defr/drupal/core: modules/user/user.module annotate

annotate modules/user/user.module @ 7:fff6d4c8c043 6.3

Drupal 6.3

author	Franck Deroche <webmaster@defr.org>
date	Tue, 23 Dec 2008 14:30:28 +0100
parents	2427550111ae
children	acef7ccb09b5

rev	line source
webmaster@1	1 <?php
webmaster@7	2 // $Id: user.module,v 1.892.2.5 2008/07/09 21:48:28 goba Exp $
webmaster@1	3
webmaster@1	4 /**
webmaster@1	5 * @file
webmaster@1	6 * Enables the user registration and login system.
webmaster@1	7 */
webmaster@1	8
webmaster@1	9 define('USERNAME_MAX_LENGTH', 60);
webmaster@1	10 define('EMAIL_MAX_LENGTH', 64);
webmaster@1	11
webmaster@1	12 /**
webmaster@1	13 * Invokes hook_user() in every module.
webmaster@1	14 *
webmaster@1	15 * We cannot use module_invoke() for this, because the arguments need to
webmaster@1	16 * be passed by reference.
webmaster@1	17 */
webmaster@1	18 function user_module_invoke($type, &$array, &$user, $category = NULL) {
webmaster@1	19 foreach (module_list() as $module) {
webmaster@1	20 $function = $module .'_user';
webmaster@1	21 if (function_exists($function)) {
webmaster@1	22 $function($type, $array, $user, $category);
webmaster@1	23 }
webmaster@1	24 }
webmaster@1	25 }
webmaster@1	26
webmaster@1	27 /**
webmaster@1	28 * Implementation of hook_theme().
webmaster@1	29 */
webmaster@1	30 function user_theme() {
webmaster@1	31 return array(
webmaster@1	32 'user_picture' => array(
webmaster@1	33 'arguments' => array('account' => NULL),
webmaster@1	34 'template' => 'user-picture',
webmaster@1	35 ),
webmaster@1	36 'user_profile' => array(
webmaster@1	37 'arguments' => array('account' => NULL),
webmaster@1	38 'template' => 'user-profile',
webmaster@1	39 'file' => 'user.pages.inc',
webmaster@1	40 ),
webmaster@1	41 'user_profile_category' => array(
webmaster@1	42 'arguments' => array('element' => NULL),
webmaster@1	43 'template' => 'user-profile-category',
webmaster@1	44 'file' => 'user.pages.inc',
webmaster@1	45 ),
webmaster@1	46 'user_profile_item' => array(
webmaster@1	47 'arguments' => array('element' => NULL),
webmaster@1	48 'template' => 'user-profile-item',
webmaster@1	49 'file' => 'user.pages.inc',
webmaster@1	50 ),
webmaster@1	51 'user_list' => array(
webmaster@1	52 'arguments' => array('users' => NULL, 'title' => NULL),
webmaster@1	53 ),
webmaster@1	54 'user_admin_perm' => array(
webmaster@1	55 'arguments' => array('form' => NULL),
webmaster@1	56 'file' => 'user.admin.inc',
webmaster@1	57 ),
webmaster@1	58 'user_admin_new_role' => array(
webmaster@1	59 'arguments' => array('form' => NULL),
webmaster@1	60 'file' => 'user.admin.inc',
webmaster@1	61 ),
webmaster@1	62 'user_admin_account' => array(
webmaster@1	63 'arguments' => array('form' => NULL),
webmaster@1	64 'file' => 'user.admin.inc',
webmaster@1	65 ),
webmaster@1	66 'user_filter_form' => array(
webmaster@1	67 'arguments' => array('form' => NULL),
webmaster@1	68 'file' => 'user.admin.inc',
webmaster@1	69 ),
webmaster@1	70 'user_filters' => array(
webmaster@1	71 'arguments' => array('form' => NULL),
webmaster@1	72 'file' => 'user.admin.inc',
webmaster@1	73 ),
webmaster@1	74 'user_signature' => array(
webmaster@1	75 'arguments' => array('signature' => NULL),
webmaster@1	76 ),
webmaster@1	77 );
webmaster@1	78 }
webmaster@1	79
webmaster@1	80 function user_external_load($authname) {
webmaster@1	81 $result = db_query("SELECT uid FROM {authmap} WHERE authname = '%s'", $authname);
webmaster@1	82
webmaster@1	83 if ($user = db_fetch_array($result)) {
webmaster@1	84 return user_load($user);
webmaster@1	85 }
webmaster@1	86 else {
webmaster@1	87 return 0;
webmaster@1	88 }
webmaster@1	89 }
webmaster@1	90
webmaster@1	91 /**
webmaster@1	92 * Perform standard Drupal login operations for a user object.
webmaster@1	93 *
webmaster@1	94 * The user object must already be authenticated. This function verifies
webmaster@1	95 * that the user account is not blocked/denied and then performs the login,
webmaster@1	96 * updates the login timestamp in the database, invokes hook_user('login'),
webmaster@1	97 * and regenerates the session.
webmaster@1	98 *
webmaster@1	99 * @param $account
webmaster@1	100 * An authenticated user object to be set as the currently logged
webmaster@1	101 * in user.
webmaster@1	102 * @param $edit
webmaster@1	103 * The array of form values submitted by the user, if any.
webmaster@1	104 * This array is passed to hook_user op login.
webmaster@1	105 * @return boolean
webmaster@1	106 * TRUE if the login succeeds, FALSE otherwise.
webmaster@1	107 */
webmaster@1	108 function user_external_login($account, $edit = array()) {
webmaster@1	109 $form = drupal_get_form('user_login');
webmaster@1	110
webmaster@1	111 $state['values'] = $edit;
webmaster@1	112 if (empty($state['values']['name'])) {
webmaster@1	113 $state['values']['name'] = $account->name;
webmaster@1	114 }
webmaster@1	115
webmaster@1	116 // Check if user is blocked or denied by access rules.
webmaster@1	117 user_login_name_validate($form, $state, (array)$account);
webmaster@1	118 if (form_get_errors()) {
webmaster@1	119 // Invalid login.
webmaster@1	120 return FALSE;
webmaster@1	121 }
webmaster@1	122
webmaster@1	123 // Valid login.
webmaster@1	124 global $user;
webmaster@1	125 $user = $account;
webmaster@1	126 user_authenticate_finalize($state['values']);
webmaster@1	127 return TRUE;
webmaster@1	128 }
webmaster@1	129
webmaster@1	130 /**
webmaster@1	131 * Fetch a user object.
webmaster@1	132 *
webmaster@1	133 * @param $array
webmaster@1	134 * An associative array of attributes to search for in selecting the
webmaster@1	135 * user, such as user name or e-mail address.
webmaster@1	136 *
webmaster@1	137 * @return
webmaster@1	138 * A fully-loaded $user object upon successful user load or FALSE if user
webmaster@1	139 * cannot be loaded.
webmaster@1	140 */
webmaster@1	141 function user_load($array = array()) {
webmaster@1	142 // Dynamically compose a SQL query:
webmaster@1	143 $query = array();
webmaster@1	144 $params = array();
webmaster@1	145
webmaster@1	146 if (is_numeric($array)) {
webmaster@1	147 $array = array('uid' => $array);
webmaster@1	148 }
webmaster@1	149 elseif (!is_array($array)) {
webmaster@1	150 return FALSE;
webmaster@1	151 }
webmaster@1	152
webmaster@1	153 foreach ($array as $key => $value) {
webmaster@1	154 if ($key == 'uid' \|\| $key == 'status') {
webmaster@1	155 $query[] = "$key = %d";
webmaster@1	156 $params[] = $value;
webmaster@1	157 }
webmaster@1	158 else if ($key == 'pass') {
webmaster@1	159 $query[] = "pass = '%s'";
webmaster@1	160 $params[] = md5($value);
webmaster@1	161 }
webmaster@1	162 else {
webmaster@1	163 $query[]= "LOWER($key) = LOWER('%s')";
webmaster@1	164 $params[] = $value;
webmaster@1	165 }
webmaster@1	166 }
webmaster@1	167 $result = db_query('SELECT * FROM {users} u WHERE '. implode(' AND ', $query), $params);
webmaster@1	168
webmaster@1	169 if ($user = db_fetch_object($result)) {
webmaster@1	170 $user = drupal_unpack($user);
webmaster@1	171
webmaster@1	172 $user->roles = array();
webmaster@1	173 if ($user->uid) {
webmaster@1	174 $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
webmaster@1	175 }
webmaster@1	176 else {
webmaster@1	177 $user->roles[DRUPAL_ANONYMOUS_RID] = 'anonymous user';
webmaster@1	178 }
webmaster@1	179 $result = db_query('SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
webmaster@1	180 while ($role = db_fetch_object($result)) {
webmaster@1	181 $user->roles[$role->rid] = $role->name;
webmaster@1	182 }
webmaster@1	183 user_module_invoke('load', $array, $user);
webmaster@1	184 }
webmaster@1	185 else {
webmaster@1	186 $user = FALSE;
webmaster@1	187 }
webmaster@1	188
webmaster@1	189 return $user;
webmaster@1	190 }
webmaster@1	191
webmaster@1	192 /**
webmaster@1	193 * Save changes to a user account or add a new user.
webmaster@1	194 *
webmaster@1	195 * @param $account
webmaster@1	196 * The $user object for the user to modify or add. If $user->uid is
webmaster@1	197 * omitted, a new user will be added.
webmaster@1	198 *
webmaster@1	199 * @param $array
webmaster@1	200 * (optional) An array of fields and values to save. For example,
webmaster@1	201 * array('name' => 'My name'); Setting a field to NULL deletes it from
webmaster@1	202 * the data column.
webmaster@1	203 *
webmaster@1	204 * @param $category
webmaster@1	205 * (optional) The category for storing profile information in.
webmaster@1	206 *
webmaster@1	207 * @return
webmaster@1	208 * A fully-loaded $user object upon successful save or FALSE if the save failed.
webmaster@1	209 */
webmaster@1	210 function user_save($account, $array = array(), $category = 'account') {
webmaster@1	211 // Dynamically compose a SQL query:
webmaster@1	212 $user_fields = user_fields();
webmaster@1	213 if (is_object($account) && $account->uid) {
webmaster@1	214 user_module_invoke('update', $array, $account, $category);
webmaster@1	215 $query = '';
webmaster@1	216 $data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid)));
webmaster@1	217 // Consider users edited by an administrator as logged in, if they haven't
webmaster@1	218 // already, so anonymous users can view the profile (if allowed).
webmaster@1	219 if (empty($array['access']) && empty($account->access) && user_access('administer users')) {
webmaster@1	220 $array['access'] = time();
webmaster@1	221 }
webmaster@1	222 foreach ($array as $key => $value) {
webmaster@1	223 if ($key == 'pass' && !empty($value)) {
webmaster@1	224 $query .= "$key = '%s', ";
webmaster@1	225 $v[] = md5($value);
webmaster@1	226 }
webmaster@1	227 else if ((substr($key, 0, 4) !== 'auth') && ($key != 'pass')) {
webmaster@1	228 if (in_array($key, $user_fields)) {
webmaster@1	229 // Save standard fields.
webmaster@1	230 $query .= "$key = '%s', ";
webmaster@1	231 $v[] = $value;
webmaster@1	232 }
webmaster@1	233 else if ($key != 'roles') {
webmaster@1	234 // Roles is a special case: it used below.
webmaster@1	235 if ($value === NULL) {
webmaster@1	236 unset($data[$key]);
webmaster@1	237 }
webmaster@1	238 else {
webmaster@1	239 $data[$key] = $value;
webmaster@1	240 }
webmaster@1	241 }
webmaster@1	242 }
webmaster@1	243 }
webmaster@1	244 $query .= "data = '%s' ";
webmaster@1	245 $v[] = serialize($data);
webmaster@1	246
webmaster@1	247 $success = db_query("UPDATE {users} SET $query WHERE uid = %d", array_merge($v, array($account->uid)));
webmaster@1	248 if (!$success) {
webmaster@1	249 // The query failed - better to abort the save than risk further data loss.
webmaster@1	250 return FALSE;
webmaster@1	251 }
webmaster@1	252
webmaster@1	253 // Reload user roles if provided.
webmaster@1	254 if (isset($array['roles']) && is_array($array['roles'])) {
webmaster@1	255 db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
webmaster@1	256
webmaster@1	257 foreach (array_keys($array['roles']) as $rid) {
webmaster@1	258 if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
webmaster@1	259 db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $account->uid, $rid);
webmaster@1	260 }
webmaster@1	261 }
webmaster@1	262 }
webmaster@1	263
webmaster@1	264 // Delete a blocked user's sessions to kick them if they are online.
webmaster@1	265 if (isset($array['status']) && $array['status'] == 0) {
webmaster@1	266 sess_destroy_uid($account->uid);
webmaster@1	267 }
webmaster@1	268
webmaster@1	269 // If the password changed, delete all open sessions and recreate
webmaster@1	270 // the current one.
webmaster@1	271 if (!empty($array['pass'])) {
webmaster@1	272 sess_destroy_uid($account->uid);
webmaster@1	273 sess_regenerate();
webmaster@1	274 }
webmaster@1	275
webmaster@1	276 // Refresh user object.
webmaster@1	277 $user = user_load(array('uid' => $account->uid));
webmaster@1	278
webmaster@1	279 // Send emails after we have the new user object.
webmaster@1	280 if (isset($array['status']) && $array['status'] != $account->status) {
webmaster@1	281 // The user's status is changing; conditionally send notification email.
webmaster@1	282 $op = $array['status'] == 1 ? 'status_activated' : 'status_blocked';
webmaster@1	283 _user_mail_notify($op, $user);
webmaster@1	284 }
webmaster@1	285
webmaster@1	286 user_module_invoke('after_update', $array, $user, $category);
webmaster@1	287 }
webmaster@1	288 else {
webmaster@1	289 // Allow 'created' to be set by the caller.
webmaster@1	290 if (!isset($array['created'])) {
webmaster@1	291 $array['created'] = time();
webmaster@1	292 }
webmaster@1	293 // Consider users created by an administrator as already logged in, so
webmaster@1	294 // anonymous users can view the profile (if allowed).
webmaster@1	295 if (empty($array['access']) && user_access('administer users')) {
webmaster@1	296 $array['access'] = time();
webmaster@1	297 }
webmaster@1	298
webmaster@1	299 // Note: we wait to save the data column to prevent module-handled
webmaster@1	300 // fields from being saved there. We cannot invoke hook_user('insert') here
webmaster@1	301 // because we don't have a fully initialized user object yet.
webmaster@1	302 foreach ($array as $key => $value) {
webmaster@1	303 switch ($key) {
webmaster@1	304 case 'pass':
webmaster@1	305 $fields[] = $key;
webmaster@1	306 $values[] = md5($value);
webmaster@1	307 $s[] = "'%s'";
webmaster@1	308 break;
webmaster@1	309 case 'mode': case 'sort': case 'timezone':
webmaster@1	310 case 'threshold': case 'created': case 'access':
webmaster@1	311 case 'login': case 'status':
webmaster@1	312 $fields[] = $key;
webmaster@1	313 $values[] = $value;
webmaster@1	314 $s[] = "%d";
webmaster@1	315 break;
webmaster@1	316 default:
webmaster@1	317 if (substr($key, 0, 4) !== 'auth' && in_array($key, $user_fields)) {
webmaster@1	318 $fields[] = $key;
webmaster@1	319 $values[] = $value;
webmaster@1	320 $s[] = "'%s'";
webmaster@1	321 }
webmaster@1	322 break;
webmaster@1	323 }
webmaster@1	324 }
webmaster@1	325 $success = db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
webmaster@1	326 if (!$success) {
webmaster@1	327 // On a failed INSERT some other existing user's uid may be returned.
webmaster@1	328 // We must abort to avoid overwriting their account.
webmaster@1	329 return FALSE;
webmaster@1	330 }
webmaster@1	331
webmaster@1	332 // Build the initial user object.
webmaster@1	333 $array['uid'] = db_last_insert_id('users', 'uid');
webmaster@1	334 $user = user_load(array('uid' => $array['uid']));
webmaster@1	335
webmaster@1	336 user_module_invoke('insert', $array, $user, $category);
webmaster@1	337
webmaster@1	338 // Build and save the serialized data field now.
webmaster@1	339 $data = array();
webmaster@1	340 foreach ($array as $key => $value) {
webmaster@1	341 if ((substr($key, 0, 4) !== 'auth') && ($key != 'roles') && (!in_array($key, $user_fields)) && ($value !== NULL)) {
webmaster@1	342 $data[$key] = $value;
webmaster@1	343 }
webmaster@1	344 }
webmaster@1	345 db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid);
webmaster@1	346
webmaster@1	347 // Save user roles (delete just to be safe).
webmaster@1	348 if (isset($array['roles']) && is_array($array['roles'])) {
webmaster@1	349 db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
webmaster@1	350 foreach (array_keys($array['roles']) as $rid) {
webmaster@1	351 if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
webmaster@1	352 db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
webmaster@1	353 }
webmaster@1	354 }
webmaster@1	355 }
webmaster@1	356
webmaster@1	357 // Build the finished user object.
webmaster@1	358 $user = user_load(array('uid' => $array['uid']));
webmaster@1	359 }
webmaster@1	360
webmaster@1	361 // Save distributed authentication mappings.
webmaster@1	362 $authmaps = array();
webmaster@1	363 foreach ($array as $key => $value) {
webmaster@1	364 if (substr($key, 0, 4) == 'auth') {
webmaster@1	365 $authmaps[$key] = $value;
webmaster@1	366 }
webmaster@1	367 }
webmaster@1	368 if (sizeof($authmaps) > 0) {
webmaster@1	369 user_set_authmaps($user, $authmaps);
webmaster@1	370 }
webmaster@1	371
webmaster@1	372 return $user;
webmaster@1	373 }
webmaster@1	374
webmaster@1	375 /**
webmaster@1	376 * Verify the syntax of the given name.
webmaster@1	377 */
webmaster@1	378 function user_validate_name($name) {
webmaster@1	379 if (!strlen($name)) return t('You must enter a username.');
webmaster@1	380 if (substr($name, 0, 1) == ' ') return t('The username cannot begin with a space.');
webmaster@1	381 if (substr($name, -1) == ' ') return t('The username cannot end with a space.');
webmaster@1	382 if (strpos($name, ' ') !== FALSE) return t('The username cannot contain multiple spaces in a row.');
webmaster@1	383 if (ereg("[^\x80-\xF7 [:alnum:]@_.-]", $name)) return t('The username contains an illegal character.');
webmaster@1	384 if (preg_match('/[\x{80}-\x{A0}'. // Non-printable ISO-8859-1 + NBSP
webmaster@1	385 '\x{AD}'. // Soft-hyphen
webmaster@1	386 '\x{2000}-\x{200F}'. // Various space characters
webmaster@1	387 '\x{2028}-\x{202F}'. // Bidirectional text overrides
webmaster@1	388 '\x{205F}-\x{206F}'. // Various text hinting characters
webmaster@1	389 '\x{FEFF}'. // Byte order mark
webmaster@1	390 '\x{FF01}-\x{FF60}'. // Full-width latin
webmaster@1	391 '\x{FFF9}-\x{FFFD}'. // Replacement characters
webmaster@1	392 '\x{0}]/u', // NULL byte
webmaster@1	393 $name)) {
webmaster@1	394 return t('The username contains an illegal character.');
webmaster@1	395 }
webmaster@1	396 if (strpos($name, '@') !== FALSE && !eregi('@([0-9a-z](-?[0-9a-z])*.)+[a-z]{2}([zmuvtg]\|fo\|me)?$', $name)) return t('The username is not a valid authentication ID.');
webmaster@1	397 if (strlen($name) > USERNAME_MAX_LENGTH) return t('The username %name is too long: it must be %max characters or less.', array('%name' => $name, '%max' => USERNAME_MAX_LENGTH));
webmaster@1	398 }
webmaster@1	399
webmaster@1	400 function user_validate_mail($mail) {
webmaster@1	401 if (!$mail) return t('You must enter an e-mail address.');
webmaster@1	402 if (!valid_email_address($mail)) {
webmaster@1	403 return t('The e-mail address %mail is not valid.', array('%mail' => $mail));
webmaster@1	404 }
webmaster@1	405 }
webmaster@1	406
webmaster@1	407 function user_validate_picture(&$form, &$form_state) {
webmaster@1	408 // If required, validate the uploaded picture.
webmaster@1	409 $validators = array(
webmaster@1	410 'file_validate_is_image' => array(),
webmaster@1	411 'file_validate_image_resolution' => array(variable_get('user_picture_dimensions', '85x85')),
webmaster@1	412 'file_validate_size' => array(variable_get('user_picture_file_size', '30') * 1024),
webmaster@1	413 );
webmaster@1	414 if ($file = file_save_upload('picture_upload', $validators)) {
webmaster@1	415 // Remove the old picture.
webmaster@1	416 if (isset($form_state['values']['_account']->picture) && file_exists($form_state['values']['_account']->picture)) {
webmaster@1	417 file_delete($form_state['values']['_account']->picture);
webmaster@1	418 }
webmaster@1	419
webmaster@1	420 // The image was saved using file_save_upload() and was added to the
webmaster@1	421 // files table as a temporary file. We'll make a copy and let the garbage
webmaster@1	422 // collector delete the original upload.
webmaster@1	423 $info = image_get_info($file->filepath);
webmaster@1	424 $destination = variable_get('user_picture_path', 'pictures') .'/picture-'. $form['#uid'] .'.'. $info['extension'];
webmaster@1	425 if (file_copy($file, $destination, FILE_EXISTS_REPLACE)) {
webmaster@1	426 $form_state['values']['picture'] = $file->filepath;
webmaster@1	427 }
webmaster@1	428 else {
webmaster@1	429 form_set_error('picture_upload', t("Failed to upload the picture image; the %directory directory doesn't exist or is not writable.", array('%directory' => variable_get('user_picture_path', 'pictures'))));
webmaster@1	430 }
webmaster@1	431 }
webmaster@1	432 }
webmaster@1	433
webmaster@1	434 /**
webmaster@1	435 * Generate a random alphanumeric password.
webmaster@1	436 */
webmaster@1	437 function user_password($length = 10) {
webmaster@1	438 // This variable contains the list of allowable characters for the
webmaster@1	439 // password. Note that the number 0 and the letter 'O' have been
webmaster@1	440 // removed to avoid confusion between the two. The same is true
webmaster@1	441 // of 'I', 1, and 'l'.
webmaster@1	442 $allowable_characters = 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789';
webmaster@1	443
webmaster@1	444 // Zero-based count of characters in the allowable list:
webmaster@1	445 $len = strlen($allowable_characters) - 1;
webmaster@1	446
webmaster@1	447 // Declare the password as a blank string.
webmaster@1	448 $pass = '';
webmaster@1	449
webmaster@1	450 // Loop the number of times specified by $length.
webmaster@1	451 for ($i = 0; $i < $length; $i++) {
webmaster@1	452
webmaster@1	453 // Each iteration, pick a random character from the
webmaster@1	454 // allowable string and append it to the password:
webmaster@1	455 $pass .= $allowable_characters[mt_rand(0, $len)];
webmaster@1	456 }
webmaster@1	457
webmaster@1	458 return $pass;
webmaster@1	459 }
webmaster@1	460
webmaster@1	461 /**
webmaster@1	462 * Determine whether the user has a given privilege.
webmaster@1	463 *
webmaster@1	464 * @param $string
webmaster@1	465 * The permission, such as "administer nodes", being checked for.
webmaster@1	466 * @param $account
webmaster@1	467 * (optional) The account to check, if not given use currently logged in user.
webmaster@1	468 * @param $reset
webmaster@1	469 * (optional) Resets the user's permissions cache, which will result in a
webmaster@1	470 * recalculation of the user's permissions. This is necessary to support
webmaster@1	471 * dynamically added user roles.
webmaster@1	472 *
webmaster@1	473 * @return
webmaster@1	474 * Boolean TRUE if the current user has the requested permission.
webmaster@1	475 *
webmaster@1	476 * All permission checks in Drupal should go through this function. This
webmaster@1	477 * way, we guarantee consistent behavior, and ensure that the superuser
webmaster@1	478 * can perform all actions.
webmaster@1	479 */
webmaster@1	480 function user_access($string, $account = NULL, $reset = FALSE) {
webmaster@1	481 global $user;
webmaster@1	482 static $perm = array();
webmaster@1	483
webmaster@1	484 if ($reset) {
webmaster@1	485 unset($perm);
webmaster@1	486 }
webmaster@1	487
webmaster@1	488 if (is_null($account)) {
webmaster@1	489 $account = $user;
webmaster@1	490 }
webmaster@1	491
webmaster@1	492 // User #1 has all privileges:
webmaster@1	493 if ($account->uid == 1) {
webmaster@1	494 return TRUE;
webmaster@1	495 }
webmaster@1	496
webmaster@1	497 // To reduce the number of SQL queries, we cache the user's permissions
webmaster@1	498 // in a static variable.
webmaster@1	499 if (!isset($perm[$account->uid])) {
webmaster@1	500 $result = db_query("SELECT p.perm FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (". db_placeholders($account->roles) .")", array_keys($account->roles));
webmaster@1	501
webmaster@1	502 $perms = array();
webmaster@1	503 while ($row = db_fetch_object($result)) {
webmaster@1	504 $perms += array_flip(explode(', ', $row->perm));
webmaster@1	505 }
webmaster@1	506 $perm[$account->uid] = $perms;
webmaster@1	507 }
webmaster@1	508
webmaster@1	509 return isset($perm[$account->uid][$string]);
webmaster@1	510 }
webmaster@1	511
webmaster@1	512 /**
webmaster@1	513 * Checks for usernames blocked by user administration.
webmaster@1	514 *
webmaster@1	515 * @return boolean TRUE for blocked users, FALSE for active.
webmaster@1	516 */
webmaster@1	517 function user_is_blocked($name) {
webmaster@1	518 $deny = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name));
webmaster@1	519
webmaster@1	520 return $deny;
webmaster@1	521 }
webmaster@1	522
webmaster@1	523 function user_fields() {
webmaster@1	524 static $fields;
webmaster@1	525
webmaster@1	526 if (!$fields) {
webmaster@1	527 $result = db_query('SELECT * FROM {users} WHERE uid = 1');
webmaster@1	528 if ($field = db_fetch_array($result)) {
webmaster@1	529 $fields = array_keys($field);
webmaster@1	530 }
webmaster@1	531 else {
webmaster@1	532 // Make sure we return the default fields at least.
webmaster@1	533 $fields = array('uid', 'name', 'pass', 'mail', 'picture', 'mode', 'sort', 'threshold', 'theme', 'signature', 'created', 'access', 'login', 'status', 'timezone', 'language', 'init', 'data');
webmaster@1	534 }
webmaster@1	535 }
webmaster@1	536
webmaster@1	537 return $fields;
webmaster@1	538 }
webmaster@1	539
webmaster@1	540 /**
webmaster@1	541 * Implementation of hook_perm().
webmaster@1	542 */
webmaster@1	543 function user_perm() {
webmaster@1	544 return array('administer permissions', 'administer users', 'access user profiles', 'change own username');
webmaster@1	545 }
webmaster@1	546
webmaster@1	547 /**
webmaster@1	548 * Implementation of hook_file_download().
webmaster@1	549 *
webmaster@1	550 * Ensure that user pictures (avatars) are always downloadable.
webmaster@1	551 */
webmaster@1	552 function user_file_download($file) {
webmaster@1	553 if (strpos($file, variable_get('user_picture_path', 'pictures') .'/picture-') === 0) {
webmaster@1	554 $info = image_get_info(file_create_path($file));
webmaster@1	555 return array('Content-type: '. $info['mime_type']);
webmaster@1	556 }
webmaster@1	557 }
webmaster@1	558
webmaster@1	559 /**
webmaster@1	560 * Implementation of hook_search().
webmaster@1	561 */
webmaster@1	562 function user_search($op = 'search', $keys = NULL, $skip_access_check = FALSE) {
webmaster@1	563 switch ($op) {
webmaster@1	564 case 'name':
webmaster@1	565 if ($skip_access_check \|\| user_access('access user profiles')) {
webmaster@1	566 return t('Users');
webmaster@1	567 }
webmaster@1	568 case 'search':
webmaster@1	569 if (user_access('access user profiles')) {
webmaster@1	570 $find = array();
webmaster@1	571 // Replace wildcards with MySQL/PostgreSQL wildcards.
webmaster@1	572 $keys = preg_replace('!\*+!', '%', $keys);
webmaster@1	573 if (user_access('administer users')) {
webmaster@1	574 // Administrators can also search in the otherwise private email field.
webmaster@1	575 $result = pager_query("SELECT name, uid, mail FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%') OR LOWER(mail) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys, $keys);
webmaster@1	576 while ($account = db_fetch_object($result)) {
webmaster@1	577 $find[] = array('title' => $account->name .' ('. $account->mail .')', 'link' => url('user/'. $account->uid, array('absolute' => TRUE)));
webmaster@1	578 }
webmaster@1	579 }
webmaster@1	580 else {
webmaster@1	581 $result = pager_query("SELECT name, uid FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
webmaster@1	582 while ($account = db_fetch_object($result)) {
webmaster@1	583 $find[] = array('title' => $account->name, 'link' => url('user/'. $account->uid, array('absolute' => TRUE)));
webmaster@1	584 }
webmaster@1	585 }
webmaster@1	586 return $find;
webmaster@1	587 }
webmaster@1	588 }
webmaster@1	589 }
webmaster@1	590
webmaster@1	591 /**
webmaster@1	592 * Implementation of hook_elements().
webmaster@1	593 */
webmaster@1	594 function user_elements() {
webmaster@1	595 return array(
webmaster@1	596 'user_profile_category' => array(),
webmaster@1	597 'user_profile_item' => array(),
webmaster@1	598 );
webmaster@1	599 }
webmaster@1	600
webmaster@1	601 /**
webmaster@1	602 * Implementation of hook_user().
webmaster@1	603 */
webmaster@1	604 function user_user($type, &$edit, &$account, $category = NULL) {
webmaster@1	605 if ($type == 'view') {
webmaster@1	606 $account->content['user_picture'] = array(
webmaster@1	607 '#value' => theme('user_picture', $account),
webmaster@1	608 '#weight' => -10,
webmaster@1	609 );
webmaster@1	610 if (!isset($account->content['summary'])) {
webmaster@1	611 $account->content['summary'] = array();
webmaster@1	612 }
webmaster@1	613 $account->content['summary'] += array(
webmaster@1	614 '#type' => 'user_profile_category',
webmaster@1	615 '#attributes' => array('class' => 'user-member'),
webmaster@1	616 '#weight' => 5,
webmaster@1	617 '#title' => t('History'),
webmaster@1	618 );
webmaster@1	619 $account->content['summary']['member_for'] = array(
webmaster@1	620 '#type' => 'user_profile_item',
webmaster@1	621 '#title' => t('Member for'),
webmaster@1	622 '#value' => format_interval(time() - $account->created),
webmaster@1	623 );
webmaster@1	624 }
webmaster@1	625 if ($type == 'form' && $category == 'account') {
webmaster@1	626 $form_state = array();
webmaster@1	627 return user_edit_form($form_state, arg(1), $edit);
webmaster@1	628 }
webmaster@1	629
webmaster@1	630 if ($type == 'validate' && $category == 'account') {
webmaster@1	631 return _user_edit_validate(arg(1), $edit);
webmaster@1	632 }
webmaster@1	633
webmaster@1	634 if ($type == 'submit' && $category == 'account') {
webmaster@1	635 return _user_edit_submit(arg(1), $edit);
webmaster@1	636 }
webmaster@1	637
webmaster@1	638 if ($type == 'categories') {
webmaster@1	639 return array(array('name' => 'account', 'title' => t('Account settings'), 'weight' => 1));
webmaster@1	640 }
webmaster@1	641 }
webmaster@1	642
webmaster@1	643 function user_login_block() {
webmaster@1	644 $form = array(
webmaster@1	645 '#action' => url($_GET['q'], array('query' => drupal_get_destination())),
webmaster@1	646 '#id' => 'user-login-form',
webmaster@1	647 '#validate' => user_login_default_validators(),
webmaster@1	648 '#submit' => array('user_login_submit'),
webmaster@1	649 );
webmaster@1	650 $form['name'] = array('#type' => 'textfield',
webmaster@1	651 '#title' => t('Username'),
webmaster@1	652 '#maxlength' => USERNAME_MAX_LENGTH,
webmaster@1	653 '#size' => 15,
webmaster@1	654 '#required' => TRUE,
webmaster@1	655 );
webmaster@1	656 $form['pass'] = array('#type' => 'password',
webmaster@1	657 '#title' => t('Password'),
webmaster@1	658 '#maxlength' => 60,
webmaster@1	659 '#size' => 15,
webmaster@1	660 '#required' => TRUE,
webmaster@1	661 );
webmaster@1	662 $form['submit'] = array('#type' => 'submit',
webmaster@1	663 '#value' => t('Log in'),
webmaster@1	664 );
webmaster@1	665 $items = array();
webmaster@1	666 if (variable_get('user_register', 1)) {
webmaster@7	667 $items[] = l(t('Create new account'), 'user/register', array('attributes' => array('title' => t('Create a new user account.'))));
webmaster@1	668 }
webmaster@7	669 $items[] = l(t('Request new password'), 'user/password', array('attributes' => array('title' => t('Request new password via e-mail.'))));
webmaster@1	670 $form['links'] = array('#value' => theme('item_list', $items));
webmaster@1	671 return $form;
webmaster@1	672 }
webmaster@1	673
webmaster@1	674 /**
webmaster@1	675 * Implementation of hook_block().
webmaster@1	676 */
webmaster@1	677 function user_block($op = 'list', $delta = 0, $edit = array()) {
webmaster@1	678 global $user;
webmaster@1	679
webmaster@1	680 if ($op == 'list') {
webmaster@1	681 $blocks[0]['info'] = t('User login');
webmaster@1	682 // Not worth caching.
webmaster@1	683 $blocks[0]['cache'] = BLOCK_NO_CACHE;
webmaster@1	684
webmaster@1	685 $blocks[1]['info'] = t('Navigation');
webmaster@1	686 // Menu blocks can't be cached because each menu item can have
webmaster@1	687 // a custom access callback. menu.inc manages its own caching.
webmaster@1	688 $blocks[1]['cache'] = BLOCK_NO_CACHE;
webmaster@1	689
webmaster@1	690 $blocks[2]['info'] = t('Who\'s new');
webmaster@1	691
webmaster@1	692 // Too dynamic to cache.
webmaster@1	693 $blocks[3]['info'] = t('Who\'s online');
webmaster@1	694 $blocks[3]['cache'] = BLOCK_NO_CACHE;
webmaster@1	695 return $blocks;
webmaster@1	696 }
webmaster@1	697 else if ($op == 'configure' && $delta == 2) {
webmaster@1	698 $form['user_block_whois_new_count'] = array(
webmaster@1	699 '#type' => 'select',
webmaster@1	700 '#title' => t('Number of users to display'),
webmaster@1	701 '#default_value' => variable_get('user_block_whois_new_count', 5),
webmaster@1	702 '#options' => drupal_map_assoc(array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10)),
webmaster@1	703 );
webmaster@1	704 return $form;
webmaster@1	705 }
webmaster@1	706 else if ($op == 'configure' && $delta == 3) {
webmaster@1	707 $period = drupal_map_assoc(array(30, 60, 120, 180, 300, 600, 900, 1800, 2700, 3600, 5400, 7200, 10800, 21600, 43200, 86400), 'format_interval');
webmaster@1	708 $form['user_block_seconds_online'] = array('#type' => 'select', '#title' => t('User activity'), '#default_value' => variable_get('user_block_seconds_online', 900), '#options' => $period, '#description' => t('A user is considered online for this long after they have last viewed a page.'));
webmaster@1	709 $form['user_block_max_list_count'] = array('#type' => 'select', '#title' => t('User list length'), '#default_value' => variable_get('user_block_max_list_count', 10), '#options' => drupal_map_assoc(array(0, 5, 10, 15, 20, 25, 30, 40, 50, 75, 100)), '#description' => t('Maximum number of currently online users to display.'));
webmaster@1	710
webmaster@1	711 return $form;
webmaster@1	712 }
webmaster@1	713 else if ($op == 'save' && $delta == 2) {
webmaster@1	714 variable_set('user_block_whois_new_count', $edit['user_block_whois_new_count']);
webmaster@1	715 }
webmaster@1	716 else if ($op == 'save' && $delta == 3) {
webmaster@1	717 variable_set('user_block_seconds_online', $edit['user_block_seconds_online']);
webmaster@1	718 variable_set('user_block_max_list_count', $edit['user_block_max_list_count']);
webmaster@1	719 }
webmaster@1	720 else if ($op == 'view') {
webmaster@1	721 $block = array();
webmaster@1	722
webmaster@1	723 switch ($delta) {
webmaster@1	724 case 0:
webmaster@1	725 // For usability's sake, avoid showing two login forms on one page.
webmaster@1	726 if (!$user->uid && !(arg(0) == 'user' && !is_numeric(arg(1)))) {
webmaster@1	727
webmaster@1	728 $block['subject'] = t('User login');
webmaster@1	729 $block['content'] = drupal_get_form('user_login_block');
webmaster@1	730 }
webmaster@1	731 return $block;
webmaster@1	732
webmaster@1	733 case 1:
webmaster@1	734 if ($menu = menu_tree()) {
webmaster@1	735 $block['subject'] = $user->uid ? check_plain($user->name) : t('Navigation');
webmaster@1	736 $block['content'] = $menu;
webmaster@1	737 }
webmaster@1	738 return $block;
webmaster@1	739
webmaster@1	740 case 2:
webmaster@1	741 if (user_access('access content')) {
webmaster@1	742 // Retrieve a list of new users who have subsequently accessed the site successfully.
webmaster@1	743 $result = db_query_range('SELECT uid, name FROM {users} WHERE status != 0 AND access != 0 ORDER BY created DESC', 0, variable_get('user_block_whois_new_count', 5));
webmaster@1	744 while ($account = db_fetch_object($result)) {
webmaster@1	745 $items[] = $account;
webmaster@1	746 }
webmaster@1	747 $output = theme('user_list', $items);
webmaster@1	748
webmaster@1	749 $block['subject'] = t('Who\'s new');
webmaster@1	750 $block['content'] = $output;
webmaster@1	751 }
webmaster@1	752 return $block;
webmaster@1	753
webmaster@1	754 case 3:
webmaster@1	755 if (user_access('access content')) {
webmaster@1	756 // Count users active within the defined period.
webmaster@1	757 $interval = time() - variable_get('user_block_seconds_online', 900);
webmaster@1	758
webmaster@1	759 // Perform database queries to gather online user lists. We use s.timestamp
webmaster@1	760 // rather than u.access because it is much faster.
webmaster@1	761 $anonymous_count = sess_count($interval);
webmaster@1	762 $authenticated_users = db_query('SELECT DISTINCT u.uid, u.name, s.timestamp FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.timestamp >= %d AND s.uid > 0 ORDER BY s.timestamp DESC', $interval);
webmaster@1	763 $authenticated_count = 0;
webmaster@1	764 $max_users = variable_get('user_block_max_list_count', 10);
webmaster@1	765 $items = array();
webmaster@1	766 while ($account = db_fetch_object($authenticated_users)) {
webmaster@1	767 if ($max_users > 0) {
webmaster@1	768 $items[] = $account;
webmaster@1	769 $max_users--;
webmaster@1	770 }
webmaster@1	771 $authenticated_count++;
webmaster@1	772 }
webmaster@1	773
webmaster@1	774 // Format the output with proper grammar.
webmaster@1	775 if ($anonymous_count == 1 && $authenticated_count == 1) {
webmaster@1	776 $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
webmaster@1	777 }
webmaster@1	778 else {
webmaster@1	779 $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
webmaster@1	780 }
webmaster@1	781
webmaster@1	782 // Display a list of currently online users.
webmaster@1	783 $max_users = variable_get('user_block_max_list_count', 10);
webmaster@1	784 if ($authenticated_count && $max_users) {
webmaster@1	785 $output .= theme('user_list', $items, t('Online users'));
webmaster@1	786 }
webmaster@1	787
webmaster@1	788 $block['subject'] = t('Who\'s online');
webmaster@1	789 $block['content'] = $output;
webmaster@1	790 }
webmaster@1	791 return $block;
webmaster@1	792 }
webmaster@1	793 }
webmaster@1	794 }
webmaster@1	795
webmaster@1	796 /**
webmaster@1	797 * Process variables for user-picture.tpl.php.
webmaster@1	798 *
webmaster@1	799 * The $variables array contains the following arguments:
webmaster@1	800 * - $account
webmaster@1	801 *
webmaster@1	802 * @see user-picture.tpl.php
webmaster@1	803 */
webmaster@1	804 function template_preprocess_user_picture(&$variables) {
webmaster@1	805 $variables['picture'] = '';
webmaster@1	806 if (variable_get('user_pictures', 0)) {
webmaster@1	807 $account = $variables['account'];
webmaster@1	808 if (!empty($account->picture) && file_exists($account->picture)) {
webmaster@1	809 $picture = file_create_url($account->picture);
webmaster@1	810 }
webmaster@1	811 else if (variable_get('user_picture_default', '')) {
webmaster@1	812 $picture = variable_get('user_picture_default', '');
webmaster@1	813 }
webmaster@1	814
webmaster@1	815 if (isset($picture)) {
webmaster@1	816 $alt = t("@user's picture", array('@user' => $account->name ? $account->name : variable_get('anonymous', t('Anonymous'))));
webmaster@1	817 $variables['picture'] = theme('image', $picture, $alt, $alt, '', FALSE);
webmaster@1	818 if (!empty($account->uid) && user_access('access user profiles')) {
webmaster@1	819 $attributes = array('attributes' => array('title' => t('View user profile.')), 'html' => TRUE);
webmaster@1	820 $variables['picture'] = l($variables['picture'], "user/$account->uid", $attributes);
webmaster@1	821 }
webmaster@1	822 }
webmaster@1	823 }
webmaster@1	824 }
webmaster@1	825
webmaster@1	826 /**
webmaster@1	827 * Make a list of users.
webmaster@1	828 *
webmaster@1	829 * @param $users
webmaster@1	830 * An array with user objects. Should contain at least the name and uid.
webmaster@1	831 * @param $title
webmaster@1	832 * (optional) Title to pass on to theme_item_list().
webmaster@1	833 *
webmaster@1	834 * @ingroup themeable
webmaster@1	835 */
webmaster@1	836 function theme_user_list($users, $title = NULL) {
webmaster@1	837 if (!empty($users)) {
webmaster@1	838 foreach ($users as $user) {
webmaster@1	839 $items[] = theme('username', $user);
webmaster@1	840 }
webmaster@1	841 }
webmaster@1	842 return theme('item_list', $items, $title);
webmaster@1	843 }
webmaster@1	844
webmaster@1	845 function user_is_anonymous() {
webmaster@1	846 // Menu administrators can see items for anonymous when administering.
webmaster@1	847 return !$GLOBALS['user']->uid \|\| !empty($GLOBALS['menu_admin']);
webmaster@1	848 }
webmaster@1	849
webmaster@1	850 function user_is_logged_in() {
webmaster@1	851 return (bool)$GLOBALS['user']->uid;
webmaster@1	852 }
webmaster@1	853
webmaster@1	854 function user_register_access() {
webmaster@1	855 return user_is_anonymous() && variable_get('user_register', 1);
webmaster@1	856 }
webmaster@1	857
webmaster@1	858 function user_view_access($account) {
webmaster@1	859 return $account && $account->uid &&
webmaster@1	860 (
webmaster@1	861 // Always let users view their own profile.
webmaster@1	862 ($GLOBALS['user']->uid == $account->uid) \|\|
webmaster@1	863 // Administrators can view all accounts.
webmaster@1	864 user_access('administer users') \|\|
webmaster@1	865 // The user is not blocked and logged in at least once.
webmaster@1	866 ($account->access && $account->status && user_access('access user profiles'))
webmaster@1	867 );
webmaster@1	868 }
webmaster@1	869
webmaster@5	870 /**
webmaster@5	871 * Access callback for user account editing.
webmaster@5	872 */
webmaster@1	873 function user_edit_access($account) {
webmaster@1	874 return (($GLOBALS['user']->uid == $account->uid) \|\| user_access('administer users')) && $account->uid > 0;
webmaster@1	875 }
webmaster@1	876
webmaster@1	877 function user_load_self($arg) {
webmaster@1	878 $arg[1] = user_load($GLOBALS['user']->uid);
webmaster@1	879 return $arg;
webmaster@1	880 }
webmaster@1	881
webmaster@1	882 /**
webmaster@1	883 * Implementation of hook_menu().
webmaster@1	884 */
webmaster@1	885 function user_menu() {
webmaster@1	886 $items['user/autocomplete'] = array(
webmaster@1	887 'title' => 'User autocomplete',
webmaster@1	888 'page callback' => 'user_autocomplete',
webmaster@1	889 'access callback' => 'user_access',
webmaster@1	890 'access arguments' => array('access user profiles'),
webmaster@1	891 'type' => MENU_CALLBACK,
webmaster@1	892 'file' => 'user.pages.inc',
webmaster@1	893 );
webmaster@1	894
webmaster@1	895 // Registration and login pages.
webmaster@1	896 $items['user'] = array(
webmaster@1	897 'title' => 'User account',
webmaster@1	898 'page callback' => 'user_page',
webmaster@1	899 'access callback' => TRUE,
webmaster@1	900 'type' => MENU_CALLBACK,
webmaster@1	901 'file' => 'user.pages.inc',
webmaster@1	902 );
webmaster@1	903
webmaster@1	904 $items['user/login'] = array(
webmaster@1	905 'title' => 'Log in',
webmaster@1	906 'access callback' => 'user_is_anonymous',
webmaster@1	907 'type' => MENU_DEFAULT_LOCAL_TASK,
webmaster@1	908 );
webmaster@1	909
webmaster@1	910 $items['user/register'] = array(
webmaster@1	911 'title' => 'Create new account',
webmaster@1	912 'page callback' => 'drupal_get_form',
webmaster@1	913 'page arguments' => array('user_register'),
webmaster@1	914 'access callback' => 'user_register_access',
webmaster@1	915 'type' => MENU_LOCAL_TASK,
webmaster@1	916 'file' => 'user.pages.inc',
webmaster@1	917 );
webmaster@1	918
webmaster@1	919 $items['user/password'] = array(
webmaster@1	920 'title' => 'Request new password',
webmaster@1	921 'page callback' => 'drupal_get_form',
webmaster@1	922 'page arguments' => array('user_pass'),
webmaster@1	923 'access callback' => 'user_is_anonymous',
webmaster@1	924 'type' => MENU_LOCAL_TASK,
webmaster@1	925 'file' => 'user.pages.inc',
webmaster@1	926 );
webmaster@1	927 $items['user/reset/%/%/%'] = array(
webmaster@1	928 'title' => 'Reset password',
webmaster@1	929 'page callback' => 'drupal_get_form',
webmaster@1	930 'page arguments' => array('user_pass_reset', 2, 3, 4),
webmaster@1	931 'access callback' => TRUE,
webmaster@1	932 'type' => MENU_CALLBACK,
webmaster@1	933 'file' => 'user.pages.inc',
webmaster@1	934 );
webmaster@1	935
webmaster@1	936 // Admin user pages.
webmaster@1	937 $items['admin/user'] = array(
webmaster@1	938 'title' => 'User management',
webmaster@1	939 'description' => "Manage your site's users, groups and access to site features.",
webmaster@1	940 'position' => 'left',
webmaster@1	941 'page callback' => 'system_admin_menu_block_page',
webmaster@1	942 'access arguments' => array('access administration pages'),
webmaster@1	943 'file' => 'system.admin.inc',
webmaster@1	944 'file path' => drupal_get_path('module', 'system'),
webmaster@1	945 );
webmaster@1	946 $items['admin/user/user'] = array(
webmaster@1	947 'title' => 'Users',
webmaster@1	948 'description' => 'List, add, and edit users.',
webmaster@1	949 'page callback' => 'user_admin',
webmaster@1	950 'page arguments' => array('list'),
webmaster@1	951 'access arguments' => array('administer users'),
webmaster@1	952 'file' => 'user.admin.inc',
webmaster@1	953 );
webmaster@1	954 $items['admin/user/user/list'] = array(
webmaster@1	955 'title' => 'List',
webmaster@1	956 'type' => MENU_DEFAULT_LOCAL_TASK,
webmaster@1	957 'weight' => -10,
webmaster@1	958 );
webmaster@1	959 $items['admin/user/user/create'] = array(
webmaster@1	960 'title' => 'Add user',
webmaster@1	961 'page arguments' => array('create'),
webmaster@5	962 'access arguments' => array('administer users'),
webmaster@1	963 'type' => MENU_LOCAL_TASK,
webmaster@1	964 'file' => 'user.admin.inc',
webmaster@1	965 );
webmaster@1	966 $items['admin/user/settings'] = array(
webmaster@1	967 'title' => 'User settings',
webmaster@1	968 'description' => 'Configure default behavior of users, including registration requirements, e-mails, and user pictures.',
webmaster@1	969 'page callback' => 'drupal_get_form',
webmaster@1	970 'page arguments' => array('user_admin_settings'),
webmaster@1	971 'access arguments' => array('administer users'),
webmaster@1	972 'file' => 'user.admin.inc',
webmaster@1	973 );
webmaster@1	974
webmaster@1	975 // Admin access pages.
webmaster@1	976 $items['admin/user/permissions'] = array(
webmaster@1	977 'title' => 'Permissions',
webmaster@1	978 'description' => 'Determine access to features by selecting permissions for roles.',
webmaster@1	979 'page callback' => 'drupal_get_form',
webmaster@1	980 'page arguments' => array('user_admin_perm'),
webmaster@1	981 'access arguments' => array('administer permissions'),
webmaster@1	982 'file' => 'user.admin.inc',
webmaster@1	983 );
webmaster@1	984 $items['admin/user/roles'] = array(
webmaster@1	985 'title' => 'Roles',
webmaster@1	986 'description' => 'List, edit, or add user roles.',
webmaster@1	987 'page callback' => 'drupal_get_form',
webmaster@1	988 'page arguments' => array('user_admin_new_role'),
webmaster@1	989 'access arguments' => array('administer permissions'),
webmaster@1	990 'file' => 'user.admin.inc',
webmaster@1	991 );
webmaster@1	992 $items['admin/user/roles/edit'] = array(
webmaster@1	993 'title' => 'Edit role',
webmaster@1	994 'page arguments' => array('user_admin_role'),
webmaster@5	995 'access arguments' => array('administer permissions'),
webmaster@1	996 'type' => MENU_CALLBACK,
webmaster@1	997 'file' => 'user.admin.inc',
webmaster@1	998 );
webmaster@1	999 $items['admin/user/rules'] = array(
webmaster@1	1000 'title' => 'Access rules',
webmaster@1	1001 'description' => 'List and create rules to disallow usernames, e-mail addresses, and IP addresses.',
webmaster@1	1002 'page callback' => 'user_admin_access',
webmaster@1	1003 'access arguments' => array('administer permissions'),
webmaster@1	1004 'file' => 'user.admin.inc',
webmaster@1	1005 );
webmaster@1	1006 $items['admin/user/rules/list'] = array(
webmaster@1	1007 'title' => 'List',
webmaster@1	1008 'type' => MENU_DEFAULT_LOCAL_TASK,
webmaster@1	1009 'weight' => -10,
webmaster@1	1010 );
webmaster@1	1011 $items['admin/user/rules/add'] = array(
webmaster@1	1012 'title' => 'Add rule',
webmaster@1	1013 'page callback' => 'user_admin_access_add',
webmaster@5	1014 'access arguments' => array('administer permissions'),
webmaster@1	1015 'type' => MENU_LOCAL_TASK,
webmaster@1	1016 'file' => 'user.admin.inc',
webmaster@1	1017 );
webmaster@1	1018 $items['admin/user/rules/check'] = array(
webmaster@1	1019 'title' => 'Check rules',
webmaster@1	1020 'page callback' => 'user_admin_access_check',
webmaster@5	1021 'access arguments' => array('administer permissions'),
webmaster@1	1022 'type' => MENU_LOCAL_TASK,
webmaster@1	1023 'file' => 'user.admin.inc',
webmaster@1	1024 );
webmaster@1	1025 $items['admin/user/rules/edit'] = array(
webmaster@1	1026 'title' => 'Edit rule',
webmaster@1	1027 'page callback' => 'user_admin_access_edit',
webmaster@5	1028 'access arguments' => array('administer permissions'),
webmaster@1	1029 'type' => MENU_CALLBACK,
webmaster@1	1030 'file' => 'user.admin.inc',
webmaster@1	1031 );
webmaster@1	1032 $items['admin/user/rules/delete'] = array(
webmaster@1	1033 'title' => 'Delete rule',
webmaster@1	1034 'page callback' => 'drupal_get_form',
webmaster@1	1035 'page arguments' => array('user_admin_access_delete_confirm'),
webmaster@5	1036 'access arguments' => array('administer permissions'),
webmaster@1	1037 'type' => MENU_CALLBACK,
webmaster@1	1038 'file' => 'user.admin.inc',
webmaster@1	1039 );
webmaster@1	1040
webmaster@1	1041 $items['logout'] = array(
webmaster@1	1042 'title' => 'Log out',
webmaster@1	1043 'access callback' => 'user_is_logged_in',
webmaster@1	1044 'page callback' => 'user_logout',
webmaster@1	1045 'weight' => 10,
webmaster@1	1046 'file' => 'user.pages.inc',
webmaster@1	1047 );
webmaster@1	1048
webmaster@5	1049 $items['user/%user_uid_optional'] = array(
webmaster@1	1050 'title' => 'My account',
webmaster@1	1051 'title callback' => 'user_page_title',
webmaster@1	1052 'title arguments' => array(1),
webmaster@1	1053 'page callback' => 'user_view',
webmaster@1	1054 'page arguments' => array(1),
webmaster@1	1055 'access callback' => 'user_view_access',
webmaster@1	1056 'access arguments' => array(1),
webmaster@1	1057 'parent' => '',
webmaster@1	1058 'file' => 'user.pages.inc',
webmaster@1	1059 );
webmaster@1	1060
webmaster@1	1061 $items['user/%user/view'] = array(
webmaster@1	1062 'title' => 'View',
webmaster@1	1063 'type' => MENU_DEFAULT_LOCAL_TASK,
webmaster@1	1064 'weight' => -10,
webmaster@1	1065 );
webmaster@1	1066
webmaster@1	1067 $items['user/%user/delete'] = array(
webmaster@1	1068 'title' => 'Delete',
webmaster@1	1069 'page callback' => 'drupal_get_form',
webmaster@1	1070 'page arguments' => array('user_confirm_delete', 1),
webmaster@1	1071 'access callback' => 'user_access',
webmaster@1	1072 'access arguments' => array('administer users'),
webmaster@1	1073 'type' => MENU_CALLBACK,
webmaster@1	1074 'file' => 'user.pages.inc',
webmaster@1	1075 );
webmaster@1	1076
webmaster@1	1077 $items['user/%user_category/edit'] = array(
webmaster@1	1078 'title' => 'Edit',
webmaster@1	1079 'page callback' => 'user_edit',
webmaster@1	1080 'page arguments' => array(1),
webmaster@1	1081 'access callback' => 'user_edit_access',
webmaster@1	1082 'access arguments' => array(1),
webmaster@1	1083 'type' => MENU_LOCAL_TASK,
webmaster@1	1084 'load arguments' => array('%map', '%index'),
webmaster@1	1085 'file' => 'user.pages.inc',
webmaster@1	1086 );
webmaster@1	1087
webmaster@1	1088 $items['user/%user_category/edit/account'] = array(
webmaster@1	1089 'title' => 'Account',
webmaster@1	1090 'type' => MENU_DEFAULT_LOCAL_TASK,
webmaster@1	1091 'load arguments' => array('%map', '%index'),
webmaster@1	1092 );
webmaster@1	1093
webmaster@1	1094 $empty_account = new stdClass();
webmaster@1	1095 if (($categories = _user_categories($empty_account)) && (count($categories) > 1)) {
webmaster@1	1096 foreach ($categories as $key => $category) {
webmaster@1	1097 // 'account' is already handled by the MENU_DEFAULT_LOCAL_TASK.
webmaster@1	1098 if ($category['name'] != 'account') {
webmaster@1	1099 $items['user/%user_category/edit/'. $category['name']] = array(
webmaster@1	1100 'title callback' => 'check_plain',
webmaster@1	1101 'title arguments' => array($category['title']),
webmaster@1	1102 'page callback' => 'user_edit',
webmaster@1	1103 'page arguments' => array(1, 3),
webmaster@5	1104 'access callback' => isset($category['access callback']) ? $category['access callback'] : 'user_edit_access',
webmaster@5	1105 'access arguments' => isset($category['access arguments']) ? $category['access arguments'] : array(1),
webmaster@1	1106 'type' => MENU_LOCAL_TASK,
webmaster@1	1107 'weight' => $category['weight'],
webmaster@1	1108 'load arguments' => array('%map', '%index'),
webmaster@1	1109 'tab_parent' => 'user/%/edit',
webmaster@1	1110 'file' => 'user.pages.inc',
webmaster@1	1111 );
webmaster@1	1112 }
webmaster@1	1113 }
webmaster@1	1114 }
webmaster@1	1115 return $items;
webmaster@1	1116 }
webmaster@1	1117
webmaster@1	1118 function user_init() {
webmaster@1	1119 drupal_add_css(drupal_get_path('module', 'user') .'/user.css', 'module');
webmaster@1	1120 }
webmaster@1	1121
webmaster@5	1122 function user_uid_optional_load($arg) {
webmaster@5	1123 return user_load(isset($arg) ? $arg : $GLOBALS['user']->uid);
webmaster@1	1124 }
webmaster@1	1125
webmaster@1	1126 /**
webmaster@1	1127 * Return a user object after checking if any profile category in the path exists.
webmaster@1	1128 */
webmaster@1	1129 function user_category_load($uid, &$map, $index) {
webmaster@1	1130 static $user_categories, $accounts;
webmaster@1	1131
webmaster@1	1132 // Cache $account - this load function will get called for each profile tab.
webmaster@1	1133 if (!isset($accounts[$uid])) {
webmaster@1	1134 $accounts[$uid] = user_load($uid);
webmaster@1	1135 }
webmaster@1	1136 $valid = TRUE;
webmaster@1	1137 if ($account = $accounts[$uid]) {
webmaster@1	1138 // Since the path is like user/%/edit/category_name, the category name will
webmaster@1	1139 // be at a position 2 beyond the index corresponding to the % wildcard.
webmaster@1	1140 $category_index = $index + 2;
webmaster@1	1141 // Valid categories may contain slashes, and hence need to be imploded.
webmaster@1	1142 $category_path = implode('/', array_slice($map, $category_index));
webmaster@1	1143 if ($category_path) {
webmaster@1	1144 // Check that the requested category exists.
webmaster@1	1145 $valid = FALSE;
webmaster@1	1146 if (!isset($user_categories)) {
webmaster@1	1147 $empty_account = new stdClass();
webmaster@1	1148 $user_categories = _user_categories($empty_account);
webmaster@1	1149 }
webmaster@1	1150 foreach ($user_categories as $category) {
webmaster@1	1151 if ($category['name'] == $category_path) {
webmaster@1	1152 $valid = TRUE;
webmaster@1	1153 // Truncate the map array in case the category name had slashes.
webmaster@1	1154 $map = array_slice($map, 0, $category_index);
webmaster@1	1155 // Assign the imploded category name to the last map element.
webmaster@1	1156 $map[$category_index] = $category_path;
webmaster@1	1157 break;
webmaster@1	1158 }
webmaster@1	1159 }
webmaster@1	1160 }
webmaster@1	1161 }
webmaster@1	1162 return $valid ? $account : FALSE;
webmaster@1	1163 }
webmaster@1	1164
webmaster@1	1165 /**
webmaster@1	1166 * Returns the user id of the currently logged in user.
webmaster@1	1167 */
webmaster@5	1168 function user_uid_optional_to_arg($arg) {
webmaster@1	1169 // Give back the current user uid when called from eg. tracker, aka.
webmaster@1	1170 // with an empty arg. Also use the current user uid when called from
webmaster@1	1171 // the menu with a % for the current account link.
webmaster@1	1172 return empty($arg) \|\| $arg == '%' ? $GLOBALS['user']->uid : $arg;
webmaster@1	1173 }
webmaster@1	1174
webmaster@1	1175 /**
webmaster@1	1176 * Menu item title callback - use the user name if it's not the current user.
webmaster@1	1177 */
webmaster@1	1178 function user_page_title($account) {
webmaster@1	1179 if ($account->uid == $GLOBALS['user']->uid) {
webmaster@1	1180 return t('My account');
webmaster@1	1181 }
webmaster@1	1182 return $account->name;
webmaster@1	1183 }
webmaster@1	1184
webmaster@1	1185 /**
webmaster@1	1186 * Discover which external authentication module(s) authenticated a username.
webmaster@1	1187 *
webmaster@1	1188 * @param $authname
webmaster@1	1189 * A username used by an external authentication module.
webmaster@1	1190 * @return
webmaster@1	1191 * An associative array with module as key and username as value.
webmaster@1	1192 */
webmaster@1	1193 function user_get_authmaps($authname = NULL) {
webmaster@1	1194 $result = db_query("SELECT authname, module FROM {authmap} WHERE authname = '%s'", $authname);
webmaster@1	1195 $authmaps = array();
webmaster@1	1196 $has_rows = FALSE;
webmaster@1	1197 while ($authmap = db_fetch_object($result)) {
webmaster@1	1198 $authmaps[$authmap->module] = $authmap->authname;
webmaster@1	1199 $has_rows = TRUE;
webmaster@1	1200 }
webmaster@1	1201 return $has_rows ? $authmaps : 0;
webmaster@1	1202 }
webmaster@1	1203
webmaster@1	1204 /**
webmaster@1	1205 * Save mappings of which external authentication module(s) authenticated
webmaster@1	1206 * a user. Maps external usernames to user ids in the users table.
webmaster@1	1207 *
webmaster@1	1208 * @param $account
webmaster@1	1209 * A user object.
webmaster@1	1210 * @param $authmaps
webmaster@1	1211 * An associative array with a compound key and the username as the value.
webmaster@1	1212 * The key is made up of 'authname_' plus the name of the external authentication
webmaster@1	1213 * module.
webmaster@1	1214 * @see user_external_login_register()
webmaster@1	1215 */
webmaster@1	1216 function user_set_authmaps($account, $authmaps) {
webmaster@1	1217 foreach ($authmaps as $key => $value) {
webmaster@1	1218 $module = explode('_', $key, 2);
webmaster@1	1219 if ($value) {
webmaster@1	1220 db_query("UPDATE {authmap} SET authname = '%s' WHERE uid = %d AND module = '%s'", $value, $account->uid, $module[1]);
webmaster@1	1221 if (!db_affected_rows()) {
webmaster@1	1222 db_query("INSERT INTO {authmap} (authname, uid, module) VALUES ('%s', %d, '%s')", $value, $account->uid, $module[1]);
webmaster@1	1223 }
webmaster@1	1224 }
webmaster@1	1225 else {
webmaster@1	1226 db_query("DELETE FROM {authmap} WHERE uid = %d AND module = '%s'", $account->uid, $module[1]);
webmaster@1	1227 }
webmaster@1	1228 }
webmaster@1	1229 }
webmaster@1	1230
webmaster@1	1231 /**
webmaster@1	1232 * Form builder; the main user login form.
webmaster@1	1233 *
webmaster@1	1234 * @ingroup forms
webmaster@1	1235 */
webmaster@5	1236 function user_login(&$form_state) {
webmaster@1	1237 global $user;
webmaster@1	1238
webmaster@1	1239 // If we are already logged on, go to the user page instead.
webmaster@1	1240 if ($user->uid) {
webmaster@1	1241 drupal_goto('user/'. $user->uid);
webmaster@1	1242 }
webmaster@1	1243
webmaster@1	1244 // Display login form:
webmaster@1	1245 $form['name'] = array('#type' => 'textfield',
webmaster@1	1246 '#title' => t('Username'),
webmaster@1	1247 '#size' => 60,
webmaster@1	1248 '#maxlength' => USERNAME_MAX_LENGTH,
webmaster@1	1249 '#required' => TRUE,
webmaster@1	1250 '#attributes' => array('tabindex' => '1'),
webmaster@1	1251 );
webmaster@1	1252
webmaster@1	1253 $form['name']['#description'] = t('Enter your @s username.', array('@s' => variable_get('site_name', 'Drupal')));
webmaster@1	1254 $form['pass'] = array('#type' => 'password',
webmaster@1	1255 '#title' => t('Password'),
webmaster@1	1256 '#description' => t('Enter the password that accompanies your username.'),
webmaster@1	1257 '#required' => TRUE,
webmaster@1	1258 '#attributes' => array('tabindex' => '2'),
webmaster@1	1259 );
webmaster@1	1260 $form['#validate'] = user_login_default_validators();
webmaster@1	1261 $form['submit'] = array('#type' => 'submit', '#value' => t('Log in'), '#weight' => 2, '#attributes' => array('tabindex' => '3'));
webmaster@1	1262
webmaster@1	1263 return $form;
webmaster@1	1264 }
webmaster@1	1265
webmaster@1	1266 /**
webmaster@1	1267 * Set up a series for validators which check for blocked/denied users,
webmaster@1	1268 * then authenticate against local database, then return an error if
webmaster@7	1269 * authentication fails. Distributed authentication modules are welcome
webmaster@7	1270 * to use hook_form_alter() to change this series in order to
webmaster@7	1271 * authenticate against their user database instead of the local users
webmaster@1	1272 * table.
webmaster@1	1273 *
webmaster@1	1274 * We use three validators instead of one since external authentication
webmaster@1	1275 * modules usually only need to alter the second validator.
webmaster@1	1276 *
webmaster@1	1277 * @see user_login_name_validate()
webmaster@1	1278 * @see user_login_authenticate_validate()
webmaster@1	1279 * @see user_login_final_validate()
webmaster@1	1280 * @return array
webmaster@1	1281 * A simple list of validate functions.
webmaster@1	1282 */
webmaster@1	1283 function user_login_default_validators() {
webmaster@1	1284 return array('user_login_name_validate', 'user_login_authenticate_validate', 'user_login_final_validate');
webmaster@1	1285 }
webmaster@1	1286
webmaster@1	1287 /**
webmaster@1	1288 * A FAPI validate handler. Sets an error if supplied username has been blocked
webmaster@1	1289 * or denied access.
webmaster@1	1290 */
webmaster@1	1291 function user_login_name_validate($form, &$form_state) {
webmaster@1	1292 if (isset($form_state['values']['name'])) {
webmaster@1	1293 if (user_is_blocked($form_state['values']['name'])) {
webmaster@1	1294 // blocked in user administration
webmaster@1	1295 form_set_error('name', t('The username %name has not been activated or is blocked.', array('%name' => $form_state['values']['name'])));
webmaster@1	1296 }
webmaster@1	1297 else if (drupal_is_denied('user', $form_state['values']['name'])) {
webmaster@1	1298 // denied by access controls
webmaster@1	1299 form_set_error('name', t('The name %name is a reserved username.', array('%name' => $form_state['values']['name'])));
webmaster@1	1300 }
webmaster@1	1301 }
webmaster@1	1302 }
webmaster@1	1303
webmaster@1	1304 /**
webmaster@1	1305 * A validate handler on the login form. Check supplied username/password
webmaster@1	1306 * against local users table. If successful, sets the global $user object.
webmaster@1	1307 */
webmaster@1	1308 function user_login_authenticate_validate($form, &$form_state) {
webmaster@1	1309 user_authenticate($form_state['values']);
webmaster@1	1310 }
webmaster@1	1311
webmaster@1	1312 /**
webmaster@1	1313 * A validate handler on the login form. Should be the last validator. Sets an
webmaster@1	1314 * error if user has not been authenticated yet.
webmaster@1	1315 */
webmaster@1	1316 function user_login_final_validate($form, &$form_state) {
webmaster@1	1317 global $user;
webmaster@1	1318 if (!$user->uid) {
webmaster@1	1319 form_set_error('name', t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => url('user/password'))));
webmaster@1	1320 watchdog('user', 'Login attempt failed for %user.', array('%user' => $form_state['values']['name']));
webmaster@1	1321 }
webmaster@1	1322 }
webmaster@1	1323
webmaster@1	1324 /**
webmaster@1	1325 * Try to log in the user locally.
webmaster@1	1326 *
webmaster@1	1327 * @param $form_values
webmaster@1	1328 * Form values with at least 'name' and 'pass' keys, as well as anything else
webmaster@1	1329 * which should be passed along to hook_user op 'login'.
webmaster@1	1330 *
webmaster@1	1331 * @return
webmaster@1	1332 * A $user object, if successful.
webmaster@1	1333 */
webmaster@1	1334 function user_authenticate($form_values = array()) {
webmaster@1	1335 global $user;
webmaster@1	1336
webmaster@1	1337 // Name and pass keys are required.
webmaster@1	1338 if (!empty($form_values['name']) && !empty($form_values['pass']) &&
webmaster@1	1339 $account = user_load(array('name' => $form_values['name'], 'pass' => trim($form_values['pass']), 'status' => 1))) {
webmaster@1	1340 $user = $account;
webmaster@1	1341 user_authenticate_finalize($form_values);
webmaster@1	1342 return $user;
webmaster@1	1343 }
webmaster@1	1344 }
webmaster@1	1345
webmaster@1	1346 /**
webmaster@1	1347 * Finalize the login process. Must be called when logging in a user.
webmaster@1	1348 *
webmaster@1	1349 * The function records a watchdog message about the new session, saves the
webmaster@1	1350 * login timestamp, calls hook_user op 'login' and generates a new session.
webmaster@1	1351 *
webmaster@1	1352 * $param $edit
webmaster@1	1353 * This array is passed to hook_user op login.
webmaster@1	1354 */
webmaster@1	1355 function user_authenticate_finalize(&$edit) {
webmaster@1	1356 global $user;
webmaster@1	1357 watchdog('user', 'Session opened for %name.', array('%name' => $user->name));
webmaster@1	1358 // Update the user table timestamp noting user has logged in.
webmaster@1	1359 // This is also used to invalidate one-time login links.
webmaster@1	1360 $user->login = time();
webmaster@1	1361 db_query("UPDATE {users} SET login = %d WHERE uid = %d", $user->login, $user->uid);
webmaster@7	1362
webmaster@7	1363 // Regenerate the session ID to prevent against session fixation attacks.
webmaster@7	1364 sess_regenerate();
webmaster@1	1365 user_module_invoke('login', $edit, $user);
webmaster@1	1366 }
webmaster@1	1367
webmaster@1	1368 /**
webmaster@1	1369 * Submit handler for the login form. Redirects the user to a page.
webmaster@1	1370 *
webmaster@1	1371 * The user is redirected to the My Account page. Setting the destination in
webmaster@1	1372 * the query string (as done by the user login block) overrides the redirect.
webmaster@1	1373 */
webmaster@1	1374 function user_login_submit($form, &$form_state) {
webmaster@1	1375 global $user;
webmaster@1	1376 if ($user->uid) {
webmaster@1	1377 $form_state['redirect'] = 'user/'. $user->uid;
webmaster@1	1378 return;
webmaster@1	1379 }
webmaster@1	1380 }
webmaster@1	1381
webmaster@1	1382 /**
webmaster@1	1383 * Helper function for authentication modules. Either login in or registers
webmaster@1	1384 * the current user, based on username. Either way, the global $user object is
webmaster@1	1385 * populated based on $name.
webmaster@1	1386 */
webmaster@1	1387 function user_external_login_register($name, $module) {
webmaster@1	1388 global $user;
webmaster@1	1389
webmaster@1	1390 $user = user_load(array('name' => $name));
webmaster@1	1391 if (!isset($user->uid)) {
webmaster@1	1392 // Register this new user.
webmaster@1	1393 $userinfo = array(
webmaster@1	1394 'name' => $name,
webmaster@1	1395 'pass' => user_password(),
webmaster@1	1396 'init' => $name,
webmaster@1	1397 'status' => 1,
webmaster@1	1398 "authname_$module" => $name,
webmaster@1	1399 'access' => time()
webmaster@1	1400 );
webmaster@1	1401 $account = user_save('', $userinfo);
webmaster@1	1402 // Terminate if an error occured during user_save().
webmaster@1	1403 if (!$account) {
webmaster@1	1404 drupal_set_message(t("Error saving user account."), 'error');
webmaster@1	1405 return;
webmaster@1	1406 }
webmaster@1	1407 $user = $account;
webmaster@1	1408 watchdog('user', 'New external user: %name using module %module.', array('%name' => $name, '%module' => $module), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $user->uid .'/edit'));
webmaster@1	1409 }
webmaster@1	1410 }
webmaster@1	1411
webmaster@1	1412 function user_pass_reset_url($account) {
webmaster@1	1413 $timestamp = time();
webmaster@1	1414 return url("user/reset/$account->uid/$timestamp/". user_pass_rehash($account->pass, $timestamp, $account->login), array('absolute' => TRUE));
webmaster@1	1415 }
webmaster@1	1416
webmaster@1	1417 function user_pass_rehash($password, $timestamp, $login) {
webmaster@1	1418 return md5($timestamp . $password . $login);
webmaster@1	1419 }
webmaster@1	1420
webmaster@1	1421 function user_edit_form(&$form_state, $uid, $edit, $register = FALSE) {
webmaster@1	1422 _user_password_dynamic_validation();
webmaster@1	1423 $admin = user_access('administer users');
webmaster@1	1424
webmaster@1	1425 // Account information:
webmaster@1	1426 $form['account'] = array('#type' => 'fieldset',
webmaster@1	1427 '#title' => t('Account information'),
webmaster@1	1428 '#weight' => -10,
webmaster@1	1429 );
webmaster@1	1430 if (user_access('change own username') \|\| $admin \|\| $register) {
webmaster@1	1431 $form['account']['name'] = array('#type' => 'textfield',
webmaster@1	1432 '#title' => t('Username'),
webmaster@1	1433 '#default_value' => $edit['name'],
webmaster@1	1434 '#maxlength' => USERNAME_MAX_LENGTH,
webmaster@1	1435 '#description' => t('Spaces are allowed; punctuation is not allowed except for periods, hyphens, and underscores.'),
webmaster@1	1436 '#required' => TRUE,
webmaster@1	1437 );
webmaster@1	1438 }
webmaster@1	1439 $form['account']['mail'] = array('#type' => 'textfield',
webmaster@1	1440 '#title' => t('E-mail address'),
webmaster@1	1441 '#default_value' => $edit['mail'],
webmaster@1	1442 '#maxlength' => EMAIL_MAX_LENGTH,
webmaster@1	1443 '#description' => t('A valid e-mail address. All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.'),
webmaster@1	1444 '#required' => TRUE,
webmaster@1	1445 );
webmaster@1	1446 if (!$register) {
webmaster@1	1447 $form['account']['pass'] = array('#type' => 'password_confirm',
webmaster@1	1448 '#description' => t('To change the current user password, enter the new password in both fields.'),
webmaster@1	1449 '#size' => 25,
webmaster@1	1450 );
webmaster@1	1451 }
webmaster@1	1452 elseif (!variable_get('user_email_verification', TRUE) \|\| $admin) {
webmaster@1	1453 $form['account']['pass'] = array(
webmaster@1	1454 '#type' => 'password_confirm',
webmaster@1	1455 '#description' => t('Provide a password for the new account in both fields.'),
webmaster@1	1456 '#required' => TRUE,
webmaster@1	1457 '#size' => 25,
webmaster@1	1458 );
webmaster@1	1459 }
webmaster@1	1460 if ($admin) {
webmaster@1	1461 $form['account']['status'] = array(
webmaster@1	1462 '#type' => 'radios',
webmaster@1	1463 '#title' => t('Status'),
webmaster@1	1464 '#default_value' => isset($edit['status']) ? $edit['status'] : 1,
webmaster@1	1465 '#options' => array(t('Blocked'), t('Active'))
webmaster@1	1466 );
webmaster@1	1467 }
webmaster@1	1468 if (user_access('administer permissions')) {
webmaster@1	1469 $roles = user_roles(TRUE);
webmaster@1	1470
webmaster@1	1471 // The disabled checkbox subelement for the 'authenticated user' role
webmaster@1	1472 // must be generated separately and added to the checkboxes element,
webmaster@1	1473 // because of a limitation in D6 FormAPI not supporting a single disabled
webmaster@1	1474 // checkbox within a set of checkboxes.
webmaster@1	1475 // TODO: This should be solved more elegantly. See issue #119038.
webmaster@1	1476 $checkbox_authenticated = array(
webmaster@1	1477 '#type' => 'checkbox',
webmaster@1	1478 '#title' => $roles[DRUPAL_AUTHENTICATED_RID],
webmaster@1	1479 '#default_value' => TRUE,
webmaster@1	1480 '#disabled' => TRUE,
webmaster@1	1481 );
webmaster@1	1482
webmaster@1	1483 unset($roles[DRUPAL_AUTHENTICATED_RID]);
webmaster@1	1484 if ($roles) {
webmaster@1	1485 $default = empty($edit['roles']) ? array() : array_keys($edit['roles']);
webmaster@1	1486 $form['account']['roles'] = array(
webmaster@1	1487 '#type' => 'checkboxes',
webmaster@1	1488 '#title' => t('Roles'),
webmaster@1	1489 '#default_value' => $default,
webmaster@1	1490 '#options' => $roles,
webmaster@1	1491 DRUPAL_AUTHENTICATED_RID => $checkbox_authenticated,
webmaster@1	1492 );
webmaster@1	1493 }
webmaster@1	1494 }
webmaster@1	1495
webmaster@1	1496 // Signature:
webmaster@1	1497 if (variable_get('user_signatures', 0) && module_exists('comment') && !$register) {
webmaster@1	1498 $form['signature_settings'] = array(
webmaster@1	1499 '#type' => 'fieldset',
webmaster@1	1500 '#title' => t('Signature settings'),
webmaster@1	1501 '#weight' => 1,
webmaster@1	1502 );
webmaster@1	1503 $form['signature_settings']['signature'] = array(
webmaster@1	1504 '#type' => 'textarea',
webmaster@1	1505 '#title' => t('Signature'),
webmaster@1	1506 '#default_value' => $edit['signature'],
webmaster@1	1507 '#description' => t('Your signature will be publicly displayed at the end of your comments.'),
webmaster@1	1508 );
webmaster@1	1509 }
webmaster@1	1510
webmaster@1	1511 // Picture/avatar:
webmaster@1	1512 if (variable_get('user_pictures', 0) && !$register) {
webmaster@1	1513 $form['picture'] = array('#type' => 'fieldset', '#title' => t('Picture'), '#weight' => 1);
webmaster@1	1514 $picture = theme('user_picture', (object)$edit);
webmaster@1	1515 if ($edit['picture']) {
webmaster@1	1516 $form['picture']['current_picture'] = array('#value' => $picture);
webmaster@1	1517 $form['picture']['picture_delete'] = array('#type' => 'checkbox', '#title' => t('Delete picture'), '#description' => t('Check this box to delete your current picture.'));
webmaster@1	1518 }
webmaster@1	1519 else {
webmaster@1	1520 $form['picture']['picture_delete'] = array('#type' => 'hidden');
webmaster@1	1521 }
webmaster@1	1522 $form['picture']['picture_upload'] = array('#type' => 'file', '#title' => t('Upload picture'), '#size' => 48, '#description' => t('Your virtual face or picture. Maximum dimensions are %dimensions and the maximum size is %size kB.', array('%dimensions' => variable_get('user_picture_dimensions', '85x85'), '%size' => variable_get('user_picture_file_size', '30'))) .' '. variable_get('user_picture_guidelines', ''));
webmaster@1	1523 $form['#validate'][] = 'user_validate_picture';
webmaster@1	1524 }
webmaster@1	1525 $form['#uid'] = $uid;
webmaster@1	1526
webmaster@1	1527 return $form;
webmaster@1	1528 }
webmaster@1	1529
webmaster@1	1530 function _user_edit_validate($uid, &$edit) {
webmaster@1	1531 $user = user_load(array('uid' => $uid));
webmaster@1	1532 // Validate the username:
webmaster@1	1533 if (user_access('change own username') \|\| user_access('administer users') \|\| !$user->uid) {
webmaster@1	1534 if ($error = user_validate_name($edit['name'])) {
webmaster@1	1535 form_set_error('name', $error);
webmaster@1	1536 }
webmaster@1	1537 else if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) {
webmaster@1	1538 form_set_error('name', t('The name %name is already taken.', array('%name' => $edit['name'])));
webmaster@1	1539 }
webmaster@1	1540 else if (drupal_is_denied('user', $edit['name'])) {
webmaster@1	1541 form_set_error('name', t('The name %name has been denied access.', array('%name' => $edit['name'])));
webmaster@1	1542 }
webmaster@1	1543 }
webmaster@1	1544
webmaster@1	1545 // Validate the e-mail address:
webmaster@1	1546 if ($error = user_validate_mail($edit['mail'])) {
webmaster@1	1547 form_set_error('mail', $error);
webmaster@1	1548 }
webmaster@1	1549 else if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(mail) = LOWER('%s')", $uid, $edit['mail'])) > 0) {
webmaster@1	1550 form_set_error('mail', t('The e-mail address %email is already registered. <a href="@password">Have you forgotten your password?</a>', array('%email' => $edit['mail'], '@password' => url('user/password'))));
webmaster@1	1551 }
webmaster@1	1552 else if (drupal_is_denied('mail', $edit['mail'])) {
webmaster@1	1553 form_set_error('mail', t('The e-mail address %email has been denied access.', array('%email' => $edit['mail'])));
webmaster@1	1554 }
webmaster@1	1555 }
webmaster@1	1556
webmaster@1	1557 function _user_edit_submit($uid, &$edit) {
webmaster@1	1558 $user = user_load(array('uid' => $uid));
webmaster@1	1559 // Delete picture if requested, and if no replacement picture was given.
webmaster@1	1560 if (!empty($edit['picture_delete'])) {
webmaster@1	1561 if ($user->picture && file_exists($user->picture)) {
webmaster@1	1562 file_delete($user->picture);
webmaster@1	1563 }
webmaster@1	1564 $edit['picture'] = '';
webmaster@1	1565 }
webmaster@1	1566 if (isset($edit['roles'])) {
webmaster@1	1567 $edit['roles'] = array_filter($edit['roles']);
webmaster@1	1568 }
webmaster@1	1569 }
webmaster@1	1570
webmaster@1	1571 /**
webmaster@1	1572 * Delete a user.
webmaster@1	1573 *
webmaster@1	1574 * @param $edit An array of submitted form values.
webmaster@1	1575 * @param $uid The user ID of the user to delete.
webmaster@1	1576 */
webmaster@1	1577 function user_delete($edit, $uid) {
webmaster@1	1578 $account = user_load(array('uid' => $uid));
webmaster@1	1579 sess_destroy_uid($uid);
webmaster@1	1580 _user_mail_notify('status_deleted', $account);
webmaster@1	1581 db_query('DELETE FROM {users} WHERE uid = %d', $uid);
webmaster@1	1582 db_query('DELETE FROM {users_roles} WHERE uid = %d', $uid);
webmaster@1	1583 db_query('DELETE FROM {authmap} WHERE uid = %d', $uid);
webmaster@1	1584 $variables = array('%name' => $account->name, '%email' => '<'. $account->mail .'>');
webmaster@1	1585 watchdog('user', 'Deleted user: %name %email.', $variables, WATCHDOG_NOTICE);
webmaster@1	1586 module_invoke_all('user', 'delete', $edit, $account);
webmaster@1	1587 }
webmaster@1	1588
webmaster@1	1589 /**
webmaster@1	1590 * Builds a structured array representing the profile content.
webmaster@1	1591 *
webmaster@1	1592 * @param $account
webmaster@1	1593 * A user object.
webmaster@1	1594 *
webmaster@1	1595 * @return
webmaster@1	1596 * A structured array containing the individual elements of the profile.
webmaster@1	1597 */
webmaster@1	1598 function user_build_content(&$account) {
webmaster@1	1599 $edit = NULL;
webmaster@1	1600 user_module_invoke('view', $edit, $account);
webmaster@1	1601 // Allow modules to modify the fully-built profile.
webmaster@1	1602 drupal_alter('profile', $account);
webmaster@1	1603
webmaster@1	1604 return $account->content;
webmaster@1	1605 }
webmaster@1	1606
webmaster@1	1607 /**
webmaster@1	1608 * Implementation of hook_mail().
webmaster@1	1609 */
webmaster@1	1610 function user_mail($key, &$message, $params) {
webmaster@1	1611 $language = $message['language'];
webmaster@1	1612 $variables = user_mail_tokens($params['account'], $language);
webmaster@1	1613 $message['subject'] .= _user_mail_text($key .'_subject', $language, $variables);
webmaster@1	1614 $message['body'][] = _user_mail_text($key .'_body', $language, $variables);
webmaster@1	1615 }
webmaster@1	1616
webmaster@1	1617 /**
webmaster@1	1618 * Returns a mail string for a variable name.
webmaster@1	1619 *
webmaster@1	1620 * Used by user_mail() and the settings forms to retrieve strings.
webmaster@1	1621 */
webmaster@1	1622 function _user_mail_text($key, $language = NULL, $variables = array()) {
webmaster@1	1623 $langcode = isset($language) ? $language->language : NULL;
webmaster@1	1624
webmaster@1	1625 if ($admin_setting = variable_get('user_mail_'. $key, FALSE)) {
webmaster@1	1626 // An admin setting overrides the default string.
webmaster@1	1627 return strtr($admin_setting, $variables);
webmaster@1	1628 }
webmaster@1	1629 else {
webmaster@1	1630 // No override, return default string.
webmaster@1	1631 switch ($key) {
webmaster@1	1632 case 'register_no_approval_required_subject':
webmaster@1	1633 return t('Account details for !username at !site', $variables, $langcode);
webmaster@1	1634 case 'register_no_approval_required_body':
webmaster@1	1635 return t("!username,\n\nThank you for registering at !site. You may now log in to !login_uri using the following username and password:\n\nusername: !username\npassword: !password\n\nYou may also log in by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.\n\n\n-- !site team", $variables, $langcode);
webmaster@1	1636 case 'register_admin_created_subject':
webmaster@1	1637 return t('An administrator created an account for you at !site', $variables, $langcode);
webmaster@1	1638 case 'register_admin_created_body':
webmaster@1	1639 return t("!username,\n\nA site administrator at !site has created an account for you. You may now log in to !login_uri using the following username and password:\n\nusername: !username\npassword: !password\n\nYou may also log in by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.\n\n\n-- !site team", $variables, $langcode);
webmaster@1	1640 case 'register_pending_approval_subject':
webmaster@7	1641 case 'register_pending_approval_admin_subject':
webmaster@1	1642 return t('Account details for !username at !site (pending admin approval)', $variables, $langcode);
webmaster@1	1643 case 'register_pending_approval_body':
webmaster@1	1644 return t("!username,\n\nThank you for registering at !site. Your application for an account is currently pending approval. Once it has been approved, you will receive another e-mail containing information about how to log in, set your password, and other details.\n\n\n-- !site team", $variables, $langcode);
webmaster@1	1645 case 'register_pending_approval_admin_body':
webmaster@1	1646 return t("!username has applied for an account.\n\n!edit_uri", $variables, $langcode);
webmaster@1	1647 case 'password_reset_subject':
webmaster@1	1648 return t('Replacement login information for !username at !site', $variables, $langcode);
webmaster@1	1649 case 'password_reset_body':
webmaster@1	1650 return t("!username,\n\nA request to reset the password for your account has been made at !site.\n\nYou may now log in to !uri_brief by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once. It expires after one day and nothing will happen if it's not used.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.", $variables, $langcode);
webmaster@1	1651 case 'status_activated_subject':
webmaster@1	1652 return t('Account details for !username at !site (approved)', $variables, $langcode);
webmaster@1	1653 case 'status_activated_body':
webmaster@1	1654 return t("!username,\n\nYour account at !site has been activated.\n\nYou may now log in by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.\n\nOnce you have set your own password, you will be able to log in to !login_uri in the future using:\n\nusername: !username\n", $variables, $langcode);
webmaster@1	1655 case 'status_blocked_subject':
webmaster@1	1656 return t('Account details for !username at !site (blocked)', $variables, $langcode);
webmaster@1	1657 case 'status_blocked_body':
webmaster@1	1658 return t("!username,\n\nYour account on !site has been blocked.", $variables, $langcode);
webmaster@1	1659 case 'status_deleted_subject':
webmaster@1	1660 return t('Account details for !username at !site (deleted)', $variables, $langcode);
webmaster@1	1661 case 'status_deleted_body':
webmaster@1	1662 return t("!username,\n\nYour account on !site has been deleted.", $variables, $langcode);
webmaster@1	1663 }
webmaster@1	1664 }
webmaster@1	1665 }
webmaster@1	1666
webmaster@1	1667 /* Administrative features *********************************************/
webmaster@1	1668
webmaster@1	1669 /**
webmaster@1	1670 * Retrieve an array of roles matching specified conditions.
webmaster@1	1671 *
webmaster@1	1672 * @param $membersonly
webmaster@1	1673 * Set this to TRUE to exclude the 'anonymous' role.
webmaster@1	1674 * @param $permission
webmaster@1	1675 * A string containing a permission. If set, only roles containing that
webmaster@1	1676 * permission are returned.
webmaster@1	1677 *
webmaster@1	1678 * @return
webmaster@1	1679 * An associative array with the role id as the key and the role name as
webmaster@1	1680 * value.
webmaster@1	1681 */
webmaster@1	1682 function user_roles($membersonly = FALSE, $permission = NULL) {
webmaster@1	1683 // System roles take the first two positions.
webmaster@1	1684 $roles = array(
webmaster@1	1685 DRUPAL_ANONYMOUS_RID => NULL,
webmaster@1	1686 DRUPAL_AUTHENTICATED_RID => NULL,
webmaster@1	1687 );
webmaster@1	1688
webmaster@1	1689 if (!empty($permission)) {
webmaster@1	1690 $result = db_query("SELECT r.* FROM {role} r INNER JOIN {permission} p ON r.rid = p.rid WHERE p.perm LIKE '%%%s%%' ORDER BY r.name", $permission);
webmaster@1	1691 }
webmaster@1	1692 else {
webmaster@1	1693 $result = db_query('SELECT * FROM {role} ORDER BY name');
webmaster@1	1694 }
webmaster@1	1695
webmaster@1	1696 while ($role = db_fetch_object($result)) {
webmaster@1	1697 switch ($role->rid) {
webmaster@1	1698 // We only translate the built in role names
webmaster@1	1699 case DRUPAL_ANONYMOUS_RID:
webmaster@1	1700 if (!$membersonly) {
webmaster@1	1701 $roles[$role->rid] = t($role->name);
webmaster@1	1702 }
webmaster@1	1703 break;
webmaster@1	1704 case DRUPAL_AUTHENTICATED_RID:
webmaster@1	1705 $roles[$role->rid] = t($role->name);
webmaster@1	1706 break;
webmaster@1	1707 default:
webmaster@1	1708 $roles[$role->rid] = $role->name;
webmaster@1	1709 }
webmaster@1	1710 }
webmaster@1	1711
webmaster@1	1712 // Filter to remove unmatched system roles.
webmaster@1	1713 return array_filter($roles);
webmaster@1	1714 }
webmaster@1	1715
webmaster@1	1716 /**
webmaster@1	1717 * Implementation of hook_user_operations().
webmaster@1	1718 */
webmaster@1	1719 function user_user_operations($form_state = array()) {
webmaster@1	1720 $operations = array(
webmaster@1	1721 'unblock' => array(
webmaster@1	1722 'label' => t('Unblock the selected users'),
webmaster@1	1723 'callback' => 'user_user_operations_unblock',
webmaster@1	1724 ),
webmaster@1	1725 'block' => array(
webmaster@1	1726 'label' => t('Block the selected users'),
webmaster@1	1727 'callback' => 'user_user_operations_block',
webmaster@1	1728 ),
webmaster@1	1729 'delete' => array(
webmaster@1	1730 'label' => t('Delete the selected users'),
webmaster@1	1731 ),
webmaster@1	1732 );
webmaster@1	1733
webmaster@1	1734 if (user_access('administer permissions')) {
webmaster@1	1735 $roles = user_roles(TRUE);
webmaster@1	1736 unset($roles[DRUPAL_AUTHENTICATED_RID]); // Can't edit authenticated role.
webmaster@1	1737
webmaster@1	1738 $add_roles = array();
webmaster@1	1739 foreach ($roles as $key => $value) {
webmaster@1	1740 $add_roles['add_role-'. $key] = $value;
webmaster@1	1741 }
webmaster@1	1742
webmaster@1	1743 $remove_roles = array();
webmaster@1	1744 foreach ($roles as $key => $value) {
webmaster@1	1745 $remove_roles['remove_role-'. $key] = $value;
webmaster@1	1746 }
webmaster@1	1747
webmaster@1	1748 if (count($roles)) {
webmaster@1	1749 $role_operations = array(
webmaster@1	1750 t('Add a role to the selected users') => array(
webmaster@1	1751 'label' => $add_roles,
webmaster@1	1752 ),
webmaster@1	1753 t('Remove a role from the selected users') => array(
webmaster@1	1754 'label' => $remove_roles,
webmaster@1	1755 ),
webmaster@1	1756 );
webmaster@1	1757
webmaster@1	1758 $operations += $role_operations;
webmaster@1	1759 }
webmaster@1	1760 }
webmaster@1	1761
webmaster@1	1762 // If the form has been posted, we need to insert the proper data for
webmaster@1	1763 // role editing if necessary.
webmaster@1	1764 if (!empty($form_state['submitted'])) {
webmaster@1	1765 $operation_rid = explode('-', $form_state['values']['operation']);
webmaster@1	1766 $operation = $operation_rid[0];
webmaster@1	1767 if ($operation == 'add_role' \|\| $operation == 'remove_role') {
webmaster@1	1768 $rid = $operation_rid[1];
webmaster@1	1769 if (user_access('administer permissions')) {
webmaster@1	1770 $operations[$form_state['values']['operation']] = array(
webmaster@1	1771 'callback' => 'user_multiple_role_edit',
webmaster@1	1772 'callback arguments' => array($operation, $rid),
webmaster@1	1773 );
webmaster@1	1774 }
webmaster@1	1775 else {
webmaster@1	1776 watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING);
webmaster@1	1777 return;
webmaster@1	1778 }
webmaster@1	1779 }
webmaster@1	1780 }
webmaster@1	1781
webmaster@1	1782 return $operations;
webmaster@1	1783 }
webmaster@1	1784
webmaster@1	1785 /**
webmaster@1	1786 * Callback function for admin mass unblocking users.
webmaster@1	1787 */
webmaster@1	1788 function user_user_operations_unblock($accounts) {
webmaster@1	1789 foreach ($accounts as $uid) {
webmaster@1	1790 $account = user_load(array('uid' => (int)$uid));
webmaster@1	1791 // Skip unblocking user if they are already unblocked.
webmaster@1	1792 if ($account !== FALSE && $account->status == 0) {
webmaster@1	1793 user_save($account, array('status' => 1));
webmaster@1	1794 }
webmaster@1	1795 }
webmaster@1	1796 }
webmaster@1	1797
webmaster@1	1798 /**
webmaster@1	1799 * Callback function for admin mass blocking users.
webmaster@1	1800 */
webmaster@1	1801 function user_user_operations_block($accounts) {
webmaster@1	1802 foreach ($accounts as $uid) {
webmaster@1	1803 $account = user_load(array('uid' => (int)$uid));
webmaster@1	1804 // Skip blocking user if they are already blocked.
webmaster@1	1805 if ($account !== FALSE && $account->status == 1) {
webmaster@1	1806 user_save($account, array('status' => 0));
webmaster@1	1807 }
webmaster@1	1808 }
webmaster@1	1809 }
webmaster@1	1810
webmaster@1	1811 /**
webmaster@1	1812 * Callback function for admin mass adding/deleting a user role.
webmaster@1	1813 */
webmaster@1	1814 function user_multiple_role_edit($accounts, $operation, $rid) {
webmaster@1	1815 // The role name is not necessary as user_save() will reload the user
webmaster@1	1816 // object, but some modules' hook_user() may look at this first.
webmaster@1	1817 $role_name = db_result(db_query('SELECT name FROM {role} WHERE rid = %d', $rid));
webmaster@1	1818
webmaster@1	1819 switch ($operation) {
webmaster@1	1820 case 'add_role':
webmaster@1	1821 foreach ($accounts as $uid) {
webmaster@1	1822 $account = user_load(array('uid' => (int)$uid));
webmaster@1	1823 // Skip adding the role to the user if they already have it.
webmaster@1	1824 if ($account !== FALSE && !isset($account->roles[$rid])) {
webmaster@1	1825 $roles = $account->roles + array($rid => $role_name);
webmaster@1	1826 user_save($account, array('roles' => $roles));
webmaster@1	1827 }
webmaster@1	1828 }
webmaster@1	1829 break;
webmaster@1	1830 case 'remove_role':
webmaster@1	1831 foreach ($accounts as $uid) {
webmaster@1	1832 $account = user_load(array('uid' => (int)$uid));
webmaster@1	1833 // Skip removing the role from the user if they already don't have it.
webmaster@1	1834 if ($account !== FALSE && isset($account->roles[$rid])) {
webmaster@1	1835 $roles = array_diff($account->roles, array($rid => $role_name));
webmaster@1	1836 user_save($account, array('roles' => $roles));
webmaster@1	1837 }
webmaster@1	1838 }
webmaster@1	1839 break;
webmaster@1	1840 }
webmaster@1	1841 }
webmaster@1	1842
webmaster@1	1843 function user_multiple_delete_confirm(&$form_state) {
webmaster@1	1844 $edit = $form_state['post'];
webmaster@1	1845
webmaster@1	1846 $form['accounts'] = array('#prefix' => '<ul>', '#suffix' => '</ul>', '#tree' => TRUE);
webmaster@1	1847 // array_filter() returns only elements with TRUE values.
webmaster@1	1848 foreach (array_filter($edit['accounts']) as $uid => $value) {
webmaster@1	1849 $user = db_result(db_query('SELECT name FROM {users} WHERE uid = %d', $uid));
webmaster@1	1850 $form['accounts'][$uid] = array('#type' => 'hidden', '#value' => $uid, '#prefix' => '<li>', '#suffix' => check_plain($user) ."</li>\n");
webmaster@1	1851 }
webmaster@1	1852 $form['operation'] = array('#type' => 'hidden', '#value' => 'delete');
webmaster@1	1853
webmaster@1	1854 return confirm_form($form,
webmaster@1	1855 t('Are you sure you want to delete these users?'),
webmaster@1	1856 'admin/user/user', t('This action cannot be undone.'),
webmaster@1	1857 t('Delete all'), t('Cancel'));
webmaster@1	1858 }
webmaster@1	1859
webmaster@1	1860 function user_multiple_delete_confirm_submit($form, &$form_state) {
webmaster@1	1861 if ($form_state['values']['confirm']) {
webmaster@1	1862 foreach ($form_state['values']['accounts'] as $uid => $value) {
webmaster@1	1863 user_delete($form_state['values'], $uid);
webmaster@1	1864 }
webmaster@1	1865 drupal_set_message(t('The users have been deleted.'));
webmaster@1	1866 }
webmaster@1	1867 $form_state['redirect'] = 'admin/user/user';
webmaster@1	1868 return;
webmaster@1	1869 }
webmaster@1	1870
webmaster@1	1871 /**
webmaster@1	1872 * Implementation of hook_help().
webmaster@1	1873 */
webmaster@1	1874 function user_help($path, $arg) {
webmaster@1	1875 global $user;
webmaster@1	1876
webmaster@1	1877 switch ($path) {
webmaster@1	1878 case 'admin/help#user':
webmaster@1	1879 $output = '<p>'. t('The user module allows users to register, login, and log out. Users benefit from being able to sign on because it associates content they create with their account and allows various permissions to be set for their roles. The user module supports user roles which establish fine grained permissions allowing each role to do only what the administrator wants them to. Each user is assigned to one or more roles. By default there are two roles <em>anonymous</em> - a user who has not logged in, and <em>authenticated</em> a user who has signed up and who has been authorized.') .'</p>';
webmaster@1	1880 $output .= '<p>'. t("Users can use their own name or handle and can specify personal configuration settings through their individual <em>My account</em> page. Users must authenticate by supplying a local username and password or through their OpenID, an optional and secure method for logging into many websites with a single username and password. In some configurations, users may authenticate using a username and password from another Drupal site, or through some other site-specific mechanism.") .'</p>';
webmaster@1	1881 $output .= '<p>'. t('A visitor accessing your website is assigned a unique ID, or session ID, which is stored in a cookie. The cookie does not contain personal information, but acts as a key to retrieve information from your site. Users should have cookies enabled in their web browser when using your site.') .'</p>';
webmaster@1	1882 $output .= '<p>'. t('For more information, see the online handbook entry for <a href="@user">User module</a>.', array('@user' => 'http://drupal.org/handbook/modules/user/')) .'</p>';
webmaster@1	1883 return $output;
webmaster@1	1884 case 'admin/user/user':
webmaster@1	1885 return '<p>'. t('Drupal allows users to register, login, log out, maintain user profiles, etc. Users of the site may not use their own names to post content until they have signed up for a user account.') .'</p>';
webmaster@1	1886 case 'admin/user/user/create':
webmaster@1	1887 case 'admin/user/user/account/create':
webmaster@1	1888 return '<p>'. t("This web page allows administrators to register new users. Users' e-mail addresses and usernames must be unique.") .'</p>';
webmaster@1	1889 case 'admin/user/rules':
webmaster@1	1890 return '<p>'. t('Set up username and e-mail address access rules for new <em>and</em> existing accounts (currently logged in accounts will not be logged out). If a username or e-mail address for an account matches any deny rule, but not an allow rule, then the account will not be allowed to be created or to log in. A host rule is effective for every page view, not just registrations.') .'</p>';
webmaster@1	1891 case 'admin/user/permissions':
webmaster@1	1892 return '<p>'. t('Permissions let you control what users can do on your site. Each user role (defined on the <a href="@role">user roles page</a>) has its own set of permissions. For example, you could give users classified as "Administrators" permission to "administer nodes" but deny this power to ordinary, "authenticated" users. You can use permissions to reveal new features to privileged users (those with subscriptions, for example). Permissions also allow trusted users to share the administrative burden of running a busy site.', array('@role' => url('admin/user/roles'))) .'</p>';
webmaster@1	1893 case 'admin/user/roles':
webmaster@1	1894 return t('<p>Roles allow you to fine tune the security and administration of Drupal. A role defines a group of users that have certain privileges as defined in <a href="@permissions">user permissions</a>. Examples of roles include: anonymous user, authenticated user, moderator, administrator and so on. In this area you will define the <em>role names</em> of the various roles. To delete a role choose "edit".</p><p>By default, Drupal comes with two user roles:</p>
webmaster@1	1895 <ul>
webmaster@1	1896 <li>Anonymous user: this role is used for users that don\'t have a user account or that are not authenticated.</li>
webmaster@1	1897 <li>Authenticated user: this role is automatically granted to all logged in users.</li>
webmaster@1	1898 </ul>', array('@permissions' => url('admin/user/permissions')));
webmaster@1	1899 case 'admin/user/search':
webmaster@1	1900 return '<p>'. t('Enter a simple pattern ("*" may be used as a wildcard match) to search for a username or e-mail address. For example, one may search for "br" and Drupal might return "brian", "brad", and "brenda@example.com".') .'</p>';
webmaster@1	1901 }
webmaster@1	1902 }
webmaster@1	1903
webmaster@1	1904 /**
webmaster@1	1905 * Retrieve a list of all user setting/information categories and sort them by weight.
webmaster@1	1906 */
webmaster@1	1907 function _user_categories($account) {
webmaster@1	1908 $categories = array();
webmaster@1	1909
webmaster@1	1910 foreach (module_list() as $module) {
webmaster@1	1911 if ($data = module_invoke($module, 'user', 'categories', NULL, $account, '')) {
webmaster@1	1912 $categories = array_merge($data, $categories);
webmaster@1	1913 }
webmaster@1	1914 }
webmaster@1	1915
webmaster@1	1916 usort($categories, '_user_sort');
webmaster@1	1917
webmaster@1	1918 return $categories;
webmaster@1	1919 }
webmaster@1	1920
webmaster@1	1921 function _user_sort($a, $b) {
webmaster@1	1922 $a = (array)$a + array('weight' => 0, 'title' => '');
webmaster@1	1923 $b = (array)$b + array('weight' => 0, 'title' => '');
webmaster@1	1924 return $a['weight'] < $b['weight'] ? -1 : ($a['weight'] > $b['weight'] ? 1 : ($a['title'] < $b['title'] ? -1 : 1));
webmaster@1	1925 }
webmaster@1	1926
webmaster@1	1927 /**
webmaster@1	1928 * List user administration filters that can be applied.
webmaster@1	1929 */
webmaster@1	1930 function user_filters() {
webmaster@1	1931 // Regular filters
webmaster@1	1932 $filters = array();
webmaster@1	1933 $roles = user_roles(TRUE);
webmaster@1	1934 unset($roles[DRUPAL_AUTHENTICATED_RID]); // Don't list authorized role.
webmaster@1	1935 if (count($roles)) {
webmaster@1	1936 $filters['role'] = array(
webmaster@1	1937 'title' => t('role'),
webmaster@1	1938 'where' => "ur.rid = %d",
webmaster@1	1939 'options' => $roles,
webmaster@1	1940 'join' => '',
webmaster@1	1941 );
webmaster@1	1942 }
webmaster@1	1943
webmaster@1	1944 $options = array();
webmaster@1	1945 foreach (module_list() as $module) {
webmaster@1	1946 if ($permissions = module_invoke($module, 'perm')) {
webmaster@1	1947 asort($permissions);
webmaster@1	1948 foreach ($permissions as $permission) {
webmaster@1	1949 $options[t('@module module', array('@module' => $module))][$permission] = t($permission);
webmaster@1	1950 }
webmaster@1	1951 }
webmaster@1	1952 }
webmaster@1	1953 ksort($options);
webmaster@1	1954 $filters['permission'] = array(
webmaster@1	1955 'title' => t('permission'),
webmaster@1	1956 'join' => 'LEFT JOIN {permission} p ON ur.rid = p.rid',
webmaster@1	1957 'where' => " ((p.perm IS NOT NULL AND p.perm LIKE '%%%s%%') OR u.uid = 1) ",
webmaster@1	1958 'options' => $options,
webmaster@1	1959 );
webmaster@1	1960
webmaster@1	1961 $filters['status'] = array(
webmaster@1	1962 'title' => t('status'),
webmaster@1	1963 'where' => 'u.status = %d',
webmaster@1	1964 'join' => '',
webmaster@1	1965 'options' => array(1 => t('active'), 0 => t('blocked')),
webmaster@1	1966 );
webmaster@1	1967 return $filters;
webmaster@1	1968 }
webmaster@1	1969
webmaster@1	1970 /**
webmaster@1	1971 * Build query for user administration filters based on session.
webmaster@1	1972 */
webmaster@1	1973 function user_build_filter_query() {
webmaster@1	1974 $filters = user_filters();
webmaster@1	1975
webmaster@1	1976 // Build query
webmaster@1	1977 $where = $args = $join = array();
webmaster@1	1978 foreach ($_SESSION['user_overview_filter'] as $filter) {
webmaster@1	1979 list($key, $value) = $filter;
webmaster@1	1980 // This checks to see if this permission filter is an enabled permission for
webmaster@1	1981 // the authenticated role. If so, then all users would be listed, and we can
webmaster@1	1982 // skip adding it to the filter query.
webmaster@1	1983 if ($key == 'permission') {
webmaster@1	1984 $account = new stdClass();
webmaster@1	1985 $account->uid = 'user_filter';
webmaster@1	1986 $account->roles = array(DRUPAL_AUTHENTICATED_RID => 1);
webmaster@1	1987 if (user_access($value, $account)) {
webmaster@1	1988 continue;
webmaster@1	1989 }
webmaster@1	1990 }
webmaster@1	1991 $where[] = $filters[$key]['where'];
webmaster@1	1992 $args[] = $value;
webmaster@1	1993 $join[] = $filters[$key]['join'];
webmaster@1	1994 }
webmaster@1	1995 $where = !empty($where) ? 'AND '. implode(' AND ', $where) : '';
webmaster@1	1996 $join = !empty($join) ? ' '. implode(' ', array_unique($join)) : '';
webmaster@1	1997
webmaster@1	1998 return array('where' => $where,
webmaster@1	1999 'join' => $join,
webmaster@1	2000 'args' => $args,
webmaster@1	2001 );
webmaster@1	2002 }
webmaster@1	2003
webmaster@1	2004 /**
webmaster@1	2005 * Implementation of hook_forms().
webmaster@1	2006 */
webmaster@1	2007 function user_forms() {
webmaster@1	2008 $forms['user_admin_access_add_form']['callback'] = 'user_admin_access_form';
webmaster@1	2009 $forms['user_admin_access_edit_form']['callback'] = 'user_admin_access_form';
webmaster@1	2010 $forms['user_admin_new_role']['callback'] = 'user_admin_role';
webmaster@1	2011 return $forms;
webmaster@1	2012 }
webmaster@1	2013
webmaster@1	2014 /**
webmaster@1	2015 * Implementation of hook_comment().
webmaster@1	2016 */
webmaster@1	2017 function user_comment(&$comment, $op) {
webmaster@1	2018 // Validate signature.
webmaster@1	2019 if ($op == 'view') {
webmaster@1	2020 if (variable_get('user_signatures', 0) && !empty($comment->signature)) {
webmaster@1	2021 $comment->signature = check_markup($comment->signature, $comment->format);
webmaster@1	2022 }
webmaster@1	2023 else {
webmaster@1	2024 $comment->signature = '';
webmaster@1	2025 }
webmaster@1	2026 }
webmaster@1	2027 }
webmaster@1	2028
webmaster@1	2029 /**
webmaster@1	2030 * Theme output of user signature.
webmaster@1	2031 *
webmaster@1	2032 * @ingroup themeable
webmaster@1	2033 */
webmaster@1	2034 function theme_user_signature($signature) {
webmaster@1	2035 $output = '';
webmaster@1	2036 if ($signature) {
webmaster@1	2037 $output .= '<div class="clear">';
webmaster@1	2038 $output .= '<div>—</div>';
webmaster@1	2039 $output .= $signature;
webmaster@1	2040 $output .= '</div>';
webmaster@1	2041 }
webmaster@1	2042
webmaster@1	2043 return $output;
webmaster@1	2044 }
webmaster@1	2045
webmaster@1	2046 /**
webmaster@1	2047 * Return an array of token to value mappings for user e-mail messages.
webmaster@1	2048 *
webmaster@1	2049 * @param $account
webmaster@1	2050 * The user object of the account being notified. Must contain at
webmaster@1	2051 * least the fields 'uid', 'name', and 'mail'.
webmaster@1	2052 * @param $language
webmaster@1	2053 * Language object to generate the tokens with.
webmaster@1	2054 * @return
webmaster@1	2055 * Array of mappings from token names to values (for use with strtr()).
webmaster@1	2056 */
webmaster@1	2057 function user_mail_tokens($account, $language) {
webmaster@1	2058 global $base_url;
webmaster@1	2059 $tokens = array(
webmaster@1	2060 '!username' => $account->name,
webmaster@1	2061 '!site' => variable_get('site_name', 'Drupal'),
webmaster@1	2062 '!login_url' => user_pass_reset_url($account),
webmaster@1	2063 '!uri' => $base_url,
webmaster@1	2064 '!uri_brief' => substr($base_url, strlen('http://')),
webmaster@1	2065 '!mailto' => $account->mail,
webmaster@1	2066 '!date' => format_date(time(), 'medium', '', NULL, $language->language),
webmaster@1	2067 '!login_uri' => url('user', array('absolute' => TRUE, 'language' => $language)),
webmaster@1	2068 '!edit_uri' => url('user/'. $account->uid .'/edit', array('absolute' => TRUE, 'language' => $language)),
webmaster@1	2069 );
webmaster@1	2070 if (!empty($account->password)) {
webmaster@1	2071 $tokens['!password'] = $account->password;
webmaster@1	2072 }
webmaster@1	2073 return $tokens;
webmaster@1	2074 }
webmaster@1	2075
webmaster@1	2076 /**
webmaster@1	2077 * Get the language object preferred by the user. This user preference can
webmaster@1	2078 * be set on the user account editing page, and is only available if there
webmaster@1	2079 * are more than one languages enabled on the site. If the user did not
webmaster@1	2080 * choose a preferred language, or is the anonymous user, the $default
webmaster@1	2081 * value, or if it is not set, the site default language will be returned.
webmaster@1	2082 *
webmaster@1	2083 * @param $account
webmaster@1	2084 * User account to look up language for.
webmaster@1	2085 * @param $default
webmaster@1	2086 * Optional default language object to return if the account
webmaster@1	2087 * has no valid language.
webmaster@1	2088 */
webmaster@1	2089 function user_preferred_language($account, $default = NULL) {
webmaster@1	2090 $language_list = language_list();
webmaster@1	2091 if ($account->language && isset($language_list[$account->language])) {
webmaster@1	2092 return $language_list[$account->language];
webmaster@1	2093 }
webmaster@1	2094 else {
webmaster@1	2095 return $default ? $default : language_default();
webmaster@1	2096 }
webmaster@1	2097 }
webmaster@1	2098
webmaster@1	2099 /**
webmaster@1	2100 * Conditionally create and send a notification email when a certain
webmaster@1	2101 * operation happens on the given user account.
webmaster@1	2102 *
webmaster@1	2103 * @see user_mail_tokens()
webmaster@1	2104 * @see drupal_mail()
webmaster@1	2105 *
webmaster@1	2106 * @param $op
webmaster@1	2107 * The operation being performed on the account. Possible values:
webmaster@1	2108 * 'register_admin_created': Welcome message for user created by the admin
webmaster@1	2109 * 'register_no_approval_required': Welcome message when user self-registers
webmaster@1	2110 * 'register_pending_approval': Welcome message, user pending admin approval
webmaster@1	2111 * 'password_reset': Password recovery request
webmaster@1	2112 * 'status_activated': Account activated
webmaster@1	2113 * 'status_blocked': Account blocked
webmaster@1	2114 * 'status_deleted': Account deleted
webmaster@1	2115 *
webmaster@1	2116 * @param $account
webmaster@1	2117 * The user object of the account being notified. Must contain at
webmaster@1	2118 * least the fields 'uid', 'name', and 'mail'.
webmaster@1	2119 * @param $language
webmaster@1	2120 * Optional language to use for the notification, overriding account language.
webmaster@1	2121 * @return
webmaster@1	2122 * The return value from drupal_mail_send(), if ends up being called.
webmaster@1	2123 */
webmaster@1	2124 function _user_mail_notify($op, $account, $language = NULL) {
webmaster@1	2125 // By default, we always notify except for deleted and blocked.
webmaster@1	2126 $default_notify = ($op != 'status_deleted' && $op != 'status_blocked');
webmaster@1	2127 $notify = variable_get('user_mail_'. $op .'_notify', $default_notify);
webmaster@1	2128 if ($notify) {
webmaster@1	2129 $params['account'] = $account;
webmaster@1	2130 $language = $language ? $language : user_preferred_language($account);
webmaster@1	2131 $mail = drupal_mail('user', $op, $account->mail, $language, $params);
webmaster@1	2132 if ($op == 'register_pending_approval') {
webmaster@1	2133 // If a user registered requiring admin approval, notify the admin, too.
webmaster@1	2134 // We use the site default language for this.
webmaster@1	2135 drupal_mail('user', 'register_pending_approval_admin', variable_get('site_mail', ini_get('sendmail_from')), language_default(), $params);
webmaster@1	2136 }
webmaster@1	2137 }
webmaster@1	2138 return empty($mail) ? NULL : $mail['result'];
webmaster@1	2139 }
webmaster@1	2140
webmaster@1	2141 /**
webmaster@1	2142 * Add javascript and string translations for dynamic password validation
webmaster@1	2143 * (strength and confirmation checking).
webmaster@1	2144 *
webmaster@1	2145 * This is an internal function that makes it easier to manage the translation
webmaster@1	2146 * strings that need to be passed to the javascript code.
webmaster@1	2147 */
webmaster@1	2148 function _user_password_dynamic_validation() {
webmaster@1	2149 static $complete = FALSE;
webmaster@1	2150 global $user;
webmaster@1	2151 // Only need to do once per page.
webmaster@1	2152 if (!$complete) {
webmaster@1	2153 drupal_add_js(drupal_get_path('module', 'user') .'/user.js', 'module');
webmaster@1	2154
webmaster@1	2155 drupal_add_js(array(
webmaster@1	2156 'password' => array(
webmaster@1	2157 'strengthTitle' => t('Password strength:'),
webmaster@1	2158 'lowStrength' => t('Low'),
webmaster@1	2159 'mediumStrength' => t('Medium'),
webmaster@1	2160 'highStrength' => t('High'),
webmaster@1	2161 'tooShort' => t('It is recommended to choose a password that contains at least six characters. It should include numbers, punctuation, and both upper and lowercase letters.'),
webmaster@1	2162 'needsMoreVariation' => t('The password does not include enough variation to be secure. Try:'),
webmaster@1	2163 'addLetters' => t('Adding both upper and lowercase letters.'),
webmaster@1	2164 'addNumbers' => t('Adding numbers.'),
webmaster@1	2165 'addPunctuation' => t('Adding punctuation.'),
webmaster@1	2166 'sameAsUsername' => t('It is recommended to choose a password different from the username.'),
webmaster@1	2167 'confirmSuccess' => t('Yes'),
webmaster@1	2168 'confirmFailure' => t('No'),
webmaster@1	2169 'confirmTitle' => t('Passwords match:'),
webmaster@1	2170 'username' => (isset($user->name) ? $user->name : ''))),
webmaster@1	2171 'setting');
webmaster@1	2172 $complete = TRUE;
webmaster@1	2173 }
webmaster@1	2174 }
webmaster@1	2175
webmaster@1	2176 /**
webmaster@1	2177 * Implementation of hook_hook_info().
webmaster@1	2178 */
webmaster@1	2179 function user_hook_info() {
webmaster@1	2180 return array(
webmaster@1	2181 'user' => array(
webmaster@1	2182 'user' => array(
webmaster@1	2183 'insert' => array(
webmaster@1	2184 'runs when' => t('After a user account has been created'),
webmaster@1	2185 ),
webmaster@1	2186 'update' => array(
webmaster@1	2187 'runs when' => t("After a user's profile has been updated"),
webmaster@1	2188 ),
webmaster@1	2189 'delete' => array(
webmaster@1	2190 'runs when' => t('After a user has been deleted')
webmaster@1	2191 ),
webmaster@1	2192 'login' => array(
webmaster@1	2193 'runs when' => t('After a user has logged in')
webmaster@1	2194 ),
webmaster@1	2195 'logout' => array(
webmaster@1	2196 'runs when' => t('After a user has logged out')
webmaster@1	2197 ),
webmaster@1	2198 'view' => array(
webmaster@1	2199 'runs when' => t("When a user's profile is being viewed")
webmaster@1	2200 ),
webmaster@1	2201 ),
webmaster@1	2202 ),
webmaster@1	2203 );
webmaster@1	2204 }
webmaster@1	2205
webmaster@1	2206 /**
webmaster@1	2207 * Implementation of hook_action_info().
webmaster@1	2208 */
webmaster@1	2209 function user_action_info() {
webmaster@1	2210 return array(
webmaster@1	2211 'user_block_user_action' => array(
webmaster@1	2212 'description' => t('Block current user'),
webmaster@1	2213 'type' => 'user',
webmaster@1	2214 'configurable' => FALSE,
webmaster@1	2215 'hooks' => array(),
webmaster@1	2216 ),
webmaster@1	2217 'user_block_ip_action' => array(
webmaster@1	2218 'description' => t('Ban IP address of current user'),
webmaster@1	2219 'type' => 'user',
webmaster@1	2220 'configurable' => FALSE,
webmaster@1	2221 'hooks' => array(),
webmaster@1	2222 ),
webmaster@1	2223 );
webmaster@1	2224 }
webmaster@1	2225
webmaster@1	2226 /**
webmaster@1	2227 * Implementation of a Drupal action.
webmaster@1	2228 * Blocks the current user.
webmaster@1	2229 */
webmaster@1	2230 function user_block_user_action(&$object, $context = array()) {
webmaster@1	2231 if (isset($object->uid)) {
webmaster@1	2232 $uid = $object->uid;
webmaster@1	2233 }
webmaster@1	2234 elseif (isset($context['uid'])) {
webmaster@1	2235 $uid = $context['uid'];
webmaster@1	2236 }
webmaster@1	2237 else {
webmaster@1	2238 global $user;
webmaster@1	2239 $uid = $user->uid;
webmaster@1	2240 }
webmaster@1	2241 db_query("UPDATE {users} SET status = 0 WHERE uid = %d", $uid);
webmaster@1	2242 sess_destroy_uid($uid);
webmaster@1	2243 watchdog('action', 'Blocked user %name.', array('%name' => check_plain($user->name)));
webmaster@1	2244 }
webmaster@1	2245
webmaster@1	2246 /**
webmaster@1	2247 * Implementation of a Drupal action.
webmaster@1	2248 * Adds an access rule that blocks the user's IP address.
webmaster@1	2249 */
webmaster@1	2250 function user_block_ip_action() {
webmaster@1	2251 $ip = ip_address();
webmaster@1	2252 db_query("INSERT INTO {access} (mask, type, status) VALUES ('%s', '%s', %d)", $ip, 'host', 0);
webmaster@1	2253 watchdog('action', 'Banned IP address %ip', array('%ip' => $ip));
webmaster@1	2254 }
webmaster@1	2255
webmaster@1	2256 /**
webmaster@1	2257 * Submit handler for the user registration form.
webmaster@1	2258 *
webmaster@1	2259 * This function is shared by the installation form and the normal registration form,
webmaster@1	2260 * which is why it can't be in the user.pages.inc file.
webmaster@1	2261 */
webmaster@1	2262 function user_register_submit($form, &$form_state) {
webmaster@1	2263 global $base_url;
webmaster@1	2264 $admin = user_access('administer users');
webmaster@1	2265
webmaster@1	2266 $mail = $form_state['values']['mail'];
webmaster@1	2267 $name = $form_state['values']['name'];
webmaster@1	2268 if (!variable_get('user_email_verification', TRUE) \|\| $admin) {
webmaster@1	2269 $pass = $form_state['values']['pass'];
webmaster@1	2270 }
webmaster@1	2271 else {
webmaster@1	2272 $pass = user_password();
webmaster@1	2273 };
webmaster@1	2274 $notify = isset($form_state['values']['notify']) ? $form_state['values']['notify'] : NULL;
webmaster@1	2275 $from = variable_get('site_mail', ini_get('sendmail_from'));
webmaster@1	2276 if (isset($form_state['values']['roles'])) {
webmaster@1	2277 // Remove unset roles.
webmaster@1	2278 $roles = array_filter($form_state['values']['roles']);
webmaster@1	2279 }
webmaster@1	2280 else {
webmaster@1	2281 $roles = array();
webmaster@1	2282 }
webmaster@1	2283
webmaster@1	2284 if (!$admin && array_intersect(array_keys($form_state['values']), array('uid', 'roles', 'init', 'session', 'status'))) {
webmaster@1	2285 watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING);
webmaster@1	2286 $form_state['redirect'] = 'user/register';
webmaster@1	2287 return;
webmaster@1	2288 }
webmaster@1	2289 // The unset below is needed to prevent these form values from being saved as
webmaster@1	2290 // user data.
webmaster@1	2291 unset($form_state['values']['form_token'], $form_state['values']['submit'], $form_state['values']['op'], $form_state['values']['notify'], $form_state['values']['form_id'], $form_state['values']['affiliates'], $form_state['values']['destination']);
webmaster@1	2292
webmaster@1	2293 $merge_data = array('pass' => $pass, 'init' => $mail, 'roles' => $roles);
webmaster@1	2294 if (!$admin) {
webmaster@1	2295 // Set the user's status because it was not displayed in the form.
webmaster@1	2296 $merge_data['status'] = variable_get('user_register', 1) == 1;
webmaster@1	2297 }
webmaster@1	2298 $account = user_save('', array_merge($form_state['values'], $merge_data));
webmaster@1	2299 // Terminate if an error occured during user_save().
webmaster@1	2300 if (!$account) {
webmaster@1	2301 drupal_set_message(t("Error saving user account."), 'error');
webmaster@1	2302 $form_state['redirect'] = '';
webmaster@1	2303 return;
webmaster@1	2304 }
webmaster@1	2305 $form_state['user'] = $account;
webmaster@1	2306
webmaster@1	2307 watchdog('user', 'New user: %name (%email).', array('%name' => $name, '%email' => $mail), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $account->uid .'/edit'));
webmaster@1	2308
webmaster@1	2309 // The first user may login immediately, and receives a customized welcome e-mail.
webmaster@1	2310 if ($account->uid == 1) {
webmaster@1	2311 drupal_set_message(t('Welcome to Drupal. You are now logged in as user #1, which gives you full control over your website.'));
webmaster@1	2312 if (variable_get('user_email_verification', TRUE)) {
webmaster@1	2313 drupal_set_message(t('</p><p> Your password is <strong>%pass</strong>. You may change your password below.</p>', array('%pass' => $pass)));
webmaster@1	2314 }
webmaster@1	2315
webmaster@1	2316 user_authenticate(array_merge($form_state['values'], $merge_data));
webmaster@1	2317
webmaster@1	2318 $form_state['redirect'] = 'user/1/edit';
webmaster@1	2319 return;
webmaster@1	2320 }
webmaster@1	2321 else {
webmaster@1	2322 // Add plain text password into user account to generate mail tokens.
webmaster@1	2323 $account->password = $pass;
webmaster@1	2324 if ($admin && !$notify) {
webmaster@1	2325 drupal_set_message(t('Created a new user account for <a href="@url">%name</a>. No e-mail has been sent.', array('@url' => url("user/$account->uid"), '%name' => $account->name)));
webmaster@1	2326 }
webmaster@1	2327 else if (!variable_get('user_email_verification', TRUE) && $account->status && !$admin) {
webmaster@1	2328 // No e-mail verification is required, create new user account, and login
webmaster@1	2329 // user immediately.
webmaster@1	2330 _user_mail_notify('register_no_approval_required', $account);
webmaster@1	2331 if (user_authenticate(array_merge($form_state['values'], $merge_data))) {
webmaster@1	2332 drupal_set_message(t('Registration successful. You are now logged in.'));
webmaster@1	2333 }
webmaster@1	2334 $form_state['redirect'] = '';
webmaster@1	2335 return;
webmaster@1	2336 }
webmaster@1	2337 else if ($account->status \|\| $notify) {
webmaster@1	2338 // Create new user account, no administrator approval required.
webmaster@1	2339 $op = $notify ? 'register_admin_created' : 'register_no_approval_required';
webmaster@1	2340 _user_mail_notify($op, $account);
webmaster@1	2341 if ($notify) {
webmaster@1	2342 drupal_set_message(t('Password and further instructions have been e-mailed to the new user <a href="@url">%name</a>.', array('@url' => url("user/$account->uid"), '%name' => $account->name)));
webmaster@1	2343 }
webmaster@1	2344 else {
webmaster@1	2345 drupal_set_message(t('Your password and further instructions have been sent to your e-mail address.'));
webmaster@1	2346 $form_state['redirect'] = '';
webmaster@1	2347 return;
webmaster@1	2348 }
webmaster@1	2349 }
webmaster@1	2350 else {
webmaster@1	2351 // Create new user account, administrator approval required.
webmaster@1	2352 _user_mail_notify('register_pending_approval', $account);
webmaster@1	2353 drupal_set_message(t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.<br />In the meantime, a welcome message with further instructions has been sent to your e-mail address.'));
webmaster@1	2354 $form_state['redirect'] = '';
webmaster@1	2355 return;
webmaster@1	2356
webmaster@1	2357 }
webmaster@1	2358 }
webmaster@1	2359 }
webmaster@1	2360
webmaster@1	2361 /**
webmaster@1	2362 * Form builder; The user registration form.
webmaster@1	2363 *
webmaster@1	2364 * @ingroup forms
webmaster@1	2365 * @see user_register_validate()
webmaster@1	2366 * @see user_register_submit()
webmaster@1	2367 */
webmaster@1	2368 function user_register() {
webmaster@1	2369 global $user;
webmaster@1	2370
webmaster@1	2371 $admin = user_access('administer users');
webmaster@1	2372
webmaster@1	2373 // If we aren't admin but already logged on, go to the user page instead.
webmaster@1	2374 if (!$admin && $user->uid) {
webmaster@1	2375 drupal_goto('user/'. $user->uid);
webmaster@1	2376 }
webmaster@1	2377
webmaster@1	2378 $form = array();
webmaster@1	2379
webmaster@1	2380 // Display the registration form.
webmaster@1	2381 if (!$admin) {
webmaster@1	2382 $form['user_registration_help'] = array('#value' => filter_xss_admin(variable_get('user_registration_help', '')));
webmaster@1	2383 }
webmaster@1	2384
webmaster@1	2385 // Merge in the default user edit fields.
webmaster@1	2386 $form = array_merge($form, user_edit_form($form_state, NULL, NULL, TRUE));
webmaster@1	2387 if ($admin) {
webmaster@1	2388 $form['account']['notify'] = array(
webmaster@1	2389 '#type' => 'checkbox',
webmaster@1	2390 '#title' => t('Notify user of new account')
webmaster@1	2391 );
webmaster@1	2392 // Redirect back to page which initiated the create request;
webmaster@1	2393 // usually admin/user/user/create.
webmaster@1	2394 $form['destination'] = array('#type' => 'hidden', '#value' => $_GET['q']);
webmaster@1	2395 }
webmaster@1	2396
webmaster@1	2397 // Create a dummy variable for pass-by-reference parameters.
webmaster@1	2398 $null = NULL;
webmaster@1	2399 $extra = _user_forms($null, NULL, NULL, 'register');
webmaster@1	2400
webmaster@1	2401 // Remove form_group around default fields if there are no other groups.
webmaster@1	2402 if (!$extra) {
webmaster@1	2403 foreach (array('name', 'mail', 'pass', 'status', 'roles', 'notify') as $key) {
webmaster@1	2404 if (isset($form['account'][$key])) {
webmaster@1	2405 $form[$key] = $form['account'][$key];
webmaster@1	2406 }
webmaster@1	2407 }
webmaster@1	2408 unset($form['account']);
webmaster@1	2409 }
webmaster@1	2410 else {
webmaster@1	2411 $form = array_merge($form, $extra);
webmaster@1	2412 }
webmaster@1	2413
webmaster@1	2414 if (variable_get('configurable_timezones', 1)) {
webmaster@1	2415 // Override field ID, so we only change timezone on user registration,
webmaster@1	2416 // and never touch it on user edit pages.
webmaster@1	2417 $form['timezone'] = array(
webmaster@1	2418 '#type' => 'hidden',
webmaster@1	2419 '#default_value' => variable_get('date_default_timezone', NULL),
webmaster@1	2420 '#id' => 'edit-user-register-timezone',
webmaster@1	2421 );
webmaster@1	2422
webmaster@1	2423 // Add the JavaScript callback to automatically set the timezone.
webmaster@1	2424 drupal_add_js('
webmaster@1	2425 // Global Killswitch
webmaster@1	2426 if (Drupal.jsEnabled) {
webmaster@1	2427 $(document).ready(function() {
webmaster@1	2428 Drupal.setDefaultTimezone();
webmaster@1	2429 });
webmaster@1	2430 }', 'inline');
webmaster@1	2431 }
webmaster@1	2432
webmaster@1	2433 $form['submit'] = array('#type' => 'submit', '#value' => t('Create new account'), '#weight' => 30);
webmaster@1	2434 $form['#validate'][] = 'user_register_validate';
webmaster@1	2435
webmaster@1	2436 return $form;
webmaster@1	2437 }
webmaster@1	2438
webmaster@1	2439 function user_register_validate($form, &$form_state) {
webmaster@1	2440 user_module_invoke('validate', $form_state['values'], $form_state['values'], 'account');
webmaster@1	2441 }
webmaster@1	2442
webmaster@1	2443 /**
webmaster@1	2444 * Retrieve a list of all form elements for the specified category.
webmaster@1	2445 */
webmaster@1	2446 function _user_forms(&$edit, $account, $category, $hook = 'form') {
webmaster@1	2447 $groups = array();
webmaster@1	2448 foreach (module_list() as $module) {
webmaster@1	2449 if ($data = module_invoke($module, 'user', $hook, $edit, $account, $category)) {
webmaster@1	2450 $groups = array_merge_recursive($data, $groups);
webmaster@1	2451 }
webmaster@1	2452 }
webmaster@1	2453 uasort($groups, '_user_sort');
webmaster@1	2454
webmaster@1	2455 return empty($groups) ? FALSE : $groups;
webmaster@1	2456 }

Mercurial > defr > drupal > core

annotate modules/user/user.module @ 7:fff6d4c8c043 6.3