmaster@1	40 ),
webmaster@1	41 'user_profile_category' => array(
webmaster@1	42 'arguments' => array('element' => NULL),
webmaster@1	43 'template' => 'user-profile-category',
webmaster@1	44 'file' => 'user.pages.inc',
webmaster@1	45 ),
webmaster@1	46 'user_profile_item' => array(
webmaster@1	47 'arguments' => array('element' => NULL),
webmaster@1	48 'template' => 'user-profile-item',
webmaster@1	49 'file' => 'user.pages.inc',
webmaster@1	50 ),
webmaster@1	51 'user_list' => array(
webmaster@1	52 'arguments' => array('users' => NULL, 'title' => NULL),
webmaster@1	53 ),
webmaster@1	54 'user_admin_perm' => array(
webmaster@1	55 'arguments' => array('form' => NULL),
webmaster@1	56 'file' => 'user.admin.inc',
webmaster@1	57 ),
webmaster@1	58 'user_admin_new_role' => array(
webmaster@1	59 'arguments' => array('form' => NULL),
webmaster@1	60 'file' => 'user.admin.inc',
webmaster@1	61 ),
webmaster@1	62 'user_admin_account' => array(
webmaster@1	63 'arguments' => array('form' => NULL),
webmaster@1	64 'file' => 'user.admin.inc',
webmaster@1	65 ),
webmaster@1	66 'user_filter_form' => array(
webmaster@1	67 'arguments' => array('form' => NULL),
webmaster@1	68 'file' => 'user.admin.inc',
webmaster@1	69 ),
webmaster@1	70 'user_filters' => array(
webmaster@1	71 'arguments' => array('form' => NULL),
webmaster@1	72 'file' => 'user.admin.inc',
webmaster@1	73 ),
webmaster@1	74 'user_signature' => array(
webmaster@1	75 'arguments' => array('signature' => NULL),
webmaster@1	76 ),
webmaster@1	77 );
webmaster@1	78 }
webmaster@1	79
webmaster@1	80 function user_external_load($authname) {
webmaster@1	81 $result = db_query("SELECT uid FROM {authmap} WHERE authname = '%s'", $authname);
webmaster@1	82
webmaster@1	83 if ($user = db_fetch_array($result)) {
webmaster@1	84 return user_load($user);
webmaster@1	85 }
webmaster@1	86 else {
webmaster@1	87 return 0;
webmaster@1	88 }
webmaster@1	89 }
webmaster@1	90
webmaster@1	91 /**
webmaster@1	92 * Perform standard Drupal login operations for a user object.
webmaster@1	93 *
webmaster@1	94 * The user object must already be authenticated. This function verifies
webmaster@1	95 * that the user account is not blocked/denied and then performs the login,
webmaster@1	96 * updates the login timestamp in the database, invokes hook_user('login'),
webmaster@1	97 * and regenerates the session.
webmaster@1	98 *
webmaster@1	99 * @param $account
webmaster@1	100 * An authenticated user object to be set as the currently logged
webmaster@1	101 * in user.
webmaster@1	102 * @param $edit
webmaster@1	103 * The array of form values submitted by the user, if any.
webmaster@1	104 * This array is passed to hook_user op login.
webmaster@1	105 * @return boolean
webmaster@1	106 * TRUE if the login succeeds, FALSE otherwise.
webmaster@1	107 */
webmaster@1	108 function user_external_login($account, $edit = array()) {
webmaster@1	109 $form = drupal_get_form('user_login');
webmaster@1	110
webmaster@1	111 $state['values'] = $edit;
webmaster@1	112 if (empty($state['values']['name'])) {
webmaster@1	113 $state['values']['name'] = $account->name;
webmaster@1	114 }
webmaster@1	115
webmaster@1	116 // Check if user is blocked or denied by access rules.
webmaster@1	117 user_login_name_validate($form, $state, (array)$account);
webmaster@1	118 if (form_get_errors()) {
webmaster@1	119 // Invalid login.
webmaster@1	120 return FALSE;
webmaster@1	121 }
webmaster@1	122
webmaster@1	123 // Valid login.
webmaster@1	124 global $user;
webmaster@1	125 $user = $account;
webmaster@1	126 user_authenticate_finalize($state['values']);
webmaster@1	127 return TRUE;
webmaster@1	128 }
webmaster@1	129
webmaster@1	130 /**
webmaster@1	131 * Fetch a user object.
webmaster@1	132 *
webmaster@1	133 * @param $array
webmaster@1	134 * An associative array of attributes to search for in selecting the
webmaster@1	135 * user, such as user name or e-mail address.
webmaster@1	136 *
webmaster@1	137 * @return
webmaster@1	138 * A fully-loaded $user object upon successful user load or FALSE if user
webmaster@1	139 * cannot be loaded.
webmaster@1	140 */
webmaster@1	141 function user_load($array = array()) {
webmaster@1	142 // Dynamically compose a SQL query:
webmaster@1	143 $query = array();
webmaster@1	144 $params = array();
webmaster@1	145
webmaster@1	146 if (is_numeric($array)) {
webmaster@1	147 $array = array('uid' => $array);
webmaster@1	148 }
webmaster@1	149 elseif (!is_array($array)) {
webmaster@1	150 return FALSE;
webmaster@1	151 }
webmaster@1	152
webmaster@1	153 foreach ($array as $key => $value) {
webmaster@1	154 if ($key == 'uid' \|\| $key == 'status') {
webmaster@1	155 $query[] = "$key = %d";
webmaster@1	156 $params[] = $value;
webmaster@1	157 }
webmaster@1	158 else if ($key == 'pass') {
webmaster@1	159 $query[] = "pass = '%s'";
webmaster@1	160 $params[] = md5($value);
webmaster@1	161 }
webmaster@1	162 else {
webmaster@1	163 $query[]= "LOWER($key) = LOWER('%s')";
webmaster@1	164 $params[] = $value;
webmaster@1	165 }
webmaster@1	166 }
webmaster@1	167 $result = db_query('SELECT * FROM {users} u WHERE '. implode(' AND ', $query), $params);
webmaster@1	168
webmaster@1	169 if ($user = db_fetch_object($result)) {
webmaster@1	170 $user = drupal_unpack($user);
webmaster@1	171
webmaster@1	172 $user->roles = array();
webmaster@1	173 if ($user->uid) {
webmaster@1	174 $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
webmaster@1	175 }
webmaster@1	176 else {
webmaster@1	177 $user->roles[DRUPAL_ANONYMOUS_RID] = 'anonymous user';
webmaster@1	178 }
webmaster@1	179 $result = db_query('SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
webmaster@1	180 while ($role = db_fetch_object($result)) {
webmaster@1	181 $user->roles[$role->rid] = $role->name;
webmaster@1	182 }
webmaster@1	183 user_module_invoke('load', $array, $user);
webmaster@1	184 }
webmaster@1	185 else {
webmaster@1	186 $user = FALSE;
webmaster@1	187 }
webmaster@1	188
webmaster@1	189 return $user;
webmaster@1	190 }
webmaster@1	191
webmaster@1	192 /**
webmaster@1	193 * Save changes to a user account or add a new user.
webmaster@1	194 *
webmaster@1	195 * @param $account
webmaster@1	196 * The $user object for the user to modify or add. If $user->uid is
webmaster@1	197 * omitted, a new user will be added.
webmaster@1	198 *
webmaster@1	199 * @param $array
webmaster@1	200 * (optional) An array of fields and values to save. For example,
webmaster@1	201 * array('name' => 'My name'); Setting a field to NULL deletes it from
webmaster@1	202 * the data column.
webmaster@1	203 *
webmaster@1	204 * @param $category
webmaster@1	205 * (optional) The category for storing profile information in.
webmaster@1	206 *
webmaster@1	207 * @return
webmaster@1	208 * A fully-loaded $user object upon successful save or FALSE if the save failed.
webmaster@1	209 */
webmaster@1	210 function user_save($account, $array = array(), $category = 'account') {
webmaster@1	211 // Dynamically compose a SQL query:
webmaster@1	212 $user_fields = user_fields();
webmaster@1	213 if (is_object($account) && $account->uid) {
webmaster@1	214 user_module_invoke('update', $array, $account, $category);
webmaster@1	215 $query = '';
webmaster@1	216 $data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid)));
webmaster@1	217 // Consider users edited by an administrator as logged in, if they haven't
webmaster@1	218 // already, so anonymous users can view the profile (if allowed).
webmaster@1	219 if (empty($array['access']) && empty($account->access) && user_access('administer users')) {
webmaster@1	220 $array['access'] = time();
webmaster@1	221 }
webmaster@1	222 foreach ($array as $key => $value) {
webmaster@1	223 if ($key == 'pass' && !empty($value)) {
webmaster@1	224 $query .= "$key = '%s', ";
webmaster@1	225 $v[] = md5($value);
webmaster@1	226 }
webmaster@1	227 else if ((substr($key, 0, 4) !== 'auth') && ($key != 'pass')) {
webmaster@1	228 if (in_array($key, $user_fields)) {
webmaster@1	229 // Save standard fields.
webmaster@1	230 $query .= "$key = '%s', ";
webmaster@1	231 $v[] = $value;
webmaster@1	232 }
webmaster@1	233 else if ($key != 'roles') {
webmaster@1	234 // Roles is a special case: it used below.
webmaster@1	235 if ($value === NULL) {
webmaster@1	236 unset($data[$key]);
webmaster@1	237 }
webmaster@1	238 else {
webmaster@1	239 $data[$key] = $value;
webmaster@1	240 }
webmaster@1	241 }
webmaster@1	242 }
webmaster@1	243 }
webmaster@1	244 $query .= "data = '%s' ";
webmaster@1	245 $v[] = serialize($data);
webmaster@1	246
webmaster@1	247 $success = db_query("UPDATE {users} SET $query WHERE uid = %d", array_merge($v, array($account->uid)));
webmaster@1	248 if (!$success) {
webmaster@1	249 // The query failed - better to abort the save than risk further data loss.
webmaster@1	250 return FALSE;
webmaster@1	251 }
webmaster@1	252
webmaster@1	253 // Reload user roles if provided.
webmaster@1	254 if (isset($array['roles']) && is_array($array['roles'])) {
webmaster@1	255 db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
webmaster@1	256
webmaster@1	257 foreach (array_keys($array['roles']) as $rid) {
webmaster@1	258 if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
webmaster@1	259 db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $account->uid, $rid);
webmaster@1	260 }
webmaster@1	261 }
webmaster@1	262 }
webmaster@1	263
webmaster@1	264 // Delete a blocked user's sessions to kick them if they are online.
webmaster@1	265 if (isset($array['status']) && $array['status'] == 0) {
webmaster@1	266 sess_destroy_uid($account->uid);
webmaster@1	267 }
webmaster@1	268
webmaster@1	269 // If the password changed, delete all open sessions and recreate
webmaster@1	270 // the current one.
webmaster@1	271 if (!empty($array['pass'])) {
webmaster@1	272 sess_destroy_uid($account->uid);
webmaster@1	273 sess_regenerate();
webmaster@1	274 }
webmaster@1	275
webmaster@1	276 // Refresh user object.
webmaster@1	277 $user = user_load(array('uid' => $account->uid));
webmaster@1	278
webmaster@1	279 // Send emails after we have the new user object.
webmaster@1	280 if (isset($array['status']) && $array['status'] != $account->status) {
webmaster@1	281 // The user's status is changing; conditionally send notification email.
webmaster@1	282 $op = $array['status'] == 1 ? 'status_activated' : 'status_blocked';
webmaster@1	283 _user_mail_notify($op, $user);
webmaster@1	284 }
webmaster@1	285
webmaster@1	286 user_module_invoke('after_update', $array, $user, $category);
webmaster@1	287 }
webmaster@1	288 else {
webmaster@1	289 // Allow 'created' to be set by the caller.
webmaster@1	290 if (!isset($array['created'])) {
webmaster@1	291 $array['created'] = time();
webmaster@1	292 }
webmaster@1	293 // Consider users created by an administrator as already logged in, so
webmaster@1	294 // anonymous users can view the profile (if allowed).
webmaster@1	295 if (empty($array['access']) && user_access('administer users')) {
webmaster@1	296 $array['access'] = time();
webmaster@1	297 }
webmaster@1	298
webmaster@1	299 // Note: we wait to save the data column to prevent module-handled
webmaster@1	300 // fields from being saved there. We cannot invoke hook_user('insert') here
webmaster@1	301 // because we don't have a fully initialized user object yet.
webmaster@1	302 foreach ($array as $key => $value) {
webmaster@1	303 switch ($key) {
webmaster@1	304 case 'pass':
webmaster@1	305 $fields[] = $key;
webmaster@1	306 $values[] = md5($value);
webmaster@1	307 $s[] = "'%s'";
webmaster@1	308 break;
webmaster@1	309 case 'mode': case 'sort': case 'timezone':
webmaster@1	310 case 'threshold': case 'created': case 'access':
webmaster@1	311 case 'login': case 'status':
webmaster@1	312 $fields[] = $key;
webmaster@1	313 $values[] = $value;
webmaster@1	314 $s[] = "%d";
webmaster@1	315 break;
webmaster@1	316 default:
webmaster@1	317 if (substr($key, 0, 4) !== 'auth' && in_array($key, $user_fields)) {
webmaster@1	318 $fields[] = $key;
webmaster@1	319 $values[] = $value;
webmaster@1	320 $s[] = "'%s'";
webmaster@1	321 }
webmaster@1	322 break;
webmaster@1	323 }
webmaster@1	324 }
webmaster@1	325 $success = db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
webmaster@1	326 if (!$success) {
webmaster@1	327 // On a failed INSERT some other existing user's uid may be returned.
webmaster@1	328 // We must abort to avoid overwriting their account.
webmaster@1	329 return FALSE;
webmaster@1	330 }
webmaster@1	331
webmaster@1	332 // Build the initial user object.
webmaster@1	333 $array['uid'] = db_last_insert_id('users', 'uid');
webmaster@1	334 $user = user_load(array('uid' => $array['uid']));
webmaster@1	335
webmaster@1	336 user_module_invoke('insert', $array, $user, $category);
webmaster@1	337
webmaster@1	338 // Build and save the serialized data field now.
webmaster@1	339 $data = array();
webmaster@1	340 foreach ($array as $key => $value) {
webmaster@1	341 if ((substr($key, 0, 4) !== 'auth') && ($key != 'roles') && (!in_array($key, $user_fields)) && ($value !== NULL)) {
webmaster@1	342 $data[$key] = $value;
webmaster@1	343 }
webmaster@1	344 }
webmaster@1	345 db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid);
webmaster@1	346
webmaster@1	347 // Save user roles (delete just to be safe).
webmaster@1	348 if (isset($array['roles']) && is_array($array['roles'])) {
webmaster@1	349 db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
webmaster@1	350 foreach (array_keys($array['roles']) as $rid) {
webmaster@1	351 if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
webmaster@1	352 db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
webmaster@1	353 }
webmaster@1	354 }
webmaster@1	355 }
webmaster@1	356
webmaster@1	357 // Build the finished user object.
webmaster@1	358 $user = user_load(array('uid' => $array['uid']));
webmaster@1	359 }
webmaster@1	360
webmaster@1	361 // Save distributed authentication mappings.
webmaster@1	362 $authmaps = array();
webmaster@1	363 foreach ($array as $key => $value) {
webmaster@1	364 if (substr($key, 0, 4) == 'auth') {
webmaster@1	365 $authmaps[$key] = $value;
webmaster@1	366 }
webmaster@1	367 }
webmaster@1	368 if (sizeof($authmaps) > 0) {
webmaster@1	369 user_set_authmaps($user, $authmaps);
webmaster@1	370 }
webmaster@1	371
webmaster@1	372 return $user;
webmaster@1	373 }
webmaster@1	374
webmaster@1	375 /**
webmaster@1	376 * Verify the syntax of the given name.
webmaster@1	377 */
webmaster@1	378 function user_validate_name($name) {
webmaster@1	379 if (!strlen($name)) return t('You must enter a username.');
webmaster@1	380 if (substr($name, 0, 1) == ' ') return t('The username cannot begin with a space.');
webmaster@1	381 if (substr($name, -1) == ' ') return t('The username cannot end with a space.');
webmaster@1	382 if (strpos($name, ' ') !== FALSE) return t('The username cannot contain multiple spaces in a row.');
webmaster@1	383 if (ereg("[^\x80-\xF7 [:alnum:]@_.-]", $name)) return t('The username contains an illegal character.');
webmaster@1	384 if (preg_match('/[\x{80}-\x{A0}'. // Non-printable ISO-8859-1 + NBSP
webmaster@1	385 '\x{AD}'. // Soft-hyphen
webmaster@1	386 '\x{2000}-\x{200F}'. // Various space characters
webmaster@1	387 '\x{2028}-\x{202F}'. // Bidirectional text overrides
webmaster@1	388 '\x{205F}-\x{206F}'. // Various text hinting characters
webmaster@1	389 '\x{FEFF}'. // Byte order mark
webmaster@1	390 '\x{FF01}-\x{FF60}'. // Full-width latin
webmaster@1	391 '\x{FFF9}-\x{FFFD}'. // Replacement characters
webmaster@1	392 '\x{0}]/u', // NULL byte
webmaster@1	393 $name)) {
webmaster@1	394 return t('The username contains an illegal character.');
webmaster@1	395 }
webmaster@1	396 if (strpos($name, '@') !== FALSE && !eregi('@([0-9a-z](-?[0-9a-z])*.)+[a-z]{2}([zmuvtg]\|fo\|me)?$', $name)) return t('The username is not a valid authentication ID.');
webmaster@1	397 if (strlen($name) > USERNAME_MAX_LENGTH) return t('The username %name is too long: it must be %max characters or less.', array('%name' => $name, '%max' => USERNAME_MAX_LENGTH));
webmaster@1	398 }
webmaster@1	399
webmaster@1	400 function user_validate_mail($mail) {
webmaster@1	401 if (!$mail) return t('You must enter an e-mail address.');
webmaster@1	402 if (!valid_email_address($mail)) {
webmaster@1	403 return t('The e-mail address %mail is not valid.', array('%mail' => $mail));
webmaster@1	404 }
webmaster@1	405 }
webmaster@1	406
webmaster@1	407 function user_validate_picture(&$form, &$form_state) {
webmaster@1	408 // If required, validate the uploaded picture.
webmaster@1	409 $validators = array(
webmaster@1	410 'file_validate_is_image' => array(),
webmaster@1	411 'file_validate_image_resolution' => array(variable_get('user_picture_dimensions', '85x85')),
webmaster@1	412 'file_validate_size' => array(variable_get('user_picture_file_size', '30') * 1024),
webmaster@1	413 );
webmaster@1	414 if ($file = file_save_upload('picture_upload', $validators)) {
webmaster@1	415 // Remove the old picture.
webmaster@1	416 if (isset($form_state['values']['_account']->picture) && file_exists($form_state['values']['_account']->picture)) {
webmaster@1	417 file_delete($form_state['values']['_account']->picture);
webmaster@1	418 }
webmaster@1	419
webmaster@1	420 // The image was saved using file_save_upload() and was added to the
webmaster@1	421 // files table as a temporary file. We'll make a copy and let the garbage
webmaster@1	422 // collector delete the original upload.
webmaster@1	423 $info = image_get_info($file->filepath);
webmaster@1	424 $destination = variable_get('user_picture_path', 'pictures') .'/picture-'. $form['#uid'] .'.'. $info['extension'];
webmaster@1	425 if (file_copy($file, $destination, FILE_EXISTS_REPLACE)) {
webmaster@1	426 $form_state['values']['picture'] = $file->filepath;
webmaster@1	427 }
webmaster@1	428 else {
webmaster@1	429 form_set_error('picture_upload', t("Failed to upload the picture image; the %directory directory doesn't exist or is not writable.", array('%directory' => variable_get('user_picture_path', 'pictures'))));
webmaster@1	430 }
webmaster@1	431 }
webmaster@1	432 }
webmaster@1	433
webmaster@1	434 /**
webmaster@1	435 * Generate a random alphanumeric password.
webmaster@1	436 */
webmaster@1	437 function user_password($length = 10) {
webmaster@1	438 // This variable contains the list of allowable characters for the
webmaster@1	439 // password. Note that the number 0 and the letter 'O' have been
webmaster@1	440 // removed to avoid confusion between the two. The same is true
webmaster@1	441 // of 'I', 1, and 'l'.
webmaster@1	442 $allowable_characters = 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789';
webmaster@1	443
webmaster@1	444 // Zero-based count of characters in the allowable list:
webmaster@1	445 $len = strlen($allowable_characters) - 1;
webmaster@1	446
webmaster@1	447 // Declare the password as a blank string.
webmaster@1	448 $pass = '';
webmaster@1	449
webmaster@1	450 // Loop the number of times specified by $length.
webmaster@1	451 for ($i = 0; $i < $length; $i++) {
webmaster@1	452
webmaster@1	453 // Each iteration, pick a random character from the
webmaster@1	454 // allowable string and append it to the password:
webmaster@1	455 $pass .= $allowable_characters[mt_rand(0, $len)];
webmaster@1	456 }
webmaster@1	457
webmaster@1	458 return $pass;
webmaster@1	459 }
webmaster@1	460
webmaster@1	461 /**
webmaster@1	462 * Determine whether the user has a given privilege.
webmaster@1	463 *
webmaster@1	464 * @param $string
webmaster@1	465 * The permission, such as "administer nodes", being checked for.
webmaster@1	466 * @param $account
webmaster@1	467 * (optional) The account to check, if not given use currently logged in user.
webmaster@1	468 * @param $reset
webmaster@1	469 * (optional) Resets the user's permissions cache, which will result in a
webmaster@1	470 * recalculation of the user's permissions. This is necessary to support
webmaster@1	471 * dynamically added user roles.
webmaster@1	472 *
webmaster@1	473 * @return
webmaster@1	474 * Boolean TRUE if the current user has the requested permission.
webmaster@1	475 *
webmaster@1	476 * All permission checks in Drupal should go through this function. This
webmaster@1	477 * way, we guarantee consistent behavior, and ensure that the superuser
webmaster@1	478 * can perform all actions.
webmaster@1	479 */
webmaster@1	480 function user_access($string, $account = NULL, $reset = FALSE) {
webmaster@1	481 global $user;
webmaster@1	482 static $perm = array();
webmaster@1	483
webmaster@1	484 if ($reset) {
webmaster@1	485 unset($perm);
webmaster@1	486 }
webmaster@1	487
webmaster@1	488 if (is_null($account)) {
webmaster@1	489 $account = $user;
webmaster@1	490 }
webmaster@1	491
webmaster@1	492 // User #1 has all privileges:
webmaster@1	493 if ($account->uid == 1) {
webmaster@1	494 return TRUE;
webmaster@1	495 }
webmaster@1	496
webmaster@1	497 // To reduce the number of SQL queries, we cache the user's permissions
webmaster@1	498 // in a static variable.
webmaster@1	499 if (!isset($perm[$account->uid])) {
webmaster@1	500 $result = db_query("SELECT p.perm FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (". db_placeholders($account->roles) .")", array_keys($account->roles));
webmaster@1	501
webmaster@1	502 $perms = array();
webmaster@1	503 while ($row = db_fetch_object($result)) {
webmaster@1	504 $perms += array_flip(explode(', ', $row->perm));
webmaster@1	505 }
webmaster@1	506 $perm[$account->uid] = $perms;
webmaster@1	507 }
webmaster@1	508
webmaster@1	509 return isset($perm[$account->uid][$string]);
webmaster@1	510 }
webmaster@1	511
webmaster@1	512 /**
webmaster@1	513 * Checks for usernames blocked by user administration.
webmaster@1	514 *
webmaster@1	515 * @return boolean TRUE for blocked users, FALSE for active.
webmaster@1	516 */
webmaster@1	517 function user_is_blocked($name) {
webmaster@1	518 $deny = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name));
webmaster@1	519
webmaster@1	520 return $deny;
webmaster@1	521 }
webmaster@1	522
webmaster@1	523 function user_fields() {
webmaster@1	524 static $fields;
webmaster@1	525
webmaster@1	526 if (!$fields) {
webmaster@1	527 $result = db_query('SELECT * FROM {users} WHERE uid = 1');
webmaster@1	528 if ($field = db_fetch_array($result)) {
webmaster@1	529 $fields = array_keys($field);
webmaster@1	530 }
webmaster@1	531 else {
webmaster@1	532 // Make sure we return the default fields at least.
webmaster@1	533 $fields = array('uid', 'name', 'pass', 'mail', 'picture', 'mode', 'sort', 'threshold', 'theme', 'signature', 'created', 'access', 'login', 'status', 'timezone', 'language', 'init', 'data');
webmaster@1	534 }
webmaster@1	535 }
webmaster@1	536
webmaster@1	537 return $fields;
webmaster@1	538 }
webmaster@1	539
webmaster@1	540 /**
webmaster@1	541 * Implementation of hook_perm().
webmaster@1	542 */
webmaster@1	543 function user_perm() {
webmaster@1	544 return array('administer permissions', 'administer users', 'access user profiles', 'change own username');
webmaster@1	545 }
webmaster@1	546
webmaster@1	547 /**
webmaster@1	548 * Implementation of hook_file_download().
webmaster@1	549 *
webmaster@1	550 * Ensure that user pictures (avatars) are always downloadable.
webmaster@1	551 */
webmaster@1	552 function user_file_download($file) {
webmaster@1	553 if (strpos($file, variable_get('user_picture_path', 'pictures') .'/picture-') === 0) {
webmaster@1	554 $info = image_get_info(file_create_path($file));
webmaster@1	555 return array('Content-type: '. $info['mime_type']);
webmaster@1	556 }
webmaster@1	557 }
webmaster@1	558
webmaster@1	559 /**
webmaster@1	560 * Implementation of hook_search().
webmaster@1	561 */
webmaster@1	562 function user_search($op = 'search', $keys = NULL, $skip_access_check = FALSE) {
webmaster@1	563 switch ($op) {
webmaster@1	564 case 'name':
webmaster@1	565 if ($skip_access_check \|\| user_access('access user profiles')) {
webmaster@1	566 return t('Users');
webmaster@1	567 }
webmaster@1	568 case 'search':
webmaster@1	569 if (user_access('access user profiles')) {
webmaster@1	570 $find = array();
webmaster@1	571 // Replace wildcards with MySQL/PostgreSQL wildcards.
webmaster@1	572 $keys = preg_replace('!\*+!', '%', $keys);
webmaster@1	573 if (user_access('administer users')) {
webmaster@1	574 // Administrators can also search in the otherwise private email field.
webmaster@1	575 $result = pager_query("SELECT name, uid, mail FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%') OR LOWER(mail) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys, $keys);
webmaster@1	576 while ($account = db_fetch_object($result)) {
webmaster@1	577 $find[] = array('title' => $account->name .' ('. $account->mail .')', 'link' => url('user/'. $account->uid, array('absolute' => TRUE)));
webmaster@1	578 }
webmaster@1	579 }
webmaster@1	580 else {
webmaster@1	581 $result = pager_query("SELECT name, uid FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
webmaster@1	582 while ($account = db_fetch_object($result)) {
webmaster@1	583 $find[] = array('title' => $account->name, 'link' => url('user/'. $account->uid, array('absolute' => TRUE)));
webmaster@1	584 }
webmaster@1	585 }
webmaster@1	586 return $find;
webmaster@1	587 }
webmaster@1	588 }
webmaster@1	589 }
webmaster@1	590
webmaster@1	591 /**
webmaster@1	592 * Implementation of hook_elements().
webmaster@1	593 */
webmaster@1	594 function user_elements() {
webmaster@1	595 return array(
webmaster@1	596 'user_profile_category' => array(),
webmaster@1	597 'user_profile_item' => array(),
webmaster@1	598 );
webmaster@1	599 }
webmaster@1	600
webmaster@1	601 /**
webmaster@1	602 * Implementation of hook_user().
webmaster@1	603 */
webmaster@1	604 function user_user($type, &$edit, &$account, $category = NULL) {
webmaster@1	605 if ($type == 'view') {
webmaster@1	606 $account->content['user_picture'] = array(
webmaster@1	607 '#value' => theme('user_picture', $account),
webmaster@1	608 '#weight' => -10,
webmaster@1	609 );
webmaster@1	610 if (!isset($account->content['summary'])) {
webmaster@1	611 $account->content['summary'] = array();
webmaster@1	612 }
webmaster@1	613 $account->content['summary'] += array(
webmaster@1	614 '#type' => 'user_profile_category',
webmaster@1	615 '#attributes' => array('class' => 'user-member'),
webmaster@1	616 '#weight' => 5,
webmaster@1	617 '#title' => t('History'),
webmaster@1	618 );
webmaster@1	619 $account->content['summary']['member_for'] = array(
webmaster@1	620 '#type' => 'user_profile_item',
webmaster@1	621 '#title' => t('Member for'),
webmaster@1	622 '#value' => format_interval(time() - $account->created),
webmaster@1	623 );
webmaster@1	624 }
webmaster@1	625 if ($type == 'form' && $category == 'account') {
webmaster@1	626 $form_state = array();
webmaster@1	627 return user_edit_form($form_state, arg(1), $edit);
webmaster@1	628 }
webmaster@1	629
webmaster@1	630 if ($type == 'validate' && $category == 'account') {
webmaster@1	631 return _user_edit_validate(arg(1), $edit);
webmaster@1	632 }
webmaster@1	633
webmaster@1	634 if ($type == 'submit' && $category == 'account') {
webmaster@1	635 return _user_edit_submit(arg(1), $edit);
webmaster@1	636 }
webmaster@1	637
webmaster@1	638 if ($type == 'categories') {
webmaster@1	639 return array(array('name' => 'account', 'title' => t('Account settings'), 'weight' => 1));
webmaster@1	640 }
webmaster@1	641 }
webmaster@1	642
webmaster@1	643 function user_login_block() {
webmaster@1	644 $form = array(
webmaster@1	645 '#action' => url($_GET['q'], array('query' => drupal_get_destination())),
webmaster@1	646 '#id' => 'user-login-form',
webmaster@1	647 '#validate' => user_login_default_validators(),
webmaster@1	648 '#submit' => array('user_login_submit'),
webmaster@1	649 );
webmaster@1	650 $form['name'] = array('#type' => 'textfield',
webmaster@1	651 '#title' => t('Username'),
webmaster@1	652 '#maxlength' => USERNAME_MAX_LENGTH,
webmaster@1	653 '#size' => 15,
webmaster@1	654 '#required' => TRUE,
webmaster@1	655 );
webmaster@1	656 $form['pass'] = array('#type' => 'password',
webmaster@1	657 '#title' => t('Password'),
webmaster@1	658 '#maxlength' => 60,
webmaster@1	659 '#size' => 15,
webmaster@1	660 '#required' => TRUE,
webmaster@1	661 );
webmaster@1	662 $form['submit'] = array('#type' => 'submit',
webmaster@1	663 '#value' => t('Log in'),
webmaster@1	664 );
webmaster@1	665 $items = array();
webmaster@1	666 if (variable_get('user_register', 1)) {
webmaster@7	667 $items[] = l(t('Create new account'), 'user/register', array('attributes' => array('title' => t('Create a new user account.'))));
webmaster@1	668 }
webmaster@7	669 $items[] = l(t('Request new password'), 'user/password', array('attributes' => array('title' => t('Request new password via e-mail.'))));
webmaster@1	670 $form['links'] = array('#value' => theme('item_list', $items));
webmaster@1	671 return $form;
webmaster@1	672 }
webmaster@1	673
webmaster@1	674 /**
webmaster@1	675 * Implementation of hook_block().
webmaster@1	676 */
webmaster@1	677 function user_block($op = 'list', $delta = 0, $edit = array()) {
webmaster@1	678 global $user;
webmaster@1	679
webmaster@1	680 if ($op == 'list') {
webmaster@1	681 $blocks[0]['info'] = t('User login');
webmaster@1	682 // Not worth caching.
webmaster@1	683 $blocks[0]['cache'] = BLOCK_NO_CACHE;
webmaster@1	684
webmaster@1	685 $blocks[1]['info'] = t('Navigation');
webmaster@1	686 // Menu blocks can't be cached because each menu item can have
webmaster@1	687 // a custom access callback. menu.inc manages its own caching.
webmaster@1	688 $blocks[1]['cache'] = BLOCK_NO_CACHE;
webmaster@1	689
webmaster@1	690 $blocks[2]['info'] = t('Who\'s new');
webmaster@1	691
webmaster@1	692 // Too dynamic to cache.
webmaster@1	693 $blocks[3]['info'] = t('Who\'s online');
webmaster@1	694 $blocks[3]['cache'] = BLOCK_NO_CACHE;
webmaster@1	695 return $blocks;
webmaster@1	696 }
webmaster@1	697 else if ($op == 'configure' && $delta == 2) {
webmaster@1	698 $form['user_block_whois_new_count'] = array(
webmaster@1	699 '#type' => 'select',
webmaster@1	700 '#title' => t('Number of users to display'),
webmaster@1	701 '#default_value' => variable_get('user_block_whois_new_count', 5),
webmaster@1	702 '#options' => drupal_map_assoc(array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10)),
webmaster@1	703 );
webmaster@1	704 return $form;
webmaster@1	705 }
webmaster@1	706 else if ($op == 'configure' && $delta == 3) {
webmaster@1	707 $period = drupal_map_assoc(array(30, 60, 120, 180, 300, 600, 900, 1800, 2700, 3600, 5400, 7200, 10800, 21600, 43200, 86400), 'format_interval');
webmaster@1	708 $form['user_block_seconds_online'] = array('#type' => 'select', '#title' => t('User activity'), '#default_value' => variable_get('user_block_seconds_online', 900), '#options' => $period, '#description' => t('A user is considered online for this long after they have last viewed a page.'));
webmaster@1	709 $form['user_block_max_list_count'] = array('#type' => 'select', '#title' => t('User list length'), '#default_value' => variable_get('user_block_max_list_count', 10), '#options' => drupal_map_assoc(array(0, 5, 10, 15, 20, 25, 30, 40, 50, 75, 100)), '#description' => t('Maximum number of currently online users to display.'));
webmaster@1	710
webmaster@1	711 return $form;
webmaster@1	712 }
webmaster@1	713 else if ($op == 'save' && $delta == 2) {
webmaster@1	714 variable_set('user_block_whois_new_count', $edit['user_block_whois_new_count']);
webmaster@1	715 }
webmaster@1	716 else if ($op == 'save' && $delta == 3) {
webmaster@1	717 variable_set('user_block_seconds_online', $edit['user_block_seconds_online']);
webmaster@1	718 variable_set('user_block_max_list_count', $edit['user_block_max_list_count']);
webmaster@1	719 }
webmaster@1	720 else if ($op == 'view') {
webmaster@1	721 $block = array();
webmaster@1	722
webmaster@1	723 switch ($delta) {
webmaster@1	724 case 0:
webmaster@1	725 // For usability's sake, avoid showing two login forms on one page.
webmaster@1	726 if (!$user->uid && !(arg(0) == 'user' && !is_numeric(arg(1)))) {
webmaster@1	727
webmaster@1	728 $block['subject'] = t('User login');
webmaster@1	729 $block['content'] = drupal_get_form('user_login_block');
webmaster@1	730 }
webmaster@1	731 return $block;
webmaster@1	732
webmaster@1	733 case 1:
webmaster@1	734 if ($menu = menu_tree()) {
webmaster@1	735 $block['subject'] = $user->uid ? check_plain($user->name) : t('Navigation');
webmaster@1	736 $block['content'] = $menu;
webmaster@1	737 }
webmaster@1	738 return $block;
webmaster@1	739
webmaster@1	740 case 2:
webmaster@1	741 if (user_access('access content')) {
webmaster@1	742 // Retrieve a list of new users who have subsequently accessed the site successfully.
webmaster@1	743 $result = db_query_range('SELECT uid, name FROM {users} WHERE status != 0 AND access != 0 ORDER BY created DESC', 0, variable_get('user_block_whois_new_count', 5));
webmaster@1	744 while ($account = db_fetch_object($result)) {
webmaster@1	745 $items[] = $account;
webmaster@1	746 }
webmaster@1	747 $output = theme('user_list', $items);
webmaster@1	748
webmaster@1	749 $block['subject'] = t('Who\'s new');
webmaster@1	750 $block['content'] = $output;
webmaster@1	751 }
webmaster@1	752 return $block;
webmaster@1	753
webmaster@1	754 case 3:
webmaster@1	755 if (user_access('access content')) {
webmaster@1	756 // Count users active within the defined period.
webmaster@1	757 $interval = time() - variable_get('user_block_seconds_online', 900);
webmaster@1	758
webmaster@1	759 // Perform database queries to gather online user lists. We use s.timestamp
webmaster@1	760 // rather than u.access because it is much faster.
webmaster@1	761 $anonymous_count = sess_count($interval);
webmaster@1	762 $authenticated_users = db_query('SELECT DISTINCT u.uid, u.name, s.timestamp FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.timestamp >= %d AND s.uid > 0 ORDER BY s.timestamp DESC', $interval);
webmaster@1	763 $authenticated_count = 0;
webmaster@1	764 $max_users = variable_get('user_block_max_list_count', 10);
webmaster@1	765 $items = array();
webmaster@1	766 while ($account = db_fetch_object($authenticated_users)) {
webmaster@1	767 if ($max_users > 0) {
webmaster@1	768 $items[] = $account;
webmaster@1	769 $max_users--;
webmaster@1	770 }
webmaster@1	771 $authenticated_count++;
webmaster@1	772 }
webmaster@1	773
webmaster@1	774 // Format the output with proper grammar.
webmaster@1	775 if ($anonymous_count == 1 && $authenticated_count == 1) {
webmaster@1	776 $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
webmaster@1	777 }
webmaster@1	778 else {
webmaster@1	779 $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
webmaster@1	780 }
webmaster@1	781
webmaster@1	782 // Display a list of currently online users.
webmaster@1	783 $max_users = variable_get('user_block_max_list_count', 10);
webmaster@1	784 if ($authenticated_count && $max_users) {
webmaster@1	785 $output .= theme('user_list', $items, t('Online users'));
webmaster@1	786 }
webmaster@1	787
webmaster@1	788 $block['subject'] = t('Who\'s online');
webmaster@1	789 $block['content'] = $output;
webmaster@1	790 }
webmaster@1	791 return $block;
webmaster@1	792 }
webmaster@1	793 }
webmaster@1	794 }
webmaster@1	795
webmaster@1	796 /**
webmaster@1	797 * Process variables for user-picture.tpl.php.
webmaster@1	798 *
webmaster@1	799 * The $variables array contains the following arguments:
webmaster@1	800 * - $account
webmaster@1	801 *
webmaster@1	802 * @see user-picture.tpl.php
webmaster@1	803 */
webmaster@1	804 function template_preprocess_user_picture(&$variables) {
webmaster@1	805 $variables['picture'] = '';
webmaster@1	806 if (variable_get('user_pictures', 0)) {
webmaster@1	807 $account = $variables['account'];
webmaster@1	808 if (!empty($account->picture) && file_exists($account->picture)) {
webmaster@1	809 $picture = file_create_url($account->picture);
webmaster@1	810 }
webmaster@1	811 else if (variable_get('user_picture_default', '')) {
webmaster@1	812 $picture = variable_get('user_picture_default', '');
webmaster@1	813 }
webmaster@1	814
webmaster@1	815 if (isset($picture)) {
webmaster@1	816 $alt = t("@user's picture", array('@user' => $account->name ? $account->name : variable_get('anonymous', t('Anonymous'))));
webmaster@1	817 $variables['picture'] = theme('image', $picture, $alt, $alt, '', FALSE);
webmaster@1	818 if (!empty($account->uid) && user_access('access user profiles')) {
webmaster@1	819 $attributes = array('attributes' => array('title' => t('View user profile.')), 'html' => TRUE);
webmaster@1	820 $variables['picture'] = l($variables['picture'], "user/$account->uid", $attributes);
webmaster@1	821 }
webmaster@1	822 }
webmaster@1	823 }
webmaster@1	824 }
webmaster@1	825
webmaster@1	826 /**
webmaster@1	827 * Make a list of users.
webmaster@1	828 *
webmaster@1	829 * @param $users
webmaster@1	830 * An array with user objects. Should contain at least the name and uid.
webmaster@1	831 * @param $title
webmaster@1	832 * (optional) Title to pass on to theme_item_list().
webmaster@1	833 *
webmaster@1	834 * @ingroup themeable
webmaster@1	835 */
webmaster@1	836 function theme_user_list($users, $title = NULL) {
webmaster@1	837 if (!empty($users)) {
webmaster@1	838 foreach ($users as $user) {
webmaster@1	839 $items[] = theme('username', $user);
webmaster@1	840 }
webmaster@1	841 }
webmaster@1	842 return theme('item_list', $items, $title);
webmaster@1	843 }
webmaster@1	844
webmaster@1	845 function user_is_anonymous() {
webmaster@1	846 // Menu administrators can see items for anonymous when administering.
webmaster@1	847 return !$GLOBALS['user']->uid \|\| !empty($GLOBALS['menu_admin']);
webmaster@1	848 }
webmaster@1	849
webmaster@1	850 function user_is_logged_in() {
webmaster@1	851 return (bool)$GLOBALS['user']->uid;
webmaster@1	852 }
webmaster@1	853
webmaster@1	854 function user_register_access() {
webmaster@1	855 return user_is_anonymous() && variable_get('user_register', 1);
webmaster@1	856 }
webmaster@1	857
webmaster@1	858 function user_view_access($account) {
webmaster@1	859 return $account && $account->uid &&
webmaster@1	860 (
webmaster@1	861 // Always let users view their own profile.
webmaster@1	862 ($GLOBALS['user']->uid == $account->uid) \|\|
webmaster@1	863 // Administrators can view all accounts.
webmaster@1	864 user_access('administer users') \|\|
webmaster@1	865 // The user is not blocked and logged in at least once.
webmaster@1	866 ($account->access && $account->status && user_access('access user profiles'))
webmaster@1	867 );
webmaster@1	868 }
webmaster@1	869
webmaster@5	870 /**
webmaster@5	871 * Access callback for user account editing.
webmaster@5	872 */
webmaster@1	873 function user_edit_access($account) {
webmaster@1	874 return (($GLOBALS['user']->uid == $account->uid) \|\| user_access('administer users')) && $account->uid > 0;
webmaster@1	875 }
webmaster@1	876
webmaster@1	877 function user_load_self($arg) {
webmaster@1	878 $arg[1] = user_load($GLOBALS['user']->uid);
webmaster@1	879 return $arg;
webmaster@1	880 }
webmaster@1	881
webmaster@1	882 /**
webmaster@1	883 * Implementation of hook_menu().
webmaster@1	884 */
webmaster@1	885 function user_menu() {
webmaster@1	886 $items['user/autocomplete'] = array(
webmaster@1	887 'title' => 'User autocomplete',
webmaster@1	888 'page callback' => 'user_autocomplete',
webmaster@1	889 'access callback' => 'user_access',
webmaster@1	890 'access arguments' => array('access user profiles'),
webmaster@1	891 'type' => MENU_CALLBACK,
webmaster@1	892 'file' => 'user.pages.inc',
webmaster@1	893 );
webmaster@1	894
webmaster@1	895 // Registration and login pages.
webmaster@1	896 $items['user'] = array(
webmaster@1	897 'title' => 'User account',
webmaster@1	898 'page callback' => 'user_page',
webmaster@1	899 'access callback' => TRUE,
webmaster@1	900 'type' => MENU_CALLBACK,
webmaster@1	901 'file' => 'user.pages.inc',
webmaster@1	902 );
webmaster@1	903
webmaster@1	904 $items['user/login'] = array(
webmaster@1	905 'title' => 'Log in',
webmaster@1	906 'access callback' => 'user_is_anonymous',
webmaster@1	907 'type' => MENU_DEFAULT_LOCAL_TASK,
webmaster@1	908 );
webmaster@1	909
webmaster@1	910 $items['user/register'] = array(
webmaster@1	911 'title' => 'Create new account',
webmaster@1	912 'page callback' => 'drupal_get_form',
webmaster@1	913 'page arguments' => array('user_register'),
webmaster@1	914 'access callback' => 'user_register_access',
webmaster@1	915 'type' => MENU_LOCAL_TASK,
webmaster@1	916 'file' => 'user.pages.inc',
webmaster@1	917 );
webmaster@1	918
webmaster@1	919 $items['user/password'] = array(
webmaster@1	920 'title' => 'Request new password',
webmaster@1	921 'page callback' => 'drupal_get_form',
webmaster@1	922 'page arguments' => array('user_pass'),
webmaster@1	923 'access callback' => 'user_is_anonymous',
webmaster@1	924 'type' => MENU_LOCAL_TASK,
webmaster@1	925 'file' => 'user.pages.inc',
webmaster@1	926 );
webmaster@1	927 $items['user/reset/%/%/%'] = array(
webmaster@1	928 'title' => 'Reset password',
webmaster@1	929 'page callback' => 'drupal_get_form',
webmaster@1	930 'page arguments' => array('user_pass_reset', 2, 3, 4),
webmaster@1	931 'access callback' => TRUE,
webmaster@1	932 'type' => MENU_CALLBACK,
webmaster@1	933 'file' => 'user.pages.inc',
webmaster@1	934 );
webmaster@1	935
webmaster@1	936 // Admin user pages.
webmaster@1	937 $items['admin/user'] = array(
webmaster@1	938 'title' => 'User management',
webmaster@1	939 'description' => "Manage your site's users, groups and access to site features.",
webmaster@1	940 'position' => 'left',
webmaster@1	941 'page callback' => 'system_admin_menu_block_page',
webmaster@1	942 'access arguments' => array('access administration pages'),
webmaster@1	943 'file' => 'system.admin.inc',
webmaster@1	944 'file path' => drupal_get_path('module', 'system'),
webmaster@1	945 );
webmaster@1	946 $items['admin/user/user'] = array(
webmaster@1	947 'title' => 'Users',
webmaster@1	948 'description' => 'List, add, and edit users.',
webmaster@1	949 'page callback' => 'user_admin',
webmaster@1	950 'page arguments' => array('list'),
webmaster@1	951 'access arguments' => array('administer users'),
webmaster@1	952 'file' => 'user.admin.inc',
webmaster@1	953 );
webmaster@1	954 $items['admin/user/user/list'] = array(
webmaster@1	955 'title' => 'List',
webmaster@1	956 'type' => MENU_DEFAULT_LOCAL_TASK,
webmaster@1	957 'weight' => -10,
webmaster@1	958 );
webmaster@1	959 $items['admin/user/user/create'] = array(
webmaster@1	960 'title' => 'Add user',
webmaster@1	961 'page arguments' => array('create'),
webmaster@5	962 'access arguments' => array('administer users'),
webmaster@1	963 'type' => MENU_LOCAL_TASK,
webmaster@1	964 'file' => 'user.admin.inc',
webmaster@1	965 );
webmaster@1	966 $items['admin/user/settings'] = array(
webmaster@1	967 'title' => 'User settings',
webmaster@1	968 'description' => 'Configure default behavior of users, including registration requirements, e-mails, and user pictures.',
webmaster@1	969 'page callback' => 'drupal_get_form',
webmaster@1	970 'page arguments' => array('user_admin_settings'),
webmaster@1	971 'access arguments' => array('administer users'),
webmaster@1	972 'file' => 'user.admin.inc',
webmaster@1	973 );
webmaster@1	974
webmaster@1	975 // Admin access pages.
webmaster@1	976 $items['admin/user/permissions'] = array(
webmaster@1	977 'title' => 'Permissions',
webmaster@1	978 'description' => 'Determine access to features by selecting permissions for roles.',
webmaster@1	979 'page callback' => 'drupal_get_form',
webmaster@1	980 'page arguments' => array('user_admin_perm'),
webmaster@1	981 'access arguments' => array('administer permissions'),
webmaster@1	982 'file' => 'user.admin.inc',
webmaster@1	983 );
webmaster@1	984 $items['admin/user/roles'] = array(
webmaster@1	985 'title' => 'Roles',
webmaster@1	986 'description' => 'List, edit, or add user roles.',
webmaster@1	987 'page callback' => 'drupal_get_form',
webmaster@1	988 'page arguments' => array('user_admin_new_role'),
webmaster@1	989 'access arguments' => array('administer permissions'),
webmaster@1	990 'file' => 'user.admin.inc',
webmaster@1	991 );
webmaster@1	992 $items['admin/user/roles/edit'] = array(
webmaster@1	993 'title' => 'Edit role',
webmaster@1	994 'page arguments' => array('user_admin_role'),
webmaster@5	995 'access arguments' => array('administer permissions'),
webmaster@1	996 'type' => MENU_CALLBACK,
webmaster@1	997 'file' => 'user.admin.inc',
webmaster@1	998 );
webmaster@1	999 $items['admin/user/rules'] = array(
webmaster@1	1000 'title' => 'Access rules',
webmaster@1	1001 'description' => 'List and create rules to disallow usernames, e-mail addresses, and IP addresses.',
webmaster@1	1002 'page callback' => 'user_admin_access',
webmaster@1	1003 'access arguments' => array('administer permissions'),
webmaster@1	1004 'file' => 'user.admin.inc',
webmaster@1	1005 );
webmaster@1	1006 $items['admin/user/rules/list'] = array(
webmaster@1	1007 'title' => 'List',
webmaster@1	1008 'type' => MENU_DEFAULT_LOCAL_TASK,
webmaster@1	1009 'weight' => -10,
webmaster@1	1010 );
webmaster@1	1011 $items['admin/user/rules/add'] = array(
webmaster@1	1012 'title' => 'Add rule',
webmaster@1	1013 'page callback' => 'user_admin_access_add',
webmaster@5	1014 'access arguments' => array('administer permissions'),
webmaster@1	1015 'type' => MENU_LOCAL_TASK,
webmaster@1	1016 'file' => 'user.admin.inc',
webmaster@1	1017 );
webmaster@1	1018 $items['admin/user/rules/check'] = array(
webmaster@1	1019 'title' => 'Check rules',
webmaster@1	1020 'page callback' => 'user_admin_access_check',
webmaster@5	1021 'access arguments' => array('administer permissions'),
webmaster@1	1022 'type' => MENU_LOCAL_TASK,
webmaster@1	1023 'file' => 'user.admin.inc',
webmaster@1	1024 );
webmaster@1	1025 $items['admin/user/rules/edit'] = array(
webmaster@1	1026 'title' => 'Edit rule',
webmaster@1	1027 'page callback' => 'user_admin_access_edit',
webmaster@5	1028 'access arguments' => array('administer permissions'),
webmaster@1	1029 'type' => MENU_CALLBACK,
webmaster@1	1030 'file' => 'user.admin.inc',
webmaster@1	1031 );
webmaster@1	1032 $items['admin/user/rules/delete'] = array(
webmaster@1	1033 'title' => 'Delete rule',
webmaster@1	1034 'page callback' => 'drupal_get_form',
webmaster@1	1035 'page arguments' => array('user_admin_access_delete_confirm'),
webmaster@5	1036 'access arguments' => array('administer permissions'),
webmaster@1	1037 'type' => MENU_CALLBACK,
webmaster@1	1038 'file' => 'user.admin.inc',
webmaster@1	1039 );
webmaster@1	1040
webmaster@1	1041 $items['logout'] = array(
webmaster@1	1042 'title' => 'Log out',
webmaster@1	1043 'access callback' => 'user_is_logged_in',
webmaster@1	1044 'page callback' => 'user_logout',
webmaster@1	1045 'weight' => 10,
webmaster@1	1046 'file' => 'user.pages.inc',
webmaster@1	1047 );
webmaster@1	1048
webmaster@5	1049 $items['user/%user_uid_optional'] = array(
webmaster@1	1050 'title' => 'My account',
webmaster@1	1051 'title callback' => 'user_page_title',
webmaster@1	1052 'title arguments' => array(1),
webmaster@1	1053 'page callback' => 'user_view',
webmaster@1	1054 'page arguments' => array(1),
webmaster@1	1055 'access callback' => 'user_view_access',
webmaster@1	1056 'access arguments' => array(1),
webmaster@1	1057 'parent' => '',
webmaster@1	1058 'file' => 'user.pages.inc',
webmaster@1	1059 );
webmaster@1	1060
webmaster@1	1061 $items['user/%user/view'] = array(
webmaster@1	1062 'title' => 'View',
webmaster@1	1063 'type' => MENU_DEFAULT_LOCAL_TASK,
webmaster@1	1064 'weight' => -10,
webmaster@1	1065 );
webmaster@1	1066
webmaster@1	1067 $items['user/%user/delete'] = array(
webmaster@1	1068 'title' => 'Delete',
webmaster@1	1069 'page callback' => 'drupal_get_form',
webmaster@1	1070 'page arguments' => array('user_confirm_delete', 1),
webmaster@1	1071 'access callback' => 'user_access',
webmaster@1	1072 'access arguments' => array('administer users'),
webmaster@1	1073 'type' => MENU_CALLBACK,
webmaster@1	1074 'file' => 'user.pages.inc',
webmaster@1	1075 );
webmaster@1	1076
webmaster@1	1077 $items['user/%user_category/edit'] = array(
webmaster@1	1078 'title' => 'Edit',
webmaster@1	1079 'page callback' => 'user_edit',
webmaster@1	1080 'page arguments' => array(1),
webmaster@1	1081 'access callback' => 'user_edit_access',
webmaster@1	1082 'access arguments' => array(1),
webmaster@1	1083 'type' => MENU_LOCAL_TASK,
webmaster@1	1084 'load arguments' => array('%map', '%index'),
webmaster@1	1085 'file' => 'user.pages.inc',
webmaster@1	1086 );
webmaster@1	1087
webmaster@1	1088 $items['user/%user_category/edit/account'] = array(
webmaster@1	1089 'title' => 'Account',
webmaster@1	1090 'type' => MENU_DEFAULT_LOCAL_TASK,
webmaster@1	1091 'load arguments' => array('%map', '%index'),
webmaster@1	1092 );
webmaster@1	1093
webmaster@1	1094 $empty_account = new stdClass();
webmaster@1	1095 if (($categories = _user_categories($empty_account)) && (count($categories) > 1)) {
webmaster@1	1096 foreach ($categories as $key => $category) {
webmaster@1	1097 // 'account' is already handled by the MENU_DEFAULT_LOCAL_TASK.
webmaster@1	1098 if ($category['name'] != 'account') {
webmaster@1	1099 $items['user/%user_category/edit/'. $category['name']] = array(
webmaster@1	1100 'title callback' => 'check_plain',
webmaster@1	1101 'title arguments' => array($category['title']),
webmaster@1	1102 'page callback' => 'user_edit',
webmaster@1	1103 'page arguments' => array(1, 3),
webmaster@5	1104 'access callback' => isset($category['access callback']) ? $category['access callback'] : 'user_edit_access',
webmaster@5	1105 'access arguments' => isset($category['access arguments']) ? $category['access arguments'] : array(1),
webmaster@1	1106 'type' => MENU_LOCAL_TASK,
webmaster@1	1107 'weight' => $category['weight'],
webmaster@1	1108 'load arguments' => array('%map', '%index'),
webmaster@1	1109 'tab_parent' => 'user/%/edit',
webmaster@1	1110 'file' => 'user.pages.inc',
webmaster@1	1111 );
webmaster@1	1112 }
webmaster@1	1113 }
webmaster@1	1114 }
webmaster@1	1115 return $items;
webmaster@1	1116 }
webmaster@1	1117
webmaster@1	1118 function user_init() {
webmaster@1	1119 drupal_add_css(drupal_get_path('module', 'user') .'/user.css', 'module');
webmaster@1	1120 }
webmaster@1	1121
webmaster@5	1122 function user_uid_optional_load($arg) {
webmaster@5	1123 return user_load(isset($arg) ? $arg : $GLOBALS['user']->uid);
webmaster@1	1124 }
webmaster@1	1125
webmaster@1	1126 /**
webmaster@1	1127 * Return a user object after checking if any profile category in the path exists.
webmaster@1	1128 */
webmaster@1	1129 function user_category_load($uid, &$map, $index) {
webmaster@1	1130 static $user_categories, $accounts;
webmaster@1	1131
webmaster@1	1132 // Cache $account - this load function will get called for each profile tab.
webmaster@1	1133 if (!isset($accounts[$uid])) {
webmaster@1	1134 $accounts[$uid] = user_load($uid);
webmaster@1	1135 }
webmaster@1	1136 $valid = TRUE;
webmaster@1	1137 if ($account = $accounts[$uid]) {
webmaster@1	1138 // Since the path is like user/%/edit/category_name, the category name will
webmaster@1	1139 // be at a position 2 beyond the index corresponding to the % wildcard.
webmaster@1	1140 $category_index = $index + 2;
webmaster@1	1141 // Valid categories may contain slashes, and hence need to be imploded.
webmaster@1	1142 $category_path = implode('/', array_slice($map, $category_index));
webmaster@1	1143 if ($category_path) {
webmaster@1	1144 // Check that the requested category exists.
webmaster@1	1145 $valid = FALSE;
webmaster@1	1146 if (!isset($user_categories)) {
webmaster@1	1147 $empty_account = new stdClass();
webmaster@1	1148 $user_categories = _user_categories($empty_account);
webmaster@1	1149 }
webmaster@1	1150 foreach ($user_categories as $category) {
webmaster@1	1151 if ($category['name'] == $category_path) {
webmaster@1	1152 $valid = TRUE;
webmaster@1	1153 // Truncate the map array in case the category name had slashes.
webmaster@1	1154 $map = array_slice($map, 0, $category_index);
webmaster@1	1155 // Assign the imploded category name to the last map element.
webmaster@1	1156 $map[$category_index] = $category_path;
webmaster@1	1157 break;
webmaster@1	1158 }
webmaster@1	1159 }
webmaster@1	1160 }
webmaster@1	1161 }
webmaster@1	1162 return $valid ? $account : FALSE;
webmaster@1	1163 }
webmaster@1	1164
webmaster@1	1165 /**
webmaster@1	1166 * Returns the user id of the currently logged in user.
webmaster@1	1167 */
webmaster@5	1168 function user_uid_optional_to_arg($arg) {
webmaster@1	1169 // Give back the current user uid when called from eg. tracker, aka.
webmaster@1	1170 // with an empty arg. Also use the current user uid when called from
webmaster@1	1171 // the menu with a % for the current account link.
webmaster@1	1172 return empty($arg) \|\| $arg == '%' ? $GLOBALS['user']->uid : $arg;
webmaster@1	1173 }
webmaster@1	1174
webmaster@1	1175 /**
webmaster@1	1176 * Menu item title callback - use the user name if it's not the current user.
webmaster@1	1177 */
webmaster@1	1178 function user_page_title($account) {
webmaster@1	1179 if ($account->uid == $GLOBALS['user']->uid) {
webmaster@1	1180 return t('My account');
webmaster@1	1181 }
webmaster@1	1182 return $account->name;
webmaster@1	1183 }
webmaster@1	1184
webmaster@1	1185 /**
webmaster@1	1186 * Discover which external authentication module(s) authenticated a username.
webmaster@1	1187 *
webmaster@1	1188 * @param $authname
webmaster@1	1189 * A username used by an external authentication module.
webmaster@1	1190 * @return
webmaster@1	1191 * An associative array with module as key and username as value.
webmaster@1	1192 */
webmaster@1	1193 function user_get_authmaps($authname = NULL) {
webmaster@1	1194 $result = db_query("SELECT authname, module FROM {authmap} WHERE authname = '%s'", $authname);
webmaster@1	1195 $authmaps = array();
webmaster@1	1196 $has_rows = FALSE;
webmaster@1	1197 while ($authmap = db_fetch_object($result)) {
webmaster@1	1198 $authmaps[$authmap->module] = $authmap->authname;
webmaster@1	1199 $has_rows = TRUE;
webmaster@1	1200 }
webmaster@1	1201 return $has_rows ? $authmaps : 0;
webmaster@1	1202 }
webmaster@1	1203
webmaster@1	1204 /**
webmaster@1	1205 * Save mappings of which external authentication module(s) authenticated
webmaster@1	1206 * a user. Maps external usernames to user ids in the users table.
webmaster@1	1207 *
webmaster@1	1208 * @param $account
webmaster@1	1209 * A user object.
webmaster@1	1210 * @param $authmaps
webmaster@1	1211 * An associative array with a compound key and the username as the value.
webmaster@1	1212 * The key is made up of 'authname_' plus the name of the external authentication
webmaster@1	1213 * module.
webmaster@1	1214 * @see user_external_login_register()
webmaster@1	1215 */
webmaster@1	1216 function user_set_authmaps($account, $authmaps) {
webmaster@1	1217 foreach ($authmaps as $key => $value) {
webmaster@1	1218 $module = explode('_', $key, 2);
webmaster@1	1219 if ($value) {
webmaster@1	1220 db_query("UPDATE {authmap} SET authname = '%s' WHERE uid = %d AND module = '%s'", $value, $account->uid, $module[1]);
webmaster@1	1221 if (!db_affected_rows()) {
webmaster@1	1222 db_query("INSERT INTO {authmap} (authname, uid, module) VALUES ('%s', %d, '%s')", $value, $account->uid, $module[1]);
webmaster@1	1223 }
webmaster@1	1224 }
webmaster@1	1225 else {
webmaster@1	1226 db_query("DELETE FROM {authmap} WHERE uid = %d AND module = '%s'", $account->uid, $module[1]);
webmaster@1	1227 }
webmaster@1	1228 }
webmaster@1	1229 }
webmaster@1	1230
webmaster@1	1231 /**
webmaster@1	1232 * Form builder; the main user login form.
webmaster@1	1233 *
webmaster@1	1234 * @ingroup forms
webmaster@1	1235 */
webmaster@5	1236 function user_login(&$form_state) {
webmaster@1	1237 global $user;
webmaster@1	1238
webmaster@1	1239 // If we are already logged on, go to the user page instead.
webmaster@1	1240 if ($user->uid) {
webmaster@1	1241 drupal_goto('user/'. $user->uid);
webmaster@1	1242 }
webmaster@1	1243
webmaster@1	1244 // Display login form:
webmaster@1	1245 $form['name'] = array('#type' => 'textfield',
webmaster@1	1246 '#title' => t('Username'),
webmaster@1	1247 '#size' => 60,
webmaster@1	1248 '#maxlength' => USERNAME_MAX_LENGTH,
webmaster@1	1249 '#required' => TRUE,
webmaster@1	1250 '#attributes' => array('tabindex' => '1'),
webmaster@1	1251 );
webmaster@1	1252
webmaster@1	1253 $form['name']['#description'] = t('Enter your @s username.', array('@s' => variable_get('site_name', 'Drupal')));
webmaster@1	1254 $form['pass'] = array('#type' => 'password',
webmaster@1	1255 '#title' => t('Password'),
webmaster@1	1256 '#description' => t('Enter the password that accompanies your username.'),
webmaster@1	1257 '#required' => TRUE,
webmaster@1	1258 '#attributes' => array('tabindex' => '2'),
webmaster@1	1259 );
webmaster@1	1260 $form['#validate'] = user_login_default_validators();
webmaster@1	1261 $form['submit'] = array('#type' => 'submit', '#value' => t('Log in'), '#weight' => 2, '#attributes' => array('tabindex' => '3'));
webmaster@1	1262
webmaster@1	1263 return $form;
webmaster@1	1264 }
webmaster@1	1265
webmaster@1	1266 /**
webmaster@1	1267 * Set up a series for validators which check for blocked/denied users,
webmaster@1	1268 * then authenticate against local database, then return an error if
webmaster@7	1269 * authentication fails. Distributed authentication modules are welcome
webmaster@7	1270 * to use hook_form_alter() to change this series in order to
webmaster@7	1271 * authenticate against their user database instead of the local users
webmaster@1	1272 * table.
webmaster@1	1273 *
webmaster@1	1274 * We use three validators instead of one since external authentication
webmaster@1	1275 * modules usually only need to alter the second validator.
webmaster@1	1276 *
webmaster@1	1277 * @see user_login_name_validate()
webmaster@1	1278 * @see user_login_authenticate_validate()
webmaster@1	1279 * @see user_login_final_validate()
webmaster@1	1280 * @return array
webmaster@1	1281 * A simple list of validate functions.
webmaster@1	1282 */
webmaster@1	1283 function user_login_default_validators() {
webmaster@1	1284 return array('user_login_name_validate', 'user_login_authenticate_validate', 'user_login_final_validate');
webmaster@1	1285 }
webmaster@1	1286
webmaster@1	1287 /**
webmaster@1	1288 * A FAPI validate handler. Sets an error if supplied username has been blocked
webmaster@1	1289 * or denied access.
webmaster@1	1290 */
webmaster@1	1291 function user_login_name_validate($form, &$form_state) {
webmaster@1	1292 if (isset($form_state['values']['name'])) {
webmaster@1	1293 if (user_is_blocked($form_state['values']['name'])) {
webmaster@1	1294 // blocked in user administration
webmaster@1	1295 form_set_error('name', t('The username %name has not been activated or is blocked.', array('%name' => $form_state['values']['name'])));
webmaster@1	1296 }
webmaster@1	1297 else if (drupal_is_denied('user', $form_state['values']['name'])) {
webmaster@1	1298 // denied by access controls
webmaster@1	1299 form_set_error('name', t('The name %name is a reserved username.', array('%name' => $form_state['values']['name'])));
webmaster@1	1300 }
webmaster@1	1301 }
webmaster@1	1302 }
webmaster@1	1303
webmaster@1	1304 /**
webmaster@1	1305 * A validate handler on the login form. Check supplied username/password
webmaster@1	1306 * against local users table. If successful, sets the global $user object.
webmaster@1	1307 */
webmaster@1	1308 function user_login_authenticate_validate($form, &$form_state) {
webmaster@1	1309 user_authenticate($form_state['values']);
webmaster@1	1310 }
webmaster@1	1311
webmaster@1	1312 /**
webmaster@1	1313 * A validate handler on the login form. Should be the last validator. Sets an
webmaster@1	1314 * error if user has not been authenticated yet.
webmaster@1	1315 */
webmaster@1	1316 function user_login_final_validate($form, &$form_state) {
webmaster@1	1317 global $user;
webmaster@1	1318 if (!$user->uid) {
webmaster@1	1319 form_set_error('name', t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => url('user/password'))));
webmaster@1	1320 watchdog('user', 'Login attempt failed for %user.', array('%user' => $form_state['values']['name']));
webmaster@1	1321 }
webmaster@1	1322 }
webmaster@1	1323
webmaster@1	1324 /**
webmaster@1	1325 * Try to log in the user locally.
webmaster@1	1326 *
webmaster@1	1327 * @param $form_values
webmaster@1	1328 * Form values with at least 'name' and 'pass' keys, as well as anything else
webmaster@1	1329 * which should be passed along to hook_user op 'login'.
webmaster@1	1330 *
webmaster@1	1331 * @return
webmaster@1	1332 * A $user object, if successful.
webmaster@1	1333 */
webmaster@1	1334 function user_authenticate($form_values = array()) {
webmaster@1	1335 global $user;
webmaster@1	1336
webmaster@11	1337 // Load the account to check if the e-mail is denied by an access rule.
webmaster@11	1338 // Doing this check here saves us a user_load() in user_login_name_validate()
webmaster@11	1339 // and introduces less code change for a security fix.
webmaster@11	1340 $account = user_load(array('name' => $form_values['name'], 'pass' => trim($form_values['pass']), 'status' => 1));
webmaster@11	1341 if ($account && drupal_is_denied('mail', $account->mail)) {
webmaster@11	1342 form_set_error('name', t('The name %name is registered using a reserved e-mail address and therefore could not be logged in.', array('%name' => $account->name)));
webmaster@11	1343 }
webmaster@11	1344
webmaster@1	1345 // Name and pass keys are required.
webmaster@11	1346 // The user is about to be logged in, so make sure no error was previously
webmaster@11	1347 // encountered in the validation process.
webmaster@11	1348 if (!form_get_errors() && !empty($form_values['name']) && !empty($form_values['pass']) && $account) {
webmaster@1	1349 $user = $account;
webmaster@1	1350 user_authenticate_finalize($form_values);
webmaster@1	1351 return $user;
webmaster@1	1352 }
webmaster@1	1353 }
webmaster@1	1354
webmaster@1	1355 /**
webmaster@1	1356 * Finalize the login process. Must be called when logging in a user.
webmaster@1	1357 *
webmaster@1	1358 * The function records a watchdog message about the new session, saves the
webmaster@1	1359 * login timestamp, calls hook_user op 'login' and generates a new session.
webmaster@1	1360 *
webmaster@1	1361 * $param $edit
webmaster@1	1362 * This array is passed to hook_user op login.
webmaster@1	1363 */
webmaster@1	1364 function user_authenticate_finalize(&$edit) {
webmaster@1	1365 global $user;
webmaster@1	1366 watchdog('user', 'Session opened for %name.', array('%name' => $user->name));
webmaster@1	1367 // Update the user table timestamp noting user has logged in.
webmaster@1	1368 // This is also used to invalidate one-time login links.
webmaster@1	1369 $user->login = time();
webmaster@1	1370 db_query("UPDATE {users} SET login = %d WHERE uid = %d", $user->login, $user->uid);
webmaster@7	1371
webmaster@7	1372 // Regenerate the session ID to prevent against session fixation attacks.
webmaster@7	1373 sess_regenerate();
webmaster@1	1374 user_module_invoke('login', $edit, $user);
webmaster@1	1375 }
webmaster@1	1376
webmaster@1	1377 /**
webmaster@1	1378 * Submit handler for the login form. Redirects the user to a page.
webmaster@1	1379 *
webmaster@1	1380 * The user is redirected to the My Account page. Setting the destination in
webmaster@1	1381 * the query string (as done by the user login block) overrides the redirect.
webmaster@1	1382 */
webmaster@1	1383 function user_login_submit($form, &$form_state) {
webmaster@1	1384 global $user;
webmaster@1	1385 if ($user->uid) {
webmaster@1	1386 $form_state['redirect'] = 'user/'. $user->uid;
webmaster@1	1387 return;
webmaster@1	1388 }
webmaster@1	1389 }
webmaster@1	1390
webmaster@1	1391 /**
webmaster@1	1392 * Helper function for authentication modules. Either login in or registers
webmaster@1	1393 * the current user, based on username. Either way, the global $user object is
webmaster@1	1394 * populated based on $name.
webmaster@1	1395 */
webmaster@1	1396 function user_external_login_register($name, $module) {
webmaster@1	1397 global $user;
webmaster@1	1398
webmaster@9	1399 $existing_user = user_load(array('name' => $name));
webmaster@9	1400 if (isset($existing_user->uid)) {
webmaster@9	1401 $user = $existing_user;
webmaster@9	1402 }
webmaster@9	1403 else {
webmaster@1	1404 // Register this new user.
webmaster@1	1405 $userinfo = array(
webmaster@1	1406 'name' => $name,
webmaster@1	1407 'pass' => user_password(),
webmaster@1	1408 'init' => $name,
webmaster@1	1409 'status' => 1,
webmaster@1	1410 "authname_$module" => $name,
webmaster@1	1411 'access' => time()
webmaster@1	1412 );
webmaster@1	1413 $account = user_save('', $userinfo);
webmaster@1	1414 // Terminate if an error occured during user_save().
webmaster@1	1415 if (!$account) {
webmaster@1	1416 drupal_set_message(t("Error saving user account."), 'error');
webmaster@1	1417 return;
webmaster@1	1418 }
webmaster@1	1419 $user = $account;
webmaster@1	1420 watchdog('user', 'New external user: %name using module %module.', array('%name' => $name, '%module' => $module), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $user->uid .'/edit'));
webmaster@1	1421 }
webmaster@1	1422 }
webmaster@1	1423
webmaster@1	1424 function user_pass_reset_url($account) {
webmaster@1	1425 $timestamp = time();
webmaster@1	1426 return url("user/reset/$account->uid/$timestamp/". user_pass_rehash($account->pass, $timestamp, $account->login), array('absolute' => TRUE));
webmaster@1	1427 }
webmaster@1	1428
webmaster@1	1429 function user_pass_rehash($password, $timestamp, $login) {
webmaster@1	1430 return md5($timestamp . $password . $login);
webmaster@1	1431 }
webmaster@1	1432
webmaster@1	1433 function user_edit_form(&$form_state, $uid, $edit, $register = FALSE) {
webmaster@1	1434 _user_password_dynamic_validation();
webmaster@1	1435 $admin = user_access('administer users');
webmaster@1	1436
webmaster@1	1437 // Account information:
webmaster@1	1438 $form['account'] = array('#type' => 'fieldset',
webmaster@1	1439 '#title' => t('Account information'),
webmaster@1	1440 '#weight' => -10,
webmaster@1	1441 );
webmaster@1	1442 if (user_access('change own username') \|\| $admin \|\| $register) {
webmaster@1	1443 $form['account']['name'] = array('#type' => 'textfield',
webmaster@1	1444 '#title' => t('Username'),
webmaster@1	1445 '#default_value' => $edit['name'],
webmaster@1	1446 '#maxlength' => USERNAME_MAX_LENGTH,
webmaster@1	1447 '#description' => t('Spaces are allowed; punctuation is not allowed except for periods, hyphens, and underscores.'),
webmaster@1	1448 '#required' => TRUE,
webmaster@1	1449 );
webmaster@1	1450 }
webmaster@1	1451 $form['account']['mail'] = array('#type' => 'textfield',
webmaster@1	1452 '#title' => t('E-mail address'),
webmaster@1	1453 '#default_value' => $edit['mail'],
webmaster@1	1454 '#maxlength' => EMAIL_MAX_LENGTH,
webmaster@1	1455 '#description' => t('A valid e-mail address. All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.'),
webmaster@1	1456 '#required' => TRUE,
webmaster@1	1457 );
webmaster@1	1458 if (!$register) {
webmaster@1	1459 $form['account']['pass'] = array('#type' => 'password_confirm',
webmaster@1	1460 '#description' => t('To change the current user password, enter the new password in both fields.'),
webmaster@1	1461 '#size' => 25,
webmaster@1	1462 );
webmaster@1	1463 }
webmaster@1	1464 elseif (!variable_get('user_email_verification', TRUE) \|\| $admin) {
webmaster@1	1465 $form['account']['pass'] = array(
webmaster@1	1466 '#type' => 'password_confirm',
webmaster@1	1467 '#description' => t('Provide a password for the new account in both fields.'),
webmaster@1	1468 '#required' => TRUE,
webmaster@1	1469 '#size' => 25,
webmaster@1	1470 );
webmaster@1	1471 }
webmaster@1	1472 if ($admin) {
webmaster@1	1473 $form['account']['status'] = array(
webmaster@1	1474 '#type' => 'radios',
webmaster@1	1475 '#title' => t('Status'),
webmaster@1	1476 '#default_value' => isset($edit['status']) ? $edit['status'] : 1,
webmaster@1	1477 '#options' => array(t('Blocked'), t('Active'))
webmaster@1	1478 );
webmaster@1	1479 }
webmaster@1	1480 if (user_access('administer permissions')) {
webmaster@1	1481 $roles = user_roles(TRUE);
webmaster@1	1482
webmaster@1	1483 // The disabled checkbox subelement for the 'authenticated user' role
webmaster@1	1484 // must be generated separately and added to the checkboxes element,
webmaster@1	1485 // because of a limitation in D6 FormAPI not supporting a single disabled
webmaster@1	1486 // checkbox within a set of checkboxes.
webmaster@1	1487 // TODO: This should be solved more elegantly. See issue #119038.
webmaster@1	1488 $checkbox_authenticated = array(
webmaster@1	1489 '#type' => 'checkbox',
webmaster@1	1490 '#title' => $roles[DRUPAL_AUTHENTICATED_RID],
webmaster@1	1491 '#default_value' => TRUE,
webmaster@1	1492 '#disabled' => TRUE,
webmaster@1	1493 );
webmaster@1	1494
webmaster@1	1495 unset($roles[DRUPAL_AUTHENTICATED_RID]);
webmaster@1	1496 if ($roles) {
webmaster@1	1497 $default = empty($edit['roles']) ? array() : array_keys($edit['roles']);
webmaster@1	1498 $form['account']['roles'] = array(
webmaster@1	1499 '#type' => 'checkboxes',
webmaster@1	1500 '#title' => t('Roles'),
webmaster@1	1501 '#default_value' => $default,
webmaster@1	1502 '#options' => $roles,
webmaster@1	1503 DRUPAL_AUTHENTICATED_RID => $checkbox_authenticated,
webmaster@1	1504 );
webmaster@1	1505 }
webmaster@1	1506 }
webmaster@1	1507
webmaster@1	1508 // Signature:
webmaster@1	1509 if (variable_get('user_signatures', 0) && module_exists('comment') && !$register) {
webmaster@1	1510 $form['signature_settings'] = array(
webmaster@1	1511 '#type' => 'fieldset',
webmaster@1	1512 '#title' => t('Signature settings'),
webmaster@1	1513 '#weight' => 1,
webmaster@1	1514 );
webmaster@1	1515 $form['signature_settings']['signature'] = array(
webmaster@1	1516 '#type' => 'textarea',
webmaster@1	1517 '#title' => t('Signature'),
webmaster@1	1518 '#default_value' => $edit['signature'],
webmaster@1	1519 '#description' => t('Your signature will be publicly displayed at the end of your comments.'),
webmaster@1	1520 );
webmaster@1	1521 }
webmaster@1	1522
webmaster@1	1523 // Picture/avatar:
webmaster@1	1524 if (variable_get('user_pictures', 0) && !$register) {
webmaster@1	1525 $form['picture'] = array('#type' => 'fieldset', '#title' => t('Picture'), '#weight' => 1);
webmaster@1	1526 $picture = theme('user_picture', (object)$edit);
webmaster@1	1527 if ($edit['picture']) {
webmaster@1	1528 $form['picture']['current_picture'] = array('#value' => $picture);
webmaster@1	1529 $form['picture']['picture_delete'] = array('#type' => 'checkbox', '#title' => t('Delete picture'), '#description' => t('Check this box to delete your current picture.'));
webmaster@1	1530 }
webmaster@1	1531 else {
webmaster@1	1532 $form['picture']['picture_delete'] = array('#type' => 'hidden');
webmaster@1	1533 }
webmaster@1	1534 $form['picture']['picture_upload'] = array('#type' => 'file', '#title' => t('Upload picture'), '#size' => 48, '#description' => t('Your virtual face or picture. Maximum dimensions are %dimensions and the maximum size is %size kB.', array('%dimensions' => variable_get('user_picture_dimensions', '85x85'), '%size' => variable_get('user_picture_file_size', '30'))) .' '. variable_get('user_picture_guidelines', ''));
webmaster@1	1535 $form['#validate'][] = 'user_validate_picture';
webmaster@1	1536 }
webmaster@1	1537 $form['#uid'] = $uid;
webmaster@1	1538
webmaster@1	1539 return $form;
webmaster@1	1540 }
webmaster@1	1541
webmaster@1	1542 function _user_edit_validate($uid, &$edit) {
webmaster@1	1543 $user = user_load(array('uid' => $uid));
webmaster@1	1544 // Validate the username:
webmaster@1	1545 if (user_access('change own username') \|\| user_access('administer users') \|\| !$user->uid) {
webmaster@1	1546 if ($error = user_validate_name($edit['name'])) {
webmaster@1	1547 form_set_error('name', $error);
webmaster@1	1548 }
webmaster@1	1549 else if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) {
webmaster@1	1550 form_set_error('name', t('The name %name is already taken.', array('%name' => $edit['name'])));
webmaster@1	1551 }
webmaster@1	1552 else if (drupal_is_denied('user', $edit['name'])) {
webmaster@1	1553 form_set_error('name', t('The name %name has been denied access.', array('%name' => $edit['name'])));
webmaster@1	1554 }
webmaster@1	1555 }
webmaster@1	1556
webmaster@1	1557 // Validate the e-mail address:
webmaster@1	1558 if ($error = user_validate_mail($edit['mail'])) {
webmaster@1	1559 form_set_error('mail', $error);
webmaster@1	1560 }
webmaster@1	1561 else if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(mail) = LOWER('%s')", $uid, $edit['mail'])) > 0) {
webmaster@1	1562 form_set_error('mail', t('The e-mail address %email is already registered. <a href="@password">Have you forgotten your password?</a>', array('%email' => $edit['mail'], '@password' => url('user/password'))));
webmaster@1	1563 }
webmaster@1	1564 else if (drupal_is_denied('mail', $edit['mail'])) {
webmaster@1	1565 form_set_error('mail', t('The e-mail address %email has been denied access.', array('%email' => $edit['mail'])));
webmaster@1	1566 }
webmaster@1	1567 }
webmaster@1	1568
webmaster@1	1569 function _user_edit_submit($uid, &$edit) {
webmaster@1	1570 $user = user_load(array('uid' => $uid));
webmaster@1	1571 // Delete picture if requested, and if no replacement picture was given.
webmaster@1	1572 if (!empty($edit['picture_delete'])) {
webmaster@1	1573 if ($user->picture && file_exists($user->picture)) {
webmaster@1	1574 file_delete($user->picture);
webmaster@1	1575 }
webmaster@1	1576 $edit['picture'] = '';
webmaster@1	1577 }
webmaster@1	1578 if (isset($edit['roles'])) {
webmaster@1	1579 $edit['roles'] = array_filter($edit['roles']);
webmaster@1	1580 }
webmaster@1	1581 }
webmaster@1	1582
webmaster@1	1583 /**
webmaster@1	1584 * Delete a user.
webmaster@1	1585 *
webmaster@1	1586 * @param $edit An array of submitted form values.
webmaster@1	1587 * @param $uid The user ID of the user to delete.
webmaster@1	1588 */
webmaster@1	1589 function user_delete($edit, $uid) {
webmaster@1	1590 $account = user_load(array('uid' => $uid));
webmaster@1	1591 sess_destroy_uid($uid);
webmaster@1	1592 _user_mail_notify('status_deleted', $account);
webmaster@1	1593 db_query('DELETE FROM {users} WHERE uid = %d', $uid);
webmaster@1	1594 db_query('DELETE FROM {users_roles} WHERE uid = %d', $uid);
webmaster@1	1595 db_query('DELETE FROM {authmap} WHERE uid = %d', $uid);
webmaster@1	1596 $variables = array('%name' => $account->name, '%email' => '<'. $account->mail .'>');
webmaster@1	1597 watchdog('user', 'Deleted user: %name %email.', $variables, WATCHDOG_NOTICE);
webmaster@1	1598 module_invoke_all('user', 'delete', $edit, $account);
webmaster@1	1599 }
webmaster@1	1600
webmaster@1	1601 /**
webmaster@1	1602 * Builds a structured array representing the profile content.
webmaster@1	1603 *
webmaster@1	1604 * @param $account
webmaster@1	1605 * A user object.
webmaster@1	1606 *
webmaster@1	1607 * @return
webmaster@1	1608 * A structured array containing the individual elements of the profile.
webmaster@1	1609 */
webmaster@1	1610 function user_build_content(&$account) {
webmaster@1	1611 $edit = NULL;
webmaster@1	1612 user_module_invoke('view', $edit, $account);
webmaster@1	1613 // Allow modules to modify the fully-built profile.
webmaster@1	1614 drupal_alter('profile', $account);
webmaster@1	1615
webmaster@1	1616 return $account->content;
webmaster@1	1617 }
webmaster@1	1618
webmaster@1	1619 /**
webmaster@1	1620 * Implementation of hook_mail().
webmaster@1	1621 */
webmaster@1	1622 function user_mail($key, &$message, $params) {
webmaster@1	1623 $language = $message['language'];
webmaster@1	1624 $variables = user_mail_tokens($params['account'], $language);
webmaster@1	1625 $message['subject'] .= _user_mail_text($key .'_subject', $language, $variables);
webmaster@1	1626 $message['body'][] = _user_mail_text($key .'_body', $language, $variables);
webmaster@1	1627 }
webmaster@1	1628
webmaster@1	1629 /**
webmaster@1	1630 * Returns a mail string for a variable name.
webmaster@1	1631 *
webmaster@1	1632 * Used by user_mail() and the settings forms to retrieve strings.
webmaster@1	1633 */
webmaster@1	1634 function _user_mail_text($key, $language = NULL, $variables = array()) {
webmaster@1	1635 $langcode = isset($language) ? $language->language : NULL;
webmaster@1	1636
webmaster@1	1637 if ($admin_setting = variable_get('user_mail_'. $key, FALSE)) {
webmaster@1	1638 // An admin setting overrides the default string.
webmaster@1	1639 return strtr($admin_setting, $variables);
webmaster@1	1640 }
webmaster@1	1641 else {
webmaster@1	1642 // No override, return default string.
webmaster@1	1643 switch ($key) {
webmaster@1	1644 case 'register_no_approval_required_subject':
webmaster@1	1645 return t('Account details for !username at !site', $variables, $langcode);
webmaster@1	1646 case 'register_no_approval_required_body':
webmaster@1	1647 return t("!username,\n\nThank you for registering at !site. You may now log in to !login_uri using the following username and password:\n\nusername: !username\npassword: !password\n\nYou may also log in by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.\n\n\n-- !site team", $variables, $langcode);
webmaster@1	1648 case 'register_admin_created_subject':
webmaster@1	1649 return t('An administrator created an account for you at !site', $variables, $langcode);
webmaster@1	1650 case 'register_admin_created_body':
webmaster@1	1651 return t("!username,\n\nA site administrator at !site has created an account for you. You may now log in to !login_uri using the following username and password:\n\nusername: !username\npassword: !password\n\nYou may also log in by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.\n\n\n-- !site team", $variables, $langcode);
webmaster@1	1652 case 'register_pending_approval_subject':
webmaster@7	1653 case 'register_pending_approval_admin_subject':
webmaster@1	1654 return t('Account details for !username at !site (pending admin approval)', $variables, $langcode);
webmaster@1	1655 case 'register_pending_approval_body':
webmaster@1	1656 return t("!username,\n\nThank you for registering at !site. Your application for an account is currently pending approval. Once it has been approved, you will receive another e-mail containing information about how to log in, set your password, and other details.\n\n\n-- !site team", $variables, $langcode);
webmaster@1	1657 case 'register_pending_approval_admin_body':
webmaster@1	1658 return t("!username has applied for an account.\n\n!edit_uri", $variables, $langcode);
webmaster@1	1659 case 'password_reset_subject':
webmaster@1	1660 return t('Replacement login information for !username at !site', $variables, $langcode);
webmaster@1	1661 case 'password_reset_body':
webmaster@1	1662 return t("!username,\n\nA request to reset the password for your account has been made at !site.\n\nYou may now log in to !uri_brief by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once. It expires after one day and nothing will happen if it's not used.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.", $variables, $langcode);
webmaster@1	1663 case 'status_activated_subject':
webmaster@1	1664 return t('Account details for !username at !site (approved)', $variables, $langcode);
webmaster@1	1665 case 'status_activated_body':
webmaster@1	1666 return t("!username,\n\nYour account at !site has been activated.\n\nYou may now log in by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.\n\nOnce you have set your own password, you will be able to log in to !login_uri in the future using:\n\nusername: !username\n", $variables, $langcode);
webmaster@1	1667 case 'status_blocked_subject':
webmaster@1	1668 return t('Account details for !username at !site (blocked)', $variables, $langcode);
webmaster@1	1669 case 'status_blocked_body':
webmaster@1	1670 return t("!username,\n\nYour account on !site has been blocked.", $variables, $langcode);
webmaster@1	1671 case 'status_deleted_subject':
webmaster@1	1672 return t('Account details for !username at !site (deleted)', $variables, $langcode);
webmaster@1	1673 case 'status_deleted_body':
webmaster@1	1674 return t("!username,\n\nYour account on !site has been deleted.", $variables, $langcode);
webmaster@1	1675 }
webmaster@1	1676 }
webmaster@1	1677 }
webmaster@1	1678
webmaster@1	1679 /* Administrative features *********************************************/
webmaster@1	1680
webmaster@1	1681 /**
webmaster@1	1682 * Retrieve an array of roles matching specified conditions.
webmaster@1	1683 *
webmaster@1	1684 * @param $membersonly
webmaster@1	1685 * Set this to TRUE to exclude the 'anonymous' role.
webmaster@1	1686 * @param $permission
webmaster@1	1687 * A string containing a permission. If set, only roles containing that
webmaster@1	1688 * permission are returned.
webmaster@1	1689 *
webmaster@1	1690 * @return
webmaster@1	1691 * An associative array with the role id as the key and the role name as
webmaster@1	1692 * value.
webmaster@1	1693 */
webmaster@1	1694 function user_roles($membersonly = FALSE, $permission = NULL) {
webmaster@1	1695 // System roles take the first two positions.
webmaster@1	1696 $roles = array(
webmaster@1	1697 DRUPAL_ANONYMOUS_RID => NULL,
webmaster@1	1698 DRUPAL_AUTHENTICATED_RID => NULL,
webmaster@1	1699 );
webmaster@1	1700
webmaster@1	1701 if (!empty($permission)) {
webmaster@1	1702 $result = db_query("SELECT r.* FROM {role} r INNER JOIN {permission} p ON r.rid = p.rid WHERE p.perm LIKE '%%%s%%' ORDER BY r.name", $permission);
webmaster@1	1703 }
webmaster@1	1704 else {
webmaster@1	1705 $result = db_query('SELECT * FROM {role} ORDER BY name');
webmaster@1	1706 }
webmaster@1	1707
webmaster@1	1708 while ($role = db_fetch_object($result)) {
webmaster@1	1709 switch ($role->rid) {
webmaster@1	1710 // We only translate the built in role names
webmaster@1	1711 case DRUPAL_ANONYMOUS_RID:
webmaster@1	1712 if (!$membersonly) {
webmaster@1	1713 $roles[$role->rid] = t($role->name);
webmaster@1	1714 }
webmaster@1	1715 break;
webmaster@1	1716 case DRUPAL_AUTHENTICATED_RID:
webmaster@1	1717 $roles[$role->rid] = t($role->name);
webmaster@1	1718 break;
webmaster@1	1719 default:
webmaster@1	1720 $roles[$role->rid] = $role->name;
webmaster@1	1721 }
webmaster@1	1722 }
webmaster@1	1723
webmaster@1	1724 // Filter to remove unmatched system roles.
webmaster@1	1725 return array_filter($roles);
webmaster@1	1726 }
webmaster@1	1727
webmaster@1	1728 /**
webmaster@1	1729 * Implementation of hook_user_operations().
webmaster@1	1730 */
webmaster@1	1731 function user_user_operations($form_state = array()) {
webmaster@1	1732 $operations = array(
webmaster@1	1733 'unblock' => array(
webmaster@1	1734 'label' => t('Unblock the selected users'),
webmaster@1	1735 'callback' => 'user_user_operations_unblock',
webmaster@1	1736 ),
webmaster@1	1737 'block' => array(
webmaster@1	1738 'label' => t('Block the selected users'),
webmaster@1	1739 'callback' => 'user_user_operations_block',
webmaster@1	1740 ),
webmaster@1	1741 'delete' => array(
webmaster@1	1742 'label' => t('Delete the selected users'),
webmaster@1	1743 ),
webmaster@1	1744 );
webmaster@1	1745
webmaster@1	1746 if (user_access('administer permissions')) {
webmaster@1	1747 $roles = user_roles(TRUE);
webmaster@1	1748 unset($roles[DRUPAL_AUTHENTICATED_RID]); // Can't edit authenticated role.
webmaster@1	1749
webmaster@1	1750 $add_roles = array();
webmaster@1	1751 foreach ($roles as $key => $value) {
webmaster@1	1752 $add_roles['add_role-'. $key] = $value;
webmaster@1	1753 }
webmaster@1	1754
webmaster@1	1755 $remove_roles = array();
webmaster@1	1756 foreach ($roles as $key => $value) {
webmaster@1	1757 $remove_roles['remove_role-'. $key] = $value;
webmaster@1	1758 }
webmaster@1	1759
webmaster@1	1760 if (count($roles)) {
webmaster@1	1761 $role_operations = array(
webmaster@1	1762 t('Add a role to the selected users') => array(
webmaster@1	1763 'label' => $add_roles,
webmaster@1	1764 ),
webmaster@1	1765 t('Remove a role from the selected users') => array(
webmaster@1	1766 'label' => $remove_roles,
webmaster@1	1767 ),
webmaster@1	1768 );
webmaster@1	1769
webmaster@1	1770 $operations += $role_operations;
webmaster@1	1771 }
webmaster@1	1772 }
webmaster@1	1773
webmaster@1	1774 // If the form has been posted, we need to insert the proper data for
webmaster@1	1775 // role editing if necessary.
webmaster@1	1776 if (!empty($form_state['submitted'])) {
webmaster@1	1777 $operation_rid = explode('-', $form_state['values']['operation']);
webmaster@1	1778 $operation = $operation_rid[0];
webmaster@1	1779 if ($operation == 'add_role' \|\| $operation == 'remove_role') {
webmaster@1	1780 $rid = $operation_rid[1];
webmaster@1	1781 if (user_access('administer permissions')) {
webmaster@1	1782 $operations[$form_state['values']['operation']] = array(
webmaster@1	1783 'callback' => 'user_multiple_role_edit',
webmaster@1	1784 'callback arguments' => array($operation, $rid),
webmaster@1	1785 );
webmaster@1	1786 }
webmaster@1	1787 else {
webmaster@1	1788 watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING);
webmaster@1	1789 return;
webmaster@1	1790 }
webmaster@1	1791 }
webmaster@1	1792 }
webmaster@1	1793
webmaster@1	1794 return $operations;
webmaster@1	1795 }
webmaster@1	1796
webmaster@1	1797 /**
webmaster@1	1798 * Callback function for admin mass unblocking users.
webmaster@1	1799 */
webmaster@1	1800 function user_user_operations_unblock($accounts) {
webmaster@1	1801 foreach ($accounts as $uid) {
webmaster@1	1802 $account = user_load(array('uid' => (int)$uid));
webmaster@1	1803 // Skip unblocking user if they are already unblocked.
webmaster@1	1804 if ($account !== FALSE && $account->status == 0) {
webmaster@1	1805 user_save($account, array('status' => 1));
webmaster@1	1806 }
webmaster@1	1807 }
webmaster@1	1808 }
webmaster@1	1809
webmaster@1	1810 /**
webmaster@1	1811 * Callback function for admin mass blocking users.
webmaster@1	1812 */
webmaster@1	1813 function user_user_operations_block($accounts) {
webmaster@1	1814 foreach ($accounts as $uid) {
webmaster@1	1815 $account = user_load(array('uid' => (int)$uid));
webmaster@1	1816 // Skip blocking user if they are already blocked.
webmaster@1	1817 if ($account !== FALSE && $account->status == 1) {
webmaster@1	1818 user_save($account, array('status' => 0));
webmaster@1	1819 }
webmaster@1	1820 }
webmaster@1	1821 }
webmaster@1	1822
webmaster@1	1823 /**
webmaster@1	1824 * Callback function for admin mass adding/deleting a user role.
webmaster@1	1825 */
webmaster@1	1826 function user_multiple_role_edit($accounts, $operation, $rid) {
webmaster@1	1827 // The role name is not necessary as user_save() will reload the user
webmaster@1	1828 // object, but some modules' hook_user() may look at this first.
webmaster@1	1829 $role_name = db_result(db_query('SELECT name FROM {role} WHERE rid = %d', $rid));
webmaster@1	1830
webmaster@1	1831 switch ($operation) {
webmaster@1	1832 case 'add_role':
webmaster@1	1833 foreach ($accounts as $uid) {
webmaster@1	1834 $account = user_load(array('uid' => (int)$uid));
webmaster@1	1835 // Skip adding the role to the user if they already have it.
webmaster@1	1836 if ($account !== FALSE && !isset($account->roles[$rid])) {
webmaster@1	1837 $roles = $account->roles + array($rid => $role_name);
webmaster@1	1838 user_save($account, array('roles' => $roles));
webmaster@1	1839 }
webmaster@1	1840 }
webmaster@1	1841 break;
webmaster@1	1842 case 'remove_role':
webmaster@1	1843 foreach ($accounts as $uid) {
webmaster@1	1844 $account = user_load(array('uid' => (int)$uid));
webmaster@1	1845 // Skip removing the role from the user if they already don't have it.
webmaster@1	1846 if ($account !== FALSE && isset($account->roles[$rid])) {
webmaster@1	1847 $roles = array_diff($account->roles, array($rid => $role_name));
webmaster@1	1848 user_save($account, array('roles' => $roles));
webmaster@1	1849 }
webmaster@1	1850 }
webmaster@1	1851 break;
webmaster@1	1852 }
webmaster@1	1853 }
webmaster@1	1854
webmaster@1	1855 function user_multiple_delete_confirm(&$form_state) {
webmaster@1	1856 $edit = $form_state['post'];
webmaster@1	1857
webmaster@1	1858 $form['accounts'] = array('#prefix' => '<ul>', '#suffix' => '</ul>', '#tree' => TRUE);
webmaster@1	1859 // array_filter() returns only elements with TRUE values.
webmaster@1	1860 foreach (array_filter($edit['accounts']) as $uid => $value) {
webmaster@1	1861 $user = db_result(db_query('SELECT name FROM {users} WHERE uid = %d', $uid));
webmaster@1	1862 $form['accounts'][$uid] = array('#type' => 'hidden', '#value' => $uid, '#prefix' => '<li>', '#suffix' => check_plain($user) ."</li>\n");
webmaster@1	1863 }
webmaster@1	1864 $form['operation'] = array('#type' => 'hidden', '#value' => 'delete');
webmaster@1	1865
webmaster@1	1866 return confirm_form($form,
webmaster@1	1867 t('Are you sure you want to delete these users?'),
webmaster@1	1868 'admin/user/user', t('This action cannot be undone.'),
webmaster@1	1869 t('Delete all'), t('Cancel'));
webmaster@1	1870 }
webmaster@1	1871
webmaster@1	1872 function user_multiple_delete_confirm_submit($form, &$form_state) {
webmaster@1	1873 if ($form_state['values']['confirm']) {
webmaster@1	1874 foreach ($form_state['values']['accounts'] as $uid => $value) {
webmaster@1	1875 user_delete($form_state['values'], $uid);
webmaster@1	1876 }
webmaster@1	1877 drupal_set_message(t('The users have been deleted.'));
webmaster@1	1878 }
webmaster@1	1879 $form_state['redirect'] = 'admin/user/user';
webmaster@1	1880 return;
webmaster@1	1881 }
webmaster@1	1882
webmaster@1	1883 /**
webmaster@1	1884 * Implementation of hook_help().
webmaster@1	1885 */
webmaster@1	1886 function user_help($path, $arg) {
webmaster@1	1887 global $user;
webmaster@1	1888
webmaster@1	1889 switch ($path) {
webmaster@1	1890 case 'admin/help#user':
webmaster@1	1891 $output = '<p>'. t('The user module allows users to register, login, and log out. Users benefit from being able to sign on because it associates content they create with their account and allows various permissions to be set for their roles. The user module supports user roles which establish fine grained permissions allowing each role to do only what the administrator wants them to. Each user is assigned to one or more roles. By default there are two roles <em>anonymous</em> - a user who has not logged in, and <em>authenticated</em> a user who has signed up and who has been authorized.') .'</p>';
webmaster@1	1892 $output .= '<p>'. t("Users can use their own name or handle and can specify personal configuration settings through their individual <em>My account</em> page. Users must authenticate by supplying a local username and password or through their OpenID, an optional and secure method for logging into many websites with a single username and password. In some configurations, users may authenticate using a username and password from another Drupal site, or through some other site-specific mechanism.") .'</p>';
webmaster@1	1893 $output .= '<p>'. t('A visitor accessing your website is assigned a unique ID, or session ID, which is stored in a cookie. The cookie does not contain personal information, but acts as a key to retrieve information from your site. Users should have cookies enabled in their web browser when using your site.') .'</p>';
webmaster@1	1894 $output .= '<p>'. t('For more information, see the online handbook entry for <a href="@user">User module</a>.', array('@user' => 'http://drupal.org/handbook/modules/user/')) .'</p>';
webmaster@1	1895 return $output;
webmaster@1	1896 case 'admin/user/user':
webmaster@1	1897 return '<p>'. t('Drupal allows users to register, login, log out, maintain user profiles, etc. Users of the site may not use their own names to post content until they have signed up for a user account.') .'</p>';
webmaster@1	1898 case 'admin/user/user/create':
webmaster@1	1899 case 'admin/user/user/account/create':
webmaster@1	1900 return '<p>'. t("This web page allows administrators to register new users. Users' e-mail addresses and usernames must be unique.") .'</p>';
webmaster@1	1901 case 'admin/user/rules':
webmaster@1	1902 return '<p>'. t('Set up username and e-mail address access rules for new <em>and</em> existing accounts (currently logged in accounts will not be logged out). If a username or e-mail address for an account matches any deny rule, but not an allow rule, then the account will not be allowed to be created or to log in. A host rule is effective for every page view, not just registrations.') .'</p>';
webmaster@1	1903 case 'admin/user/permissions':
webmaster@1	1904 return '<p>'. t('Permissions let you control what users can do on your site. Each user role (defined on the <a href="@role">user roles page</a>) has its own set of permissions. For example, you could give users classified as "Administrators" permission to "administer nodes" but deny this power to ordinary, "authenticated" users. You can use permissions to reveal new features to privileged users (those with subscriptions, for example). Permissions also allow trusted users to share the administrative burden of running a busy site.', array('@role' => url('admin/user/roles'))) .'</p>';
webmaster@1	1905 case 'admin/user/roles':
webmaster@1	1906 return t('<p>Roles allow you to fine tune the security and administration of Drupal. A role defines a group of users that have certain privileges as defined in <a href="@permissions">user permissions</a>. Examples of roles include: anonymous user, authenticated user, moderator, administrator and so on. In this area you will define the <em>role names</em> of the various roles. To delete a role choose "edit".</p><p>By default, Drupal comes with two user roles:</p>
webmaster@1	1907 <ul>
webmaster@1	1908 <li>Anonymous user: this role is used for users that don\'t have a user account or that are not authenticated.</li>
webmaster@1	1909 <li>Authenticated user: this role is automatically granted to all logged in users.</li>
webmaster@1	1910 </ul>', array('@permissions' => url('admin/user/permissions')));
webmaster@1	1911 case 'admin/user/search':
webmaster@1	1912 return '<p>'. t('Enter a simple pattern ("*" may be used as a wildcard match) to search for a username or e-mail address. For example, one may search for "br" and Drupal might return "brian", "brad", and "brenda@example.com".') .'</p>';
webmaster@1	1913 }
webmaster@1	1914 }
webmaster@1	1915
webmaster@1	1916 /**
webmaster@1	1917 * Retrieve a list of all user setting/information categories and sort them by weight.
webmaster@1	1918 */
webmaster@1	1919 function _user_categories($account) {
webmaster@1	1920 $categories = array();
webmaster@1	1921
webmaster@1	1922 foreach (module_list() as $module) {
webmaster@1	1923 if ($data = module_invoke($module, 'user', 'categories', NULL, $account, '')) {
webmaster@1	1924 $categories = array_merge($data, $categories);
webmaster@1	1925 }
webmaster@1	1926 }
webmaster@1	1927
webmaster@1	1928 usort($categories, '_user_sort');
webmaster@1	1929
webmaster@1	1930 return $categories;
webmaster@1	1931 }
webmaster@1	1932
webmaster@1	1933 function _user_sort($a, $b) {
webmaster@1	1934 $a = (array)$a + array('weight' => 0, 'title' => '');
webmaster@1	1935 $b = (array)$b + array('weight' => 0, 'title' => '');
webmaster@1	1936 return $a['weight'] < $b['weight'] ? -1 : ($a['weight'] > $b['weight'] ? 1 : ($a['title'] < $b['title'] ? -1 : 1));
webmaster@1	1937 }
webmaster@1	1938
webmaster@1	1939 /**
webmaster@1	1940 * List user administration filters that can be applied.
webmaster@1	1941 */
webmaster@1	1942 function user_filters() {
webmaster@1	1943 // Regular filters
webmaster@1	1944 $filters = array();
webmaster@1	1945 $roles = user_roles(TRUE);
webmaster@1	1946 unset($roles[DRUPAL_AUTHENTICATED_RID]); // Don't list authorized role.
webmaster@1	1947 if (count($roles)) {
webmaster@1	1948 $filters['role'] = array(
webmaster@1	1949 'title' => t('role'),
webmaster@1	1950 'where' => "ur.rid = %d",
webmaster@1	1951 'options' => $roles,
webmaster@1	1952 'join' => '',
webmaster@1	1953 );
webmaster@1	1954 }
webmaster@1	1955
webmaster@1	1956 $options = array();
webmaster@1	1957 foreach (module_list() as $module) {
webmaster@1	1958 if ($permissions = module_invoke($module, 'perm')) {
webmaster@1	1959 asort($permissions);
webmaster@1	1960 foreach ($permissions as $permission) {
webmaster@1	1961 $options[t('@module module', array('@module' => $module))][$permission] = t($permission);
webmaster@1	1962 }
webmaster@1	1963 }
webmaster@1	1964 }
webmaster@1	1965 ksort($options);
webmaster@1	1966 $filters['permission'] = array(
webmaster@1	1967 'title' => t('permission'),
webmaster@1	1968 'join' => 'LEFT JOIN {permission} p ON ur.rid = p.rid',
webmaster@1	1969 'where' => " ((p.perm IS NOT NULL AND p.perm LIKE '%%%s%%') OR u.uid = 1) ",
webmaster@1	1970 'options' => $options,
webmaster@1	1971 );
webmaster@1	1972
webmaster@1	1973 $filters['status'] = array(
webmaster@1	1974 'title' => t('status'),
webmaster@1	1975 'where' => 'u.status = %d',
webmaster@1	1976 'join' => '',
webmaster@1	1977 'options' => array(1 => t('active'), 0 => t('blocked')),
webmaster@1	1978 );
webmaster@1	1979 return $filters;
webmaster@1	1980 }
webmaster@1	1981
webmaster@1	1982 /**
webmaster@1	1983 * Build query for user administration filters based on session.
webmaster@1	1984 */
webmaster@1	1985 function user_build_filter_query() {
webmaster@1	1986 $filters = user_filters();
webmaster@1	1987
webmaster@1	1988 // Build query
webmaster@1	1989 $where = $args = $join = array();
webmaster@1	1990 foreach ($_SESSION['user_overview_filter'] as $filter) {
webmaster@1	1991 list($key, $value) = $filter;
webmaster@1	1992 // This checks to see if this permission filter is an enabled permission for
webmaster@1	1993 // the authenticated role. If so, then all users would be listed, and we can
webmaster@1	1994 // skip adding it to the filter query.
webmaster@1	1995 if ($key == 'permission') {
webmaster@1	1996 $account = new stdClass();
webmaster@1	1997 $account->uid = 'user_filter';
webmaster@1	1998 $account->roles = array(DRUPAL_AUTHENTICATED_RID => 1);
webmaster@1	1999 if (user_access($value, $account)) {
webmaster@1	2000 continue;
webmaster@1	2001 }
webmaster@1	2002 }
webmaster@1	2003 $where[] = $filters[$key]['where'];
webmaster@1	2004 $args[] = $value;
webmaster@1	2005 $join[] = $filters[$key]['join'];
webmaster@1	2006 }
webmaster@1	2007 $where = !empty($where) ? 'AND '. implode(' AND ', $where) : '';
webmaster@1	2008 $join = !empty($join) ? ' '. implode(' ', array_unique($join)) : '';
webmaster@1	2009
webmaster@1	2010 return array('where' => $where,
webmaster@1	2011 'join' => $join,
webmaster@1	2012 'args' => $args,
webmaster@1	2013 );
webmaster@1	2014 }
webmaster@1	2015
webmaster@1	2016 /**
webmaster@1	2017 * Implementation of hook_forms().
webmaster@1	2018 */
webmaster@1	2019 function user_forms() {
webmaster@1	2020 $forms['user_admin_access_add_form']['callback'] = 'user_admin_access_form';
webmaster@1	2021 $forms['user_admin_access_edit_form']['callback'] = 'user_admin_access_form';
webmaster@1	2022 $forms['user_admin_new_role']['callback'] = 'user_admin_role';
webmaster@1	2023 return $forms;
webmaster@1	2024 }
webmaster@1	2025
webmaster@1	2026 /**
webmaster@1	2027 * Implementation of hook_comment().
webmaster@1	2028 */
webmaster@1	2029 function user_comment(&$comment, $op) {
webmaster@1	2030 // Validate signature.
webmaster@1	2031 if ($op == 'view') {
webmaster@1	2032 if (variable_get('user_signatures', 0) && !empty($comment->signature)) {
webmaster@1	2033 $comment->signature = check_markup($comment->signature, $comment->format);
webmaster@1	2034 }
webmaster@1	2035 else {
webmaster@1	2036 $comment->signature = '';
webmaster@1	2037 }
webmaster@1	2038 }
webmaster@1	2039 }
webmaster@1	2040
webmaster@1	2041 /**
webmaster@1	2042 * Theme output of user signature.
webmaster@1	2043 *
webmaster@1	2044 * @ingroup themeable
webmaster@1	2045 */
webmaster@1	2046 function theme_user_signature($signature) {
webmaster@1	2047 $output = '';
webmaster@1	2048 if ($signature) {
webmaster@1	2049 $output .= '<div class="clear">';
webmaster@1	2050 $output .= '<div>—</div>';
webmaster@1	2051 $output .= $signature;
webmaster@1	2052 $output .= '</div>';
webmaster@1	2053 }
webmaster@1	2054
webmaster@1	2055 return $output;
webmaster@1	2056 }
webmaster@1	2057
webmaster@1	2058 /**
webmaster@1	2059 * Return an array of token to value mappings for user e-mail messages.
webmaster@1	2060 *
webmaster@1	2061 * @param $account
webmaster@1	2062 * The user object of the account being notified. Must contain at
webmaster@1	2063 * least the fields 'uid', 'name', and 'mail'.
webmaster@1	2064 * @param $language
webmaster@1	2065 * Language object to generate the tokens with.
webmaster@1	2066 * @return
webmaster@1	2067 * Array of mappings from token names to values (for use with strtr()).
webmaster@1	2068 */
webmaster@1	2069 function user_mail_tokens($account, $language) {
webmaster@1	2070 global $base_url;
webmaster@1	2071 $tokens = array(
webmaster@1	2072 '!username' => $account->name,
webmaster@1	2073 '!site' => variable_get('site_name', 'Drupal'),
webmaster@1	2074 '!login_url' => user_pass_reset_url($account),
webmaster@1	2075 '!uri' => $base_url,
webmaster@11	2076 '!uri_brief' => preg_replace('!^https?://!', '', $base_url),
webmaster@1	2077 '!mailto' => $account->mail,
webmaster@1	2078 '!date' => format_date(time(), 'medium', '', NULL, $language->language),
webmaster@1	2079 '!login_uri' => url('user', array('absolute' => TRUE, 'language' => $language)),
webmaster@1	2080 '!edit_uri' => url('user/'. $account->uid .'/edit', array('absolute' => TRUE, 'language' => $language)),
webmaster@1	2081 );
webmaster@1	2082 if (!empty($account->password)) {
webmaster@1	2083 $tokens['!password'] = $account->password;
webmaster@1	2084 }
webmaster@1	2085 return $tokens;
webmaster@1	2086 }
webmaster@1	2087
webmaster@1	2088 /**
webmaster@1	2089 * Get the language object preferred by the user. This user preference can
webmaster@1	2090 * be set on the user account editing page, and is only available if there
webmaster@1	2091 * are more than one languages enabled on the site. If the user did not
webmaster@1	2092 * choose a preferred language, or is the anonymous user, the $default
webmaster@1	2093 * value, or if it is not set, the site default language will be returned.
webmaster@1	2094 *
webmaster@1	2095 * @param $account
webmaster@1	2096 * User account to look up language for.
webmaster@1	2097 * @param $default
webmaster@1	2098 * Optional default language object to return if the account
webmaster@1	2099 * has no valid language.
webmaster@1	2100 */
webmaster@1	2101 function user_preferred_language($account, $default = NULL) {
webmaster@1	2102 $language_list = language_list();
webmaster@1	2103 if ($account->language && isset($language_list[$account->language])) {
webmaster@1	2104 return $language_list[$account->language];
webmaster@1	2105 }
webmaster@1	2106 else {
webmaster@1	2107 return $default ? $default : language_default();
webmaster@1	2108 }
webmaster@1	2109 }
webmaster@1	2110
webmaster@1	2111 /**
webmaster@1	2112 * Conditionally create and send a notification email when a certain
webmaster@1	2113 * operation happens on the given user account.
webmaster@1	2114 *
webmaster@1	2115 * @see user_mail_tokens()
webmaster@1	2116 * @see drupal_mail()
webmaster@1	2117 *
webmaster@1	2118 * @param $op
webmaster@1	2119 * The operation being performed on the account. Possible values:
webmaster@1	2120 * 'register_admin_created': Welcome message for user created by the admin
webmaster@1	2121 * 'register_no_approval_required': Welcome message when user self-registers
webmaster@1	2122 * 'register_pending_approval': Welcome message, user pending admin approval
webmaster@1	2123 * 'password_reset': Password recovery request
webmaster@1	2124 * 'status_activated': Account activated
webmaster@1	2125 * 'status_blocked': Account blocked
webmaster@1	2126 * 'status_deleted': Account deleted
webmaster@1	2127 *
webmaster@1	2128 * @param $account
webmaster@1	2129 * The user object of the account being notified. Must contain at
webmaster@1	2130 * least the fields 'uid', 'name', and 'mail'.
webmaster@1	2131 * @param $language
webmaster@1	2132 * Optional language to use for the notification, overriding account language.
webmaster@1	2133 * @return
webmaster@1	2134 * The return value from drupal_mail_send(), if ends up being called.
webmaster@1	2135 */
webmaster@1	2136 function _user_mail_notify($op, $account, $language = NULL) {
webmaster@1	2137 // By default, we always notify except for deleted and blocked.
webmaster@1	2138 $default_notify = ($op != 'status_deleted' && $op != 'status_blocked');
webmaster@1	2139 $notify = variable_get('user_mail_'. $op .'_notify', $default_notify);
webmaster@1	2140 if ($notify) {
webmaster@1	2141 $params['account'] = $account;
webmaster@1	2142 $language = $language ? $language : user_preferred_language($account);
webmaster@1	2143 $mail = drupal_mail('user', $op, $account->mail, $language, $params);
webmaster@1	2144 if ($op == 'register_pending_approval') {
webmaster@1	2145 // If a user registered requiring admin approval, notify the admin, too.
webmaster@1	2146 // We use the site default language for this.
webmaster@1	2147 drupal_mail('user', 'register_pending_approval_admin', variable_get('site_mail', ini_get('sendmail_from')), language_default(), $params);
webmaster@1	2148 }
webmaster@1	2149 }
webmaster@1	2150 return empty($mail) ? NULL : $mail['result'];
webmaster@1	2151 }
webmaster@1	2152
webmaster@1	2153 /**
webmaster@1	2154 * Add javascript and string translations for dynamic password validation
webmaster@1	2155 * (strength and confirmation checking).
webmaster@1	2156 *
webmaster@1	2157 * This is an internal function that makes it easier to manage the translation
webmaster@1	2158 * strings that need to be passed to the javascript code.
webmaster@1	2159 */
webmaster@1	2160 function _user_password_dynamic_validation() {
webmaster@1	2161 static $complete = FALSE;
webmaster@1	2162 global $user;
webmaster@1	2163 // Only need to do once per page.
webmaster@1	2164 if (!$complete) {
webmaster@1	2165 drupal_add_js(drupal_get_path('module', 'user') .'/user.js', 'module');
webmaster@1	2166
webmaster@1	2167 drupal_add_js(array(
webmaster@1	2168 'password' => array(
webmaster@1	2169 'strengthTitle' => t('Password strength:'),
webmaster@1	2170 'lowStrength' => t('Low'),
webmaster@1	2171 'mediumStrength' => t('Medium'),
webmaster@1	2172 'highStrength' => t('High'),
webmaster@1	2173 'tooShort' => t('It is recommended to choose a password that contains at least six characters. It should include numbers, punctuation, and both upper and lowercase letters.'),
webmaster@1	2174 'needsMoreVariation' => t('The password does not include enough variation to be secure. Try:'),
webmaster@1	2175 'addLetters' => t('Adding both upper and lowercase letters.'),
webmaster@1	2176 'addNumbers' => t('Adding numbers.'),
webmaster@1	2177 'addPunctuation' => t('Adding punctuation.'),
webmaster@1	2178 'sameAsUsername' => t('It is recommended to choose a password different from the username.'),
webmaster@1	2179 'confirmSuccess' => t('Yes'),
webmaster@1	2180 'confirmFailure' => t('No'),
webmaster@1	2181 'confirmTitle' => t('Passwords match:'),
webmaster@1	2182 'username' => (isset($user->name) ? $user->name : ''))),
webmaster@1	2183 'setting');
webmaster@1	2184 $complete = TRUE;
webmaster@1	2185 }
webmaster@1	2186 }
webmaster@1	2187
webmaster@1	2188 /**
webmaster@1	2189 * Implementation of hook_hook_info().
webmaster@1	2190 */
webmaster@1	2191 function user_hook_info() {
webmaster@1	2192 return array(
webmaster@1	2193 'user' => array(
webmaster@1	2194 'user' => array(
webmaster@1	2195 'insert' => array(
webmaster@1	2196 'runs when' => t('After a user account has been created'),
webmaster@1	2197 ),
webmaster@1	2198 'update' => array(
webmaster@1	2199 'runs when' => t("After a user's profile has been updated"),
webmaster@1	2200 ),
webmaster@1	2201 'delete' => array(
webmaster@1	2202 'runs when' => t('After a user has been deleted')
webmaster@1	2203 ),
webmaster@1	2204 'login' => array(
webmaster@1	2205 'runs when' => t('After a user has logged in')
webmaster@1	2206 ),
webmaster@1	2207 'logout' => array(
webmaster@1	2208 'runs when' => t('After a user has logged out')
webmaster@1	2209 ),
webmaster@1	2210 'view' => array(
webmaster@1	2211 'runs when' => t("When a user's profile is being viewed")
webmaster@1	2212 ),
webmaster@1	2213 ),
webmaster@1	2214 ),
webmaster@1	2215 );
webmaster@1	2216 }
webmaster@1	2217
webmaster@1	2218 /**
webmaster@1	2219 * Implementation of hook_action_info().
webmaster@1	2220 */
webmaster@1	2221 function user_action_info() {
webmaster@1	2222 return array(
webmaster@1	2223 'user_block_user_action' => array(
webmaster@1	2224 'description' => t('Block current user'),
webmaster@1	2225 'type' => 'user',
webmaster@1	2226 'configurable' => FALSE,
webmaster@1	2227 'hooks' => array(),
webmaster@1	2228 ),
webmaster@1	2229 'user_block_ip_action' => array(
webmaster@1	2230 'description' => t('Ban IP address of current user'),
webmaster@1	2231 'type' => 'user',
webmaster@1	2232 'configurable' => FALSE,
webmaster@1	2233 'hooks' => array(),
webmaster@1	2234 ),
webmaster@1	2235 );
webmaster@1	2236 }
webmaster@1	2237
webmaster@1	2238 /**
webmaster@1	2239 * Implementation of a Drupal action.
webmaster@1	2240 * Blocks the current user.
webmaster@1	2241 */
webmaster@1	2242 function user_block_user_action(&$object, $context = array()) {
webmaster@1	2243 if (isset($object->uid)) {
webmaster@1	2244 $uid = $object->uid;
webmaster@1	2245 }
webmaster@1	2246 elseif (isset($context['uid'])) {
webmaster@1	2247 $uid = $context['uid'];
webmaster@1	2248 }
webmaster@1	2249 else {
webmaster@1	2250 global $user;
webmaster@1	2251 $uid = $user->uid;
webmaster@1	2252 }
webmaster@1	2253 db_query("UPDATE {users} SET status = 0 WHERE uid = %d", $uid);
webmaster@1	2254 sess_destroy_uid($uid);
webmaster@1	2255 watchdog('action', 'Blocked user %name.', array('%name' => check_plain($user->name)));
webmaster@1	2256 }
webmaster@1	2257
webmaster@1	2258 /**
webmaster@1	2259 * Implementation of a Drupal action.
webmaster@1	2260 * Adds an access rule that blocks the user's IP address.
webmaster@1	2261 */
webmaster@1	2262 function user_block_ip_action() {
webmaster@1	2263 $ip = ip_address();
webmaster@1	2264 db_query("INSERT INTO {access} (mask, type, status) VALUES ('%s', '%s', %d)", $ip, 'host', 0);
webmaster@1	2265 watchdog('action', 'Banned IP address %ip', array('%ip' => $ip));
webmaster@1	2266 }
webmaster@1	2267
webmaster@1	2268 /**
webmaster@1	2269 * Submit handler for the user registration form.
webmaster@1	2270 *
webmaster@1	2271 * This function is shared by the installation form and the normal registration form,
webmaster@1	2272 * which is why it can't be in the user.pages.inc file.
webmaster@1	2273 */
webmaster@1	2274 function user_register_submit($form, &$form_state) {
webmaster@1	2275 global $base_url;
webmaster@1	2276 $admin = user_access('administer users');
webmaster@1	2277
webmaster@1	2278 $mail = $form_state['values']['mail'];
webmaster@1	2279 $name = $form_state['values']['name'];
webmaster@1	2280 if (!variable_get('user_email_verification', TRUE) \|\| $admin) {
webmaster@1	2281 $pass = $form_state['values']['pass'];
webmaster@1	2282 }
webmaster@1	2283 else {
webmaster@1	2284 $pass = user_password();
webmaster@1	2285 };
webmaster@1	2286 $notify = isset($form_state['values']['notify']) ? $form_state['values']['notify'] : NULL;
webmaster@1	2287 $from = variable_get('site_mail', ini_get('sendmail_from'));
webmaster@1	2288 if (isset($form_state['values']['roles'])) {
webmaster@1	2289 // Remove unset roles.
webmaster@1	2290 $roles = array_filter($form_state['values']['roles']);
webmaster@1	2291 }
webmaster@1	2292 else {
webmaster@1	2293 $roles = array();
webmaster@1	2294 }
webmaster@1	2295
webmaster@1	2296 if (!$admin && array_intersect(array_keys($form_state['values']), array('uid', 'roles', 'init', 'session', 'status'))) {
webmaster@1	2297 watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING);
webmaster@1	2298 $form_state['redirect'] = 'user/register';
webmaster@1	2299 return;
webmaster@1	2300 }
webmaster@1	2301 // The unset below is needed to prevent these form values from being saved as
webmaster@1	2302 // user data.
webmaster@1	2303 unset($form_state['values']['form_token'], $form_state['values']['submit'], $form_state['values']['op'], $form_state['values']['notify'], $form_state['values']['form_id'], $form_state['values']['affiliates'], $form_state['values']['destination']);
webmaster@1	2304
webmaster@1	2305 $merge_data = array('pass' => $pass, 'init' => $mail, 'roles' => $roles);
webmaster@1	2306 if (!$admin) {
webmaster@1	2307 // Set the user's status because it was not displayed in the form.
webmaster@1	2308 $merge_data['status'] = variable_get('user_register', 1) == 1;
webmaster@1	2309 }
webmaster@1	2310 $account = user_save('', array_merge($form_state['values'], $merge_data));
webmaster@1	2311 // Terminate if an error occured during user_save().
webmaster@1	2312 if (!$account) {
webmaster@1	2313 drupal_set_message(t("Error saving user account."), 'error');
webmaster@1	2314 $form_state['redirect'] = '';
webmaster@1	2315 return;
webmaster@1	2316 }
webmaster@1	2317 $form_state['user'] = $account;
webmaster@1	2318
webmaster@1	2319 watchdog('user', 'New user: %name (%email).', array('%name' => $name, '%email' => $mail), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $account->uid .'/edit'));
webmaster@1	2320
webmaster@1	2321 // The first user may login immediately, and receives a customized welcome e-mail.
webmaster@1	2322 if ($account->uid == 1) {
webmaster@1	2323 drupal_set_message(t('Welcome to Drupal. You are now logged in as user #1, which gives you full control over your website.'));
webmaster@1	2324 if (variable_get('user_email_verification', TRUE)) {
webmaster@1	2325 drupal_set_message(t('</p><p> Your password is <strong>%pass</strong>. You may change your password below.</p>', array('%pass' => $pass)));
webmaster@1	2326 }
webmaster@1	2327
webmaster@1	2328 user_authenticate(array_merge($form_state['values'], $merge_data));
webmaster@1	2329
webmaster@1	2330 $form_state['redirect'] = 'user/1/edit';
webmaster@1	2331 return;
webmaster@1	2332 }
webmaster@1	2333 else {
webmaster@1	2334 // Add plain text password into user account to generate mail tokens.
webmaster@1	2335 $account->password = $pass;
webmaster@1	2336 if ($admin && !$notify) {
webmaster@1	2337 drupal_set_message(t('Created a new user account for <a href="@url">%name</a>. No e-mail has been sent.', array('@url' => url("user/$account->uid"), '%name' => $account->name)));
webmaster@1	2338 }
webmaster@1	2339 else if (!variable_get('user_email_verification', TRUE) && $account->status && !$admin) {
webmaster@1	2340 // No e-mail verification is required, create new user account, and login
webmaster@1	2341 // user immediately.
webmaster@1	2342 _user_mail_notify('register_no_approval_required', $account);
webmaster@1	2343 if (user_authenticate(array_merge($form_state['values'], $merge_data))) {
webmaster@1	2344 drupal_set_message(t('Registration successful. You are now logged in.'));
webmaster@1	2345 }
webmaster@1	2346 $form_state['redirect'] = '';
webmaster@1	2347 return;
webmaster@1	2348 }
webmaster@1	2349 else if ($account->status \|\| $notify) {
webmaster@1	2350 // Create new user account, no administrator approval required.
webmaster@1	2351 $op = $notify ? 'register_admin_created' : 'register_no_approval_required';
webmaster@1	2352 _user_mail_notify($op, $account);
webmaster@1	2353 if ($notify) {
webmaster@1	2354 drupal_set_message(t('Password and further instructions have been e-mailed to the new user <a href="@url">%name</a>.', array('@url' => url("user/$account->uid"), '%name' => $account->name)));
webmaster@1	2355 }
webmaster@1	2356 else {
webmaster@1	2357 drupal_set_message(t('Your password and further instructions have been sent to your e-mail address.'));
webmaster@1	2358 $form_state['redirect'] = '';
webmaster@1	2359 return;
webmaster@1	2360 }
webmaster@1	2361 }
webmaster@1	2362 else {
webmaster@1	2363 // Create new user account, administrator approval required.
webmaster@1	2364 _user_mail_notify('register_pending_approval', $account);
webmaster@1	2365 drupal_set_message(t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.<br />In the meantime, a welcome message with further instructions has been sent to your e-mail address.'));
webmaster@1	2366 $form_state['redirect'] = '';
webmaster@1	2367 return;
webmaster@1	2368
webmaster@1	2369 }
webmaster@1	2370 }
webmaster@1	2371 }
webmaster@1	2372
webmaster@1	2373 /**
webmaster@1	2374 * Form builder; The user registration form.
webmaster@1	2375 *
webmaster@1	2376 * @ingroup forms
webmaster@1	2377 * @see user_register_validate()
webmaster@1	2378 * @see user_register_submit()
webmaster@1	2379 */
webmaster@1	2380 function user_register() {
webmaster@1	2381 global $user;
webmaster@1	2382
webmaster@1	2383 $admin = user_access('administer users');
webmaster@1	2384
webmaster@1	2385 // If we aren't admin but already logged on, go to the user page instead.
webmaster@1	2386 if (!$admin && $user->uid) {
webmaster@1	2387 drupal_goto('user/'. $user->uid);
webmaster@1	2388 }
webmaster@1	2389
webmaster@1	2390 $form = array();
webmaster@1	2391
webmaster@1	2392 // Display the registration form.
webmaster@1	2393 if (!$admin) {
webmaster@1	2394 $form['user_registration_help'] = array('#value' => filter_xss_admin(variable_get('user_registration_help', '')));
webmaster@1	2395 }
webmaster@1	2396
webmaster@1	2397 // Merge in the default user edit fields.
webmaster@1	2398 $form = array_merge($form, user_edit_form($form_state, NULL, NULL, TRUE));
webmaster@1	2399 if ($admin) {
webmaster@1	2400 $form['account']['notify'] = array(
webmaster@1	2401 '#type' => 'checkbox',
webmaster@1	2402 '#title' => t('Notify user of new account')
webmaster@1	2403 );
webmaster@1	2404 // Redirect back to page which initiated the create request;
webmaster@1	2405 // usually admin/user/user/create.
webmaster@1	2406 $form['destination'] = array('#type' => 'hidden', '#value' => $_GET['q']);
webmaster@1	2407 }
webmaster@1	2408
webmaster@1	2409 // Create a dummy variable for pass-by-reference parameters.
webmaster@1	2410 $null = NULL;
webmaster@1	2411 $extra = _user_forms($null, NULL, NULL, 'register');
webmaster@1	2412
webmaster@1	2413 // Remove form_group around default fields if there are no other groups.
webmaster@1	2414 if (!$extra) {
webmaster@1	2415 foreach (array('name', 'mail', 'pass', 'status', 'roles', 'notify') as $key) {
webmaster@1	2416 if (isset($form['account'][$key])) {
webmaster@1	2417 $form[$key] = $form['account'][$key];
webmaster@1	2418 }
webmaster@1	2419 }
webmaster@1	2420 unset($form['account']);
webmaster@1	2421 }
webmaster@1	2422 else {
webmaster@1	2423 $form = array_merge($form, $extra);
webmaster@1	2424 }
webmaster@1	2425
webmaster@1	2426 if (variable_get('configurable_timezones', 1)) {
webmaster@1	2427 // Override field ID, so we only change timezone on user registration,
webmaster@1	2428 // and never touch it on user edit pages.
webmaster@1	2429 $form['timezone'] = array(
webmaster@1	2430 '#type' => 'hidden',
webmaster@1	2431 '#default_value' => variable_get('date_default_timezone', NULL),
webmaster@1	2432 '#id' => 'edit-user-register-timezone',
webmaster@1	2433 );
webmaster@1	2434
webmaster@1	2435 // Add the JavaScript callback to automatically set the timezone.
webmaster@1	2436 drupal_add_js('
webmaster@1	2437 // Global Killswitch
webmaster@1	2438 if (Drupal.jsEnabled) {
webmaster@1	2439 $(document).ready(function() {
webmaster@1	2440 Drupal.setDefaultTimezone();
webmaster@1	2441 });
webmaster@1	2442 }', 'inline');
webmaster@1	2443 }
webmaster@1	2444
webmaster@1	2445 $form['submit'] = array('#type' => 'submit', '#value' => t('Create new account'), '#weight' => 30);
webmaster@1	2446 $form['#validate'][] = 'user_register_validate';
webmaster@1	2447
webmaster@1	2448 return $form;
webmaster@1	2449 }
webmaster@1	2450
webmaster@1	2451 function user_register_validate($form, &$form_state) {
webmaster@1	2452 user_module_invoke('validate', $form_state['values'], $form_state['values'], 'account');
webmaster@1	2453 }
webmaster@1	2454
webmaster@1	2455 /**
webmaster@1	2456 * Retrieve a list of all form elements for the specified category.
webmaster@1	2457 */
webmaster@1	2458 function _user_forms(&$edit, $account, $category, $hook = 'form') {
webmaster@1	2459 $groups = array();
webmaster@1	2460 foreach (module_list() as $module) {
webmaster@1	2461 if ($data = module_invoke($module, 'user', $hook, $edit, $account, $category)) {
webmaster@1	2462 $groups = array_merge_recursive($data, $groups);
webmaster@1	2463 }
webmaster@1	2464 }
webmaster@1	2465 uasort($groups, '_user_sort');
webmaster@1	2466
webmaster@1	2467 return empty($groups) ? FALSE : $groups;
webmaster@1	2468 }

Mercurial > defr > drupal > core

annotate modules/user/user.module @ 12:4ca9f57cc4d4