user.module 114 KB
Newer Older
Dries Buytaert's avatar
   
Dries Buytaert committed
1
2
3
<?php
// $Id$

Dries Buytaert's avatar
   
Dries Buytaert committed
4
5
6
7
8
/**
 * @file
 * Enables the user registration and login system.
 */

9
10
11
define('USERNAME_MAX_LENGTH', 60);
define('EMAIL_MAX_LENGTH', 64);

12
13
14
/**
 * Invokes hook_user() in every module.
 *
15
 * We cannot use module_invoke() for this, because the arguments need to
16
17
 * be passed by reference.
 */
18
function user_module_invoke($type, &$array, &$user, $category = NULL) {
Dries Buytaert's avatar
   
Dries Buytaert committed
19
20
  foreach (module_list() as $module) {
    $function = $module .'_user';
21
22
23
    if (function_exists($function)) {
      $function($type, $array, $user, $category);
    }
Dries Buytaert's avatar
   
Dries Buytaert committed
24
25
26
  }
}

27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
/**
 * Implementation of hook_theme()
 */
function user_theme() {
  return array(
    'user_picture' => array(
      'arguments' => array('account' => NULL),
    ),
    'user_profile' => array(
      'arguments' => array('account' => NULL, 'fields' => NULL),
    ),
    'user_list' => array(
      'arguments' => array('users' => NULL, 'title' => NULL),
    ),
    'user_admin_perm' => array(
      'arguments' => array('form' => NULL),
    ),
    'user_admin_new_role' => array(
      'arguments' => array('form' => NULL),
    ),
    'user_admin_account' => array(
      'arguments' => array('form' => NULL),
    ),
    'user_filter_form' => array(
      'arguments' => array('form' => NULL),
    ),
    'user_filters' => array(
      'arguments' => array('form' => NULL),
    ),
56
57
58
    'user_signature' => array(
      'arguments' => array('signature' => NULL),
    ),
59
60
61
  );
}

Dries Buytaert's avatar
   
Dries Buytaert committed
62
function user_external_load($authname) {
Dries Buytaert's avatar
   
Dries Buytaert committed
63
  $result = db_query("SELECT uid FROM {authmap} WHERE authname = '%s'", $authname);
Dries Buytaert's avatar
   
Dries Buytaert committed
64

65
  if ($user = db_fetch_array($result)) {
Dries Buytaert's avatar
   
Dries Buytaert committed
66
    return user_load($user);
Dries Buytaert's avatar
   
Dries Buytaert committed
67
68
69
70
71
72
  }
  else {
    return 0;
  }
}

73
74
75
76
77
/**
 * Fetch a user object.
 *
 * @param $array
 *   An associative array of attributes to search for in selecting the
78
 *   user, such as user name or e-mail address.
79
80
 *
 * @return
81
 *   A fully-loaded $user object upon successful user load or FALSE if user cannot be loaded.
82
 */
Dries Buytaert's avatar
   
Dries Buytaert committed
83
function user_load($array = array()) {
84
  // Dynamically compose a SQL query:
85
  $query = array();
86
  $params = array();
87

88
89
90
91
  if (is_numeric($array)) {
    $array = array('uid' => $array);
  }

Dries Buytaert's avatar
   
Dries Buytaert committed
92
  foreach ($array as $key => $value) {
93
94
    if ($key == 'uid' || $key == 'status') {
      $query[] = "$key = %d";
95
      $params[] = $value;
96
    }
97
98
99
100
    else if ($key == 'pass') {
      $query[] = "pass = '%s'";
      $params[] = md5($value);
    }
Dries Buytaert's avatar
   
Dries Buytaert committed
101
    else {
102
      $query[]= "LOWER($key) = LOWER('%s')";
103
      $params[] = $value;
Dries Buytaert's avatar
   
Dries Buytaert committed
104
105
    }
  }
106
  $result = db_query('SELECT * FROM {users} u WHERE '. implode(' AND ', $query), $params);
Dries Buytaert's avatar
   
Dries Buytaert committed
107

108
109
110
  if (db_num_rows($result)) {
    $user = db_fetch_object($result);
    $user = drupal_unpack($user);
Dries Buytaert's avatar
   
Dries Buytaert committed
111

112
    $user->roles = array();
113
114
115
116
117
118
    if ($user->uid) {
      $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
    }
    else {
      $user->roles[DRUPAL_ANONYMOUS_RID] = 'anonymous user';
    }
119
120
121
122
    $result = db_query('SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
    while ($role = db_fetch_object($result)) {
      $user->roles[$role->rid] = $role->name;
    }
123
    user_module_invoke('load', $array, $user);
124
125
  }
  else {
126
    $user = FALSE;
Dries Buytaert's avatar
   
Dries Buytaert committed
127
  }
Dries Buytaert's avatar
   
Dries Buytaert committed
128
129
130
131

  return $user;
}

132
/**
133
 * Save changes to a user account or add a new user.
134
135
 *
 * @param $account
136
137
 *   The $user object for the user to modify or add. If $user->uid is
 *   omitted, a new user will be added.
138
139
140
 *
 * @param $array
 *   An array of fields and values to save. For example array('name' => 'My name');
141
 *   Setting a field to NULL deletes it from the data column.
142
143
144
145
 *
 * @param $category
 *   (optional) The category for storing profile information in.
 */
146
function user_save($account, $array = array(), $category = 'account') {
147
  // Dynamically compose a SQL query:
148
  $user_fields = user_fields();
149
  if (is_object($account) && $account->uid) {
150
    user_module_invoke('update', $array, $account, $category);
151
    $query = '';
152
    $data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid)));
Dries Buytaert's avatar
   
Dries Buytaert committed
153
    foreach ($array as $key => $value) {
154
      if ($key == 'pass' && !empty($value)) {
Dries Buytaert's avatar
   
Dries Buytaert committed
155
156
        $query .= "$key = '%s', ";
        $v[] = md5($value);
Dries Buytaert's avatar
   
Dries Buytaert committed
157
      }
158
      else if ((substr($key, 0, 4) !== 'auth') && ($key != 'pass')) {
159
        if (in_array($key, $user_fields)) {
160
          // Save standard fields
Dries Buytaert's avatar
   
Dries Buytaert committed
161
162
          $query .= "$key = '%s', ";
          $v[] = $value;
Dries Buytaert's avatar
   
Dries Buytaert committed
163
        }
Dries Buytaert's avatar
   
Dries Buytaert committed
164
        else if ($key != 'roles') {
165
          // Roles is a special case: it used below.
166
          if ($value === NULL) {
167
168
169
170
171
            unset($data[$key]);
          }
          else {
            $data[$key] = $value;
          }
Dries Buytaert's avatar
   
Dries Buytaert committed
172
        }
Dries Buytaert's avatar
   
Dries Buytaert committed
173
174
      }
    }
175
    $query .= "data = '%s' ";
Dries Buytaert's avatar
   
Dries Buytaert committed
176
    $v[] = serialize($data);
Dries Buytaert's avatar
   
Dries Buytaert committed
177

178
    db_query("UPDATE {users} SET $query WHERE uid = %d", array_merge($v, array($account->uid)));
Dries Buytaert's avatar
   
Dries Buytaert committed
179

180
    // Reload user roles if provided
181
    if (isset($array['roles']) && is_array($array['roles'])) {
182
      db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
Dries Buytaert's avatar
   
Dries Buytaert committed
183

184
      foreach (array_keys($array['roles']) as $rid) {
185
186
187
        if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
          db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $account->uid, $rid);
        }
188
      }
Dries Buytaert's avatar
   
Dries Buytaert committed
189
190
    }

191
    // Delete a blocked user's sessions to kick them if they are online.
192
    if (isset($array['status']) && $array['status'] == 0) {
193
      sess_destroy_uid($account->uid);
194
195
    }

196
    // Refresh user object
Dries Buytaert's avatar
   
Dries Buytaert committed
197
    $user = user_load(array('uid' => $account->uid));
198
    user_module_invoke('after_update', $array, $user, $category);
Dries Buytaert's avatar
   
Dries Buytaert committed
199
200
  }
  else {
201
    $array['uid'] = db_next_id('{users}_uid');
Dries Buytaert's avatar
   
Dries Buytaert committed
202

203
204
205
206
    if (!isset($array['created'])) {    // Allow 'created' to be set by hook_auth
      $array['created'] = time();
    }

207
208
209
    // Note, we wait with saving the data column to prevent module-handled
    // fields from being saved there. We cannot invoke hook_user('insert') here
    // because we don't have a fully initialized user object yet.
Dries Buytaert's avatar
   
Dries Buytaert committed
210
    foreach ($array as $key => $value) {
211
      switch ($key) {
212
213
214
        case 'pass':
          $fields[] = $key;
          $values[] = md5($value);
Dries Buytaert's avatar
   
Dries Buytaert committed
215
          $s[] = "'%s'";
216
          break;
217
218
219
220
221
222
223
224
225
226
227
228
229
230
        case 'uid':        case 'mode':     case 'sort':
        case 'threshold':  case 'created':  case 'access':
        case 'login':      case 'status':
          $fields[] = $key;
          $values[] = $value;
          $s[] = "%d";
          break;
        default:
          if (substr($key, 0, 4) !== 'auth' && in_array($key, $user_fields)) {
            $fields[] = $key;
            $values[] = $value;
            $s[] = "'%s'";
          }
          break;
Dries Buytaert's avatar
   
Dries Buytaert committed
231
232
      }
    }
233
    db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
Dries Buytaert's avatar
   
Dries Buytaert committed
234

235
236
    // Build the initial user object.
    $user = user_load(array('uid' => $array['uid']));
Dries Buytaert's avatar
   
Dries Buytaert committed
237

238
239
240
241
242
    user_module_invoke('insert', $array, $user, $category);

    // Build and save the serialized data field now
    $data = array();
    foreach ($array as $key => $value) {
243
      if ((substr($key, 0, 4) !== 'auth') && ($key != 'roles') && (!in_array($key, $user_fields)) && ($value !== NULL)) {
244
245
246
247
248
        $data[$key] = $value;
      }
    }
    db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid);

249
    // Save user roles (delete just to be safe).
250
251
252
253
254
255
    if (is_array($array['roles'])) {
      db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
      foreach (array_keys($array['roles']) as $rid) {
        if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
          db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
        }
256
257
258
      }
    }

259
260
    // Build the finished user object.
    $user = user_load(array('uid' => $array['uid']));
Dries Buytaert's avatar
   
Dries Buytaert committed
261
262
  }

263
  // Save distributed authentication mappings
264
  $authmaps = array();
Dries Buytaert's avatar
   
Dries Buytaert committed
265
  foreach ($array as $key => $value) {
Dries Buytaert's avatar
   
Dries Buytaert committed
266
    if (substr($key, 0, 4) == 'auth') {
Dries Buytaert's avatar
   
Dries Buytaert committed
267
268
269
      $authmaps[$key] = $value;
    }
  }
270
  if (sizeof($authmaps) > 0) {
Dries Buytaert's avatar
   
Dries Buytaert committed
271
    user_set_authmaps($user, $authmaps);
Dries Buytaert's avatar
   
Dries Buytaert committed
272
273
274
275
276
  }

  return $user;
}

277
278
279
/**
 * Verify the syntax of the given name.
 */
Dries Buytaert's avatar
   
Dries Buytaert committed
280
function user_validate_name($name) {
281
  if (!strlen($name)) return t('You must enter a username.');
282
283
  if (substr($name, 0, 1) == ' ') return t('The username cannot begin with a space.');
  if (substr($name, -1) == ' ') return t('The username cannot end with a space.');
284
  if (strpos($name, '  ') !== FALSE) return t('The username cannot contain multiple spaces in a row.');
285
  if (ereg("[^\x80-\xF7 [:alnum:]@_.-]", $name)) return t('The username contains an illegal character.');
286
287
288
289
290
291
292
  if (preg_match('/[\x{80}-\x{A0}'.          // Non-printable ISO-8859-1 + NBSP
                   '\x{AD}'.                 // Soft-hyphen
                   '\x{2000}-\x{200F}'.      // Various space characters
                   '\x{2028}-\x{202F}'.      // Bidirectional text overrides
                   '\x{205F}-\x{206F}'.      // Various text hinting characters
                   '\x{FEFF}'.               // Byte order mark
                   '\x{FF01}-\x{FF60}'.      // Full-width latin
293
294
                   '\x{FFF9}-\x{FFFD}'.      // Replacement characters
                   '\x{0}]/u',               // NULL byte
295
296
297
                   $name)) {
    return t('The username contains an illegal character.');
  }
298
  if (strpos($name, '@') !== FALSE && !eregi('@([0-9a-z](-?[0-9a-z])*.)+[a-z]{2}([zmuvtg]|fo|me)?$', $name)) return t('The username is not a valid authentication ID.');
299
  if (strlen($name) > USERNAME_MAX_LENGTH) return t('The username %name is too long: it must be %max characters or less.', array('%name' => $name, '%max' => USERNAME_MAX_LENGTH));
Dries Buytaert's avatar
   
Dries Buytaert committed
300
301
302
}

function user_validate_mail($mail) {
303
  if (!$mail) return t('You must enter an e-mail address.');
304
  if (!valid_email_address($mail)) {
305
    return t('The e-mail address %mail is not valid.', array('%mail' => $mail));
Dries Buytaert's avatar
   
Dries Buytaert committed
306
307
308
  }
}

Dries Buytaert's avatar
   
Dries Buytaert committed
309
function user_validate_picture($file, &$edit, $user) {
310
  global $form_values;
311
  // Initialize the picture:
312
  $form_values['picture'] = $user->picture;
Dries Buytaert's avatar
   
Dries Buytaert committed
313

314
315
  // Check that uploaded file is an image, with a maximum file size
  // and maximum height/width.
316
  $info = image_get_info($file->filepath);
317
  list($maxwidth, $maxheight) = explode('x', variable_get('user_picture_dimensions', '85x85'));
Dries Buytaert's avatar
   
Dries Buytaert committed
318

319
  if (!$info || !$info['extension']) {
320
    form_set_error('picture_upload', t('The uploaded file was not an image.'));
Dries Buytaert's avatar
   
Dries Buytaert committed
321
  }
322
323
  else if (image_get_toolkit()) {
    image_scale($file->filepath, $file->filepath, $maxwidth, $maxheight);
Dries Buytaert's avatar
   
Dries Buytaert committed
324
  }
325
  else if (filesize($file->filepath) > (variable_get('user_picture_file_size', '30') * 1000)) {
326
    form_set_error('picture_upload', t('The uploaded image is too large; the maximum file size is %size kB.', array('%size' => variable_get('user_picture_file_size', '30'))));
327
  }
328
  else if ($info['width'] > $maxwidth || $info['height'] > $maxheight) {
329
    form_set_error('picture_upload', t('The uploaded image is too large; the maximum dimensions are %dimensions pixels.', array('%dimensions' => variable_get('user_picture_dimensions', '85x85'))));
Dries Buytaert's avatar
   
Dries Buytaert committed
330
  }
331
332

  if (!form_get_errors()) {
333
    if ($file = file_save_upload('picture_upload', variable_get('user_picture_path', 'pictures') .'/picture-'. $user->uid .'.'. $info['extension'], 1)) {
334
      $form_values['picture'] = $file->filepath;
335
336
    }
    else {
337
      form_set_error('picture_upload', t("Failed to upload the picture image; the %directory directory doesn't exist or is not writable.", array('%directory' => variable_get('user_picture_path', 'pictures'))));
338
    }
Dries Buytaert's avatar
   
Dries Buytaert committed
339
340
341
  }
}

342
343
344
/**
 * Generate a random alphanumeric password.
 */
Dries Buytaert's avatar
   
Dries Buytaert committed
345
346
function user_password($length = 10) {
  // This variable contains the list of allowable characters for the
347
348
  // password. Note that the number 0 and the letter 'O' have been
  // removed to avoid confusion between the two. The same is true
349
350
  // of 'I', 1, and l.
  $allowable_characters = 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789';
351

352
353
  // Zero-based count of characters in the allowable list:
  $len = strlen($allowable_characters) - 1;
Dries Buytaert's avatar
   
Dries Buytaert committed
354

355
356
  // Declare the password as a blank string.
  $pass = '';
Dries Buytaert's avatar
   
Dries Buytaert committed
357

358
  // Loop the number of times specified by $length.
Dries Buytaert's avatar
   
Dries Buytaert committed
359
360
361
362
  for ($i = 0; $i < $length; $i++) {

    // Each iteration, pick a random character from the
    // allowable string and append it to the password:
363
    $pass .= $allowable_characters[mt_rand(0, $len)];
Dries Buytaert's avatar
   
Dries Buytaert committed
364
365
366
  }

  return $pass;
Dries Buytaert's avatar
   
Dries Buytaert committed
367
368
}

369
370
371
372
373
/**
 * Determine whether the user has a given privilege.
 *
 * @param $string
 *   The permission, such as "administer nodes", being checked for.
Dries Buytaert's avatar
   
Dries Buytaert committed
374
375
 * @param $account
 *   (optional) The account to check, if not given use currently logged in user.
376
377
 *
 * @return
378
 *   boolean TRUE if the current user has the requested permission.
379
380
381
382
383
 *
 * All permission checks in Drupal should go through this function. This
 * way, we guarantee consistent behavior, and ensure that the superuser
 * can perform all actions.
 */
Dries Buytaert's avatar
   
Dries Buytaert committed
384
function user_access($string, $account = NULL) {
Dries Buytaert's avatar
   
Dries Buytaert committed
385
  global $user;
Dries Buytaert's avatar
   
Dries Buytaert committed
386
  static $perm = array();
Dries Buytaert's avatar
   
Dries Buytaert committed
387

388
389
390
391
  if (is_null($account)) {
    $account = $user;
  }

392
  // User #1 has all privileges:
393
  if ($account->uid == 1) {
394
    return TRUE;
Dries Buytaert's avatar
   
Dries Buytaert committed
395
396
  }

397
398
  // To reduce the number of SQL queries, we cache the user's permissions
  // in a static variable.
399
  if (!isset($perm[$account->uid])) {
400
    $result = db_query("SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (%s)", implode(',', array_keys($account->roles)));
Dries Buytaert's avatar
   
Dries Buytaert committed
401

Steven Wittens's avatar
Steven Wittens committed
402
    $perm[$account->uid] = '';
Dries Buytaert's avatar
   
Dries Buytaert committed
403
    while ($row = db_fetch_object($result)) {
404
      $perm[$account->uid] .= "$row->perm, ";
Dries Buytaert's avatar
   
Dries Buytaert committed
405
    }
Dries Buytaert's avatar
   
Dries Buytaert committed
406
  }
407

408
  if (isset($perm[$account->uid])) {
409
    return strpos($perm[$account->uid], "$string, ") !== FALSE;
410
  }
411

412
  return FALSE;
Dries Buytaert's avatar
   
Dries Buytaert committed
413
414
}

415
416
417
/**
 * Checks for usernames blocked by user administration
 *
418
 * @return boolean TRUE for blocked users, FALSE for active
419
420
 */
function user_is_blocked($name) {
421
  $deny  = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name));
422

423
  return $deny;
424
425
}

Dries Buytaert's avatar
   
Dries Buytaert committed
426
427
function user_fields() {
  static $fields;
Dries Buytaert's avatar
   
Dries Buytaert committed
428

Dries Buytaert's avatar
   
Dries Buytaert committed
429
  if (!$fields) {
430
    $result = db_query('SELECT * FROM {users} WHERE uid = 1');
431
432
433
    if (db_num_rows($result)) {
      $fields = array_keys(db_fetch_array($result));
    }
Dries Buytaert's avatar
   
Dries Buytaert committed
434
435
    else {
      // Make sure we return the default fields at least
436
      $fields = array('uid', 'name', 'pass', 'mail', 'picture', 'mode', 'sort', 'threshold', 'theme', 'signature', 'created', 'access', 'login', 'status', 'timezone', 'language', 'init', 'data');
Dries Buytaert's avatar
   
Dries Buytaert committed
437
    }
Dries Buytaert's avatar
   
Dries Buytaert committed
438
  }
Dries Buytaert's avatar
   
Dries Buytaert committed
439

Dries Buytaert's avatar
   
Dries Buytaert committed
440
  return $fields;
Dries Buytaert's avatar
   
Dries Buytaert committed
441
442
}

443
444
445
/**
 * Implementation of hook_perm().
 */
Dries Buytaert's avatar
   
Dries Buytaert committed
446
function user_perm() {
447
  return array('administer access control', 'administer users', 'access user profiles', 'change own username');
Dries Buytaert's avatar
   
Dries Buytaert committed
448
449
}

450
451
452
453
454
/**
 * Implementation of hook_file_download().
 *
 * Ensure that user pictures (avatars) are always downloadable.
 */
Dries Buytaert's avatar
   
Dries Buytaert committed
455
function user_file_download($file) {
Steven Wittens's avatar
Steven Wittens committed
456
  if (strpos($file, variable_get('user_picture_path', 'pictures') .'/picture-') === 0) {
457
458
    $info = image_get_info(file_create_path($file));
    return array('Content-type: '. $info['mime_type']);
Dries Buytaert's avatar
   
Dries Buytaert committed
459
460
461
  }
}

462
463
464
/**
 * Implementation of hook_search().
 */
465
function user_search($op = 'search', $keys = NULL, $skip_access_check = FALSE) {
466
467
  switch ($op) {
    case 'name':
468
      if ($skip_access_check || user_access('access user profiles')) {
469
        return t('Users');
470
      }
471
    case 'search':
472
473
474
475
      if (user_access('access user profiles')) {
        $find = array();
        // Replace wildcards with MySQL/PostgreSQL wildcards.
        $keys = preg_replace('!\*+!', '%', $keys);
476
        $result = pager_query("SELECT uid, name FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
477
        while ($account = db_fetch_object($result)) {
478
          $find[] = array('title' => $account->name, 'link' => url('user/'. $account->uid, array('absolute' => TRUE)));
479
480
        }
        return $find;
481
      }
Dries Buytaert's avatar
   
Dries Buytaert committed
482
483
484
  }
}

485
486
487
/**
 * Implementation of hook_user().
 */
488
function user_user($type, &$edit, &$user, $category = NULL) {
489
  if ($type == 'view') {
490
    $items['history'] = array('title' => t('Member for'),
491
492
493
494
495
      'value' => format_interval(time() - $user->created),
      'class' => 'member',
    );

    return array(t('History') => $items);
496
  }
497
498
499
500
501
  if ($type == 'form' && $category == 'account') {
    return user_edit_form(arg(1), $edit);
  }

  if ($type == 'validate' && $category == 'account') {
502
    return _user_edit_validate(arg(1), $edit);
503
504
  }

505
506
507
508
  if ($type == 'submit' && $category == 'account') {
    return _user_edit_submit(arg(1), $edit);
  }

509
  if ($type == 'categories') {
510
    return array(array('name' => 'account', 'title' => t('Account settings'), 'weight' => 1));
511
  }
512
513
}

514
515
function user_login_block() {
  $form = array(
516
    '#action' => url($_GET['q'], array('query' => drupal_get_destination())),
517
    '#id' => 'user-login-form',
Steven Wittens's avatar
Steven Wittens committed
518
519
    '#validate' => array('user_login_validate' => array()),
    '#submit' => array('user_login_submit' => array()),
520
521
522
  );
  $form['name'] = array('#type' => 'textfield',
    '#title' => t('Username'),
523
    '#maxlength' => USERNAME_MAX_LENGTH,
524
525
526
527
528
    '#size' => 15,
    '#required' => TRUE,
  );
  $form['pass'] = array('#type' => 'password',
    '#title' => t('Password'),
529
    '#maxlength' => 60,
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
    '#size' => 15,
    '#required' => TRUE,
  );
  $form['submit'] = array('#type' => 'submit',
    '#value' => t('Log in'),
  );
  $items = array();
  if (variable_get('user_register', 1)) {
    $items[] = l(t('Create new account'), 'user/register', array('title' => t('Create a new user account.')));
  }
  $items[] = l(t('Request new password'), 'user/password', array('title' => t('Request new password via e-mail.')));
  $form['links'] = array('#value' => theme('item_list', $items));
  return $form;
}

545
546
547
/**
 * Implementation of hook_block().
 */
548
function user_block($op = 'list', $delta = 0, $edit = array()) {
Dries Buytaert's avatar
   
Dries Buytaert committed
549
550
  global $user;

551
552
553
554
555
  if ($op == 'list') {
     $blocks[0]['info'] = t('User login');
     $blocks[1]['info'] = t('Navigation');
     $blocks[2]['info'] = t('Who\'s new');
     $blocks[3]['info'] = t('Who\'s online');
556

557
     return $blocks;
558
  }
559
560
561
562
563
564
565
566
567
  else if ($op == 'configure' && $delta == 2) {
    $form['user_block_whois_new_count'] = array(
      '#type' => 'select',
      '#title' => t('Number of users to display'),
      '#default_value' => variable_get('user_block_whois_new_count', 5),
      '#options' => drupal_map_assoc(array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10)),
    );
    return $form;
  }
568
569
  else if ($op == 'configure' && $delta == 3) {
    $period = drupal_map_assoc(array(30, 60, 120, 180, 300, 600, 900, 1800, 2700, 3600, 5400, 7200, 10800, 21600, 43200, 86400), 'format_interval');
570
571
    $form['user_block_seconds_online'] = array('#type' => 'select', '#title' => t('User activity'), '#default_value' => variable_get('user_block_seconds_online', 900), '#options' => $period, '#description' => t('A user is considered online for this long after they have last viewed a page.'));
    $form['user_block_max_list_count'] = array('#type' => 'select', '#title' => t('User list length'), '#default_value' => variable_get('user_block_max_list_count', 10), '#options' => drupal_map_assoc(array(0, 5, 10, 15, 20, 25, 30, 40, 50, 75, 100)), '#description' => t('Maximum number of currently online users to display.'));
572

573
    return $form;
574
  }
575
576
577
  else if ($op == 'save' && $delta == 2) {
    variable_set('user_block_whois_new_count', $edit['user_block_whois_new_count']);
  }
578
579
580
581
582
  else if ($op == 'save' && $delta == 3) {
    variable_set('user_block_seconds_online', $edit['user_block_seconds_online']);
    variable_set('user_block_max_list_count', $edit['user_block_max_list_count']);
  }
  else if ($op == 'view') {
Dries Buytaert's avatar
   
Dries Buytaert committed
583
584
    $block = array();

Dries Buytaert's avatar
   
Dries Buytaert committed
585
586
    switch ($delta) {
      case 0:
Dries Buytaert's avatar
Dries Buytaert committed
587
588
        // For usability's sake, avoid showing two login forms on one page.
        if (!$user->uid && !(arg(0) == 'user' && !is_numeric(arg(1)))) {
Dries Buytaert's avatar
   
Dries Buytaert committed
589

590
          $block['subject'] = t('User login');
591
          $block['content'] = drupal_get_form('user_login_block');
Dries Buytaert's avatar
   
Dries Buytaert committed
592
        }
Dries Buytaert's avatar
Dries Buytaert committed
593
        return $block;
Dries Buytaert's avatar
Dries Buytaert committed
594

595
      case 1:
596
        if ($menu = menu_tree()) {
Dries Buytaert's avatar
Dries Buytaert committed
597
           $block['subject'] = $user->uid ? check_plain($user->name) : t('Navigation');
598
           $block['content'] = $menu;
Dries Buytaert's avatar
   
Dries Buytaert committed
599
        }
600
        return $block;
Dries Buytaert's avatar
Dries Buytaert committed
601

Dries Buytaert's avatar
   
Dries Buytaert committed
602
      case 2:
603
        if (user_access('access content')) {
Steven Wittens's avatar
Steven Wittens committed
604
          // Retrieve a list of new users who have subsequently accessed the site successfully.
605
          $result = db_query_range('SELECT uid, name FROM {users} WHERE status != 0 AND access != 0 ORDER BY created DESC', 0, variable_get('user_block_whois_new_count', 5));
606
          while ($account = db_fetch_object($result)) {
607
            $items[] = $account;
608
          }
609
          $output = theme('user_list', $items);
Dries Buytaert's avatar
   
Dries Buytaert committed
610

611
612
          $block['subject'] = t('Who\'s new');
          $block['content'] = $output;
613
        }
Dries Buytaert's avatar
Dries Buytaert committed
614
615
        return $block;

Dries Buytaert's avatar
   
Dries Buytaert committed
616
      case 3:
617
        if (user_access('access content')) {
618
          // Count users with activity in the past defined period.
619
          $interval = time() - variable_get('user_block_seconds_online', 900);
620

621
622
623
          // Perform database queries to gather online user lists.  We use s.timestamp
          // rather than u.access because it is much faster is much faster..
          $anonymous_count = sess_count($interval);
624
          $authenticated_users = db_query('SELECT DISTINCT u.uid, u.name FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.timestamp >= %d AND s.uid > 0 ORDER BY s.timestamp DESC', $interval);
625
          $authenticated_count = db_num_rows($authenticated_users);
Dries Buytaert's avatar
   
Dries Buytaert committed
626

627
          // Format the output with proper grammar.
628
629
          if ($anonymous_count == 1 && $authenticated_count == 1) {
            $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
Dries Buytaert's avatar
   
Dries Buytaert committed
630
631
          }
          else {
632
            $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
Dries Buytaert's avatar
   
Dries Buytaert committed
633
634
          }

635
636
          // Display a list of currently online users.
          $max_users = variable_get('user_block_max_list_count', 10);
637
          if ($authenticated_count && $max_users) {
638
            $items = array();
639

640
            while ($max_users-- && $account = db_fetch_object($authenticated_users)) {
641
642
              $items[] = $account;
            }
643

644
645
            $output .= theme('user_list', $items, t('Online users'));
          }
646

647
648
          $block['subject'] = t('Who\'s online');
          $block['content'] = $output;
Dries Buytaert's avatar
   
Dries Buytaert committed
649
        }
Dries Buytaert's avatar
   
Dries Buytaert committed
650
        return $block;
Dries Buytaert's avatar
   
Dries Buytaert committed
651
652
    }
  }
653
654
}

Dries Buytaert's avatar
   
Dries Buytaert committed
655
656
657
658
659
660
661
662
663
function theme_user_picture($account) {
  if (variable_get('user_pictures', 0)) {
    if ($account->picture && file_exists($account->picture)) {
      $picture = file_create_url($account->picture);
    }
    else if (variable_get('user_picture_default', '')) {
      $picture = variable_get('user_picture_default', '');
    }

664
    if (isset($picture)) {
665
      $alt = t("@user's picture", array('@user' => $account->name ? $account->name : variable_get('anonymous', t('Anonymous'))));
666
      $picture = theme('image', $picture, $alt, $alt, '', FALSE);
667
      if (!empty($account->uid) && user_access('access user profiles')) {
668
        $picture = l($picture, "user/$account->uid", array('attributes' => array('title' => t('View user profile.')), 'html' => TRUE));
Dries Buytaert's avatar
   
Dries Buytaert committed
669
670
671
672
673
674
675
      }

      return "<div class=\"picture\">$picture</div>";
    }
  }
}

676
677
678
/**
 * Theme a user page
 * @param $account the user object
679
680
681
682
683
 * @param $fields a multidimensional array for the fields, in the form of array (
 *   'category1' => array(item_array1, item_array2), 'category2' => array(item_array3,
 *    .. etc.). Item arrays are formatted as array(array('title' => 'item title',
 * 'value' => 'item value', 'class' => 'class-name'), ... etc.). Module names are incorporated
 * into the CSS class.
684
685
686
 *
 * @ingroup themeable
 */
687
function theme_user_profile($account, $fields) {
688
  $output = '<div class="profile">';
Dries Buytaert's avatar
   
Dries Buytaert committed
689
  $output .= theme('user_picture', $account);
690
  foreach ($fields as $category => $items) {
691
    if (strlen($category) > 0) {
692
      $output .= '<h2 class="title">'. $category .'</h2>';
693
    }
694
695
    $output .= '<dl>';
    foreach ($items as $item) {
696
      if (isset($item['title'])) {
697
        $output .= '<dt class="'. $item['class'] .'">'. $item['title'] .'</dt>';
698
699
      }
      $output .= '<dd class="'. $item['class'] .'">'. $item['value'] .'</dd>';
700
701
    }
    $output .= '</dl>';
702
  }
703
  $output .= '</div>';
Dries Buytaert's avatar
   
Dries Buytaert committed
704
705
706
707

  return $output;
}

708
709
710
711
712
713
714
/**
 * Make a list of users.
 * @param $items an array with user objects. Should contain at least the name and uid
 *
 * @ingroup themeable
 */
function theme_user_list($users, $title = NULL) {
715
716
717
718
  if (!empty($users)) {
    foreach ($users as $user) {
      $items[] = theme('username', $user);
    }
719
  }
720
  return theme('item_list', $items, $title);
Dries Buytaert's avatar
   
Dries Buytaert committed
721
722
}

723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
function user_is_anonymous() {
  return !$GLOBALS['user']->uid;
}

function user_is_logged_in() {
  return (bool)$GLOBALS['user']->uid;
}

function user_register_access() {
  return !$GLOBALS['user']->uid && variable_get('user_register', 1);
}

function user_view_access($account) {
  return $account && $account->uid &&
    (
      // Always let users view their own profile.
      ($GLOBALS['user']->uid == $account->uid) ||
      // Administrators can view all accounts.
      user_access('administer users') ||
      // The user is not blocked and logged in at least once.
      ($account->access && $account->status && user_access('access user profiles'))
    );
}

747
748
function user_edit_access($account) {
  return ($GLOBALS['user']->uid == $account->uid) || array('administer users');
749
750
751
752
753
754
755
}

function user_load_self($arg) {
  $arg[1] = user_load($GLOBALS['user']->uid);
  return $arg;
}

Dries Buytaert's avatar
   
Dries Buytaert committed
756
/**
Dries Buytaert's avatar
   
Dries Buytaert committed
757
 * Implementation of hook_menu().
Dries Buytaert's avatar
   
Dries Buytaert committed
758
 */
759
760
761
762
function user_menu() {
  $items['user/autocomplete'] = array(
    'title' => t('User autocomplete'),
    'page callback' => 'user_autocomplete',
763
    'access callback' => 'user_access',
764
765
766
    'access arguments' => array('access user profiles'),
    'type' => MENU_CALLBACK,
  );
Dries Buytaert's avatar
   
Dries Buytaert committed
767

768
  // Registration and login pages.
769
  $items['user'] = array(
770
771
772
773
    'title' => t('Log in'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_login'),
    'access callback' => 'user_is_anonymous',
774
    'type' => MENU_CALLBACK,
775
776
777
778
  );

  $items['user/login'] = array(
    'title' => t('Log in'),
779
780
    'type' => MENU_DEFAULT_LOCAL_TASK,
  );
Dries Buytaert's avatar
   
Dries Buytaert committed
781

782
783
784
785
786
787
788
789
790
791
792
793
  $items['user/register'] = array(
    'title' => t('Create new account'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_register'),
    'access callback' => 'user_register_access',
    'type' => MENU_LOCAL_TASK,
  );

  $items['user/password'] = array(
    'title' => t('Request new password'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_pass'),
794
    'access callback' => 'user_is_anonymous',
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
    'type' => MENU_LOCAL_TASK,
  );
  $items['user/reset/%/%/%'] = array(
    'title' => t('Reset password'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_pass_reset', 2, 3, 4),
    'access callback' => TRUE,
    'type' => MENU_CALLBACK,
  );
  $items['user/help'] = array(
    'title' => t('Help'),
    'page callback' => 'user_help_page',
    'type' => MENU_CALLBACK,
  );

  // Admin user pages
  $items['admin/user'] = array(
    'title' => t('User management'),
    'description' => t('Manage your site\'s users, groups and access to site features.'),
    'position' => 'left',
    'page callback' => 'system_admin_menu_block_page',
    'access arguments' => array('administer site configuration'),
  );
  $items['admin/user/user'] = array(
    'title' => t('Users'),
    'description' => t('List, add, and edit users.'),
    'page callback' => 'user_admin',
    'page arguments' => array('list'),
    'access arguments' => array('administer users'));
  $items['admin/user/user/list'] = array(
    'title' => t('List'),
    'type' => MENU_DEFAULT_LOCAL_TASK,
    'weight' => -10,
  );
  $items['admin/user/user/create'] = array(
    'title' => t('Add user'),
    'page arguments' => array('create'),
    'type' => MENU_LOCAL_TASK,
  );
  $items['admin/user/settings'] = array(
    'title' => t('User settings'),
    'description' => t('Configure default behavior of users, including registration requirements, e-mails, and user pictures.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_settings'),
  );

  // Admin access pages
  $items['admin/user/access'] = array(
    'title' => t('Access control'),
    'description' => t('Determine access to features by selecting permissions for roles.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_perm'),
    'access arguments' => array('administer access control'),
  );
  $items['admin/user/roles'] = array(
    'title' => t('Roles'),
    'description' => t('List, edit, or add user roles.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_new_role'),
    'access arguments' => array('administer access control'),
  );
  $items['admin/user/roles/edit'] = array(
    'title' => t('Edit role'),
    'page arguments' => array('user_admin_role'),
    'type' => MENU_CALLBACK,
  );
  $items['admin/user/rules'] = array(
    'title' => t('Access rules'),
    'description' => t('List and create rules to disallow usernames, e-mail addresses, and IP addresses.'),
    'page callback' => 'user_admin_access',
    'access arguments' => array('administer access control'),
  );
  $items['admin/user/rules/list'] = array(
    'title' => t('List'),
    'type' => MENU_DEFAULT_LOCAL_TASK,
    'weight' => -10,
  );
  $items['admin/user/rules/add'] = array(
    'title' => t('Add rule'),
    'page callback' => 'user_admin_access_add',
    'type' => MENU_LOCAL_TASK,
  );
  $items['admin/user/rules/check'] = array(
    'title' => t('Check rules'),
    'page callback' => 'user_admin_access_check',
    'type' => MENU_LOCAL_TASK,
  );
  $items['admin/user/rules/edit'] = array(
    'title' => t('Edit rule'),
    'page callback' => 'user_admin_access_edit',
    'type' => MENU_CALLBACK,
  );
  $items['admin/user/rules/delete'] = array(
    'title' => t('Delete rule'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_access_delete_confirm'),
    'type' => MENU_CALLBACK,
  );
Dries Buytaert's avatar
   
Dries Buytaert committed
893

894
895
896
897
898
899
900
901
  if (module_exists('search')) {
    $items['admin/user/search'] = array(
      'title' => t('Search users'),
      'description' => t('Search users by name.'),
      'page callback' => 'user_admin',
      'page arguments' => array('search'),
      'access arguments' => array('administer users'),
    );
Dries Buytaert's avatar
   
Dries Buytaert committed
902
  }
903
904
905
906
907
908
909
910

  $items['logout'] = array(
    'title' => t('Log out'),
    'access callback' => 'user_is_logged_in',
    'page callback' => 'user_logout',
    'weight' => 10,
  );

911
  $items['user/%user_current'] = array(
912
913
914
915
916
    'title' => t('My account'),
    'page callback' => 'user_view',
    'page arguments' => array(1),
    'access callback' => 'user_view_access',
    'access arguments' => array(1),
917
    'parent' => '',
918
919
  );

920
  $items['user/%user/view'] = array(
921
922
923
924
925
    'title' => t('View'),
    'type' => MENU_DEFAULT_LOCAL_TASK,
    'weight' => -10,
  );

926
  $items['user/%user/delete'] = array(
927
928
929
930
931
932
933
    'title' => t('Delete'),
    'page callback' => 'user_edit',
    'access callback' => 'user_access',
    'access arguments' => array('administer users'),
    'type' => MENU_CALLBACK,
  );

934
  $items['user/%user/edit'] = array(
935
936
937
938
939
940
941
942
    'title' => t('Edit'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_edit'),
    'access callback' => 'user_edit_access',
    'access arguments' => array(1),
    'type' => MENU_LOCAL_TASK,
  );

943
944
  $empty_account = new stdClass();
  if (($categories = _user_categories($empty_account)) && (count($categories) > 1)) {
945
    foreach ($categories as $key => $category) {
946
      $items['user/%user/edit/'. $category['name']] = array(
947
948
949
950
951
        'title' => $category['title'],
        'page arguments' => array('user_edit', 3),
        'type' => $category['name'] == 'account' ? MENU_DEFAULT_LOCAL_TASK : MENU_LOCAL_TASK,
        'weight' => $category['weight'],
      );
Dries Buytaert's avatar
   
Dries Buytaert committed
952
    }
Dries Buytaert's avatar
   
Dries Buytaert committed
953
  }
Dries Buytaert's avatar
   
Dries Buytaert committed
954
  return $items;
Dries Buytaert's avatar
   
Dries Buytaert committed
955
956
}

957
958
959
960
function user_init() {
  drupal_add_css(drupal_get_path('module', 'user') .'/user.css', 'module');
}

961
962
963
964
965
966
967
968
function user_current_load($arg) {
  return user_load($arg);
}

function user_current_to_arg() {
  return $GLOBALS['user']->uid;
}

969
970
971
972
/**
 * Accepts an user object, $account, or a DA name and returns an associative
 * array of modules and DA names. Called at external login.
 */