user.module 114 KB
Newer Older
Dries's avatar
 
Dries committed
1 2 3
<?php
// $Id$

Dries's avatar
 
Dries committed
4 5 6 7 8
/**
 * @file
 * Enables the user registration and login system.
 */

9 10 11
define('USERNAME_MAX_LENGTH', 60);
define('EMAIL_MAX_LENGTH', 64);

Dries's avatar
Dries committed
12 13 14
/**
 * Invokes hook_user() in every module.
 *
15
 * We cannot use module_invoke() for this, because the arguments need to
Dries's avatar
Dries committed
16 17
 * be passed by reference.
 */
18
function user_module_invoke($type, &$array, &$user, $category = NULL) {
Dries's avatar
 
Dries committed
19 20
  foreach (module_list() as $module) {
    $function = $module .'_user';
21 22 23
    if (function_exists($function)) {
      $function($type, $array, $user, $category);
    }
Dries's avatar
 
Dries committed
24 25 26
  }
}

27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
/**
 * Implementation of hook_theme()
 */
function user_theme() {
  return array(
    'user_picture' => array(
      'arguments' => array('account' => NULL),
    ),
    'user_profile' => array(
      'arguments' => array('account' => NULL, 'fields' => NULL),
    ),
    'user_list' => array(
      'arguments' => array('users' => NULL, 'title' => NULL),
    ),
    'user_admin_perm' => array(
      'arguments' => array('form' => NULL),
    ),
    'user_admin_new_role' => array(
      'arguments' => array('form' => NULL),
    ),
    'user_admin_account' => array(
      'arguments' => array('form' => NULL),
    ),
    'user_filter_form' => array(
      'arguments' => array('form' => NULL),
    ),
    'user_filters' => array(
      'arguments' => array('form' => NULL),
    ),
56 57 58
    'user_signature' => array(
      'arguments' => array('signature' => NULL),
    ),
59 60 61
  );
}

Dries's avatar
 
Dries committed
62
function user_external_load($authname) {
Dries's avatar
 
Dries committed
63
  $result = db_query("SELECT uid FROM {authmap} WHERE authname = '%s'", $authname);
Dries's avatar
 
Dries committed
64

65
  if ($user = db_fetch_array($result)) {
Dries's avatar
 
Dries committed
66
    return user_load($user);
Dries's avatar
 
Dries committed
67 68 69 70 71 72
  }
  else {
    return 0;
  }
}

Dries's avatar
Dries committed
73 74 75 76 77
/**
 * Fetch a user object.
 *
 * @param $array
 *   An associative array of attributes to search for in selecting the
78
 *   user, such as user name or e-mail address.
Dries's avatar
Dries committed
79 80
 *
 * @return
81
 *   A fully-loaded $user object upon successful user load or FALSE if user cannot be loaded.
Dries's avatar
Dries committed
82
 */
Dries's avatar
 
Dries committed
83
function user_load($array = array()) {
Dries's avatar
Dries committed
84
  // Dynamically compose a SQL query:
85
  $query = array();
86
  $params = array();
87

88 89 90 91
  if (is_numeric($array)) {
    $array = array('uid' => $array);
  }

Dries's avatar
 
Dries committed
92
  foreach ($array as $key => $value) {
93 94
    if ($key == 'uid' || $key == 'status') {
      $query[] = "$key = %d";
95
      $params[] = $value;
96
    }
97 98 99 100
    else if ($key == 'pass') {
      $query[] = "pass = '%s'";
      $params[] = md5($value);
    }
Dries's avatar
 
Dries committed
101
    else {
102
      $query[]= "LOWER($key) = LOWER('%s')";
103
      $params[] = $value;
Dries's avatar
 
Dries committed
104 105
    }
  }
106
  $result = db_query('SELECT * FROM {users} u WHERE '. implode(' AND ', $query), $params);
Dries's avatar
 
Dries committed
107

108 109 110
  if (db_num_rows($result)) {
    $user = db_fetch_object($result);
    $user = drupal_unpack($user);
Dries's avatar
 
Dries committed
111

112
    $user->roles = array();
113 114 115 116 117 118
    if ($user->uid) {
      $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
    }
    else {
      $user->roles[DRUPAL_ANONYMOUS_RID] = 'anonymous user';
    }
119 120 121 122
    $result = db_query('SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
    while ($role = db_fetch_object($result)) {
      $user->roles[$role->rid] = $role->name;
    }
123
    user_module_invoke('load', $array, $user);
124 125
  }
  else {
126
    $user = FALSE;
Dries's avatar
 
Dries committed
127
  }
Dries's avatar
 
Dries committed
128 129 130 131

  return $user;
}

132
/**
133
 * Save changes to a user account or add a new user.
134 135
 *
 * @param $account
136 137
 *   The $user object for the user to modify or add. If $user->uid is
 *   omitted, a new user will be added.
138 139 140
 *
 * @param $array
 *   An array of fields and values to save. For example array('name' => 'My name');
141
 *   Setting a field to NULL deletes it from the data column.
142 143 144 145
 *
 * @param $category
 *   (optional) The category for storing profile information in.
 */
146
function user_save($account, $array = array(), $category = 'account') {
Dries's avatar
Dries committed
147
  // Dynamically compose a SQL query:
Kjartan's avatar
Kjartan committed
148
  $user_fields = user_fields();
149
  if (is_object($account) && $account->uid) {
150
    user_module_invoke('update', $array, $account, $category);
151
    $query = '';
Dries's avatar
Dries committed
152
    $data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid)));
Dries's avatar
 
Dries committed
153
    foreach ($array as $key => $value) {
154
      if ($key == 'pass' && !empty($value)) {
Dries's avatar
 
Dries committed
155 156
        $query .= "$key = '%s', ";
        $v[] = md5($value);
Dries's avatar
 
Dries committed
157
      }
158
      else if ((substr($key, 0, 4) !== 'auth') && ($key != 'pass')) {
Kjartan's avatar
Kjartan committed
159
        if (in_array($key, $user_fields)) {
160
          // Save standard fields
Dries's avatar
 
Dries committed
161 162
          $query .= "$key = '%s', ";
          $v[] = $value;
Dries's avatar
 
Dries committed
163
        }
Dries's avatar
 
Dries committed
164
        else if ($key != 'roles') {
165
          // Roles is a special case: it used below.
166
          if ($value === NULL) {
167 168 169 170 171
            unset($data[$key]);
          }
          else {
            $data[$key] = $value;
          }
Dries's avatar
 
Dries committed
172
        }
Dries's avatar
 
Dries committed
173 174
      }
    }
175
    $query .= "data = '%s' ";
Dries's avatar
 
Dries committed
176
    $v[] = serialize($data);
Dries's avatar
 
Dries committed
177

178
    db_query("UPDATE {users} SET $query WHERE uid = %d", array_merge($v, array($account->uid)));
Dries's avatar
 
Dries committed
179

180
    // Reload user roles if provided
181
    if (isset($array['roles']) && is_array($array['roles'])) {
Dries's avatar
Dries committed
182
      db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
Dries's avatar
 
Dries committed
183

184
      foreach (array_keys($array['roles']) as $rid) {
185 186 187
        if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
          db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $account->uid, $rid);
        }
188
      }
Dries's avatar
 
Dries committed
189 190
    }

191
    // Delete a blocked user's sessions to kick them if they are online.
192
    if (isset($array['status']) && $array['status'] == 0) {
193
      sess_destroy_uid($account->uid);
194 195
    }

196
    // Refresh user object
Dries's avatar
 
Dries committed
197
    $user = user_load(array('uid' => $account->uid));
198
    user_module_invoke('after_update', $array, $user, $category);
Dries's avatar
 
Dries committed
199 200
  }
  else {
Dries's avatar
Dries committed
201
    $array['uid'] = db_next_id('{users}_uid');
Dries's avatar
 
Dries committed
202

203 204 205 206
    if (!isset($array['created'])) {    // Allow 'created' to be set by hook_auth
      $array['created'] = time();
    }

207 208 209
    // Note, we wait with saving the data column to prevent module-handled
    // fields from being saved there. We cannot invoke hook_user('insert') here
    // because we don't have a fully initialized user object yet.
Dries's avatar
 
Dries committed
210
    foreach ($array as $key => $value) {
211
      switch ($key) {
212 213 214
        case 'pass':
          $fields[] = $key;
          $values[] = md5($value);
Dries's avatar
 
Dries committed
215
          $s[] = "'%s'";
Dries's avatar
Dries committed
216
          break;
217 218 219 220 221 222 223 224 225 226 227 228 229 230
        case 'uid':        case 'mode':     case 'sort':
        case 'threshold':  case 'created':  case 'access':
        case 'login':      case 'status':
          $fields[] = $key;
          $values[] = $value;
          $s[] = "%d";
          break;
        default:
          if (substr($key, 0, 4) !== 'auth' && in_array($key, $user_fields)) {
            $fields[] = $key;
            $values[] = $value;
            $s[] = "'%s'";
          }
          break;
Dries's avatar
 
Dries committed
231 232
      }
    }
Dries's avatar
Dries committed
233
    db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
Dries's avatar
 
Dries committed
234

235 236
    // Build the initial user object.
    $user = user_load(array('uid' => $array['uid']));
Dries's avatar
 
Dries committed
237

238 239 240 241 242
    user_module_invoke('insert', $array, $user, $category);

    // Build and save the serialized data field now
    $data = array();
    foreach ($array as $key => $value) {
243
      if ((substr($key, 0, 4) !== 'auth') && ($key != 'roles') && (!in_array($key, $user_fields)) && ($value !== NULL)) {
244 245 246 247 248
        $data[$key] = $value;
      }
    }
    db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid);

249
    // Save user roles (delete just to be safe).
250 251 252 253 254 255
    if (is_array($array['roles'])) {
      db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
      foreach (array_keys($array['roles']) as $rid) {
        if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
          db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
        }
256 257 258
      }
    }

259 260
    // Build the finished user object.
    $user = user_load(array('uid' => $array['uid']));
Dries's avatar
 
Dries committed
261 262
  }

263
  // Save distributed authentication mappings
264
  $authmaps = array();
Dries's avatar
 
Dries committed
265
  foreach ($array as $key => $value) {
Dries's avatar
 
Dries committed
266
    if (substr($key, 0, 4) == 'auth') {
Dries's avatar
 
Dries committed
267 268 269
      $authmaps[$key] = $value;
    }
  }
270
  if (sizeof($authmaps) > 0) {
Dries's avatar
 
Dries committed
271
    user_set_authmaps($user, $authmaps);
Dries's avatar
 
Dries committed
272 273 274 275 276
  }

  return $user;
}

Dries's avatar
Dries committed
277 278 279
/**
 * Verify the syntax of the given name.
 */
Dries's avatar
 
Dries committed
280
function user_validate_name($name) {
281
  if (!strlen($name)) return t('You must enter a username.');
Dries's avatar
Dries committed
282 283
  if (substr($name, 0, 1) == ' ') return t('The username cannot begin with a space.');
  if (substr($name, -1) == ' ') return t('The username cannot end with a space.');
284
  if (strpos($name, '  ') !== FALSE) return t('The username cannot contain multiple spaces in a row.');
285
  if (ereg("[^\x80-\xF7 [:alnum:]@_.-]", $name)) return t('The username contains an illegal character.');
286 287 288 289 290 291 292
  if (preg_match('/[\x{80}-\x{A0}'.          // Non-printable ISO-8859-1 + NBSP
                   '\x{AD}'.                 // Soft-hyphen
                   '\x{2000}-\x{200F}'.      // Various space characters
                   '\x{2028}-\x{202F}'.      // Bidirectional text overrides
                   '\x{205F}-\x{206F}'.      // Various text hinting characters
                   '\x{FEFF}'.               // Byte order mark
                   '\x{FF01}-\x{FF60}'.      // Full-width latin
293 294
                   '\x{FFF9}-\x{FFFD}'.      // Replacement characters
                   '\x{0}]/u',               // NULL byte
295 296 297
                   $name)) {
    return t('The username contains an illegal character.');
  }
298
  if (strpos($name, '@') !== FALSE && !eregi('@([0-9a-z](-?[0-9a-z])*.)+[a-z]{2}([zmuvtg]|fo|me)?$', $name)) return t('The username is not a valid authentication ID.');
299
  if (strlen($name) > USERNAME_MAX_LENGTH) return t('The username %name is too long: it must be %max characters or less.', array('%name' => $name, '%max' => USERNAME_MAX_LENGTH));
Dries's avatar
 
Dries committed
300 301 302
}

function user_validate_mail($mail) {
Dries's avatar
Dries committed
303
  if (!$mail) return t('You must enter an e-mail address.');
304
  if (!valid_email_address($mail)) {
305
    return t('The e-mail address %mail is not valid.', array('%mail' => $mail));
Dries's avatar
 
Dries committed
306 307 308
  }
}

Dries's avatar
 
Dries committed
309
function user_validate_picture($file, &$edit, $user) {
310
  global $form_values;
Dries's avatar
Dries committed
311
  // Initialize the picture:
312
  $form_values['picture'] = $user->picture;
Dries's avatar
 
Dries committed
313

Dries's avatar
Dries committed
314 315
  // Check that uploaded file is an image, with a maximum file size
  // and maximum height/width.
316
  $info = image_get_info($file->filepath);
Dries's avatar
Dries committed
317
  list($maxwidth, $maxheight) = explode('x', variable_get('user_picture_dimensions', '85x85'));
Dries's avatar
 
Dries committed
318

319
  if (!$info || !$info['extension']) {
320
    form_set_error('picture_upload', t('The uploaded file was not an image.'));
Dries's avatar
 
Dries committed
321
  }
322 323
  else if (image_get_toolkit()) {
    image_scale($file->filepath, $file->filepath, $maxwidth, $maxheight);
Dries's avatar
 
Dries committed
324
  }
325
  else if (filesize($file->filepath) > (variable_get('user_picture_file_size', '30') * 1000)) {
326
    form_set_error('picture_upload', t('The uploaded image is too large; the maximum file size is %size kB.', array('%size' => variable_get('user_picture_file_size', '30'))));
327
  }
328
  else if ($info['width'] > $maxwidth || $info['height'] > $maxheight) {
329
    form_set_error('picture_upload', t('The uploaded image is too large; the maximum dimensions are %dimensions pixels.', array('%dimensions' => variable_get('user_picture_dimensions', '85x85'))));
Dries's avatar
 
Dries committed
330
  }
331 332

  if (!form_get_errors()) {
333
    if ($file = file_save_upload('picture_upload', variable_get('user_picture_path', 'pictures') .'/picture-'. $user->uid .'.'. $info['extension'], 1)) {
334
      $form_values['picture'] = $file->filepath;
335 336
    }
    else {
337
      form_set_error('picture_upload', t("Failed to upload the picture image; the %directory directory doesn't exist or is not writable.", array('%directory' => variable_get('user_picture_path', 'pictures'))));
338
    }
Dries's avatar
 
Dries committed
339 340 341
  }
}

Dries's avatar
Dries committed
342 343 344
/**
 * Generate a random alphanumeric password.
 */
Dries's avatar
 
Dries committed
345 346
function user_password($length = 10) {
  // This variable contains the list of allowable characters for the
347 348
  // password. Note that the number 0 and the letter 'O' have been
  // removed to avoid confusion between the two. The same is true
349 350
  // of 'I', 1, and l.
  $allowable_characters = 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789';
Dries's avatar
Dries committed
351

352 353
  // Zero-based count of characters in the allowable list:
  $len = strlen($allowable_characters) - 1;
Dries's avatar
 
Dries committed
354

Dries's avatar
Dries committed
355 356
  // Declare the password as a blank string.
  $pass = '';
Dries's avatar
 
Dries committed
357

Dries's avatar
Dries committed
358
  // Loop the number of times specified by $length.
Dries's avatar
 
Dries committed
359 360 361 362
  for ($i = 0; $i < $length; $i++) {

    // Each iteration, pick a random character from the
    // allowable string and append it to the password:
363
    $pass .= $allowable_characters[mt_rand(0, $len)];
Dries's avatar
 
Dries committed
364 365 366
  }

  return $pass;
Dries's avatar
 
Dries committed
367 368
}

Dries's avatar
Dries committed
369 370 371 372 373
/**
 * Determine whether the user has a given privilege.
 *
 * @param $string
 *   The permission, such as "administer nodes", being checked for.
Dries's avatar
 
Dries committed
374 375
 * @param $account
 *   (optional) The account to check, if not given use currently logged in user.
Dries's avatar
Dries committed
376 377
 *
 * @return
378
 *   boolean TRUE if the current user has the requested permission.
Dries's avatar
Dries committed
379 380 381 382 383
 *
 * All permission checks in Drupal should go through this function. This
 * way, we guarantee consistent behavior, and ensure that the superuser
 * can perform all actions.
 */
Dries's avatar
 
Dries committed
384
function user_access($string, $account = NULL) {
Dries's avatar
 
Dries committed
385
  global $user;
Dries's avatar
 
Dries committed
386
  static $perm = array();
Dries's avatar
 
Dries committed
387

388 389 390 391
  if (is_null($account)) {
    $account = $user;
  }

392
  // User #1 has all privileges:
393
  if ($account->uid == 1) {
394
    return TRUE;
Dries's avatar
 
Dries committed
395 396
  }

Dries's avatar
Dries committed
397 398
  // To reduce the number of SQL queries, we cache the user's permissions
  // in a static variable.
399
  if (!isset($perm[$account->uid])) {
400
    $result = db_query("SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (%s)", implode(',', array_keys($account->roles)));
Dries's avatar
 
Dries committed
401

Steven Wittens's avatar
Steven Wittens committed
402
    $perm[$account->uid] = '';
Dries's avatar
 
Dries committed
403
    while ($row = db_fetch_object($result)) {
404
      $perm[$account->uid] .= "$row->perm, ";
Dries's avatar
 
Dries committed
405
    }
Dries's avatar
 
Dries committed
406
  }
407

408
  if (isset($perm[$account->uid])) {
409
    return strpos($perm[$account->uid], "$string, ") !== FALSE;
410
  }
411

412
  return FALSE;
Dries's avatar
 
Dries committed
413 414
}

415 416 417
/**
 * Checks for usernames blocked by user administration
 *
418
 * @return boolean TRUE for blocked users, FALSE for active
419 420
 */
function user_is_blocked($name) {
421
  $deny  = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name));
422

423
  return $deny;
424 425
}

Dries's avatar
 
Dries committed
426 427
function user_fields() {
  static $fields;
Dries's avatar
 
Dries committed
428

Dries's avatar
 
Dries committed
429
  if (!$fields) {
Dries's avatar
Dries committed
430
    $result = db_query('SELECT * FROM {users} WHERE uid = 1');
Kjartan's avatar
Kjartan committed
431 432 433
    if (db_num_rows($result)) {
      $fields = array_keys(db_fetch_array($result));
    }
Dries's avatar
 
Dries committed
434 435
    else {
      // Make sure we return the default fields at least
436
      $fields = array('uid', 'name', 'pass', 'mail', 'picture', 'mode', 'sort', 'threshold', 'theme', 'signature', 'created', 'access', 'login', 'status', 'timezone', 'language', 'init', 'data');
Dries's avatar
 
Dries committed
437
    }
Dries's avatar
 
Dries committed
438
  }
Dries's avatar
 
Dries committed
439

Dries's avatar
 
Dries committed
440
  return $fields;
Dries's avatar
 
Dries committed
441 442
}

Dries's avatar
Dries committed
443 444 445
/**
 * Implementation of hook_perm().
 */
Dries's avatar
 
Dries committed
446
function user_perm() {
447
  return array('administer access control', 'administer users', 'access user profiles', 'change own username');
Dries's avatar
 
Dries committed
448 449
}

Dries's avatar
Dries committed
450 451 452 453 454
/**
 * Implementation of hook_file_download().
 *
 * Ensure that user pictures (avatars) are always downloadable.
 */
Dries's avatar
 
Dries committed
455
function user_file_download($file) {
Steven Wittens's avatar
Steven Wittens committed
456
  if (strpos($file, variable_get('user_picture_path', 'pictures') .'/picture-') === 0) {
457 458
    $info = image_get_info(file_create_path($file));
    return array('Content-type: '. $info['mime_type']);
Dries's avatar
 
Dries committed
459 460 461
  }
}

Dries's avatar
Dries committed
462 463 464
/**
 * Implementation of hook_search().
 */
465
function user_search($op = 'search', $keys = NULL, $skip_access_check = FALSE) {
466 467
  switch ($op) {
    case 'name':
468
      if ($skip_access_check || user_access('access user profiles')) {
469
        return t('Users');
470
      }
471
    case 'search':
472 473 474 475
      if (user_access('access user profiles')) {
        $find = array();
        // Replace wildcards with MySQL/PostgreSQL wildcards.
        $keys = preg_replace('!\*+!', '%', $keys);
476
        $result = pager_query("SELECT uid, name FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
477
        while ($account = db_fetch_object($result)) {
478
          $find[] = array('title' => $account->name, 'link' => url('user/'. $account->uid, array('absolute' => TRUE)));
479 480
        }
        return $find;
481
      }
Dries's avatar
 
Dries committed
482 483 484
  }
}

Dries's avatar
Dries committed
485 486 487
/**
 * Implementation of hook_user().
 */
488
function user_user($type, &$edit, &$user, $category = NULL) {
Dries's avatar
Dries committed
489
  if ($type == 'view') {
490
    $items['history'] = array('title' => t('Member for'),
491 492 493 494 495
      'value' => format_interval(time() - $user->created),
      'class' => 'member',
    );

    return array(t('History') => $items);
Dries's avatar
Dries committed
496
  }
497 498 499 500 501
  if ($type == 'form' && $category == 'account') {
    return user_edit_form(arg(1), $edit);
  }

  if ($type == 'validate' && $category == 'account') {
502
    return _user_edit_validate(arg(1), $edit);
503 504
  }

505 506 507 508
  if ($type == 'submit' && $category == 'account') {
    return _user_edit_submit(arg(1), $edit);
  }

509
  if ($type == 'categories') {
510
    return array(array('name' => 'account', 'title' => t('Account settings'), 'weight' => 1));
511
  }
Dries's avatar
Dries committed
512 513
}

514 515
function user_login_block() {
  $form = array(
516
    '#action' => url($_GET['q'], array('query' => drupal_get_destination())),
517
    '#id' => 'user-login-form',
Steven Wittens's avatar
Steven Wittens committed
518 519
    '#validate' => array('user_login_validate' => array()),
    '#submit' => array('user_login_submit' => array()),
520 521 522
  );
  $form['name'] = array('#type' => 'textfield',
    '#title' => t('Username'),
523
    '#maxlength' => USERNAME_MAX_LENGTH,
524 525 526 527 528
    '#size' => 15,
    '#required' => TRUE,
  );
  $form['pass'] = array('#type' => 'password',
    '#title' => t('Password'),
529
    '#maxlength' => 60,
530 531 532 533 534 535 536 537 538 539 540 541 542 543 544
    '#size' => 15,
    '#required' => TRUE,
  );
  $form['submit'] = array('#type' => 'submit',
    '#value' => t('Log in'),
  );
  $items = array();
  if (variable_get('user_register', 1)) {
    $items[] = l(t('Create new account'), 'user/register', array('title' => t('Create a new user account.')));
  }
  $items[] = l(t('Request new password'), 'user/password', array('title' => t('Request new password via e-mail.')));
  $form['links'] = array('#value' => theme('item_list', $items));
  return $form;
}

Dries's avatar
Dries committed
545 546 547
/**
 * Implementation of hook_block().
 */
548
function user_block($op = 'list', $delta = 0, $edit = array()) {
Dries's avatar
 
Dries committed
549 550
  global $user;

Dries's avatar
Dries committed
551 552 553 554 555
  if ($op == 'list') {
     $blocks[0]['info'] = t('User login');
     $blocks[1]['info'] = t('Navigation');
     $blocks[2]['info'] = t('Who\'s new');
     $blocks[3]['info'] = t('Who\'s online');
556

557
     return $blocks;
558
  }
559 560 561 562 563 564 565 566 567
  else if ($op == 'configure' && $delta == 2) {
    $form['user_block_whois_new_count'] = array(
      '#type' => 'select',
      '#title' => t('Number of users to display'),
      '#default_value' => variable_get('user_block_whois_new_count', 5),
      '#options' => drupal_map_assoc(array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10)),
    );
    return $form;
  }
568 569
  else if ($op == 'configure' && $delta == 3) {
    $period = drupal_map_assoc(array(30, 60, 120, 180, 300, 600, 900, 1800, 2700, 3600, 5400, 7200, 10800, 21600, 43200, 86400), 'format_interval');
570 571
    $form['user_block_seconds_online'] = array('#type' => 'select', '#title' => t('User activity'), '#default_value' => variable_get('user_block_seconds_online', 900), '#options' => $period, '#description' => t('A user is considered online for this long after they have last viewed a page.'));
    $form['user_block_max_list_count'] = array('#type' => 'select', '#title' => t('User list length'), '#default_value' => variable_get('user_block_max_list_count', 10), '#options' => drupal_map_assoc(array(0, 5, 10, 15, 20, 25, 30, 40, 50, 75, 100)), '#description' => t('Maximum number of currently online users to display.'));
572

573
    return $form;
574
  }
575 576 577
  else if ($op == 'save' && $delta == 2) {
    variable_set('user_block_whois_new_count', $edit['user_block_whois_new_count']);
  }
578 579 580 581 582
  else if ($op == 'save' && $delta == 3) {
    variable_set('user_block_seconds_online', $edit['user_block_seconds_online']);
    variable_set('user_block_max_list_count', $edit['user_block_max_list_count']);
  }
  else if ($op == 'view') {
Dries's avatar
 
Dries committed
583 584
    $block = array();

Dries's avatar
 
Dries committed
585 586
    switch ($delta) {
      case 0:
Dries's avatar
Dries committed
587 588
        // For usability's sake, avoid showing two login forms on one page.
        if (!$user->uid && !(arg(0) == 'user' && !is_numeric(arg(1)))) {
Dries's avatar
 
Dries committed
589

Dries's avatar
Dries committed
590
          $block['subject'] = t('User login');
591
          $block['content'] = drupal_get_form('user_login_block');
Dries's avatar
 
Dries committed
592
        }
Dries's avatar
Dries committed
593
        return $block;
Dries's avatar
Dries committed
594

595
      case 1:
596
        if ($menu = menu_tree()) {
Dries's avatar
Dries committed
597
           $block['subject'] = $user->uid ? check_plain($user->name) : t('Navigation');
598
           $block['content'] = $menu;
Dries's avatar
 
Dries committed
599
        }
600
        return $block;
Dries's avatar
Dries committed
601

Dries's avatar
 
Dries committed
602
      case 2:
603
        if (user_access('access content')) {
Steven Wittens's avatar
Steven Wittens committed
604
          // Retrieve a list of new users who have subsequently accessed the site successfully.
605
          $result = db_query_range('SELECT uid, name FROM {users} WHERE status != 0 AND access != 0 ORDER BY created DESC', 0, variable_get('user_block_whois_new_count', 5));
606
          while ($account = db_fetch_object($result)) {
607
            $items[] = $account;
608
          }
Dries's avatar
Dries committed
609
          $output = theme('user_list', $items);
Dries's avatar
 
Dries committed
610

Dries's avatar
Dries committed
611 612
          $block['subject'] = t('Who\'s new');
          $block['content'] = $output;
613
        }
Dries's avatar
Dries committed
614 615
        return $block;

Dries's avatar
 
Dries committed
616
      case 3:
617
        if (user_access('access content')) {
Dries's avatar
Dries committed
618
          // Count users with activity in the past defined period.
619
          $interval = time() - variable_get('user_block_seconds_online', 900);
620

621 622 623
          // Perform database queries to gather online user lists.  We use s.timestamp
          // rather than u.access because it is much faster is much faster..
          $anonymous_count = sess_count($interval);
624
          $authenticated_users = db_query('SELECT DISTINCT u.uid, u.name FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.timestamp >= %d AND s.uid > 0 ORDER BY s.timestamp DESC', $interval);
625
          $authenticated_count = db_num_rows($authenticated_users);
Dries's avatar
 
Dries committed
626

Dries's avatar
Dries committed
627
          // Format the output with proper grammar.
628 629
          if ($anonymous_count == 1 && $authenticated_count == 1) {
            $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
Dries's avatar
 
Dries committed
630 631
          }
          else {
632
            $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
Dries's avatar
 
Dries committed
633 634
          }

635 636
          // Display a list of currently online users.
          $max_users = variable_get('user_block_max_list_count', 10);
637
          if ($authenticated_count && $max_users) {
638
            $items = array();
639

640
            while ($max_users-- && $account = db_fetch_object($authenticated_users)) {
641 642
              $items[] = $account;
            }
643

644 645
            $output .= theme('user_list', $items, t('Online users'));
          }
646

Dries's avatar
Dries committed
647 648
          $block['subject'] = t('Who\'s online');
          $block['content'] = $output;
Dries's avatar
 
Dries committed
649
        }
Dries's avatar
 
Dries committed
650
        return $block;
Dries's avatar
 
Dries committed
651 652
    }
  }
653 654
}

Dries's avatar
 
Dries committed
655 656 657 658 659 660 661 662 663
function theme_user_picture($account) {
  if (variable_get('user_pictures', 0)) {
    if ($account->picture && file_exists($account->picture)) {
      $picture = file_create_url($account->picture);
    }
    else if (variable_get('user_picture_default', '')) {
      $picture = variable_get('user_picture_default', '');
    }

664
    if (isset($picture)) {
665
      $alt = t("@user's picture", array('@user' => $account->name ? $account->name : variable_get('anonymous', t('Anonymous'))));
666
      $picture = theme('image', $picture, $alt, $alt, '', FALSE);
667
      if (!empty($account->uid) && user_access('access user profiles')) {
668
        $picture = l($picture, "user/$account->uid", array('attributes' => array('title' => t('View user profile.')), 'html' => TRUE));
Dries's avatar
 
Dries committed
669 670 671 672 673 674 675
      }

      return "<div class=\"picture\">$picture</div>";
    }
  }
}

676 677 678
/**
 * Theme a user page
 * @param $account the user object
679 680 681 682 683
 * @param $fields a multidimensional array for the fields, in the form of array (
 *   'category1' => array(item_array1, item_array2), 'category2' => array(item_array3,
 *    .. etc.). Item arrays are formatted as array(array('title' => 'item title',
 * 'value' => 'item value', 'class' => 'class-name'), ... etc.). Module names are incorporated
 * into the CSS class.
684 685 686
 *
 * @ingroup themeable
 */
Dries's avatar
Dries committed
687
function theme_user_profile($account, $fields) {
688
  $output = '<div class="profile">';
Dries's avatar
 
Dries committed
689
  $output .= theme('user_picture', $account);
690
  foreach ($fields as $category => $items) {
691
    if (strlen($category) > 0) {
692
      $output .= '<h2 class="title">'. $category .'</h2>';
693
    }
694 695
    $output .= '<dl>';
    foreach ($items as $item) {
696
      if (isset($item['title'])) {
697
        $output .= '<dt class="'. $item['class'] .'">'. $item['title'] .'</dt>';
698 699
      }
      $output .= '<dd class="'. $item['class'] .'">'. $item['value'] .'</dd>';
700 701
    }
    $output .= '</dl>';
Dries's avatar
Dries committed
702
  }
703
  $output .= '</div>';
Dries's avatar
 
Dries committed
704 705 706 707

  return $output;
}

708 709 710 711 712 713 714
/**
 * Make a list of users.
 * @param $items an array with user objects. Should contain at least the name and uid
 *
 * @ingroup themeable
 */
function theme_user_list($users, $title = NULL) {
715 716 717 718
  if (!empty($users)) {
    foreach ($users as $user) {
      $items[] = theme('username', $user);
    }
719
  }
Dries's avatar
Dries committed
720
  return theme('item_list', $items, $title);
Dries's avatar
 
Dries committed
721 722
}

723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746
function user_is_anonymous() {
  return !$GLOBALS['user']->uid;
}

function user_is_logged_in() {
  return (bool)$GLOBALS['user']->uid;
}

function user_register_access() {
  return !$GLOBALS['user']->uid && variable_get('user_register', 1);
}

function user_view_access($account) {
  return $account && $account->uid &&
    (
      // Always let users view their own profile.
      ($GLOBALS['user']->uid == $account->uid) ||
      // Administrators can view all accounts.
      user_access('administer users') ||
      // The user is not blocked and logged in at least once.
      ($account->access && $account->status && user_access('access user profiles'))
    );
}

747 748
function user_edit_access($account) {
  return ($GLOBALS['user']->uid == $account->uid) || array('administer users');
749 750 751 752 753 754 755
}

function user_load_self($arg) {
  $arg[1] = user_load($GLOBALS['user']->uid);
  return $arg;
}

Dries's avatar
 
Dries committed
756
/**
Dries's avatar
 
Dries committed
757
 * Implementation of hook_menu().
Dries's avatar
 
Dries committed
758
 */
759 760 761 762
function user_menu() {
  $items['user/autocomplete'] = array(
    'title' => t('User autocomplete'),
    'page callback' => 'user_autocomplete',
763
    'access callback' => 'user_access',
764 765 766
    'access arguments' => array('access user profiles'),
    'type' => MENU_CALLBACK,
  );
Dries's avatar
 
Dries committed
767

768
  // Registration and login pages.
769
  $items['user'] = array(
770 771 772 773
    'title' => t('Log in'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_login'),
    'access callback' => 'user_is_anonymous',
774
    'type' => MENU_CALLBACK,
775 776 777 778
  );

  $items['user/login'] = array(
    'title' => t('Log in'),
779 780
    'type' => MENU_DEFAULT_LOCAL_TASK,
  );
Dries's avatar
 
Dries committed
781

782 783 784 785 786 787 788 789 790 791 792 793
  $items['user/register'] = array(
    'title' => t('Create new account'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_register'),
    'access callback' => 'user_register_access',
    'type' => MENU_LOCAL_TASK,
  );

  $items['user/password'] = array(
    'title' => t('Request new password'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_pass'),
794
    'access callback' => 'user_is_anonymous',
795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892
    'type' => MENU_LOCAL_TASK,
  );
  $items['user/reset/%/%/%'] = array(
    'title' => t('Reset password'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_pass_reset', 2, 3, 4),
    'access callback' => TRUE,
    'type' => MENU_CALLBACK,
  );
  $items['user/help'] = array(
    'title' => t('Help'),
    'page callback' => 'user_help_page',
    'type' => MENU_CALLBACK,
  );

  // Admin user pages
  $items['admin/user'] = array(
    'title' => t('User management'),
    'description' => t('Manage your site\'s users, groups and access to site features.'),
    'position' => 'left',
    'page callback' => 'system_admin_menu_block_page',
    'access arguments' => array('administer site configuration'),
  );
  $items['admin/user/user'] = array(
    'title' => t('Users'),
    'description' => t('List, add, and edit users.'),
    'page callback' => 'user_admin',
    'page arguments' => array('list'),
    'access arguments' => array('administer users'));
  $items['admin/user/user/list'] = array(
    'title' => t('List'),
    'type' => MENU_DEFAULT_LOCAL_TASK,
    'weight' => -10,
  );
  $items['admin/user/user/create'] = array(
    'title' => t('Add user'),
    'page arguments' => array('create'),
    'type' => MENU_LOCAL_TASK,
  );
  $items['admin/user/settings'] = array(
    'title' => t('User settings'),
    'description' => t('Configure default behavior of users, including registration requirements, e-mails, and user pictures.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_settings'),
  );

  // Admin access pages
  $items['admin/user/access'] = array(
    'title' => t('Access control'),
    'description' => t('Determine access to features by selecting permissions for roles.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_perm'),
    'access arguments' => array('administer access control'),
  );
  $items['admin/user/roles'] = array(
    'title' => t('Roles'),
    'description' => t('List, edit, or add user roles.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_new_role'),
    'access arguments' => array('administer access control'),
  );
  $items['admin/user/roles/edit'] = array(
    'title' => t('Edit role'),
    'page arguments' => array('user_admin_role'),
    'type' => MENU_CALLBACK,
  );
  $items['admin/user/rules'] = array(
    'title' => t('Access rules'),
    'description' => t('List and create rules to disallow usernames, e-mail addresses, and IP addresses.'),
    'page callback' => 'user_admin_access',
    'access arguments' => array('administer access control'),
  );
  $items['admin/user/rules/list'] = array(
    'title' => t('List'),
    'type' => MENU_DEFAULT_LOCAL_TASK,
    'weight' => -10,
  );
  $items['admin/user/rules/add'] = array(
    'title' => t('Add rule'),
    'page callback' => 'user_admin_access_add',
    'type' => MENU_LOCAL_TASK,
  );
  $items['admin/user/rules/check'] = array(
    'title' => t('Check rules'),
    'page callback' => 'user_admin_access_check',
    'type' => MENU_LOCAL_TASK,
  );
  $items['admin/user/rules/edit'] = array(
    'title' => t('Edit rule'),
    'page callback' => 'user_admin_access_edit',
    'type' => MENU_CALLBACK,
  );
  $items['admin/user/rules/delete'] = array(
    'title' => t('Delete rule'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_access_delete_confirm'),
    'type' => MENU_CALLBACK,
  );
Dries's avatar
 
Dries committed
893

894 895 896 897 898 899 900 901
  if (module_exists('search')) {
    $items['admin/user/search'] = array(
      'title' => t('Search users'),
      'description' => t('Search users by name.'),
      'page callback' => 'user_admin',
      'page arguments' => array('search'),
      'access arguments' => array('administer users'),
    );
Dries's avatar
 
Dries committed
902
  }
903 904 905 906 907 908 909 910

  $items['logout'] = array(
    'title' => t('Log out'),
    'access callback' => 'user_is_logged_in',
    'page callback' => 'user_logout',
    'weight' => 10,
  );

911
  $items['user/%user_current'] = array(
912 913 914 915 916
    'title' => t('My account'),
    'page callback' => 'user_view',
    'page arguments' => array(1),
    'access callback' => 'user_view_access',
    'access arguments' => array(1),
917
    'parent' => '',
918 919
  );

920
  $items['user/%user/view'] = array(
921 922 923 924 925
    'title' => t('View'),
    'type' => MENU_DEFAULT_LOCAL_TASK,
    'weight' => -10,
  );

926
  $items['user/%user/delete'] = array(
927 928 929 930 931 932 933
    'title' => t('Delete'),
    'page callback' => 'user_edit',
    'access callback' => 'user_access',
    'access arguments' => array('administer users'),
    'type' => MENU_CALLBACK,
  );