Mercurial > defr > drupal > core

annotate modules/user/user.module @ 20:e3d20ebd63d1 tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added tag 6.9 for changeset 3edae6ecd6c6
author Franck Deroche <franck@defr.org>
date Thu, 15 Jan 2009 10:16:10 +0100
parents 3edae6ecd6c6
children
rev   line source
webmaster@1 1 <?php
franck@19 2 // $Id: user.module,v 1.892.2.11 2009/01/14 23:34:08 goba Exp $
webmaster@1 3
webmaster@1 4 /**
webmaster@1 5 * @file
webmaster@1 6 * Enables the user registration and login system.
webmaster@1 7 */
webmaster@1 8
webmaster@1 9 define('USERNAME_MAX_LENGTH', 60);
webmaster@1 10 define('EMAIL_MAX_LENGTH', 64);
webmaster@1 11
webmaster@1 12 /**
webmaster@1 13 * Invokes hook_user() in every module.
webmaster@1 14 *
webmaster@1 15 * We cannot use module_invoke() for this, because the arguments need to
webmaster@1 16 * be passed by reference.
webmaster@1 17 */
webmaster@1 18 function user_module_invoke($type, &$array, &$user, $category = NULL) {
webmaster@1 19 foreach (module_list() as $module) {
webmaster@1 20 $function = $module .'_user';
webmaster@1 21 if (function_exists($function)) {
webmaster@1 22 $function($type, $array, $user, $category);
webmaster@1 23 }
webmaster@1 24 }
webmaster@1 25 }
webmaster@1 26
webmaster@1 27 /**
webmaster@1 28 * Implementation of hook_theme().
webmaster@1 29 */
webmaster@1 30 function user_theme() {
webmaster@1 31 return array(
webmaster@1 32 'user_picture' => array(
webmaster@1 33 'arguments' => array('account' => NULL),
webmaster@1 34 'template' => 'user-picture',
webmaster@1 35 ),
webmaster@1 36 'user_profile' => array(
webmaster@1 37 'arguments' => array('account' => NULL),
webmaster@1 38 'template' => 'user-profile',
webmaster@1 39 'file' => 'user.pages.inc',
webmaster@1 40 ),
webmaster@1 41 'user_profile_category' => array(
webmaster@1 42 'arguments' => array('element' => NULL),
webmaster@1 43 'template' => 'user-profile-category',
webmaster@1 44 'file' => 'user.pages.inc',
webmaster@1 45 ),
webmaster@1 46 'user_profile_item' => array(
webmaster@1 47 'arguments' => array('element' => NULL),
webmaster@1 48 'template' => 'user-profile-item',
webmaster@1 49 'file' => 'user.pages.inc',
webmaster@1 50 ),
webmaster@1 51 'user_list' => array(
webmaster@1 52 'arguments' => array('users' => NULL, 'title' => NULL),
webmaster@1 53 ),
webmaster@1 54 'user_admin_perm' => array(
webmaster@1 55 'arguments' => array('form' => NULL),
webmaster@1 56 'file' => 'user.admin.inc',
webmaster@1 57 ),
webmaster@1 58 'user_admin_new_role' => array(
webmaster@1 59 'arguments' => array('form' => NULL),
webmaster@1 60 'file' => 'user.admin.inc',
webmaster@1 61 ),
webmaster@1 62 'user_admin_account' => array(
webmaster@1 63 'arguments' => array('form' => NULL),
webmaster@1 64 'file' => 'user.admin.inc',
webmaster@1 65 ),
webmaster@1 66 'user_filter_form' => array(
webmaster@1 67 'arguments' => array('form' => NULL),
webmaster@1 68 'file' => 'user.admin.inc',
webmaster@1 69 ),
webmaster@1 70 'user_filters' => array(
webmaster@1 71 'arguments' => array('form' => NULL),
webmaster@1 72 'file' => 'user.admin.inc',
webmaster@1 73 ),
webmaster@1 74 'user_signature' => array(
webmaster@1 75 'arguments' => array('signature' => NULL),
webmaster@1 76 ),
webmaster@1 77 );
webmaster@1 78 }
webmaster@1 79
webmaster@1 80 function user_external_load($authname) {
webmaster@1 81 $result = db_query("SELECT uid FROM {authmap} WHERE authname = '%s'", $authname);
webmaster@1 82
webmaster@1 83 if ($user = db_fetch_array($result)) {
webmaster@1 84 return user_load($user);
webmaster@1 85 }
webmaster@1 86 else {
webmaster@1 87 return 0;
webmaster@1 88 }
webmaster@1 89 }
webmaster@1 90
webmaster@1 91 /**
webmaster@1 92 * Perform standard Drupal login operations for a user object.
webmaster@1 93 *
webmaster@1 94 * The user object must already be authenticated. This function verifies
webmaster@1 95 * that the user account is not blocked/denied and then performs the login,
webmaster@1 96 * updates the login timestamp in the database, invokes hook_user('login'),
webmaster@1 97 * and regenerates the session.
webmaster@1 98 *
webmaster@1 99 * @param $account
webmaster@1 100 * An authenticated user object to be set as the currently logged
webmaster@1 101 * in user.
webmaster@1 102 * @param $edit
webmaster@1 103 * The array of form values submitted by the user, if any.
webmaster@1 104 * This array is passed to hook_user op login.
webmaster@1 105 * @return boolean
webmaster@1 106 * TRUE if the login succeeds, FALSE otherwise.
webmaster@1 107 */
webmaster@1 108 function user_external_login($account, $edit = array()) {
webmaster@1 109 $form = drupal_get_form('user_login');
webmaster@1 110
webmaster@1 111 $state['values'] = $edit;
webmaster@1 112 if (empty($state['values']['name'])) {
webmaster@1 113 $state['values']['name'] = $account->name;
webmaster@1 114 }
webmaster@1 115
webmaster@1 116 // Check if user is blocked or denied by access rules.
webmaster@1 117 user_login_name_validate($form, $state, (array)$account);
webmaster@1 118 if (form_get_errors()) {
webmaster@1 119 // Invalid login.
webmaster@1 120 return FALSE;
webmaster@1 121 }
webmaster@1 122
webmaster@1 123 // Valid login.
webmaster@1 124 global $user;
webmaster@1 125 $user = $account;
webmaster@1 126 user_authenticate_finalize($state['values']);
webmaster@1 127 return TRUE;
webmaster@1 128 }
webmaster@1 129
webmaster@1 130 /**
webmaster@1 131 * Fetch a user object.
webmaster@1 132 *
webmaster@1 133 * @param $array
webmaster@1 134 * An associative array of attributes to search for in selecting the
webmaster@1 135 * user, such as user name or e-mail address.
webmaster@1 136 *
webmaster@1 137 * @return
webmaster@1 138 * A fully-loaded $user object upon successful user load or FALSE if user
webmaster@1 139 * cannot be loaded.
webmaster@1 140 */
webmaster@1 141 function user_load($array = array()) {
webmaster@1 142 // Dynamically compose a SQL query:
webmaster@1 143 $query = array();
webmaster@1 144 $params = array();
webmaster@1 145
webmaster@1 146 if (is_numeric($array)) {
webmaster@1 147 $array = array('uid' => $array);
webmaster@1 148 }
webmaster@1 149 elseif (!is_array($array)) {
webmaster@1 150 return FALSE;
webmaster@1 151 }
webmaster@1 152
webmaster@1 153 foreach ($array as $key => $value) {
webmaster@1 154 if ($key == 'uid' || $key == 'status') {
webmaster@1 155 $query[] = "$key = %d";
webmaster@1 156 $params[] = $value;
webmaster@1 157 }
webmaster@1 158 else if ($key == 'pass') {
webmaster@1 159 $query[] = "pass = '%s'";
webmaster@1 160 $params[] = md5($value);
webmaster@1 161 }
webmaster@1 162 else {
webmaster@1 163 $query[]= "LOWER($key) = LOWER('%s')";
webmaster@1 164 $params[] = $value;
webmaster@1 165 }
webmaster@1 166 }
webmaster@1 167 $result = db_query('SELECT * FROM {users} u WHERE '. implode(' AND ', $query), $params);
webmaster@1 168
webmaster@1 169 if ($user = db_fetch_object($result)) {
webmaster@1 170 $user = drupal_unpack($user);
webmaster@1 171
webmaster@1 172 $user->roles = array();
webmaster@1 173 if ($user->uid) {
webmaster@1 174 $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
webmaster@1 175 }
webmaster@1 176 else {
webmaster@1 177 $user->roles[DRUPAL_ANONYMOUS_RID] = 'anonymous user';
webmaster@1 178 }
webmaster@1 179 $result = db_query('SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
webmaster@1 180 while ($role = db_fetch_object($result)) {
webmaster@1 181 $user->roles[$role->rid] = $role->name;
webmaster@1 182 }
webmaster@1 183 user_module_invoke('load', $array, $user);
webmaster@1 184 }
webmaster@1 185 else {
webmaster@1 186 $user = FALSE;
webmaster@1 187 }
webmaster@1 188
webmaster@1 189 return $user;
webmaster@1 190 }
webmaster@1 191
webmaster@1 192 /**
webmaster@1 193 * Save changes to a user account or add a new user.
webmaster@1 194 *
webmaster@1 195 * @param $account
webmaster@1 196 * The $user object for the user to modify or add. If $user->uid is
webmaster@1 197 * omitted, a new user will be added.
webmaster@1 198 *
webmaster@1 199 * @param $array
webmaster@1 200 * (optional) An array of fields and values to save. For example,
webmaster@1 201 * array('name' => 'My name'); Setting a field to NULL deletes it from
webmaster@1 202 * the data column.
webmaster@1 203 *
webmaster@1 204 * @param $category
webmaster@1 205 * (optional) The category for storing profile information in.
webmaster@1 206 *
webmaster@1 207 * @return
webmaster@1 208 * A fully-loaded $user object upon successful save or FALSE if the save failed.
webmaster@1 209 */
webmaster@1 210 function user_save($account, $array = array(), $category = 'account') {
webmaster@1 211 // Dynamically compose a SQL query:
webmaster@1 212 $user_fields = user_fields();
webmaster@1 213 if (is_object($account) && $account->uid) {
webmaster@1 214 user_module_invoke('update', $array, $account, $category);
webmaster@1 215 $query = '';
webmaster@1 216 $data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid)));
webmaster@1 217 // Consider users edited by an administrator as logged in, if they haven't
webmaster@1 218 // already, so anonymous users can view the profile (if allowed).
webmaster@1 219 if (empty($array['access']) && empty($account->access) && user_access('administer users')) {
webmaster@1 220 $array['access'] = time();
webmaster@1 221 }
webmaster@1 222 foreach ($array as $key => $value) {
webmaster@1 223 if ($key == 'pass' && !empty($value)) {
webmaster@1 224 $query .= "$key = '%s', ";
webmaster@1 225 $v[] = md5($value);
webmaster@1 226 }
webmaster@1 227 else if ((substr($key, 0, 4) !== 'auth') && ($key != 'pass')) {
webmaster@1 228 if (in_array($key, $user_fields)) {
webmaster@1 229 // Save standard fields.
webmaster@1 230 $query .= "$key = '%s', ";
webmaster@1 231 $v[] = $value;
webmaster@1 232 }
webmaster@1 233 else if ($key != 'roles') {
webmaster@1 234 // Roles is a special case: it used below.
webmaster@1 235 if ($value === NULL) {
webmaster@1 236 unset($data[$key]);
webmaster@1 237 }
webmaster@1 238 else {
webmaster@1 239 $data[$key] = $value;
webmaster@1 240 }
webmaster@1 241 }
webmaster@1 242 }
webmaster@1 243 }
webmaster@1 244 $query .= "data = '%s' ";
webmaster@1 245 $v[] = serialize($data);
webmaster@1 246
webmaster@1 247 $success = db_query("UPDATE {users} SET $query WHERE uid = %d", array_merge($v, array($account->uid)));
webmaster@1 248 if (!$success) {
webmaster@1 249 // The query failed - better to abort the save than risk further data loss.
webmaster@1 250 return FALSE;
webmaster@1 251 }
webmaster@1 252
webmaster@1 253 // Reload user roles if provided.
webmaster@1 254 if (isset($array['roles']) && is_array($array['roles'])) {
webmaster@1 255 db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
webmaster@1 256
webmaster@1 257 foreach (array_keys($array['roles']) as $rid) {
webmaster@1 258 if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
webmaster@1 259 db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $account->uid, $rid);
webmaster@1 260 }
webmaster@1 261 }
webmaster@1 262 }
webmaster@1 263
webmaster@1 264 // Delete a blocked user's sessions to kick them if they are online.
webmaster@1 265 if (isset($array['status']) && $array['status'] == 0) {
webmaster@1 266 sess_destroy_uid($account->uid);
webmaster@1 267 }
webmaster@1 268
webmaster@1 269 // If the password changed, delete all open sessions and recreate
webmaster@1 270 // the current one.
webmaster@1 271 if (!empty($array['pass'])) {
webmaster@1 272 sess_destroy_uid($account->uid);
franck@19 273 if ($account->uid == $GLOBALS['user']->uid) {
franck@19 274 sess_regenerate();
franck@19 275 }
webmaster@1 276 }
webmaster@1 277
webmaster@1 278 // Refresh user object.
webmaster@1 279 $user = user_load(array('uid' => $account->uid));
webmaster@1 280
webmaster@1 281 // Send emails after we have the new user object.
webmaster@1 282 if (isset($array['status']) && $array['status'] != $account->status) {
webmaster@1 283 // The user's status is changing; conditionally send notification email.
webmaster@1 284 $op = $array['status'] == 1 ? 'status_activated' : 'status_blocked';
webmaster@1 285 _user_mail_notify($op, $user);
webmaster@1 286 }
webmaster@1 287
webmaster@1 288 user_module_invoke('after_update', $array, $user, $category);
webmaster@1 289 }
webmaster@1 290 else {
webmaster@1 291 // Allow 'created' to be set by the caller.
webmaster@1 292 if (!isset($array['created'])) {
webmaster@1 293 $array['created'] = time();
webmaster@1 294 }
webmaster@1 295 // Consider users created by an administrator as already logged in, so
webmaster@1 296 // anonymous users can view the profile (if allowed).
webmaster@1 297 if (empty($array['access']) && user_access('administer users')) {
webmaster@1 298 $array['access'] = time();
webmaster@1 299 }
webmaster@1 300
webmaster@1 301 // Note: we wait to save the data column to prevent module-handled
webmaster@1 302 // fields from being saved there. We cannot invoke hook_user('insert') here
webmaster@1 303 // because we don't have a fully initialized user object yet.
webmaster@1 304 foreach ($array as $key => $value) {
webmaster@1 305 switch ($key) {
webmaster@1 306 case 'pass':
webmaster@1 307 $fields[] = $key;
webmaster@1 308 $values[] = md5($value);
webmaster@1 309 $s[] = "'%s'";
webmaster@1 310 break;
webmaster@1 311 case 'mode': case 'sort': case 'timezone':
webmaster@1 312 case 'threshold': case 'created': case 'access':
webmaster@1 313 case 'login': case 'status':
webmaster@1 314 $fields[] = $key;
webmaster@1 315 $values[] = $value;
webmaster@1 316 $s[] = "%d";
webmaster@1 317 break;
webmaster@1 318 default:
webmaster@1 319 if (substr($key, 0, 4) !== 'auth' && in_array($key, $user_fields)) {
webmaster@1 320 $fields[] = $key;
webmaster@1 321 $values[] = $value;
webmaster@1 322 $s[] = "'%s'";
webmaster@1 323 }
webmaster@1 324 break;
webmaster@1 325 }
webmaster@1 326 }
webmaster@1 327 $success = db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
webmaster@1 328 if (!$success) {
webmaster@1 329 // On a failed INSERT some other existing user's uid may be returned.
webmaster@1 330 // We must abort to avoid overwriting their account.
webmaster@1 331 return FALSE;
webmaster@1 332 }
webmaster@1 333
webmaster@1 334 // Build the initial user object.
webmaster@1 335 $array['uid'] = db_last_insert_id('users', 'uid');
webmaster@1 336 $user = user_load(array('uid' => $array['uid']));
webmaster@1 337
webmaster@1 338 user_module_invoke('insert', $array, $user, $category);
webmaster@1 339
webmaster@1 340 // Build and save the serialized data field now.
webmaster@1 341 $data = array();
webmaster@1 342 foreach ($array as $key => $value) {
webmaster@1 343 if ((substr($key, 0, 4) !== 'auth') && ($key != 'roles') && (!in_array($key, $user_fields)) && ($value !== NULL)) {
webmaster@1 344 $data[$key] = $value;
webmaster@1 345 }
webmaster@1 346 }
webmaster@1 347 db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid);
webmaster@1 348
webmaster@1 349 // Save user roles (delete just to be safe).
webmaster@1 350 if (isset($array['roles']) && is_array($array['roles'])) {
webmaster@1 351 db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
webmaster@1 352 foreach (array_keys($array['roles']) as $rid) {
webmaster@1 353 if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
webmaster@1 354 db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
webmaster@1 355 }
webmaster@1 356 }
webmaster@1 357 }
webmaster@1 358
webmaster@1 359 // Build the finished user object.
webmaster@1 360 $user = user_load(array('uid' => $array['uid']));
webmaster@1 361 }
webmaster@1 362
webmaster@1 363 // Save distributed authentication mappings.
webmaster@1 364 $authmaps = array();
webmaster@1 365 foreach ($array as $key => $value) {
webmaster@1 366 if (substr($key, 0, 4) == 'auth') {
webmaster@1 367 $authmaps[$key] = $value;
webmaster@1 368 }
webmaster@1 369 }
webmaster@1 370 if (sizeof($authmaps) > 0) {
webmaster@1 371 user_set_authmaps($user, $authmaps);
webmaster@1 372 }
webmaster@1 373
webmaster@1 374 return $user;
webmaster@1 375 }
webmaster@1 376
webmaster@1 377 /**
webmaster@1 378 * Verify the syntax of the given name.
webmaster@1 379 */
webmaster@1 380 function user_validate_name($name) {
webmaster@1 381 if (!strlen($name)) return t('You must enter a username.');
webmaster@1 382 if (substr($name, 0, 1) == ' ') return t('The username cannot begin with a space.');
webmaster@1 383 if (substr($name, -1) == ' ') return t('The username cannot end with a space.');
webmaster@1 384 if (strpos($name, ' ') !== FALSE) return t('The username cannot contain multiple spaces in a row.');
webmaster@1 385 if (ereg("[^\x80-\xF7 [:alnum:]@_.-]", $name)) return t('The username contains an illegal character.');
webmaster@1 386 if (preg_match('/[\x{80}-\x{A0}'. // Non-printable ISO-8859-1 + NBSP
webmaster@1 387 '\x{AD}'. // Soft-hyphen
webmaster@1 388 '\x{2000}-\x{200F}'. // Various space characters
webmaster@1 389 '\x{2028}-\x{202F}'. // Bidirectional text overrides
webmaster@1 390 '\x{205F}-\x{206F}'. // Various text hinting characters
webmaster@1 391 '\x{FEFF}'. // Byte order mark
webmaster@1 392 '\x{FF01}-\x{FF60}'. // Full-width latin
webmaster@1 393 '\x{FFF9}-\x{FFFD}'. // Replacement characters
webmaster@1 394 '\x{0}]/u', // NULL byte
webmaster@1 395 $name)) {
webmaster@1 396 return t('The username contains an illegal character.');
webmaster@1 397 }
webmaster@1 398 if (strpos($name, '@') !== FALSE && !eregi('@([0-9a-z](-?[0-9a-z])*.)+[a-z]{2}([zmuvtg]|fo|me)?$', $name)) return t('The username is not a valid authentication ID.');
webmaster@1 399 if (strlen($name) > USERNAME_MAX_LENGTH) return t('The username %name is too long: it must be %max characters or less.', array('%name' => $name, '%max' => USERNAME_MAX_LENGTH));
webmaster@1 400 }
webmaster@1 401
webmaster@1 402 function user_validate_mail($mail) {
webmaster@1 403 if (!$mail) return t('You must enter an e-mail address.');
webmaster@1 404 if (!valid_email_address($mail)) {
webmaster@1 405 return t('The e-mail address %mail is not valid.', array('%mail' => $mail));
webmaster@1 406 }
webmaster@1 407 }
webmaster@1 408
webmaster@1 409 function user_validate_picture(&$form, &$form_state) {
webmaster@1 410 // If required, validate the uploaded picture.
webmaster@1 411 $validators = array(
webmaster@1 412 'file_validate_is_image' => array(),
webmaster@1 413 'file_validate_image_resolution' => array(variable_get('user_picture_dimensions', '85x85')),
webmaster@1 414 'file_validate_size' => array(variable_get('user_picture_file_size', '30') * 1024),
webmaster@1 415 );
webmaster@1 416 if ($file = file_save_upload('picture_upload', $validators)) {
webmaster@1 417 // Remove the old picture.
webmaster@1 418 if (isset($form_state['values']['_account']->picture) && file_exists($form_state['values']['_account']->picture)) {
webmaster@1 419 file_delete($form_state['values']['_account']->picture);
webmaster@1 420 }
webmaster@1 421
webmaster@1 422 // The image was saved using file_save_upload() and was added to the
webmaster@1 423 // files table as a temporary file. We'll make a copy and let the garbage
webmaster@1 424 // collector delete the original upload.
webmaster@1 425 $info = image_get_info($file->filepath);
webmaster@1 426 $destination = variable_get('user_picture_path', 'pictures') .'/picture-'. $form['#uid'] .'.'. $info['extension'];
webmaster@1 427 if (file_copy($file, $destination, FILE_EXISTS_REPLACE)) {
webmaster@1 428 $form_state['values']['picture'] = $file->filepath;
webmaster@1 429 }
webmaster@1 430 else {
webmaster@1 431 form_set_error('picture_upload', t("Failed to upload the picture image; the %directory directory doesn't exist or is not writable.", array('%directory' => variable_get('user_picture_path', 'pictures'))));
webmaster@1 432 }
webmaster@1 433 }
webmaster@1 434 }
webmaster@1 435
webmaster@1 436 /**
webmaster@1 437 * Generate a random alphanumeric password.
webmaster@1 438 */
webmaster@1 439 function user_password($length = 10) {
webmaster@1 440 // This variable contains the list of allowable characters for the
webmaster@1 441 // password. Note that the number 0 and the letter 'O' have been
webmaster@1 442 // removed to avoid confusion between the two. The same is true
webmaster@1 443 // of 'I', 1, and 'l'.
webmaster@1 444 $allowable_characters = 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789';
webmaster@1 445
webmaster@1 446 // Zero-based count of characters in the allowable list:
webmaster@1 447 $len = strlen($allowable_characters) - 1;
webmaster@1 448
webmaster@1 449 // Declare the password as a blank string.
webmaster@1 450 $pass = '';
webmaster@1 451
webmaster@1 452 // Loop the number of times specified by $length.
webmaster@1 453 for ($i = 0; $i < $length; $i++) {
webmaster@1 454
webmaster@1 455 // Each iteration, pick a random character from the
webmaster@1 456 // allowable string and append it to the password:
webmaster@1 457 $pass .= $allowable_characters[mt_rand(0, $len)];
webmaster@1 458 }
webmaster@1 459
webmaster@1 460 return $pass;
webmaster@1 461 }
webmaster@1 462
webmaster@1 463 /**
webmaster@1 464 * Determine whether the user has a given privilege.
webmaster@1 465 *
webmaster@1 466 * @param $string
webmaster@1 467 * The permission, such as "administer nodes", being checked for.
webmaster@1 468 * @param $account
webmaster@1 469 * (optional) The account to check, if not given use currently logged in user.
webmaster@1 470 * @param $reset
webmaster@1 471 * (optional) Resets the user's permissions cache, which will result in a
webmaster@1 472 * recalculation of the user's permissions. This is necessary to support
webmaster@1 473 * dynamically added user roles.
webmaster@1 474 *
webmaster@1 475 * @return
webmaster@1 476 * Boolean TRUE if the current user has the requested permission.
webmaster@1 477 *
webmaster@1 478 * All permission checks in Drupal should go through this function. This
webmaster@1 479 * way, we guarantee consistent behavior, and ensure that the superuser
webmaster@1 480 * can perform all actions.
webmaster@1 481 */
webmaster@1 482 function user_access($string, $account = NULL, $reset = FALSE) {
webmaster@1 483 global $user;
webmaster@1 484 static $perm = array();
webmaster@1 485
webmaster@1 486 if ($reset) {
webmaster@15 487 $perm = array();
webmaster@1 488 }
webmaster@1 489
webmaster@1 490 if (is_null($account)) {
webmaster@1 491 $account = $user;
webmaster@1 492 }
webmaster@1 493
webmaster@1 494 // User #1 has all privileges:
webmaster@1 495 if ($account->uid == 1) {
webmaster@1 496 return TRUE;
webmaster@1 497 }
webmaster@1 498
webmaster@1 499 // To reduce the number of SQL queries, we cache the user's permissions
webmaster@1 500 // in a static variable.
webmaster@1 501 if (!isset($perm[$account->uid])) {
webmaster@1 502 $result = db_query("SELECT p.perm FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (". db_placeholders($account->roles) .")", array_keys($account->roles));
webmaster@1 503
webmaster@1 504 $perms = array();
webmaster@1 505 while ($row = db_fetch_object($result)) {
webmaster@1 506 $perms += array_flip(explode(', ', $row->perm));
webmaster@1 507 }
webmaster@1 508 $perm[$account->uid] = $perms;
webmaster@1 509 }
webmaster@1 510
webmaster@1 511 return isset($perm[$account->uid][$string]);
webmaster@1 512 }
webmaster@1 513
webmaster@1 514 /**
webmaster@1 515 * Checks for usernames blocked by user administration.
webmaster@1 516 *
webmaster@1 517 * @return boolean TRUE for blocked users, FALSE for active.
webmaster@1 518 */
webmaster@1 519 function user_is_blocked($name) {
webmaster@1 520 $deny = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name));
webmaster@1 521
webmaster@1 522 return $deny;
webmaster@1 523 }
webmaster@1 524
webmaster@1 525 function user_fields() {
webmaster@1 526 static $fields;
webmaster@1 527
webmaster@1 528 if (!$fields) {
webmaster@1 529 $result = db_query('SELECT * FROM {users} WHERE uid = 1');
webmaster@1 530 if ($field = db_fetch_array($result)) {
webmaster@1 531 $fields = array_keys($field);
webmaster@1 532 }
webmaster@1 533 else {
webmaster@1 534 // Make sure we return the default fields at least.
webmaster@1 535 $fields = array('uid', 'name', 'pass', 'mail', 'picture', 'mode', 'sort', 'threshold', 'theme', 'signature', 'created', 'access', 'login', 'status', 'timezone', 'language', 'init', 'data');
webmaster@1 536 }
webmaster@1 537 }
webmaster@1 538
webmaster@1 539 return $fields;
webmaster@1 540 }
webmaster@1 541
webmaster@1 542 /**
webmaster@1 543 * Implementation of hook_perm().
webmaster@1 544 */
webmaster@1 545 function user_perm() {
webmaster@1 546 return array('administer permissions', 'administer users', 'access user profiles', 'change own username');
webmaster@1 547 }
webmaster@1 548
webmaster@1 549 /**
webmaster@1 550 * Implementation of hook_file_download().
webmaster@1 551 *
webmaster@1 552 * Ensure that user pictures (avatars) are always downloadable.
webmaster@1 553 */
webmaster@1 554 function user_file_download($file) {
webmaster@1 555 if (strpos($file, variable_get('user_picture_path', 'pictures') .'/picture-') === 0) {
webmaster@1 556 $info = image_get_info(file_create_path($file));
webmaster@1 557 return array('Content-type: '. $info['mime_type']);
webmaster@1 558 }
webmaster@1 559 }
webmaster@1 560
webmaster@1 561 /**
webmaster@1 562 * Implementation of hook_search().
webmaster@1 563 */
webmaster@1 564 function user_search($op = 'search', $keys = NULL, $skip_access_check = FALSE) {
webmaster@1 565 switch ($op) {
webmaster@1 566 case 'name':
webmaster@1 567 if ($skip_access_check || user_access('access user profiles')) {
webmaster@1 568 return t('Users');
webmaster@1 569 }
webmaster@1 570 case 'search':
webmaster@1 571 if (user_access('access user profiles')) {
webmaster@1 572 $find = array();
webmaster@1 573 // Replace wildcards with MySQL/PostgreSQL wildcards.
webmaster@1 574 $keys = preg_replace('!\*+!', '%', $keys);
webmaster@1 575 if (user_access('administer users')) {
webmaster@1 576 // Administrators can also search in the otherwise private email field.
webmaster@1 577 $result = pager_query("SELECT name, uid, mail FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%') OR LOWER(mail) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys, $keys);
webmaster@1 578 while ($account = db_fetch_object($result)) {
webmaster@1 579 $find[] = array('title' => $account->name .' ('. $account->mail .')', 'link' => url('user/'. $account->uid, array('absolute' => TRUE)));
webmaster@1 580 }
webmaster@1 581 }
webmaster@1 582 else {
webmaster@1 583 $result = pager_query("SELECT name, uid FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
webmaster@1 584 while ($account = db_fetch_object($result)) {
webmaster@1 585 $find[] = array('title' => $account->name, 'link' => url('user/'. $account->uid, array('absolute' => TRUE)));
webmaster@1 586 }
webmaster@1 587 }
webmaster@1 588 return $find;
webmaster@1 589 }
webmaster@1 590 }
webmaster@1 591 }
webmaster@1 592
webmaster@1 593 /**
webmaster@1 594 * Implementation of hook_elements().
webmaster@1 595 */
webmaster@1 596 function user_elements() {
webmaster@1 597 return array(
webmaster@1 598 'user_profile_category' => array(),
webmaster@1 599 'user_profile_item' => array(),
webmaster@1 600 );
webmaster@1 601 }
webmaster@1 602
webmaster@1 603 /**
webmaster@1 604 * Implementation of hook_user().
webmaster@1 605 */
webmaster@1 606 function user_user($type, &$edit, &$account, $category = NULL) {
webmaster@1 607 if ($type == 'view') {
webmaster@1 608 $account->content['user_picture'] = array(
webmaster@1 609 '#value' => theme('user_picture', $account),
webmaster@1 610 '#weight' => -10,
webmaster@1 611 );
webmaster@1 612 if (!isset($account->content['summary'])) {
webmaster@1 613 $account->content['summary'] = array();
webmaster@1 614 }
webmaster@1 615 $account->content['summary'] += array(
webmaster@1 616 '#type' => 'user_profile_category',
webmaster@1 617 '#attributes' => array('class' => 'user-member'),
webmaster@1 618 '#weight' => 5,
webmaster@1 619 '#title' => t('History'),
webmaster@1 620 );
webmaster@1 621 $account->content['summary']['member_for'] = array(
webmaster@1 622 '#type' => 'user_profile_item',
webmaster@1 623 '#title' => t('Member for'),
webmaster@1 624 '#value' => format_interval(time() - $account->created),
webmaster@1 625 );
webmaster@1 626 }
webmaster@1 627 if ($type == 'form' && $category == 'account') {
webmaster@1 628 $form_state = array();
webmaster@1 629 return user_edit_form($form_state, arg(1), $edit);
webmaster@1 630 }
webmaster@1 631
webmaster@1 632 if ($type == 'validate' && $category == 'account') {
webmaster@1 633 return _user_edit_validate(arg(1), $edit);
webmaster@1 634 }
webmaster@1 635
webmaster@1 636 if ($type == 'submit' && $category == 'account') {
webmaster@1 637 return _user_edit_submit(arg(1), $edit);
webmaster@1 638 }
webmaster@1 639
webmaster@1 640 if ($type == 'categories') {
webmaster@1 641 return array(array('name' => 'account', 'title' => t('Account settings'), 'weight' => 1));
webmaster@1 642 }
webmaster@1 643 }
webmaster@1 644
webmaster@1 645 function user_login_block() {
webmaster@1 646 $form = array(
webmaster@1 647 '#action' => url($_GET['q'], array('query' => drupal_get_destination())),
webmaster@1 648 '#id' => 'user-login-form',
webmaster@1 649 '#validate' => user_login_default_validators(),
webmaster@1 650 '#submit' => array('user_login_submit'),
webmaster@1 651 );
webmaster@1 652 $form['name'] = array('#type' => 'textfield',
webmaster@1 653 '#title' => t('Username'),
webmaster@1 654 '#maxlength' => USERNAME_MAX_LENGTH,
webmaster@1 655 '#size' => 15,
webmaster@1 656 '#required' => TRUE,
webmaster@1 657 );
webmaster@1 658 $form['pass'] = array('#type' => 'password',
webmaster@1 659 '#title' => t('Password'),
webmaster@1 660 '#maxlength' => 60,
webmaster@1 661 '#size' => 15,
webmaster@1 662 '#required' => TRUE,
webmaster@1 663 );
webmaster@1 664 $form['submit'] = array('#type' => 'submit',
webmaster@1 665 '#value' => t('Log in'),
webmaster@1 666 );
webmaster@1 667 $items = array();
webmaster@1 668 if (variable_get('user_register', 1)) {
webmaster@7 669 $items[] = l(t('Create new account'), 'user/register', array('attributes' => array('title' => t('Create a new user account.'))));
webmaster@1 670 }
webmaster@7 671 $items[] = l(t('Request new password'), 'user/password', array('attributes' => array('title' => t('Request new password via e-mail.'))));
webmaster@1 672 $form['links'] = array('#value' => theme('item_list', $items));
webmaster@1 673 return $form;
webmaster@1 674 }
webmaster@1 675
webmaster@1 676 /**
webmaster@1 677 * Implementation of hook_block().
webmaster@1 678 */
webmaster@1 679 function user_block($op = 'list', $delta = 0, $edit = array()) {
webmaster@1 680 global $user;
webmaster@1 681
webmaster@1 682 if ($op == 'list') {
webmaster@1 683 $blocks[0]['info'] = t('User login');
webmaster@1 684 // Not worth caching.
webmaster@1 685 $blocks[0]['cache'] = BLOCK_NO_CACHE;
webmaster@1 686
webmaster@1 687 $blocks[1]['info'] = t('Navigation');
webmaster@1 688 // Menu blocks can't be cached because each menu item can have
webmaster@1 689 // a custom access callback. menu.inc manages its own caching.
webmaster@1 690 $blocks[1]['cache'] = BLOCK_NO_CACHE;
webmaster@1 691
webmaster@1 692 $blocks[2]['info'] = t('Who\'s new');
webmaster@1 693
webmaster@1 694 // Too dynamic to cache.
webmaster@1 695 $blocks[3]['info'] = t('Who\'s online');
webmaster@1 696 $blocks[3]['cache'] = BLOCK_NO_CACHE;
webmaster@1 697 return $blocks;
webmaster@1 698 }
webmaster@1 699 else if ($op == 'configure' && $delta == 2) {
webmaster@1 700 $form['user_block_whois_new_count'] = array(
webmaster@1 701 '#type' => 'select',
webmaster@1 702 '#title' => t('Number of users to display'),
webmaster@1 703 '#default_value' => variable_get('user_block_whois_new_count', 5),
webmaster@1 704 '#options' => drupal_map_assoc(array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10)),
webmaster@1 705 );
webmaster@1 706 return $form;
webmaster@1 707 }
webmaster@1 708 else if ($op == 'configure' && $delta == 3) {
webmaster@1 709 $period = drupal_map_assoc(array(30, 60, 120, 180, 300, 600, 900, 1800, 2700, 3600, 5400, 7200, 10800, 21600, 43200, 86400), 'format_interval');
webmaster@1 710 $form['user_block_seconds_online'] = array('#type' => 'select', '#title' => t('User activity'), '#default_value' => variable_get('user_block_seconds_online', 900), '#options' => $period, '#description' => t('A user is considered online for this long after they have last viewed a page.'));
webmaster@1 711 $form['user_block_max_list_count'] = array('#type' => 'select', '#title' => t('User list length'), '#default_value' => variable_get('user_block_max_list_count', 10), '#options' => drupal_map_assoc(array(0, 5, 10, 15, 20, 25, 30, 40, 50, 75, 100)), '#description' => t('Maximum number of currently online users to display.'));
webmaster@1 712
webmaster@1 713 return $form;
webmaster@1 714 }
webmaster@1 715 else if ($op == 'save' && $delta == 2) {
webmaster@1 716 variable_set('user_block_whois_new_count', $edit['user_block_whois_new_count']);
webmaster@1 717 }
webmaster@1 718 else if ($op == 'save' && $delta == 3) {
webmaster@1 719 variable_set('user_block_seconds_online', $edit['user_block_seconds_online']);
webmaster@1 720 variable_set('user_block_max_list_count', $edit['user_block_max_list_count']);
webmaster@1 721 }
webmaster@1 722 else if ($op == 'view') {
webmaster@1 723 $block = array();
webmaster@1 724
webmaster@1 725 switch ($delta) {
webmaster@1 726 case 0:
webmaster@1 727 // For usability's sake, avoid showing two login forms on one page.
webmaster@1 728 if (!$user->uid && !(arg(0) == 'user' && !is_numeric(arg(1)))) {
webmaster@1 729
webmaster@1 730 $block['subject'] = t('User login');
webmaster@1 731 $block['content'] = drupal_get_form('user_login_block');
webmaster@1 732 }
webmaster@1 733 return $block;
webmaster@1 734
webmaster@1 735 case 1:
webmaster@1 736 if ($menu = menu_tree()) {
webmaster@1 737 $block['subject'] = $user->uid ? check_plain($user->name) : t('Navigation');
webmaster@1 738 $block['content'] = $menu;
webmaster@1 739 }
webmaster@1 740 return $block;
webmaster@1 741
webmaster@1 742 case 2:
webmaster@1 743 if (user_access('access content')) {
webmaster@1 744 // Retrieve a list of new users who have subsequently accessed the site successfully.
webmaster@1 745 $result = db_query_range('SELECT uid, name FROM {users} WHERE status != 0 AND access != 0 ORDER BY created DESC', 0, variable_get('user_block_whois_new_count', 5));
webmaster@1 746 while ($account = db_fetch_object($result)) {
webmaster@1 747 $items[] = $account;
webmaster@1 748 }
webmaster@1 749 $output = theme('user_list', $items);
webmaster@1 750
webmaster@1 751 $block['subject'] = t('Who\'s new');
webmaster@1 752 $block['content'] = $output;
webmaster@1 753 }
webmaster@1 754 return $block;
webmaster@1 755
webmaster@1 756 case 3:
webmaster@1 757 if (user_access('access content')) {
webmaster@1 758 // Count users active within the defined period.
webmaster@1 759 $interval = time() - variable_get('user_block_seconds_online', 900);
webmaster@1 760
webmaster@1 761 // Perform database queries to gather online user lists. We use s.timestamp
webmaster@1 762 // rather than u.access because it is much faster.
webmaster@1 763 $anonymous_count = sess_count($interval);
webmaster@1 764 $authenticated_users = db_query('SELECT DISTINCT u.uid, u.name, s.timestamp FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.timestamp >= %d AND s.uid > 0 ORDER BY s.timestamp DESC', $interval);
webmaster@1 765 $authenticated_count = 0;
webmaster@1 766 $max_users = variable_get('user_block_max_list_count', 10);
webmaster@1 767 $items = array();
webmaster@1 768 while ($account = db_fetch_object($authenticated_users)) {
webmaster@1 769 if ($max_users > 0) {
webmaster@1 770 $items[] = $account;
webmaster@1 771 $max_users--;
webmaster@1 772 }
webmaster@1 773 $authenticated_count++;
webmaster@1 774 }
webmaster@1 775
webmaster@1 776 // Format the output with proper grammar.
webmaster@1 777 if ($anonymous_count == 1 && $authenticated_count == 1) {
webmaster@1 778 $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
webmaster@1 779 }
webmaster@1 780 else {
webmaster@1 781 $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
webmaster@1 782 }
webmaster@1 783
webmaster@1 784 // Display a list of currently online users.
webmaster@1 785 $max_users = variable_get('user_block_max_list_count', 10);
webmaster@1 786 if ($authenticated_count && $max_users) {
webmaster@1 787 $output .= theme('user_list', $items, t('Online users'));
webmaster@1 788 }
webmaster@1 789
webmaster@1 790 $block['subject'] = t('Who\'s online');
webmaster@1 791 $block['content'] = $output;
webmaster@1 792 }
webmaster@1 793 return $block;
webmaster@1 794 }
webmaster@1 795 }
webmaster@1 796 }
webmaster@1 797
webmaster@1 798 /**
webmaster@1 799 * Process variables for user-picture.tpl.php.
webmaster@1 800 *
webmaster@1 801 * The $variables array contains the following arguments:
webmaster@1 802 * - $account
webmaster@1 803 *
webmaster@1 804 * @see user-picture.tpl.php
webmaster@1 805 */
webmaster@1 806 function template_preprocess_user_picture(&$variables) {
webmaster@1 807 $variables['picture'] = '';
webmaster@1 808 if (variable_get('user_pictures', 0)) {
webmaster@1 809 $account = $variables['account'];
webmaster@1 810 if (!empty($account->picture) && file_exists($account->picture)) {
webmaster@1 811 $picture = file_create_url($account->picture);
webmaster@1 812 }
webmaster@1 813 else if (variable_get('user_picture_default', '')) {
webmaster@1 814 $picture = variable_get('user_picture_default', '');
webmaster@1 815 }
webmaster@1 816
webmaster@1 817 if (isset($picture)) {
webmaster@1 818 $alt = t("@user's picture", array('@user' => $account->name ? $account->name : variable_get('anonymous', t('Anonymous'))));
webmaster@1 819 $variables['picture'] = theme('image', $picture, $alt, $alt, '', FALSE);
webmaster@1 820 if (!empty($account->uid) && user_access('access user profiles')) {
webmaster@1 821 $attributes = array('attributes' => array('title' => t('View user profile.')), 'html' => TRUE);
webmaster@1 822 $variables['picture'] = l($variables['picture'], "user/$account->uid", $attributes);
webmaster@1 823 }
webmaster@1 824 }
webmaster@1 825 }
webmaster@1 826 }
webmaster@1 827
webmaster@1 828 /**
webmaster@1 829 * Make a list of users.
webmaster@1 830 *
webmaster@1 831 * @param $users
webmaster@1 832 * An array with user objects. Should contain at least the name and uid.
webmaster@1 833 * @param $title
webmaster@1 834 * (optional) Title to pass on to theme_item_list().
webmaster@1 835 *
webmaster@1 836 * @ingroup themeable
webmaster@1 837 */
webmaster@1 838 function theme_user_list($users, $title = NULL) {
webmaster@1 839 if (!empty($users)) {
webmaster@1 840 foreach ($users as $user) {
webmaster@1 841 $items[] = theme('username', $user);
webmaster@1 842 }
webmaster@1 843 }
webmaster@1 844 return theme('item_list', $items, $title);
webmaster@1 845 }
webmaster@1 846
webmaster@1 847 function user_is_anonymous() {
webmaster@1 848 // Menu administrators can see items for anonymous when administering.
webmaster@1 849 return !$GLOBALS['user']->uid || !empty($GLOBALS['menu_admin']);
webmaster@1 850 }
webmaster@1 851
webmaster@1 852 function user_is_logged_in() {
webmaster@1 853 return (bool)$GLOBALS['user']->uid;
webmaster@1 854 }
webmaster@1 855
webmaster@1 856 function user_register_access() {
webmaster@1 857 return user_is_anonymous() && variable_get('user_register', 1);
webmaster@1 858 }
webmaster@1 859
webmaster@1 860 function user_view_access($account) {
webmaster@1 861 return $account && $account->uid &&
webmaster@1 862 (
webmaster@1 863 // Always let users view their own profile.
webmaster@1 864 ($GLOBALS['user']->uid == $account->uid) ||
webmaster@1 865 // Administrators can view all accounts.
webmaster@1 866 user_access('administer users') ||
webmaster@1 867 // The user is not blocked and logged in at least once.
webmaster@1 868 ($account->access && $account->status && user_access('access user profiles'))
webmaster@1 869 );
webmaster@1 870 }
webmaster@1 871
webmaster@5 872 /**
webmaster@5 873 * Access callback for user account editing.
webmaster@5 874 */
webmaster@1 875 function user_edit_access($account) {
webmaster@1 876 return (($GLOBALS['user']->uid == $account->uid) || user_access('administer users')) && $account->uid > 0;
webmaster@1 877 }
webmaster@1 878
webmaster@1 879 function user_load_self($arg) {
webmaster@1 880 $arg[1] = user_load($GLOBALS['user']->uid);
webmaster@1 881 return $arg;
webmaster@1 882 }
webmaster@1 883
webmaster@1 884 /**
webmaster@1 885 * Implementation of hook_menu().
webmaster@1 886 */
webmaster@1 887 function user_menu() {
webmaster@1 888 $items['user/autocomplete'] = array(
webmaster@1 889 'title' => 'User autocomplete',
webmaster@1 890 'page callback' => 'user_autocomplete',
webmaster@1 891 'access callback' => 'user_access',
webmaster@1 892 'access arguments' => array('access user profiles'),
webmaster@1 893 'type' => MENU_CALLBACK,
webmaster@1 894 'file' => 'user.pages.inc',
webmaster@1 895 );
webmaster@1 896
webmaster@1 897 // Registration and login pages.
webmaster@1 898 $items['user'] = array(
webmaster@1 899 'title' => 'User account',
webmaster@1 900 'page callback' => 'user_page',
webmaster@1 901 'access callback' => TRUE,
webmaster@1 902 'type' => MENU_CALLBACK,
webmaster@1 903 'file' => 'user.pages.inc',
webmaster@1 904 );
webmaster@1 905
webmaster@1 906 $items['user/login'] = array(
webmaster@1 907 'title' => 'Log in',
webmaster@1 908 'access callback' => 'user_is_anonymous',
webmaster@1 909 'type' => MENU_DEFAULT_LOCAL_TASK,
webmaster@1 910 );
webmaster@1 911
webmaster@1 912 $items['user/register'] = array(
webmaster@1 913 'title' => 'Create new account',
webmaster@1 914 'page callback' => 'drupal_get_form',
webmaster@1 915 'page arguments' => array('user_register'),
webmaster@1 916 'access callback' => 'user_register_access',
webmaster@1 917 'type' => MENU_LOCAL_TASK,
webmaster@1 918 'file' => 'user.pages.inc',
webmaster@1 919 );
webmaster@1 920
webmaster@1 921 $items['user/password'] = array(
webmaster@1 922 'title' => 'Request new password',
webmaster@1 923 'page callback' => 'drupal_get_form',
webmaster@1 924 'page arguments' => array('user_pass'),
webmaster@1 925 'access callback' => 'user_is_anonymous',
webmaster@1 926 'type' => MENU_LOCAL_TASK,
webmaster@1 927 'file' => 'user.pages.inc',
webmaster@1 928 );
webmaster@1 929 $items['user/reset/%/%/%'] = array(
webmaster@1 930 'title' => 'Reset password',
webmaster@1 931 'page callback' => 'drupal_get_form',
webmaster@1 932 'page arguments' => array('user_pass_reset', 2, 3, 4),
webmaster@1 933 'access callback' => TRUE,
webmaster@1 934 'type' => MENU_CALLBACK,
webmaster@1 935 'file' => 'user.pages.inc',
webmaster@1 936 );
webmaster@1 937
webmaster@1 938 // Admin user pages.
webmaster@1 939 $items['admin/user'] = array(
webmaster@1 940 'title' => 'User management',
webmaster@1 941 'description' => "Manage your site's users, groups and access to site features.",
webmaster@1 942 'position' => 'left',
webmaster@1 943 'page callback' => 'system_admin_menu_block_page',
webmaster@1 944 'access arguments' => array('access administration pages'),
webmaster@1 945 'file' => 'system.admin.inc',
webmaster@1 946 'file path' => drupal_get_path('module', 'system'),
webmaster@1 947 );
webmaster@1 948 $items['admin/user/user'] = array(
webmaster@1 949 'title' => 'Users',
webmaster@1 950 'description' => 'List, add, and edit users.',
webmaster@1 951 'page callback' => 'user_admin',
webmaster@1 952 'page arguments' => array('list'),
webmaster@1 953 'access arguments' => array('administer users'),
webmaster@1 954 'file' => 'user.admin.inc',
webmaster@1 955 );
webmaster@1 956 $items['admin/user/user/list'] = array(
webmaster@1 957 'title' => 'List',
webmaster@1 958 'type' => MENU_DEFAULT_LOCAL_TASK,
webmaster@1 959 'weight' => -10,
webmaster@1 960 );
webmaster@1 961 $items['admin/user/user/create'] = array(
webmaster@1 962 'title' => 'Add user',
webmaster@1 963 'page arguments' => array('create'),
webmaster@5 964 'access arguments' => array('administer users'),
webmaster@1 965 'type' => MENU_LOCAL_TASK,
webmaster@1 966 'file' => 'user.admin.inc',
webmaster@1 967 );
webmaster@1 968 $items['admin/user/settings'] = array(
webmaster@1 969 'title' => 'User settings',
webmaster@1 970 'description' => 'Configure default behavior of users, including registration requirements, e-mails, and user pictures.',
webmaster@1 971 'page callback' => 'drupal_get_form',
webmaster@1 972 'page arguments' => array('user_admin_settings'),
webmaster@1 973 'access arguments' => array('administer users'),
webmaster@1 974 'file' => 'user.admin.inc',
webmaster@1 975 );
webmaster@1 976
webmaster@1 977 // Admin access pages.
webmaster@1 978 $items['admin/user/permissions'] = array(
webmaster@1 979 'title' => 'Permissions',
webmaster@1 980 'description' => 'Determine access to features by selecting permissions for roles.',
webmaster@1 981 'page callback' => 'drupal_get_form',
webmaster@1 982 'page arguments' => array('user_admin_perm'),
webmaster@1 983 'access arguments' => array('administer permissions'),
webmaster@1 984 'file' => 'user.admin.inc',
webmaster@1 985 );
webmaster@1 986 $items['admin/user/roles'] = array(
webmaster@1 987 'title' => 'Roles',
webmaster@1 988 'description' => 'List, edit, or add user roles.',
webmaster@1 989 'page callback' => 'drupal_get_form',
webmaster@1 990 'page arguments' => array('user_admin_new_role'),
webmaster@1 991 'access arguments' => array('administer permissions'),
webmaster@1 992 'file' => 'user.admin.inc',
webmaster@1 993 );
webmaster@1 994 $items['admin/user/roles/edit'] = array(
webmaster@1 995 'title' => 'Edit role',
webmaster@1 996 'page arguments' => array('user_admin_role'),
webmaster@5 997 'access arguments' => array('administer permissions'),
webmaster@1 998 'type' => MENU_CALLBACK,
webmaster@1 999 'file' => 'user.admin.inc',
webmaster@1 1000 );
webmaster@1 1001 $items['admin/user/rules'] = array(
webmaster@1 1002 'title' => 'Access rules',
webmaster@1 1003 'description' => 'List and create rules to disallow usernames, e-mail addresses, and IP addresses.',
webmaster@1 1004 'page callback' => 'user_admin_access',
webmaster@1 1005 'access arguments' => array('administer permissions'),
webmaster@1 1006 'file' => 'user.admin.inc',
webmaster@1 1007 );
webmaster@1 1008 $items['admin/user/rules/list'] = array(
webmaster@1 1009 'title' => 'List',
webmaster@1 1010 'type' => MENU_DEFAULT_LOCAL_TASK,
webmaster@1 1011 'weight' => -10,
webmaster@1 1012 );
webmaster@1 1013 $items['admin/user/rules/add'] = array(
webmaster@1 1014 'title' => 'Add rule',
webmaster@1 1015 'page callback' => 'user_admin_access_add',
webmaster@5 1016 'access arguments' => array('administer permissions'),
webmaster@1 1017 'type' => MENU_LOCAL_TASK,
webmaster@1 1018 'file' => 'user.admin.inc',
webmaster@1 1019 );
webmaster@1 1020 $items['admin/user/rules/check'] = array(
webmaster@1 1021 'title' => 'Check rules',
webmaster@1 1022 'page callback' => 'user_admin_access_check',
webmaster@5 1023 'access arguments' => array('administer permissions'),
webmaster@1 1024 'type' => MENU_LOCAL_TASK,
webmaster@1 1025 'file' => 'user.admin.inc',
webmaster@1 1026 );
webmaster@1 1027 $items['admin/user/rules/edit'] = array(
webmaster@1 1028 'title' => 'Edit rule',
webmaster@1 1029 'page callback' => 'user_admin_access_edit',
webmaster@5 1030 'access arguments' => array('administer permissions'),
webmaster@1 1031 'type' => MENU_CALLBACK,
webmaster@1 1032 'file' => 'user.admin.inc',
webmaster@1 1033 );
webmaster@1 1034 $items['admin/user/rules/delete'] = array(
webmaster@1 1035 'title' => 'Delete rule',
webmaster@1 1036 'page callback' => 'drupal_get_form',
webmaster@1 1037 'page arguments' => array('user_admin_access_delete_confirm'),
webmaster@5 1038 'access arguments' => array('administer permissions'),
webmaster@1 1039 'type' => MENU_CALLBACK,
webmaster@1 1040 'file' => 'user.admin.inc',
webmaster@1 1041 );
webmaster@1 1042
webmaster@1 1043 $items['logout'] = array(
webmaster@1 1044 'title' => 'Log out',
webmaster@1 1045 'access callback' => 'user_is_logged_in',
webmaster@1 1046 'page callback' => 'user_logout',
webmaster@1 1047 'weight' => 10,
webmaster@1 1048 'file' => 'user.pages.inc',
webmaster@1 1049 );
webmaster@1 1050
webmaster@5 1051 $items['user/%user_uid_optional'] = array(
webmaster@1 1052 'title' => 'My account',
webmaster@1 1053 'title callback' => 'user_page_title',
webmaster@1 1054 'title arguments' => array(1),
webmaster@1 1055 'page callback' => 'user_view',
webmaster@1 1056 'page arguments' => array(1),
webmaster@1 1057 'access callback' => 'user_view_access',
webmaster@1 1058 'access arguments' => array(1),
webmaster@1 1059 'parent' => '',
webmaster@1 1060 'file' => 'user.pages.inc',
webmaster@1 1061 );
webmaster@1 1062
webmaster@1 1063 $items['user/%user/view'] = array(
webmaster@1 1064 'title' => 'View',
webmaster@1 1065 'type' => MENU_DEFAULT_LOCAL_TASK,
webmaster@1 1066 'weight' => -10,
webmaster@1 1067 );
webmaster@1 1068
webmaster@1 1069 $items['user/%user/delete'] = array(
webmaster@1 1070 'title' => 'Delete',
webmaster@1 1071 'page callback' => 'drupal_get_form',
webmaster@1 1072 'page arguments' => array('user_confirm_delete', 1),
webmaster@1 1073 'access callback' => 'user_access',
webmaster@1 1074 'access arguments' => array('administer users'),
webmaster@1 1075 'type' => MENU_CALLBACK,
webmaster@1 1076 'file' => 'user.pages.inc',
webmaster@1 1077 );
webmaster@1 1078
webmaster@1 1079 $items['user/%user_category/edit'] = array(
webmaster@1 1080 'title' => 'Edit',
webmaster@1 1081 'page callback' => 'user_edit',
webmaster@1 1082 'page arguments' => array(1),
webmaster@1 1083 'access callback' => 'user_edit_access',
webmaster@1 1084 'access arguments' => array(1),
webmaster@1 1085 'type' => MENU_LOCAL_TASK,
webmaster@1 1086 'load arguments' => array('%map', '%index'),
webmaster@1 1087 'file' => 'user.pages.inc',
webmaster@1 1088 );
webmaster@1 1089
webmaster@1 1090 $items['user/%user_category/edit/account'] = array(
webmaster@1 1091 'title' => 'Account',
webmaster@1 1092 'type' => MENU_DEFAULT_LOCAL_TASK,
webmaster@1 1093 'load arguments' => array('%map', '%index'),
webmaster@1 1094 );
webmaster@1 1095
webmaster@1 1096 $empty_account = new stdClass();
webmaster@1 1097 if (($categories = _user_categories($empty_account)) && (count($categories) > 1)) {
webmaster@1 1098 foreach ($categories as $key => $category) {
webmaster@1 1099 // 'account' is already handled by the MENU_DEFAULT_LOCAL_TASK.
webmaster@1 1100 if ($category['name'] != 'account') {
webmaster@1 1101 $items['user/%user_category/edit/'. $category['name']] = array(
webmaster@1 1102 'title callback' => 'check_plain',
webmaster@1 1103 'title arguments' => array($category['title']),
webmaster@1 1104 'page callback' => 'user_edit',
webmaster@1 1105 'page arguments' => array(1, 3),
webmaster@5 1106 'access callback' => isset($category['access callback']) ? $category['access callback'] : 'user_edit_access',
webmaster@5 1107 'access arguments' => isset($category['access arguments']) ? $category['access arguments'] : array(1),
webmaster@1 1108 'type' => MENU_LOCAL_TASK,
webmaster@1 1109 'weight' => $category['weight'],
webmaster@1 1110 'load arguments' => array('%map', '%index'),
webmaster@1 1111 'tab_parent' => 'user/%/edit',
webmaster@1 1112 'file' => 'user.pages.inc',
webmaster@1 1113 );
webmaster@1 1114 }
webmaster@1 1115 }
webmaster@1 1116 }
webmaster@1 1117 return $items;
webmaster@1 1118 }
webmaster@1 1119
webmaster@1 1120 function user_init() {
webmaster@1 1121 drupal_add_css(drupal_get_path('module', 'user') .'/user.css', 'module');
webmaster@1 1122 }
webmaster@1 1123
webmaster@5 1124 function user_uid_optional_load($arg) {
webmaster@5 1125 return user_load(isset($arg) ? $arg : $GLOBALS['user']->uid);
webmaster@1 1126 }
webmaster@1 1127
webmaster@1 1128 /**
webmaster@1 1129 * Return a user object after checking if any profile category in the path exists.
webmaster@1 1130 */
webmaster@1 1131 function user_category_load($uid, &$map, $index) {
webmaster@1 1132 static $user_categories, $accounts;
webmaster@1 1133
webmaster@1 1134 // Cache $account - this load function will get called for each profile tab.
webmaster@1 1135 if (!isset($accounts[$uid])) {
webmaster@1 1136 $accounts[$uid] = user_load($uid);
webmaster@1 1137 }
webmaster@1 1138 $valid = TRUE;
webmaster@1 1139 if ($account = $accounts[$uid]) {
webmaster@1 1140 // Since the path is like user/%/edit/category_name, the category name will
webmaster@1 1141 // be at a position 2 beyond the index corresponding to the % wildcard.
webmaster@1 1142 $category_index = $index + 2;
webmaster@1 1143 // Valid categories may contain slashes, and hence need to be imploded.
webmaster@1 1144 $category_path = implode('/', array_slice($map, $category_index));
webmaster@1 1145 if ($category_path) {
webmaster@1 1146 // Check that the requested category exists.
webmaster@1 1147 $valid = FALSE;
webmaster@1 1148 if (!isset($user_categories)) {
webmaster@1 1149 $empty_account = new stdClass();
webmaster@1 1150 $user_categories = _user_categories($empty_account);
webmaster@1 1151 }
webmaster@1 1152 foreach ($user_categories as $category) {
webmaster@1 1153 if ($category['name'] == $category_path) {
webmaster@1 1154 $valid = TRUE;
webmaster@1 1155 // Truncate the map array in case the category name had slashes.
webmaster@1 1156 $map = array_slice($map, 0, $category_index);
webmaster@1 1157 // Assign the imploded category name to the last map element.
webmaster@1 1158 $map[$category_index] = $category_path;
webmaster@1 1159 break;
webmaster@1 1160 }
webmaster@1 1161 }
webmaster@1 1162 }
webmaster@1 1163 }
webmaster@1 1164 return $valid ? $account : FALSE;
webmaster@1 1165 }
webmaster@1 1166
webmaster@1 1167 /**
webmaster@1 1168 * Returns the user id of the currently logged in user.
webmaster@1 1169 */
webmaster@5 1170 function user_uid_optional_to_arg($arg) {
webmaster@1 1171 // Give back the current user uid when called from eg. tracker, aka.
webmaster@1 1172 // with an empty arg. Also use the current user uid when called from
webmaster@1 1173 // the menu with a % for the current account link.
webmaster@1 1174 return empty($arg) || $arg == '%' ? $GLOBALS['user']->uid : $arg;
webmaster@1 1175 }
webmaster@1 1176
webmaster@1 1177 /**
webmaster@1 1178 * Menu item title callback - use the user name if it's not the current user.
webmaster@1 1179 */
webmaster@1 1180 function user_page_title($account) {
webmaster@1 1181 if ($account->uid == $GLOBALS['user']->uid) {
webmaster@1 1182 return t('My account');
webmaster@1 1183 }
webmaster@1 1184 return $account->name;
webmaster@1 1185 }
webmaster@1 1186
webmaster@1 1187 /**
webmaster@1 1188 * Discover which external authentication module(s) authenticated a username.
webmaster@1 1189 *
webmaster@1 1190 * @param $authname
webmaster@1 1191 * A username used by an external authentication module.
webmaster@1 1192 * @return
webmaster@1 1193 * An associative array with module as key and username as value.
webmaster@1 1194 */
webmaster@1 1195 function user_get_authmaps($authname = NULL) {
webmaster@1 1196 $result = db_query("SELECT authname, module FROM {authmap} WHERE authname = '%s'", $authname);
webmaster@1 1197 $authmaps = array();
webmaster@1 1198 $has_rows = FALSE;
webmaster@1 1199 while ($authmap = db_fetch_object($result)) {
webmaster@1 1200 $authmaps[$authmap->module] = $authmap->authname;
webmaster@1 1201 $has_rows = TRUE;
webmaster@1 1202 }
webmaster@1 1203 return $has_rows ? $authmaps : 0;
webmaster@1 1204 }
webmaster@1 1205
webmaster@1 1206 /**
webmaster@1 1207 * Save mappings of which external authentication module(s) authenticated
webmaster@1 1208 * a user. Maps external usernames to user ids in the users table.
webmaster@1 1209 *
webmaster@1 1210 * @param $account
webmaster@1 1211 * A user object.
webmaster@1 1212 * @param $authmaps
webmaster@1 1213 * An associative array with a compound key and the username as the value.
webmaster@1 1214 * The key is made up of 'authname_' plus the name of the external authentication
webmaster@1 1215 * module.
webmaster@1 1216 * @see user_external_login_register()
webmaster@1 1217 */
webmaster@1 1218 function user_set_authmaps($account, $authmaps) {
webmaster@1 1219 foreach ($authmaps as $key => $value) {
webmaster@1 1220 $module = explode('_', $key, 2);
webmaster@1 1221 if ($value) {
webmaster@1 1222 db_query("UPDATE {authmap} SET authname = '%s' WHERE uid = %d AND module = '%s'", $value, $account->uid, $module[1]);
webmaster@1 1223 if (!db_affected_rows()) {
webmaster@1 1224 db_query("INSERT INTO {authmap} (authname, uid, module) VALUES ('%s', %d, '%s')", $value, $account->uid, $module[1]);
webmaster@1 1225 }
webmaster@1 1226 }
webmaster@1 1227 else {
webmaster@1 1228 db_query("DELETE FROM {authmap} WHERE uid = %d AND module = '%s'", $account->uid, $module[1]);
webmaster@1 1229 }
webmaster@1 1230 }
webmaster@1 1231 }
webmaster@1 1232
webmaster@1 1233 /**
webmaster@1 1234 * Form builder; the main user login form.
webmaster@1 1235 *
webmaster@1 1236 * @ingroup forms
webmaster@1 1237 */
webmaster@5 1238 function user_login(&$form_state) {
webmaster@1 1239 global $user;
webmaster@1 1240
webmaster@1 1241 // If we are already logged on, go to the user page instead.
webmaster@1 1242 if ($user->uid) {
webmaster@1 1243 drupal_goto('user/'. $user->uid);
webmaster@1 1244 }
webmaster@1 1245
webmaster@1 1246 // Display login form:
webmaster@1 1247 $form['name'] = array('#type' => 'textfield',
webmaster@1 1248 '#title' => t('Username'),
webmaster@1 1249 '#size' => 60,
webmaster@1 1250 '#maxlength' => USERNAME_MAX_LENGTH,
webmaster@1 1251 '#required' => TRUE,
webmaster@1 1252 '#attributes' => array('tabindex' => '1'),
webmaster@1 1253 );
webmaster@1 1254
webmaster@1 1255 $form['name']['#description'] = t('Enter your @s username.', array('@s' => variable_get('site_name', 'Drupal')));
webmaster@1 1256 $form['pass'] = array('#type' => 'password',
webmaster@1 1257 '#title' => t('Password'),
webmaster@1 1258 '#description' => t('Enter the password that accompanies your username.'),
webmaster@1 1259 '#required' => TRUE,
webmaster@1 1260 '#attributes' => array('tabindex' => '2'),
webmaster@1 1261 );
webmaster@1 1262 $form['#validate'] = user_login_default_validators();
webmaster@1 1263 $form['submit'] = array('#type' => 'submit', '#value' => t('Log in'), '#weight' => 2, '#attributes' => array('tabindex' => '3'));
webmaster@1 1264
webmaster@1 1265 return $form;
webmaster@1 1266 }
webmaster@1 1267
webmaster@1 1268 /**
webmaster@1 1269 * Set up a series for validators which check for blocked/denied users,
webmaster@1 1270 * then authenticate against local database, then return an error if
webmaster@7 1271 * authentication fails. Distributed authentication modules are welcome
webmaster@7 1272 * to use hook_form_alter() to change this series in order to
webmaster@7 1273 * authenticate against their user database instead of the local users
webmaster@1 1274 * table.
webmaster@1 1275 *
webmaster@1 1276 * We use three validators instead of one since external authentication
webmaster@1 1277 * modules usually only need to alter the second validator.
webmaster@1 1278 *
webmaster@1 1279 * @see user_login_name_validate()
webmaster@1 1280 * @see user_login_authenticate_validate()
webmaster@1 1281 * @see user_login_final_validate()
webmaster@1 1282 * @return array
webmaster@1 1283 * A simple list of validate functions.
webmaster@1 1284 */
webmaster@1 1285 function user_login_default_validators() {
webmaster@1 1286 return array('user_login_name_validate', 'user_login_authenticate_validate', 'user_login_final_validate');
webmaster@1 1287 }
webmaster@1 1288
webmaster@1 1289 /**
webmaster@1 1290 * A FAPI validate handler. Sets an error if supplied username has been blocked
webmaster@1 1291 * or denied access.
webmaster@1 1292 */
webmaster@1 1293 function user_login_name_validate($form, &$form_state) {
webmaster@1 1294 if (isset($form_state['values']['name'])) {
webmaster@1 1295 if (user_is_blocked($form_state['values']['name'])) {
webmaster@1 1296 // blocked in user administration
webmaster@1 1297 form_set_error('name', t('The username %name has not been activated or is blocked.', array('%name' => $form_state['values']['name'])));
webmaster@1 1298 }
webmaster@1 1299 else if (drupal_is_denied('user', $form_state['values']['name'])) {
webmaster@1 1300 // denied by access controls
webmaster@1 1301 form_set_error('name', t('The name %name is a reserved username.', array('%name' => $form_state['values']['name'])));
webmaster@1 1302 }
webmaster@1 1303 }
webmaster@1 1304 }
webmaster@1 1305
webmaster@1 1306 /**
webmaster@1 1307 * A validate handler on the login form. Check supplied username/password
webmaster@1 1308 * against local users table. If successful, sets the global $user object.
webmaster@1 1309 */
webmaster@1 1310 function user_login_authenticate_validate($form, &$form_state) {
webmaster@1 1311 user_authenticate($form_state['values']);
webmaster@1 1312 }
webmaster@1 1313
webmaster@1 1314 /**
webmaster@1 1315 * A validate handler on the login form. Should be the last validator. Sets an
webmaster@1 1316 * error if user has not been authenticated yet.
webmaster@1 1317 */
webmaster@1 1318 function user_login_final_validate($form, &$form_state) {
webmaster@1 1319 global $user;
webmaster@1 1320 if (!$user->uid) {
webmaster@1 1321 form_set_error('name', t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => url('user/password'))));
webmaster@1 1322 watchdog('user', 'Login attempt failed for %user.', array('%user' => $form_state['values']['name']));
webmaster@1 1323 }
webmaster@1 1324 }
webmaster@1 1325
webmaster@1 1326 /**
webmaster@1 1327 * Try to log in the user locally.
webmaster@1 1328 *
webmaster@1 1329 * @param $form_values
webmaster@1 1330 * Form values with at least 'name' and 'pass' keys, as well as anything else
webmaster@1 1331 * which should be passed along to hook_user op 'login'.
webmaster@1 1332 *
webmaster@1 1333 * @return
webmaster@1 1334 * A $user object, if successful.
webmaster@1 1335 */
webmaster@1 1336 function user_authenticate($form_values = array()) {
webmaster@1 1337 global $user;
webmaster@1 1338
webmaster@11 1339 // Load the account to check if the e-mail is denied by an access rule.
webmaster@11 1340 // Doing this check here saves us a user_load() in user_login_name_validate()
webmaster@11 1341 // and introduces less code change for a security fix.
webmaster@11 1342 $account = user_load(array('name' => $form_values['name'], 'pass' => trim($form_values['pass']), 'status' => 1));
webmaster@11 1343 if ($account && drupal_is_denied('mail', $account->mail)) {
webmaster@11 1344 form_set_error('name', t('The name %name is registered using a reserved e-mail address and therefore could not be logged in.', array('%name' => $account->name)));
webmaster@11 1345 }
webmaster@11 1346
webmaster@1 1347 // Name and pass keys are required.
webmaster@11 1348 // The user is about to be logged in, so make sure no error was previously
webmaster@11 1349 // encountered in the validation process.
webmaster@11 1350 if (!form_get_errors() && !empty($form_values['name']) && !empty($form_values['pass']) && $account) {
webmaster@1 1351 $user = $account;
webmaster@1 1352 user_authenticate_finalize($form_values);
webmaster@1 1353 return $user;
webmaster@1 1354 }
webmaster@1 1355 }
webmaster@1 1356
webmaster@1 1357 /**
webmaster@1 1358 * Finalize the login process. Must be called when logging in a user.
webmaster@1 1359 *
webmaster@1 1360 * The function records a watchdog message about the new session, saves the
webmaster@1 1361 * login timestamp, calls hook_user op 'login' and generates a new session.
webmaster@1 1362 *
webmaster@1 1363 * $param $edit
webmaster@1 1364 * This array is passed to hook_user op login.
webmaster@1 1365 */
webmaster@1 1366 function user_authenticate_finalize(&$edit) {
webmaster@1 1367 global $user;
webmaster@1 1368 watchdog('user', 'Session opened for %name.', array('%name' => $user->name));
webmaster@1 1369 // Update the user table timestamp noting user has logged in.
webmaster@1 1370 // This is also used to invalidate one-time login links.
webmaster@1 1371 $user->login = time();
webmaster@1 1372 db_query("UPDATE {users} SET login = %d WHERE uid = %d", $user->login, $user->uid);
webmaster@7 1373
webmaster@7 1374 // Regenerate the session ID to prevent against session fixation attacks.
webmaster@7 1375 sess_regenerate();
webmaster@1 1376 user_module_invoke('login', $edit, $user);
webmaster@1 1377 }
webmaster@1 1378
webmaster@1 1379 /**
webmaster@1 1380 * Submit handler for the login form. Redirects the user to a page.
webmaster@1 1381 *
webmaster@1 1382 * The user is redirected to the My Account page. Setting the destination in
webmaster@1 1383 * the query string (as done by the user login block) overrides the redirect.
webmaster@1 1384 */
webmaster@1 1385 function user_login_submit($form, &$form_state) {
webmaster@1 1386 global $user;
webmaster@1 1387 if ($user->uid) {
webmaster@1 1388 $form_state['redirect'] = 'user/'. $user->uid;
webmaster@1 1389 return;
webmaster@1 1390 }
webmaster@1 1391 }
webmaster@1 1392
webmaster@1 1393 /**
webmaster@1 1394 * Helper function for authentication modules. Either login in or registers
webmaster@1 1395 * the current user, based on username. Either way, the global $user object is
webmaster@1 1396 * populated based on $name.
webmaster@1 1397 */
webmaster@1 1398 function user_external_login_register($name, $module) {
webmaster@1 1399 global $user;
webmaster@1 1400
webmaster@9 1401 $existing_user = user_load(array('name' => $name));
webmaster@9 1402 if (isset($existing_user->uid)) {
webmaster@9 1403 $user = $existing_user;
webmaster@9 1404 }
webmaster@9 1405 else {
webmaster@1 1406 // Register this new user.
webmaster@1 1407 $userinfo = array(
webmaster@1 1408 'name' => $name,
webmaster@1 1409 'pass' => user_password(),
webmaster@1 1410 'init' => $name,
webmaster@1 1411 'status' => 1,
webmaster@1 1412 "authname_$module" => $name,
webmaster@1 1413 'access' => time()
webmaster@1 1414 );
webmaster@1 1415 $account = user_save('', $userinfo);
webmaster@1 1416 // Terminate if an error occured during user_save().
webmaster@1 1417 if (!$account) {
webmaster@1 1418 drupal_set_message(t("Error saving user account."), 'error');
webmaster@1 1419 return;
webmaster@1 1420 }
webmaster@1 1421 $user = $account;
webmaster@1 1422 watchdog('user', 'New external user: %name using module %module.', array('%name' => $name, '%module' => $module), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $user->uid .'/edit'));
webmaster@1 1423 }
webmaster@1 1424 }
webmaster@1 1425
webmaster@1 1426 function user_pass_reset_url($account) {
webmaster@1 1427 $timestamp = time();
webmaster@1 1428 return url("user/reset/$account->uid/$timestamp/". user_pass_rehash($account->pass, $timestamp, $account->login), array('absolute' => TRUE));
webmaster@1 1429 }
webmaster@1 1430
webmaster@1 1431 function user_pass_rehash($password, $timestamp, $login) {
webmaster@1 1432 return md5($timestamp . $password . $login);
webmaster@1 1433 }
webmaster@1 1434
webmaster@1 1435 function user_edit_form(&$form_state, $uid, $edit, $register = FALSE) {
webmaster@1 1436 _user_password_dynamic_validation();
webmaster@1 1437 $admin = user_access('administer users');
webmaster@1 1438
webmaster@1 1439 // Account information:
webmaster@1 1440 $form['account'] = array('#type' => 'fieldset',
webmaster@1 1441 '#title' => t('Account information'),
webmaster@1 1442 '#weight' => -10,
webmaster@1 1443 );
webmaster@1 1444 if (user_access('change own username') || $admin || $register) {
webmaster@1 1445 $form['account']['name'] = array('#type' => 'textfield',
webmaster@1 1446 '#title' => t('Username'),
webmaster@1 1447 '#default_value' => $edit['name'],
webmaster@1 1448 '#maxlength' => USERNAME_MAX_LENGTH,
webmaster@1 1449 '#description' => t('Spaces are allowed; punctuation is not allowed except for periods, hyphens, and underscores.'),
webmaster@1 1450 '#required' => TRUE,
webmaster@1 1451 );
webmaster@1 1452 }
webmaster@1 1453 $form['account']['mail'] = array('#type' => 'textfield',
webmaster@1 1454 '#title' => t('E-mail address'),
webmaster@1 1455 '#default_value' => $edit['mail'],
webmaster@1 1456 '#maxlength' => EMAIL_MAX_LENGTH,
webmaster@1 1457 '#description' => t('A valid e-mail address. All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.'),
webmaster@1 1458 '#required' => TRUE,
webmaster@1 1459 );
webmaster@1 1460 if (!$register) {
webmaster@1 1461 $form['account']['pass'] = array('#type' => 'password_confirm',
webmaster@1 1462 '#description' => t('To change the current user password, enter the new password in both fields.'),
webmaster@1 1463 '#size' => 25,
webmaster@1 1464 );
webmaster@1 1465 }
webmaster@1 1466 elseif (!variable_get('user_email_verification', TRUE) || $admin) {
webmaster@1 1467 $form['account']['pass'] = array(
webmaster@1 1468 '#type' => 'password_confirm',
webmaster@1 1469 '#description' => t('Provide a password for the new account in both fields.'),
webmaster@1 1470 '#required' => TRUE,
webmaster@1 1471 '#size' => 25,
webmaster@1 1472 );
webmaster@1 1473 }
webmaster@1 1474 if ($admin) {
webmaster@1 1475 $form['account']['status'] = array(
webmaster@1 1476 '#type' => 'radios',
webmaster@1 1477 '#title' => t('Status'),
webmaster@1 1478 '#default_value' => isset($edit['status']) ? $edit['status'] : 1,
webmaster@1 1479 '#options' => array(t('Blocked'), t('Active'))
webmaster@1 1480 );
webmaster@1 1481 }
webmaster@1 1482 if (user_access('administer permissions')) {
webmaster@1 1483 $roles = user_roles(TRUE);
webmaster@1 1484
webmaster@1 1485 // The disabled checkbox subelement for the 'authenticated user' role
webmaster@1 1486 // must be generated separately and added to the checkboxes element,
webmaster@1 1487 // because of a limitation in D6 FormAPI not supporting a single disabled
webmaster@1 1488 // checkbox within a set of checkboxes.
webmaster@1 1489 // TODO: This should be solved more elegantly. See issue #119038.
webmaster@1 1490 $checkbox_authenticated = array(
webmaster@1 1491 '#type' => 'checkbox',
webmaster@1 1492 '#title' => $roles[DRUPAL_AUTHENTICATED_RID],
webmaster@1 1493 '#default_value' => TRUE,
webmaster@1 1494 '#disabled' => TRUE,
webmaster@1 1495 );
webmaster@1 1496
webmaster@1 1497 unset($roles[DRUPAL_AUTHENTICATED_RID]);
webmaster@1 1498 if ($roles) {
webmaster@1 1499 $default = empty($edit['roles']) ? array() : array_keys($edit['roles']);
webmaster@1 1500 $form['account']['roles'] = array(
webmaster@1 1501 '#type' => 'checkboxes',
webmaster@1 1502 '#title' => t('Roles'),
webmaster@1 1503 '#default_value' => $default,
webmaster@1 1504 '#options' => $roles,
webmaster@1 1505 DRUPAL_AUTHENTICATED_RID => $checkbox_authenticated,
webmaster@1 1506 );
webmaster@1 1507 }
webmaster@1 1508 }
webmaster@1 1509
webmaster@1 1510 // Signature:
webmaster@1 1511 if (variable_get('user_signatures', 0) && module_exists('comment') && !$register) {
webmaster@1 1512 $form['signature_settings'] = array(
webmaster@1 1513 '#type' => 'fieldset',
webmaster@1 1514 '#title' => t('Signature settings'),
webmaster@1 1515 '#weight' => 1,
webmaster@1 1516 );
webmaster@1 1517 $form['signature_settings']['signature'] = array(
webmaster@1 1518 '#type' => 'textarea',
webmaster@1 1519 '#title' => t('Signature'),
webmaster@1 1520 '#default_value' => $edit['signature'],
webmaster@1 1521 '#description' => t('Your signature will be publicly displayed at the end of your comments.'),
webmaster@1 1522 );
webmaster@1 1523 }
webmaster@1 1524
webmaster@1 1525 // Picture/avatar:
webmaster@1 1526 if (variable_get('user_pictures', 0) && !$register) {
webmaster@1 1527 $form['picture'] = array('#type' => 'fieldset', '#title' => t('Picture'), '#weight' => 1);
webmaster@1 1528 $picture = theme('user_picture', (object)$edit);
webmaster@1 1529 if ($edit['picture']) {
webmaster@1 1530 $form['picture']['current_picture'] = array('#value' => $picture);
webmaster@1 1531 $form['picture']['picture_delete'] = array('#type' => 'checkbox', '#title' => t('Delete picture'), '#description' => t('Check this box to delete your current picture.'));
webmaster@1 1532 }
webmaster@1 1533 else {
webmaster@1 1534 $form['picture']['picture_delete'] = array('#type' => 'hidden');
webmaster@1 1535 }
webmaster@1 1536 $form['picture']['picture_upload'] = array('#type' => 'file', '#title' => t('Upload picture'), '#size' => 48, '#description' => t('Your virtual face or picture. Maximum dimensions are %dimensions and the maximum size is %size kB.', array('%dimensions' => variable_get('user_picture_dimensions', '85x85'), '%size' => variable_get('user_picture_file_size', '30'))) .' '. variable_get('user_picture_guidelines', ''));
franck@19 1537 $form['#validate'][] = 'user_profile_form_validate';
webmaster@1 1538 $form['#validate'][] = 'user_validate_picture';
webmaster@1 1539 }
webmaster@1 1540 $form['#uid'] = $uid;
webmaster@1 1541
webmaster@1 1542 return $form;
webmaster@1 1543 }
webmaster@1 1544
webmaster@1 1545 function _user_edit_validate($uid, &$edit) {
webmaster@1 1546 $user = user_load(array('uid' => $uid));
webmaster@1 1547 // Validate the username:
webmaster@1 1548 if (user_access('change own username') || user_access('administer users') || !$user->uid) {
webmaster@1 1549 if ($error = user_validate_name($edit['name'])) {
webmaster@1 1550 form_set_error('name', $error);
webmaster@1 1551 }
webmaster@1 1552 else if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) {
webmaster@1 1553 form_set_error('name', t('The name %name is already taken.', array('%name' => $edit['name'])));
webmaster@1 1554 }
webmaster@1 1555 else if (drupal_is_denied('user', $edit['name'])) {
webmaster@1 1556 form_set_error('name', t('The name %name has been denied access.', array('%name' => $edit['name'])));
webmaster@1 1557 }
webmaster@1 1558 }
webmaster@1 1559
webmaster@1 1560 // Validate the e-mail address:
webmaster@1 1561 if ($error = user_validate_mail($edit['mail'])) {
webmaster@1 1562 form_set_error('mail', $error);
webmaster@1 1563 }
webmaster@1 1564 else if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(mail) = LOWER('%s')", $uid, $edit['mail'])) > 0) {
webmaster@1 1565 form_set_error('mail', t('The e-mail address %email is already registered. <a href="@password">Have you forgotten your password?</a>', array('%email' => $edit['mail'], '@password' => url('user/password'))));
webmaster@1 1566 }
webmaster@1 1567 else if (drupal_is_denied('mail', $edit['mail'])) {
webmaster@1 1568 form_set_error('mail', t('The e-mail address %email has been denied access.', array('%email' => $edit['mail'])));
webmaster@1 1569 }
webmaster@1 1570 }
webmaster@1 1571
webmaster@1 1572 function _user_edit_submit($uid, &$edit) {
webmaster@1 1573 $user = user_load(array('uid' => $uid));
webmaster@1 1574 // Delete picture if requested, and if no replacement picture was given.
webmaster@1 1575 if (!empty($edit['picture_delete'])) {
webmaster@1 1576 if ($user->picture && file_exists($user->picture)) {
webmaster@1 1577 file_delete($user->picture);
webmaster@1 1578 }
webmaster@1 1579 $edit['picture'] = '';
webmaster@1 1580 }
webmaster@1 1581 if (isset($edit['roles'])) {
webmaster@1 1582 $edit['roles'] = array_filter($edit['roles']);
webmaster@1 1583 }
webmaster@1 1584 }
webmaster@1 1585
webmaster@1 1586 /**
webmaster@1 1587 * Delete a user.
webmaster@1 1588 *
webmaster@1 1589 * @param $edit An array of submitted form values.
webmaster@1 1590 * @param $uid The user ID of the user to delete.
webmaster@1 1591 */
webmaster@1 1592 function user_delete($edit, $uid) {
webmaster@1 1593 $account = user_load(array('uid' => $uid));
webmaster@1 1594 sess_destroy_uid($uid);
webmaster@1 1595 _user_mail_notify('status_deleted', $account);
webmaster@1 1596 db_query('DELETE FROM {users} WHERE uid = %d', $uid);
webmaster@1 1597 db_query('DELETE FROM {users_roles} WHERE uid = %d', $uid);
webmaster@1 1598 db_query('DELETE FROM {authmap} WHERE uid = %d', $uid);
webmaster@1 1599 $variables = array('%name' => $account->name, '%email' => '<'. $account->mail .'>');
webmaster@1 1600 watchdog('user', 'Deleted user: %name %email.', $variables, WATCHDOG_NOTICE);
webmaster@1 1601 module_invoke_all('user', 'delete', $edit, $account);
webmaster@1 1602 }
webmaster@1 1603
webmaster@1 1604 /**
webmaster@1 1605 * Builds a structured array representing the profile content.
webmaster@1 1606 *
webmaster@1 1607 * @param $account
webmaster@1 1608 * A user object.
webmaster@1 1609 *
webmaster@1 1610 * @return
webmaster@1 1611 * A structured array containing the individual elements of the profile.
webmaster@1 1612 */
webmaster@1 1613 function user_build_content(&$account) {
webmaster@1 1614 $edit = NULL;
webmaster@1 1615 user_module_invoke('view', $edit, $account);
webmaster@1 1616 // Allow modules to modify the fully-built profile.
webmaster@1 1617 drupal_alter('profile', $account);
webmaster@1 1618
webmaster@1 1619 return $account->content;
webmaster@1 1620 }
webmaster@1 1621
webmaster@1 1622 /**
webmaster@1 1623 * Implementation of hook_mail().
webmaster@1 1624 */
webmaster@1 1625 function user_mail($key, &$message, $params) {
webmaster@1 1626 $language = $message['language'];
webmaster@1 1627 $variables = user_mail_tokens($params['account'], $language);
webmaster@1 1628 $message['subject'] .= _user_mail_text($key .'_subject', $language, $variables);
webmaster@1 1629 $message['body'][] = _user_mail_text($key .'_body', $language, $variables);
webmaster@1 1630 }
webmaster@1 1631
webmaster@1 1632 /**
webmaster@1 1633 * Returns a mail string for a variable name.
webmaster@1 1634 *
webmaster@1 1635 * Used by user_mail() and the settings forms to retrieve strings.
webmaster@1 1636 */
webmaster@1 1637 function _user_mail_text($key, $language = NULL, $variables = array()) {
webmaster@1 1638 $langcode = isset($language) ? $language->language : NULL;
webmaster@1 1639
webmaster@1 1640 if ($admin_setting = variable_get('user_mail_'. $key, FALSE)) {
webmaster@1 1641 // An admin setting overrides the default string.
webmaster@1 1642 return strtr($admin_setting, $variables);
webmaster@1 1643 }
webmaster@1 1644 else {
webmaster@1 1645 // No override, return default string.
webmaster@1 1646 switch ($key) {
webmaster@1 1647 case 'register_no_approval_required_subject':
webmaster@1 1648 return t('Account details for !username at !site', $variables, $langcode);
webmaster@1 1649 case 'register_no_approval_required_body':
webmaster@1 1650 return t("!username,\n\nThank you for registering at !site. You may now log in to !login_uri using the following username and password:\n\nusername: !username\npassword: !password\n\nYou may also log in by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.\n\n\n-- !site team", $variables, $langcode);
webmaster@1 1651 case 'register_admin_created_subject':
webmaster@1 1652 return t('An administrator created an account for you at !site', $variables, $langcode);
webmaster@1 1653 case 'register_admin_created_body':
webmaster@1 1654 return t("!username,\n\nA site administrator at !site has created an account for you. You may now log in to !login_uri using the following username and password:\n\nusername: !username\npassword: !password\n\nYou may also log in by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.\n\n\n-- !site team", $variables, $langcode);
webmaster@1 1655 case 'register_pending_approval_subject':
webmaster@7 1656 case 'register_pending_approval_admin_subject':
webmaster@1 1657 return t('Account details for !username at !site (pending admin approval)', $variables, $langcode);
webmaster@1 1658 case 'register_pending_approval_body':
webmaster@1 1659 return t("!username,\n\nThank you for registering at !site. Your application for an account is currently pending approval. Once it has been approved, you will receive another e-mail containing information about how to log in, set your password, and other details.\n\n\n-- !site team", $variables, $langcode);
webmaster@1 1660 case 'register_pending_approval_admin_body':
webmaster@1 1661 return t("!username has applied for an account.\n\n!edit_uri", $variables, $langcode);
webmaster@1 1662 case 'password_reset_subject':
webmaster@1 1663 return t('Replacement login information for !username at !site', $variables, $langcode);
webmaster@1 1664 case 'password_reset_body':
webmaster@1 1665 return t("!username,\n\nA request to reset the password for your account has been made at !site.\n\nYou may now log in to !uri_brief by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once. It expires after one day and nothing will happen if it's not used.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.", $variables, $langcode);
webmaster@1 1666 case 'status_activated_subject':
webmaster@1 1667 return t('Account details for !username at !site (approved)', $variables, $langcode);
webmaster@1 1668 case 'status_activated_body':
webmaster@1 1669 return t("!username,\n\nYour account at !site has been activated.\n\nYou may now log in by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.\n\nOnce you have set your own password, you will be able to log in to !login_uri in the future using:\n\nusername: !username\n", $variables, $langcode);
webmaster@1 1670 case 'status_blocked_subject':
webmaster@1 1671 return t('Account details for !username at !site (blocked)', $variables, $langcode);
webmaster@1 1672 case 'status_blocked_body':
webmaster@1 1673 return t("!username,\n\nYour account on !site has been blocked.", $variables, $langcode);
webmaster@1 1674 case 'status_deleted_subject':
webmaster@1 1675 return t('Account details for !username at !site (deleted)', $variables, $langcode);
webmaster@1 1676 case 'status_deleted_body':
webmaster@1 1677 return t("!username,\n\nYour account on !site has been deleted.", $variables, $langcode);
webmaster@1 1678 }
webmaster@1 1679 }
webmaster@1 1680 }
webmaster@1 1681
webmaster@1 1682 /*** Administrative features ***********************************************/
webmaster@1 1683
webmaster@1 1684 /**
webmaster@1 1685 * Retrieve an array of roles matching specified conditions.
webmaster@1 1686 *
webmaster@1 1687 * @param $membersonly
webmaster@1 1688 * Set this to TRUE to exclude the 'anonymous' role.
webmaster@1 1689 * @param $permission
webmaster@1 1690 * A string containing a permission. If set, only roles containing that
webmaster@1 1691 * permission are returned.
webmaster@1 1692 *
webmaster@1 1693 * @return
webmaster@1 1694 * An associative array with the role id as the key and the role name as
webmaster@1 1695 * value.
webmaster@1 1696 */
webmaster@1 1697 function user_roles($membersonly = FALSE, $permission = NULL) {
webmaster@1 1698 // System roles take the first two positions.
webmaster@1 1699 $roles = array(
webmaster@1 1700 DRUPAL_ANONYMOUS_RID => NULL,
webmaster@1 1701 DRUPAL_AUTHENTICATED_RID => NULL,
webmaster@1 1702 );
webmaster@1 1703
webmaster@1 1704 if (!empty($permission)) {
webmaster@1 1705 $result = db_query("SELECT r.* FROM {role} r INNER JOIN {permission} p ON r.rid = p.rid WHERE p.perm LIKE '%%%s%%' ORDER BY r.name", $permission);
webmaster@1 1706 }
webmaster@1 1707 else {
webmaster@1 1708 $result = db_query('SELECT * FROM {role} ORDER BY name');
webmaster@1 1709 }
webmaster@1 1710
webmaster@1 1711 while ($role = db_fetch_object($result)) {
webmaster@1 1712 switch ($role->rid) {
webmaster@1 1713 // We only translate the built in role names
webmaster@1 1714 case DRUPAL_ANONYMOUS_RID:
webmaster@1 1715 if (!$membersonly) {
webmaster@1 1716 $roles[$role->rid] = t($role->name);
webmaster@1 1717 }
webmaster@1 1718 break;
webmaster@1 1719 case DRUPAL_AUTHENTICATED_RID:
webmaster@1 1720 $roles[$role->rid] = t($role->name);
webmaster@1 1721 break;
webmaster@1 1722 default:
webmaster@1 1723 $roles[$role->rid] = $role->name;
webmaster@1 1724 }
webmaster@1 1725 }
webmaster@1 1726
webmaster@1 1727 // Filter to remove unmatched system roles.
webmaster@1 1728 return array_filter($roles);
webmaster@1 1729 }
webmaster@1 1730
webmaster@1 1731 /**
webmaster@1 1732 * Implementation of hook_user_operations().
webmaster@1 1733 */
webmaster@1 1734 function user_user_operations($form_state = array()) {
webmaster@1 1735 $operations = array(
webmaster@1 1736 'unblock' => array(
webmaster@1 1737 'label' => t('Unblock the selected users'),
webmaster@1 1738 'callback' => 'user_user_operations_unblock',
webmaster@1 1739 ),
webmaster@1 1740 'block' => array(
webmaster@1 1741 'label' => t('Block the selected users'),
webmaster@1 1742 'callback' => 'user_user_operations_block',
webmaster@1 1743 ),
webmaster@1 1744 'delete' => array(
webmaster@1 1745 'label' => t('Delete the selected users'),
webmaster@1 1746 ),
webmaster@1 1747 );
webmaster@1 1748
webmaster@1 1749 if (user_access('administer permissions')) {
webmaster@1 1750 $roles = user_roles(TRUE);
webmaster@1 1751 unset($roles[DRUPAL_AUTHENTICATED_RID]); // Can't edit authenticated role.
webmaster@1 1752
webmaster@1 1753 $add_roles = array();
webmaster@1 1754 foreach ($roles as $key => $value) {
webmaster@1 1755 $add_roles['add_role-'. $key] = $value;
webmaster@1 1756 }
webmaster@1 1757
webmaster@1 1758 $remove_roles = array();
webmaster@1 1759 foreach ($roles as $key => $value) {
webmaster@1 1760 $remove_roles['remove_role-'. $key] = $value;
webmaster@1 1761 }
webmaster@1 1762
webmaster@1 1763 if (count($roles)) {
webmaster@1 1764 $role_operations = array(
webmaster@1 1765 t('Add a role to the selected users') => array(
webmaster@1 1766 'label' => $add_roles,
webmaster@1 1767 ),
webmaster@1 1768 t('Remove a role from the selected users') => array(
webmaster@1 1769 'label' => $remove_roles,
webmaster@1 1770 ),
webmaster@1 1771 );
webmaster@1 1772
webmaster@1 1773 $operations += $role_operations;
webmaster@1 1774 }
webmaster@1 1775 }
webmaster@1 1776
webmaster@1 1777 // If the form has been posted, we need to insert the proper data for
webmaster@1 1778 // role editing if necessary.
webmaster@1 1779 if (!empty($form_state['submitted'])) {
webmaster@1 1780 $operation_rid = explode('-', $form_state['values']['operation']);
webmaster@1 1781 $operation = $operation_rid[0];
webmaster@1 1782 if ($operation == 'add_role' || $operation == 'remove_role') {
webmaster@1 1783 $rid = $operation_rid[1];
webmaster@1 1784 if (user_access('administer permissions')) {
webmaster@1 1785 $operations[$form_state['values']['operation']] = array(
webmaster@1 1786 'callback' => 'user_multiple_role_edit',
webmaster@1 1787 'callback arguments' => array($operation, $rid),
webmaster@1 1788 );
webmaster@1 1789 }
webmaster@1 1790 else {
webmaster@1 1791 watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING);
webmaster@1 1792 return;
webmaster@1 1793 }
webmaster@1 1794 }
webmaster@1 1795 }
webmaster@1 1796
webmaster@1 1797 return $operations;
webmaster@1 1798 }
webmaster@1 1799
webmaster@1 1800 /**
webmaster@1 1801 * Callback function for admin mass unblocking users.
webmaster@1 1802 */
webmaster@1 1803 function user_user_operations_unblock($accounts) {
webmaster@1 1804 foreach ($accounts as $uid) {
webmaster@1 1805 $account = user_load(array('uid' => (int)$uid));
webmaster@1 1806 // Skip unblocking user if they are already unblocked.
webmaster@1 1807 if ($account !== FALSE && $account->status == 0) {
webmaster@1 1808 user_save($account, array('status' => 1));
webmaster@1 1809 }
webmaster@1 1810 }
webmaster@1 1811 }
webmaster@1 1812
webmaster@1 1813 /**
webmaster@1 1814 * Callback function for admin mass blocking users.
webmaster@1 1815 */
webmaster@1 1816 function user_user_operations_block($accounts) {
webmaster@1 1817 foreach ($accounts as $uid) {
webmaster@1 1818 $account = user_load(array('uid' => (int)$uid));
webmaster@1 1819 // Skip blocking user if they are already blocked.
webmaster@1 1820 if ($account !== FALSE && $account->status == 1) {
webmaster@1 1821 user_save($account, array('status' => 0));
webmaster@1 1822 }
webmaster@1 1823 }
webmaster@1 1824 }
webmaster@1 1825
webmaster@1 1826 /**
webmaster@1 1827 * Callback function for admin mass adding/deleting a user role.
webmaster@1 1828 */
webmaster@1 1829 function user_multiple_role_edit($accounts, $operation, $rid) {
webmaster@1 1830 // The role name is not necessary as user_save() will reload the user
webmaster@1 1831 // object, but some modules' hook_user() may look at this first.
webmaster@1 1832 $role_name = db_result(db_query('SELECT name FROM {role} WHERE rid = %d', $rid));
webmaster@1 1833
webmaster@1 1834 switch ($operation) {
webmaster@1 1835 case 'add_role':
webmaster@1 1836 foreach ($accounts as $uid) {
webmaster@1 1837 $account = user_load(array('uid' => (int)$uid));
webmaster@1 1838 // Skip adding the role to the user if they already have it.
webmaster@1 1839 if ($account !== FALSE && !isset($account->roles[$rid])) {
webmaster@1 1840 $roles = $account->roles + array($rid => $role_name);
webmaster@1 1841 user_save($account, array('roles' => $roles));
webmaster@1 1842 }
webmaster@1 1843 }
webmaster@1 1844 break;
webmaster@1 1845 case 'remove_role':
webmaster@1 1846 foreach ($accounts as $uid) {
webmaster@1 1847 $account = user_load(array('uid' => (int)$uid));
webmaster@1 1848 // Skip removing the role from the user if they already don't have it.
webmaster@1 1849 if ($account !== FALSE && isset($account->roles[$rid])) {
webmaster@1 1850 $roles = array_diff($account->roles, array($rid => $role_name));
webmaster@1 1851 user_save($account, array('roles' => $roles));
webmaster@1 1852 }
webmaster@1 1853 }
webmaster@1 1854 break;
webmaster@1 1855 }
webmaster@1 1856 }
webmaster@1 1857
webmaster@1 1858 function user_multiple_delete_confirm(&$form_state) {
webmaster@1 1859 $edit = $form_state['post'];
webmaster@1 1860
webmaster@1 1861 $form['accounts'] = array('#prefix' => '<ul>', '#suffix' => '</ul>', '#tree' => TRUE);
webmaster@1 1862 // array_filter() returns only elements with TRUE values.
webmaster@1 1863 foreach (array_filter($edit['accounts']) as $uid => $value) {
webmaster@1 1864 $user = db_result(db_query('SELECT name FROM {users} WHERE uid = %d', $uid));
webmaster@1 1865 $form['accounts'][$uid] = array('#type' => 'hidden', '#value' => $uid, '#prefix' => '<li>', '#suffix' => check_plain($user) ."</li>\n");
webmaster@1 1866 }
webmaster@1 1867 $form['operation'] = array('#type' => 'hidden', '#value' => 'delete');
webmaster@1 1868
webmaster@1 1869 return confirm_form($form,
webmaster@1 1870 t('Are you sure you want to delete these users?'),
webmaster@1 1871 'admin/user/user', t('This action cannot be undone.'),
webmaster@1 1872 t('Delete all'), t('Cancel'));
webmaster@1 1873 }
webmaster@1 1874
webmaster@1 1875 function user_multiple_delete_confirm_submit($form, &$form_state) {
webmaster@1 1876 if ($form_state['values']['confirm']) {
webmaster@1 1877 foreach ($form_state['values']['accounts'] as $uid => $value) {
webmaster@1 1878 user_delete($form_state['values'], $uid);
webmaster@1 1879 }
webmaster@1 1880 drupal_set_message(t('The users have been deleted.'));
webmaster@1 1881 }
webmaster@1 1882 $form_state['redirect'] = 'admin/user/user';
webmaster@1 1883 return;
webmaster@1 1884 }
webmaster@1 1885
webmaster@1 1886 /**
webmaster@1 1887 * Implementation of hook_help().
webmaster@1 1888 */
webmaster@1 1889 function user_help($path, $arg) {
webmaster@1 1890 global $user;
webmaster@1 1891
webmaster@1 1892 switch ($path) {
webmaster@1 1893 case 'admin/help#user':
webmaster@1 1894 $output = '<p>'. t('The user module allows users to register, login, and log out. Users benefit from being able to sign on because it associates content they create with their account and allows various permissions to be set for their roles. The user module supports user roles which establish fine grained permissions allowing each role to do only what the administrator wants them to. Each user is assigned to one or more roles. By default there are two roles <em>anonymous</em> - a user who has not logged in, and <em>authenticated</em> a user who has signed up and who has been authorized.') .'</p>';
webmaster@1 1895 $output .= '<p>'. t("Users can use their own name or handle and can specify personal configuration settings through their individual <em>My account</em> page. Users must authenticate by supplying a local username and password or through their OpenID, an optional and secure method for logging into many websites with a single username and password. In some configurations, users may authenticate using a username and password from another Drupal site, or through some other site-specific mechanism.") .'</p>';
webmaster@1 1896 $output .= '<p>'. t('A visitor accessing your website is assigned a unique ID, or session ID, which is stored in a cookie. The cookie does not contain personal information, but acts as a key to retrieve information from your site. Users should have cookies enabled in their web browser when using your site.') .'</p>';
webmaster@1 1897 $output .= '<p>'. t('For more information, see the online handbook entry for <a href="@user">User module</a>.', array('@user' => 'http://drupal.org/handbook/modules/user/')) .'</p>';
webmaster@1 1898 return $output;
webmaster@1 1899 case 'admin/user/user':
webmaster@1 1900 return '<p>'. t('Drupal allows users to register, login, log out, maintain user profiles, etc. Users of the site may not use their own names to post content until they have signed up for a user account.') .'</p>';
webmaster@1 1901 case 'admin/user/user/create':
webmaster@1 1902 case 'admin/user/user/account/create':
webmaster@1 1903 return '<p>'. t("This web page allows administrators to register new users. Users' e-mail addresses and usernames must be unique.") .'</p>';
webmaster@1 1904 case 'admin/user/rules':
webmaster@1 1905 return '<p>'. t('Set up username and e-mail address access rules for new <em>and</em> existing accounts (currently logged in accounts will not be logged out). If a username or e-mail address for an account matches any deny rule, but not an allow rule, then the account will not be allowed to be created or to log in. A host rule is effective for every page view, not just registrations.') .'</p>';
webmaster@1 1906 case 'admin/user/permissions':
webmaster@1 1907 return '<p>'. t('Permissions let you control what users can do on your site. Each user role (defined on the <a href="@role">user roles page</a>) has its own set of permissions. For example, you could give users classified as "Administrators" permission to "administer nodes" but deny this power to ordinary, "authenticated" users. You can use permissions to reveal new features to privileged users (those with subscriptions, for example). Permissions also allow trusted users to share the administrative burden of running a busy site.', array('@role' => url('admin/user/roles'))) .'</p>';
webmaster@1 1908 case 'admin/user/roles':
webmaster@1 1909 return t('<p>Roles allow you to fine tune the security and administration of Drupal. A role defines a group of users that have certain privileges as defined in <a href="@permissions">user permissions</a>. Examples of roles include: anonymous user, authenticated user, moderator, administrator and so on. In this area you will define the <em>role names</em> of the various roles. To delete a role choose "edit".</p><p>By default, Drupal comes with two user roles:</p>
webmaster@1 1910 <ul>
webmaster@1 1911 <li>Anonymous user: this role is used for users that don\'t have a user account or that are not authenticated.</li>
webmaster@1 1912 <li>Authenticated user: this role is automatically granted to all logged in users.</li>
webmaster@1 1913 </ul>', array('@permissions' => url('admin/user/permissions')));
webmaster@1 1914 case 'admin/user/search':
webmaster@1 1915 return '<p>'. t('Enter a simple pattern ("*" may be used as a wildcard match) to search for a username or e-mail address. For example, one may search for "br" and Drupal might return "brian", "brad", and "brenda@example.com".') .'</p>';
webmaster@1 1916 }
webmaster@1 1917 }
webmaster@1 1918
webmaster@1 1919 /**
webmaster@1 1920 * Retrieve a list of all user setting/information categories and sort them by weight.
webmaster@1 1921 */
webmaster@1 1922 function _user_categories($account) {
webmaster@1 1923 $categories = array();
webmaster@1 1924
webmaster@1 1925 foreach (module_list() as $module) {
webmaster@1 1926 if ($data = module_invoke($module, 'user', 'categories', NULL, $account, '')) {
webmaster@1 1927 $categories = array_merge($data, $categories);
webmaster@1 1928 }
webmaster@1 1929 }
webmaster@1 1930
webmaster@1 1931 usort($categories, '_user_sort');
webmaster@1 1932
webmaster@1 1933 return $categories;
webmaster@1 1934 }
webmaster@1 1935
webmaster@1 1936 function _user_sort($a, $b) {
webmaster@1 1937 $a = (array)$a + array('weight' => 0, 'title' => '');
webmaster@1 1938 $b = (array)$b + array('weight' => 0, 'title' => '');
webmaster@1 1939 return $a['weight'] < $b['weight'] ? -1 : ($a['weight'] > $b['weight'] ? 1 : ($a['title'] < $b['title'] ? -1 : 1));
webmaster@1 1940 }
webmaster@1 1941
webmaster@1 1942 /**
webmaster@1 1943 * List user administration filters that can be applied.
webmaster@1 1944 */
webmaster@1 1945 function user_filters() {
webmaster@1 1946 // Regular filters
webmaster@1 1947 $filters = array();
webmaster@1 1948 $roles = user_roles(TRUE);
webmaster@1 1949 unset($roles[DRUPAL_AUTHENTICATED_RID]); // Don't list authorized role.
webmaster@1 1950 if (count($roles)) {
webmaster@1 1951 $filters['role'] = array(
webmaster@1 1952 'title' => t('role'),
webmaster@1 1953 'where' => "ur.rid = %d",
webmaster@1 1954 'options' => $roles,
webmaster@1 1955 'join' => '',
webmaster@1 1956 );
webmaster@1 1957 }
webmaster@1 1958
webmaster@1 1959 $options = array();
webmaster@1 1960 foreach (module_list() as $module) {
webmaster@1 1961 if ($permissions = module_invoke($module, 'perm')) {
webmaster@1 1962 asort($permissions);
webmaster@1 1963 foreach ($permissions as $permission) {
webmaster@1 1964 $options[t('@module module', array('@module' => $module))][$permission] = t($permission);
webmaster@1 1965 }
webmaster@1 1966 }
webmaster@1 1967 }
webmaster@1 1968 ksort($options);
webmaster@1 1969 $filters['permission'] = array(
webmaster@1 1970 'title' => t('permission'),
webmaster@1 1971 'join' => 'LEFT JOIN {permission} p ON ur.rid = p.rid',
webmaster@1 1972 'where' => " ((p.perm IS NOT NULL AND p.perm LIKE '%%%s%%') OR u.uid = 1) ",
webmaster@1 1973 'options' => $options,
webmaster@1 1974 );
webmaster@1 1975
webmaster@1 1976 $filters['status'] = array(
webmaster@1 1977 'title' => t('status'),
webmaster@1 1978 'where' => 'u.status = %d',
webmaster@1 1979 'join' => '',
webmaster@1 1980 'options' => array(1 => t('active'), 0 => t('blocked')),
webmaster@1 1981 );
webmaster@1 1982 return $filters;
webmaster@1 1983 }
webmaster@1 1984
webmaster@1 1985 /**
webmaster@1 1986 * Build query for user administration filters based on session.
webmaster@1 1987 */
webmaster@1 1988 function user_build_filter_query() {
webmaster@1 1989 $filters = user_filters();
webmaster@1 1990
webmaster@1 1991 // Build query
webmaster@1 1992 $where = $args = $join = array();
webmaster@1 1993 foreach ($_SESSION['user_overview_filter'] as $filter) {
webmaster@1 1994 list($key, $value) = $filter;
webmaster@1 1995 // This checks to see if this permission filter is an enabled permission for
webmaster@1 1996 // the authenticated role. If so, then all users would be listed, and we can
webmaster@1 1997 // skip adding it to the filter query.
webmaster@1 1998 if ($key == 'permission') {
webmaster@1 1999 $account = new stdClass();
webmaster@1 2000 $account->uid = 'user_filter';
webmaster@1 2001 $account->roles = array(DRUPAL_AUTHENTICATED_RID => 1);
webmaster@1 2002 if (user_access($value, $account)) {
webmaster@1 2003 continue;
webmaster@1 2004 }
webmaster@1 2005 }
webmaster@1 2006 $where[] = $filters[$key]['where'];
webmaster@1 2007 $args[] = $value;
webmaster@1 2008 $join[] = $filters[$key]['join'];
webmaster@1 2009 }
webmaster@1 2010 $where = !empty($where) ? 'AND '. implode(' AND ', $where) : '';
webmaster@1 2011 $join = !empty($join) ? ' '. implode(' ', array_unique($join)) : '';
webmaster@1 2012
webmaster@1 2013 return array('where' => $where,
webmaster@1 2014 'join' => $join,
webmaster@1 2015 'args' => $args,
webmaster@1 2016 );
webmaster@1 2017 }
webmaster@1 2018
webmaster@1 2019 /**
webmaster@1 2020 * Implementation of hook_forms().
webmaster@1 2021 */
webmaster@1 2022 function user_forms() {
webmaster@1 2023 $forms['user_admin_access_add_form']['callback'] = 'user_admin_access_form';
webmaster@1 2024 $forms['user_admin_access_edit_form']['callback'] = 'user_admin_access_form';
webmaster@1 2025 $forms['user_admin_new_role']['callback'] = 'user_admin_role';
webmaster@1 2026 return $forms;
webmaster@1 2027 }
webmaster@1 2028
webmaster@1 2029 /**
webmaster@1 2030 * Implementation of hook_comment().
webmaster@1 2031 */
webmaster@1 2032 function user_comment(&$comment, $op) {
webmaster@1 2033 // Validate signature.
webmaster@1 2034 if ($op == 'view') {
webmaster@1 2035 if (variable_get('user_signatures', 0) && !empty($comment->signature)) {
webmaster@1 2036 $comment->signature = check_markup($comment->signature, $comment->format);
webmaster@1 2037 }
webmaster@1 2038 else {
webmaster@1 2039 $comment->signature = '';
webmaster@1 2040 }
webmaster@1 2041 }
webmaster@1 2042 }
webmaster@1 2043
webmaster@1 2044 /**
webmaster@1 2045 * Theme output of user signature.
webmaster@1 2046 *
webmaster@1 2047 * @ingroup themeable
webmaster@1 2048 */
webmaster@1 2049 function theme_user_signature($signature) {
webmaster@1 2050 $output = '';
webmaster@1 2051 if ($signature) {
webmaster@1 2052 $output .= '<div class="clear">';
webmaster@1 2053 $output .= '<div>—</div>';
webmaster@1 2054 $output .= $signature;
webmaster@1 2055 $output .= '</div>';
webmaster@1 2056 }
webmaster@1 2057
webmaster@1 2058 return $output;
webmaster@1 2059 }
webmaster@1 2060
webmaster@1 2061 /**
webmaster@1 2062 * Return an array of token to value mappings for user e-mail messages.
webmaster@1 2063 *
webmaster@1 2064 * @param $account
webmaster@1 2065 * The user object of the account being notified. Must contain at
webmaster@1 2066 * least the fields 'uid', 'name', and 'mail'.
webmaster@1 2067 * @param $language
webmaster@1 2068 * Language object to generate the tokens with.
webmaster@1 2069 * @return
webmaster@1 2070 * Array of mappings from token names to values (for use with strtr()).
webmaster@1 2071 */
webmaster@1 2072 function user_mail_tokens($account, $language) {
webmaster@1 2073 global $base_url;
webmaster@1 2074 $tokens = array(
webmaster@1 2075 '!username' => $account->name,
webmaster@1 2076 '!site' => variable_get('site_name', 'Drupal'),
webmaster@1 2077 '!login_url' => user_pass_reset_url($account),
webmaster@1 2078 '!uri' => $base_url,
webmaster@11 2079 '!uri_brief' => preg_replace('!^https?://!', '', $base_url),
webmaster@1 2080 '!mailto' => $account->mail,
webmaster@1 2081 '!date' => format_date(time(), 'medium', '', NULL, $language->language),
webmaster@1 2082 '!login_uri' => url('user', array('absolute' => TRUE, 'language' => $language)),
webmaster@1 2083 '!edit_uri' => url('user/'. $account->uid .'/edit', array('absolute' => TRUE, 'language' => $language)),
webmaster@1 2084 );
webmaster@1 2085 if (!empty($account->password)) {
webmaster@1 2086 $tokens['!password'] = $account->password;
webmaster@1 2087 }
webmaster@1 2088 return $tokens;
webmaster@1 2089 }
webmaster@1 2090
webmaster@1 2091 /**
webmaster@1 2092 * Get the language object preferred by the user. This user preference can
webmaster@1 2093 * be set on the user account editing page, and is only available if there
webmaster@1 2094 * are more than one languages enabled on the site. If the user did not
webmaster@1 2095 * choose a preferred language, or is the anonymous user, the $default
webmaster@1 2096 * value, or if it is not set, the site default language will be returned.
webmaster@1 2097 *
webmaster@1 2098 * @param $account
webmaster@1 2099 * User account to look up language for.
webmaster@1 2100 * @param $default
webmaster@1 2101 * Optional default language object to return if the account
webmaster@1 2102 * has no valid language.
webmaster@1 2103 */
webmaster@1 2104 function user_preferred_language($account, $default = NULL) {
webmaster@1 2105 $language_list = language_list();
webmaster@1 2106 if ($account->language && isset($language_list[$account->language])) {
webmaster@1 2107 return $language_list[$account->language];
webmaster@1 2108 }
webmaster@1 2109 else {
webmaster@1 2110 return $default ? $default : language_default();
webmaster@1 2111 }
webmaster@1 2112 }
webmaster@1 2113
webmaster@1 2114 /**
webmaster@1 2115 * Conditionally create and send a notification email when a certain
webmaster@1 2116 * operation happens on the given user account.
webmaster@1 2117 *
webmaster@1 2118 * @see user_mail_tokens()
webmaster@1 2119 * @see drupal_mail()
webmaster@1 2120 *
webmaster@1 2121 * @param $op
webmaster@1 2122 * The operation being performed on the account. Possible values:
webmaster@1 2123 * 'register_admin_created': Welcome message for user created by the admin
webmaster@1 2124 * 'register_no_approval_required': Welcome message when user self-registers
webmaster@1 2125 * 'register_pending_approval': Welcome message, user pending admin approval
webmaster@1 2126 * 'password_reset': Password recovery request
webmaster@1 2127 * 'status_activated': Account activated
webmaster@1 2128 * 'status_blocked': Account blocked
webmaster@1 2129 * 'status_deleted': Account deleted
webmaster@1 2130 *
webmaster@1 2131 * @param $account
webmaster@1 2132 * The user object of the account being notified. Must contain at
webmaster@1 2133 * least the fields 'uid', 'name', and 'mail'.
webmaster@1 2134 * @param $language
webmaster@1 2135 * Optional language to use for the notification, overriding account language.
webmaster@1 2136 * @return
webmaster@1 2137 * The return value from drupal_mail_send(), if ends up being called.
webmaster@1 2138 */
webmaster@1 2139 function _user_mail_notify($op, $account, $language = NULL) {
webmaster@1 2140 // By default, we always notify except for deleted and blocked.
webmaster@1 2141 $default_notify = ($op != 'status_deleted' && $op != 'status_blocked');
webmaster@1 2142 $notify = variable_get('user_mail_'. $op .'_notify', $default_notify);
webmaster@1 2143 if ($notify) {
webmaster@1 2144 $params['account'] = $account;
webmaster@1 2145 $language = $language ? $language : user_preferred_language($account);
webmaster@1 2146 $mail = drupal_mail('user', $op, $account->mail, $language, $params);
webmaster@1 2147 if ($op == 'register_pending_approval') {
webmaster@1 2148 // If a user registered requiring admin approval, notify the admin, too.
webmaster@1 2149 // We use the site default language for this.
webmaster@1 2150 drupal_mail('user', 'register_pending_approval_admin', variable_get('site_mail', ini_get('sendmail_from')), language_default(), $params);
webmaster@1 2151 }
webmaster@1 2152 }
webmaster@1 2153 return empty($mail) ? NULL : $mail['result'];
webmaster@1 2154 }
webmaster@1 2155
webmaster@1 2156 /**
webmaster@1 2157 * Add javascript and string translations for dynamic password validation
webmaster@1 2158 * (strength and confirmation checking).
webmaster@1 2159 *
webmaster@1 2160 * This is an internal function that makes it easier to manage the translation
webmaster@1 2161 * strings that need to be passed to the javascript code.
webmaster@1 2162 */
webmaster@1 2163 function _user_password_dynamic_validation() {
webmaster@1 2164 static $complete = FALSE;
webmaster@1 2165 global $user;
webmaster@1 2166 // Only need to do once per page.
webmaster@1 2167 if (!$complete) {
webmaster@1 2168 drupal_add_js(drupal_get_path('module', 'user') .'/user.js', 'module');
webmaster@1 2169
webmaster@1 2170 drupal_add_js(array(
webmaster@1 2171 'password' => array(
webmaster@1 2172 'strengthTitle' => t('Password strength:'),
webmaster@1 2173 'lowStrength' => t('Low'),
webmaster@1 2174 'mediumStrength' => t('Medium'),
webmaster@1 2175 'highStrength' => t('High'),
webmaster@1 2176 'tooShort' => t('It is recommended to choose a password that contains at least six characters. It should include numbers, punctuation, and both upper and lowercase letters.'),
webmaster@1 2177 'needsMoreVariation' => t('The password does not include enough variation to be secure. Try:'),
webmaster@1 2178 'addLetters' => t('Adding both upper and lowercase letters.'),
webmaster@1 2179 'addNumbers' => t('Adding numbers.'),
webmaster@1 2180 'addPunctuation' => t('Adding punctuation.'),
webmaster@1 2181 'sameAsUsername' => t('It is recommended to choose a password different from the username.'),
webmaster@1 2182 'confirmSuccess' => t('Yes'),
webmaster@1 2183 'confirmFailure' => t('No'),
webmaster@1 2184 'confirmTitle' => t('Passwords match:'),
webmaster@1 2185 'username' => (isset($user->name) ? $user->name : ''))),
webmaster@1 2186 'setting');
webmaster@1 2187 $complete = TRUE;
webmaster@1 2188 }
webmaster@1 2189 }
webmaster@1 2190
webmaster@1 2191 /**
webmaster@1 2192 * Implementation of hook_hook_info().
webmaster@1 2193 */
webmaster@1 2194 function user_hook_info() {
webmaster@1 2195 return array(
webmaster@1 2196 'user' => array(
webmaster@1 2197 'user' => array(
webmaster@1 2198 'insert' => array(
webmaster@1 2199 'runs when' => t('After a user account has been created'),
webmaster@1 2200 ),
webmaster@1 2201 'update' => array(
webmaster@1 2202 'runs when' => t("After a user's profile has been updated"),
webmaster@1 2203 ),
webmaster@1 2204 'delete' => array(
webmaster@1 2205 'runs when' => t('After a user has been deleted')
webmaster@1 2206 ),
webmaster@1 2207 'login' => array(
webmaster@1 2208 'runs when' => t('After a user has logged in')
webmaster@1 2209 ),
webmaster@1 2210 'logout' => array(
webmaster@1 2211 'runs when' => t('After a user has logged out')
webmaster@1 2212 ),
webmaster@1 2213 'view' => array(
webmaster@1 2214 'runs when' => t("When a user's profile is being viewed")
webmaster@1 2215 ),
webmaster@1 2216 ),
webmaster@1 2217 ),
webmaster@1 2218 );
webmaster@1 2219 }
webmaster@1 2220
webmaster@1 2221 /**
webmaster@1 2222 * Implementation of hook_action_info().
webmaster@1 2223 */
webmaster@1 2224 function user_action_info() {
webmaster@1 2225 return array(
webmaster@1 2226 'user_block_user_action' => array(
webmaster@1 2227 'description' => t('Block current user'),
webmaster@1 2228 'type' => 'user',
webmaster@1 2229 'configurable' => FALSE,
webmaster@1 2230 'hooks' => array(),
webmaster@1 2231 ),
webmaster@1 2232 'user_block_ip_action' => array(
webmaster@1 2233 'description' => t('Ban IP address of current user'),
webmaster@1 2234 'type' => 'user',
webmaster@1 2235 'configurable' => FALSE,
webmaster@1 2236 'hooks' => array(),
webmaster@1 2237 ),
webmaster@1 2238 );
webmaster@1 2239 }
webmaster@1 2240
webmaster@1 2241 /**
webmaster@1 2242 * Implementation of a Drupal action.
webmaster@1 2243 * Blocks the current user.
webmaster@1 2244 */
webmaster@1 2245 function user_block_user_action(&$object, $context = array()) {
webmaster@1 2246 if (isset($object->uid)) {
webmaster@1 2247 $uid = $object->uid;
webmaster@1 2248 }
webmaster@1 2249 elseif (isset($context['uid'])) {
webmaster@1 2250 $uid = $context['uid'];
webmaster@1 2251 }
webmaster@1 2252 else {
webmaster@1 2253 global $user;
webmaster@1 2254 $uid = $user->uid;
webmaster@1 2255 }
webmaster@1 2256 db_query("UPDATE {users} SET status = 0 WHERE uid = %d", $uid);
webmaster@1 2257 sess_destroy_uid($uid);
webmaster@1 2258 watchdog('action', 'Blocked user %name.', array('%name' => check_plain($user->name)));
webmaster@1 2259 }
webmaster@1 2260
webmaster@1 2261 /**
webmaster@1 2262 * Implementation of a Drupal action.
webmaster@1 2263 * Adds an access rule that blocks the user's IP address.
webmaster@1 2264 */
webmaster@1 2265 function user_block_ip_action() {
webmaster@1 2266 $ip = ip_address();
webmaster@1 2267 db_query("INSERT INTO {access} (mask, type, status) VALUES ('%s', '%s', %d)", $ip, 'host', 0);
webmaster@1 2268 watchdog('action', 'Banned IP address %ip', array('%ip' => $ip));
webmaster@1 2269 }
webmaster@1 2270
webmaster@1 2271 /**
webmaster@1 2272 * Submit handler for the user registration form.
webmaster@1 2273 *
webmaster@1 2274 * This function is shared by the installation form and the normal registration form,
webmaster@1 2275 * which is why it can't be in the user.pages.inc file.
webmaster@1 2276 */
webmaster@1 2277 function user_register_submit($form, &$form_state) {
webmaster@1 2278 global $base_url;
webmaster@1 2279 $admin = user_access('administer users');
webmaster@1 2280
webmaster@1 2281 $mail = $form_state['values']['mail'];
webmaster@1 2282 $name = $form_state['values']['name'];
webmaster@1 2283 if (!variable_get('user_email_verification', TRUE) || $admin) {
webmaster@1 2284 $pass = $form_state['values']['pass'];
webmaster@1 2285 }
webmaster@1 2286 else {
webmaster@1 2287 $pass = user_password();
webmaster@1 2288 };
webmaster@1 2289 $notify = isset($form_state['values']['notify']) ? $form_state['values']['notify'] : NULL;
webmaster@1 2290 $from = variable_get('site_mail', ini_get('sendmail_from'));
webmaster@1 2291 if (isset($form_state['values']['roles'])) {
webmaster@1 2292 // Remove unset roles.
webmaster@1 2293 $roles = array_filter($form_state['values']['roles']);
webmaster@1 2294 }
webmaster@1 2295 else {
webmaster@1 2296 $roles = array();
webmaster@1 2297 }
webmaster@1 2298
webmaster@1 2299 if (!$admin && array_intersect(array_keys($form_state['values']), array('uid', 'roles', 'init', 'session', 'status'))) {
webmaster@1 2300 watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING);
webmaster@1 2301 $form_state['redirect'] = 'user/register';
webmaster@1 2302 return;
webmaster@1 2303 }
webmaster@1 2304 // The unset below is needed to prevent these form values from being saved as
webmaster@1 2305 // user data.
webmaster@1 2306 unset($form_state['values']['form_token'], $form_state['values']['submit'], $form_state['values']['op'], $form_state['values']['notify'], $form_state['values']['form_id'], $form_state['values']['affiliates'], $form_state['values']['destination']);
webmaster@1 2307
webmaster@1 2308 $merge_data = array('pass' => $pass, 'init' => $mail, 'roles' => $roles);
webmaster@1 2309 if (!$admin) {
webmaster@1 2310 // Set the user's status because it was not displayed in the form.
webmaster@1 2311 $merge_data['status'] = variable_get('user_register', 1) == 1;
webmaster@1 2312 }
webmaster@1 2313 $account = user_save('', array_merge($form_state['values'], $merge_data));
webmaster@1 2314 // Terminate if an error occured during user_save().
webmaster@1 2315 if (!$account) {
webmaster@1 2316 drupal_set_message(t("Error saving user account."), 'error');
webmaster@1 2317 $form_state['redirect'] = '';
webmaster@1 2318 return;
webmaster@1 2319 }
webmaster@1 2320 $form_state['user'] = $account;
webmaster@1 2321
webmaster@1 2322 watchdog('user', 'New user: %name (%email).', array('%name' => $name, '%email' => $mail), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $account->uid .'/edit'));
webmaster@1 2323
webmaster@1 2324 // The first user may login immediately, and receives a customized welcome e-mail.
webmaster@1 2325 if ($account->uid == 1) {
webmaster@1 2326 drupal_set_message(t('Welcome to Drupal. You are now logged in as user #1, which gives you full control over your website.'));
webmaster@1 2327 if (variable_get('user_email_verification', TRUE)) {
webmaster@1 2328 drupal_set_message(t('</p><p> Your password is <strong>%pass</strong>. You may change your password below.</p>', array('%pass' => $pass)));
webmaster@1 2329 }
webmaster@1 2330
webmaster@1 2331 user_authenticate(array_merge($form_state['values'], $merge_data));
webmaster@1 2332
webmaster@1 2333 $form_state['redirect'] = 'user/1/edit';
webmaster@1 2334 return;
webmaster@1 2335 }
webmaster@1 2336 else {
webmaster@1 2337 // Add plain text password into user account to generate mail tokens.
webmaster@1 2338 $account->password = $pass;
webmaster@1 2339 if ($admin && !$notify) {
webmaster@1 2340 drupal_set_message(t('Created a new user account for <a href="@url">%name</a>. No e-mail has been sent.', array('@url' => url("user/$account->uid"), '%name' => $account->name)));
webmaster@1 2341 }
webmaster@1 2342 else if (!variable_get('user_email_verification', TRUE) && $account->status && !$admin) {
webmaster@1 2343 // No e-mail verification is required, create new user account, and login
webmaster@1 2344 // user immediately.
webmaster@1 2345 _user_mail_notify('register_no_approval_required', $account);
webmaster@1 2346 if (user_authenticate(array_merge($form_state['values'], $merge_data))) {
webmaster@1 2347 drupal_set_message(t('Registration successful. You are now logged in.'));
webmaster@1 2348 }
webmaster@1 2349 $form_state['redirect'] = '';
webmaster@1 2350 return;
webmaster@1 2351 }
webmaster@1 2352 else if ($account->status || $notify) {
webmaster@1 2353 // Create new user account, no administrator approval required.
webmaster@1 2354 $op = $notify ? 'register_admin_created' : 'register_no_approval_required';
webmaster@1 2355 _user_mail_notify($op, $account);
webmaster@1 2356 if ($notify) {
webmaster@1 2357 drupal_set_message(t('Password and further instructions have been e-mailed to the new user <a href="@url">%name</a>.', array('@url' => url("user/$account->uid"), '%name' => $account->name)));
webmaster@1 2358 }
webmaster@1 2359 else {
webmaster@1 2360 drupal_set_message(t('Your password and further instructions have been sent to your e-mail address.'));
webmaster@1 2361 $form_state['redirect'] = '';
webmaster@1 2362 return;
webmaster@1 2363 }
webmaster@1 2364 }
webmaster@1 2365 else {
webmaster@1 2366 // Create new user account, administrator approval required.
webmaster@1 2367 _user_mail_notify('register_pending_approval', $account);
webmaster@1 2368 drupal_set_message(t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.<br />In the meantime, a welcome message with further instructions has been sent to your e-mail address.'));
webmaster@1 2369 $form_state['redirect'] = '';
webmaster@1 2370 return;
webmaster@1 2371
webmaster@1 2372 }
webmaster@1 2373 }
webmaster@1 2374 }
webmaster@1 2375
webmaster@1 2376 /**
webmaster@1 2377 * Form builder; The user registration form.
webmaster@1 2378 *
webmaster@1 2379 * @ingroup forms
webmaster@1 2380 * @see user_register_validate()
webmaster@1 2381 * @see user_register_submit()
webmaster@1 2382 */
webmaster@1 2383 function user_register() {
webmaster@1 2384 global $user;
webmaster@1 2385
webmaster@1 2386 $admin = user_access('administer users');
webmaster@1 2387
webmaster@1 2388 // If we aren't admin but already logged on, go to the user page instead.
webmaster@1 2389 if (!$admin && $user->uid) {
webmaster@1 2390 drupal_goto('user/'. $user->uid);
webmaster@1 2391 }
webmaster@1 2392
webmaster@1 2393 $form = array();
webmaster@1 2394
webmaster@1 2395 // Display the registration form.
webmaster@1 2396 if (!$admin) {
webmaster@1 2397 $form['user_registration_help'] = array('#value' => filter_xss_admin(variable_get('user_registration_help', '')));
webmaster@1 2398 }
webmaster@1 2399
webmaster@1 2400 // Merge in the default user edit fields.
webmaster@1 2401 $form = array_merge($form, user_edit_form($form_state, NULL, NULL, TRUE));
webmaster@1 2402 if ($admin) {
webmaster@1 2403 $form['account']['notify'] = array(
webmaster@1 2404 '#type' => 'checkbox',
webmaster@1 2405 '#title' => t('Notify user of new account')
webmaster@1 2406 );
webmaster@1 2407 // Redirect back to page which initiated the create request;
webmaster@1 2408 // usually admin/user/user/create.
webmaster@1 2409 $form['destination'] = array('#type' => 'hidden', '#value' => $_GET['q']);
webmaster@1 2410 }
webmaster@1 2411
webmaster@1 2412 // Create a dummy variable for pass-by-reference parameters.
webmaster@1 2413 $null = NULL;
webmaster@1 2414 $extra = _user_forms($null, NULL, NULL, 'register');
webmaster@1 2415
webmaster@1 2416 // Remove form_group around default fields if there are no other groups.
webmaster@1 2417 if (!$extra) {
webmaster@1 2418 foreach (array('name', 'mail', 'pass', 'status', 'roles', 'notify') as $key) {
webmaster@1 2419 if (isset($form['account'][$key])) {
webmaster@1 2420 $form[$key] = $form['account'][$key];
webmaster@1 2421 }
webmaster@1 2422 }
webmaster@1 2423 unset($form['account']);
webmaster@1 2424 }
webmaster@1 2425 else {
webmaster@1 2426 $form = array_merge($form, $extra);
webmaster@1 2427 }
webmaster@1 2428
webmaster@1 2429 if (variable_get('configurable_timezones', 1)) {
webmaster@1 2430 // Override field ID, so we only change timezone on user registration,
webmaster@1 2431 // and never touch it on user edit pages.
webmaster@1 2432 $form['timezone'] = array(
webmaster@1 2433 '#type' => 'hidden',
webmaster@1 2434 '#default_value' => variable_get('date_default_timezone', NULL),
webmaster@1 2435 '#id' => 'edit-user-register-timezone',
webmaster@1 2436 );
webmaster@1 2437
webmaster@1 2438 // Add the JavaScript callback to automatically set the timezone.
webmaster@1 2439 drupal_add_js('
webmaster@1 2440 // Global Killswitch
webmaster@1 2441 if (Drupal.jsEnabled) {
webmaster@1 2442 $(document).ready(function() {
webmaster@1 2443 Drupal.setDefaultTimezone();
webmaster@1 2444 });
webmaster@1 2445 }', 'inline');
webmaster@1 2446 }
webmaster@1 2447
webmaster@1 2448 $form['submit'] = array('#type' => 'submit', '#value' => t('Create new account'), '#weight' => 30);
webmaster@1 2449 $form['#validate'][] = 'user_register_validate';
webmaster@1 2450
webmaster@1 2451 return $form;
webmaster@1 2452 }
webmaster@1 2453
webmaster@1 2454 function user_register_validate($form, &$form_state) {
webmaster@1 2455 user_module_invoke('validate', $form_state['values'], $form_state['values'], 'account');
webmaster@1 2456 }
webmaster@1 2457
webmaster@1 2458 /**
webmaster@1 2459 * Retrieve a list of all form elements for the specified category.
webmaster@1 2460 */
webmaster@1 2461 function _user_forms(&$edit, $account, $category, $hook = 'form') {
webmaster@1 2462 $groups = array();
webmaster@1 2463 foreach (module_list() as $module) {
webmaster@1 2464 if ($data = module_invoke($module, 'user', $hook, $edit, $account, $category)) {
webmaster@1 2465 $groups = array_merge_recursive($data, $groups);
webmaster@1 2466 }
webmaster@1 2467 }
webmaster@1 2468 uasort($groups, '_user_sort');
webmaster@1 2469
webmaster@1 2470 return empty($groups) ? FALSE : $groups;
webmaster@1 2471 }