common.inc 62.9 KB
Newer Older
Dries's avatar
 
Dries committed
1
<?php
2
// $Id$
Dries's avatar
 
Dries committed
3

Dries's avatar
 
Dries committed
4 5 6 7 8 9 10 11
/**
 * @file
 * Common functions that many Drupal modules will need to reference.
 *
 * The functions that are critical and need to be available even when serving
 * a cached page are instead located in bootstrap.inc.
 */

12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
/**
 * Return status for saving which involved creating a new item.
 */
define('SAVED_NEW', 1);

/**
 * Return status for saving which involved an update to an existing item.
 */
define('SAVED_UPDATED', 2);

/**
 * Return status for saving which deleted an existing item.
 */
define('SAVED_DELETED', 3);

27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70
/**
 * Set content for a specified region.
 *
 * @param $region
 *   Page region the content is assigned to.
 *
 * @param $data
 *   Content to be set.
 */
function drupal_set_content($region = null, $data = null) {
  static $content = array();

  if (!is_null($region) && !is_null($data)) {
    $content[$region][] = $data;
  }
  return $content;
}

/**
 * Get assigned content.
 *
 * @param $region
 *   A specified region to fetch content for.  If null, all regions will be returned.
 *
 * @param $delimiter
 *   Content to be inserted between exploded array elements.
 */
function drupal_get_content($region = null, $delimiter = ' ') {
  $content = drupal_set_content();
  if (isset($region)) {
    if (is_array($content[$region])) {
      return implode ($delimiter, $content[$region]);
    }
  }
  else {
    foreach (array_keys($content) as $region) {
      if (is_array($content[$region])) {
        $content[$region] = implode ($delimiter, $content[$region]);
      }
    }
    return $content;
  }
}

Dries's avatar
 
Dries committed
71
/**
Dries's avatar
 
Dries committed
72
 * Set the breadcrumb trail for the current page.
Dries's avatar
 
Dries committed
73
 *
Dries's avatar
 
Dries committed
74 75 76
 * @param $breadcrumb
 *   Array of links, starting with "home" and proceeding up to but not including
 *   the current page.
Kjartan's avatar
Kjartan committed
77
 */
Dries's avatar
 
Dries committed
78 79 80 81 82 83 84 85 86
function drupal_set_breadcrumb($breadcrumb = NULL) {
  static $stored_breadcrumb;

  if (isset($breadcrumb)) {
    $stored_breadcrumb = $breadcrumb;
  }
  return $stored_breadcrumb;
}

Dries's avatar
 
Dries committed
87 88 89
/**
 * Get the breadcrumb trail for the current page.
 */
Dries's avatar
 
Dries committed
90 91 92 93 94 95 96 97 98 99
function drupal_get_breadcrumb() {
  $breadcrumb = drupal_set_breadcrumb();

  if (!isset($breadcrumb)) {
    $breadcrumb = menu_get_active_breadcrumb();
  }

  return $breadcrumb;
}

Dries's avatar
Dries committed
100
/**
Dries's avatar
 
Dries committed
101
 * Add output to the head tag of the HTML page.
Dries's avatar
 
Dries committed
102
 * This function can be called as long the headers aren't sent.
Dries's avatar
Dries committed
103 104
 */
function drupal_set_html_head($data = NULL) {
Dries's avatar
 
Dries committed
105
  static $stored_head = '';
Dries's avatar
Dries committed
106 107

  if (!is_null($data)) {
Dries's avatar
 
Dries committed
108
    $stored_head .= $data ."\n";
Dries's avatar
Dries committed
109 110 111 112
  }
  return $stored_head;
}

Dries's avatar
 
Dries committed
113 114 115
/**
 * Retrieve output to be displayed in the head tag of the HTML page.
 */
Dries's avatar
Dries committed
116 117 118
function drupal_get_html_head() {
  global $base_url;

Dries's avatar
 
Dries committed
119
  $output = "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n";
Dries's avatar
Dries committed
120
  $output .= "<base href=\"$base_url/\" />\n";
Dries's avatar
 
Dries committed
121
  $output .= theme('stylesheet_import', 'misc/drupal.css');
Dries's avatar
Dries committed
122 123 124 125

  return $output . drupal_set_html_head();
}

Dries's avatar
 
Dries committed
126
/**
127
 * Reset the static variable which holds the aliases mapped for this request.
Dries's avatar
 
Dries committed
128
 */
129 130
function drupal_clear_path_cache() {
  drupal_lookup_path('wipe');
Dries's avatar
 
Dries committed
131
}
Kjartan's avatar
Kjartan committed
132

Dries's avatar
 
Dries committed
133
/**
Dries's avatar
 
Dries committed
134
 * Given a path alias, return the internal path it represents.
Dries's avatar
 
Dries committed
135 136
 */
function drupal_get_normal_path($path) {
137 138 139
  $result = $path;
  if ($src = drupal_lookup_path('source', $path)) {
    $result = $src;
Dries's avatar
 
Dries committed
140
  }
141 142
  if (function_exists('custom_url_rewrite')) {
    $result = custom_url_rewrite('source', $result, $path);
Dries's avatar
 
Dries committed
143
  }
144
  return $result;
Dries's avatar
 
Dries committed
145
}
Kjartan's avatar
Kjartan committed
146

Dries's avatar
Dries committed
147
/**
Dries's avatar
 
Dries committed
148
 * Set an HTTP response header for the current page.
Dries's avatar
Dries committed
149 150
 */
function drupal_set_header($header = NULL) {
151
  // We use an array to guarantee there are no leading or trailing delimiters.
Dries's avatar
 
Dries committed
152
  // Otherwise, header('') could get called when serving the page later, which
153 154
  // ends HTTP headers prematurely on some PHP versions.
  static $stored_headers = array();
Dries's avatar
Dries committed
155

156
  if (strlen($header)) {
Dries's avatar
Dries committed
157
    header($header);
158
    $stored_headers[] = $header;
Dries's avatar
Dries committed
159
  }
160
  return implode("\n", $stored_headers);
Dries's avatar
Dries committed
161 162
}

Dries's avatar
 
Dries committed
163 164 165
/**
 * Get the HTTP response headers for the current page.
 */
Dries's avatar
Dries committed
166 167 168 169
function drupal_get_headers() {
  return drupal_set_header();
}

Dries's avatar
 
Dries committed
170 171 172
/**
 * @name HTTP handling
 * @{
Dries's avatar
 
Dries committed
173
 * Functions to properly handle HTTP responses.
Dries's avatar
 
Dries committed
174 175
 */

176 177
/**
 * Prepare a destination query string for use in combination with
178 179 180 181 182
 * drupal_goto(). Used to direct the user back to the referring page
 * after completing a form. By default the current URL is returned.
 * If a destination exists in the previous request, that destination
 * is returned.  As such, a destination can persist across multiple
 * pages.
183 184 185 186
 *
 * @see drupal_goto()
 */
function drupal_get_destination() {
187 188 189 190 191 192 193 194 195 196
  if ($_REQUEST['destination']) {
    return 'destination='. urlencode($_REQUEST['destination']);
  }
  else {
    $destination[] = $_GET['q'];
    $params = array('page', 'sort', 'order');
    foreach ($params as $param) {
      if (isset($_GET[$param])) {
        $destination[] = "$param=". $_GET[$param];
      }
197
    }
198
    return 'destination='. urlencode(implode('&', $destination));
199 200 201
  }
}

Kjartan's avatar
Kjartan committed
202
/**
Dries's avatar
 
Dries committed
203
 * Send the user to a different Drupal page.
Kjartan's avatar
Kjartan committed
204
 *
Dries's avatar
 
Dries committed
205 206
 * This issues an on-site HTTP redirect. The function makes sure the redirected
 * URL is formatted correctly.
Kjartan's avatar
Kjartan committed
207
 *
208 209 210 211 212 213 214 215 216 217
 * Usually the redirected URL is constructed from this function's input
 * parameters.  However you may override that behavior by setting a
 * <em>destination</em> in either the $_REQUEST-array (i.e. by using
 * the query string of an URI) or the $_REQUEST['edit']-array (i.e. by
 * using a hidden form field).  This is used to direct the user back to
 * the proper page after completing a form.  For example, after editing
 * a post on the 'admin/node'-page or after having logged on using the
 * 'user login'-block in a sidebar.  The function drupal_get_destination()
 * can be used to help set the destination URL.
 *
Dries's avatar
 
Dries committed
218 219 220 221 222 223 224 225 226 227 228 229 230
 * It is advised to use drupal_goto() instead of PHP's header(), because
 * drupal_goto() will append the user's session ID to the URI when PHP is
 * compiled with "--enable-trans-sid".
 *
 * This function ends the request; use it rather than a print theme('page')
 * statement in your menu callback.
 *
 * @param $path
 *   A Drupal path.
 * @param $query
 *   The query string component, if any.
 * @param $fragment
 *   The destination fragment identifier (named anchor).
231 232
 *
 * @see drupal_get_destination()
Kjartan's avatar
Kjartan committed
233
 */
Dries's avatar
 
Dries committed
234
function drupal_goto($path = '', $query = NULL, $fragment = NULL) {
235 236 237 238 239 240 241
  if ($_REQUEST['destination']) {
    extract(parse_url($_REQUEST['destination']));
  }
  else if ($_REQUEST['edit']['destination']) {
    extract(parse_url($_REQUEST['edit']['destination']));
  }

242
  $url = url($path, $query, $fragment, TRUE);
Kjartan's avatar
Kjartan committed
243

Dries's avatar
 
Dries committed
244 245
  if (ini_get('session.use_trans_sid') && session_id() && !strstr($url, session_id())) {
    $sid = session_name() . '=' . session_id();
Dries's avatar
 
Dries committed
246

Dries's avatar
 
Dries committed
247 248
    if (strstr($url, '?') && !strstr($url, $sid)) {
      $url = $url .'&'. $sid;
Kjartan's avatar
Kjartan committed
249 250
    }
    else {
Dries's avatar
 
Dries committed
251
      $url = $url .'?'. $sid;
Kjartan's avatar
Kjartan committed
252 253 254
    }
  }

Dries's avatar
 
Dries committed
255 256 257 258
  // Before the redirect, allow modules to react to the end of the page request.
  module_invoke_all('exit', $url);

  header('Location: '. $url);
Kjartan's avatar
Kjartan committed
259

Dries's avatar
 
Dries committed
260 261 262
  // The "Location" header sends a REDIRECT status code to the http
  // daemon. In some cases this can go wrong, so we make sure none
  // of the code below the drupal_goto() call gets executed when we redirect.
Kjartan's avatar
Kjartan committed
263 264 265 266 267 268
  exit();
}

/**
 * Generates a 404 error if the request can not be handled.
 */
Dries's avatar
 
Dries committed
269
function drupal_not_found() {
Dries's avatar
 
Dries committed
270
  header('HTTP/1.0 404 Not Found');
271
  watchdog('page not found', t('%page not found.', array('%page' => theme('placeholder', $_GET['q']))), WATCHDOG_WARNING);
Dries's avatar
 
Dries committed
272 273

  $path = drupal_get_normal_path(variable_get('site_404', ''));
Dries's avatar
 
Dries committed
274
  $status = MENU_NOT_FOUND;
Dries's avatar
 
Dries committed
275 276
  if ($path) {
    menu_set_active_item($path);
277
    $return = menu_execute_active_handler();
Dries's avatar
 
Dries committed
278 279
  }

280
  if (empty($return)) {
281
    drupal_set_title(t('Page not found'));
Dries's avatar
 
Dries committed
282
  }
283
  print theme('page', $return);
Dries's avatar
 
Dries committed
284
}
Dries's avatar
 
Dries committed
285

Dries's avatar
 
Dries committed
286 287 288 289 290
/**
 * Generates a 403 error if the request is not allowed.
 */
function drupal_access_denied() {
  header('HTTP/1.0 403 Forbidden');
291
  watchdog('access denied', t('%page denied access.', array('%page' => theme('placeholder', $_GET['q']))), WATCHDOG_WARNING, l(t('view'), $_GET['q']));
Dries's avatar
 
Dries committed
292 293

  $path = drupal_get_normal_path(variable_get('site_403', ''));
Dries's avatar
 
Dries committed
294
  $status = MENU_NOT_FOUND;
Dries's avatar
 
Dries committed
295 296
  if ($path) {
    menu_set_active_item($path);
297
    $return = menu_execute_active_handler();
Dries's avatar
 
Dries committed
298 299
  }

300
  if (empty($return)) {
301
    drupal_set_title(t('Access denied'));
302
    $return = t('You are not authorized to access this page.');
Dries's avatar
 
Dries committed
303
  }
304
  print theme('page', $return);
Dries's avatar
 
Dries committed
305 306
}

Dries's avatar
 
Dries committed
307
/**
Dries's avatar
 
Dries committed
308
 * Perform an HTTP request.
Dries's avatar
 
Dries committed
309
 *
Dries's avatar
 
Dries committed
310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326
 * This is a flexible and powerful HTTP client implementation. Correctly handles
 * GET, POST, PUT or any other HTTP requests. Handles redirects.
 *
 * @param $url
 *   A string containing a fully qualified URI.
 * @param $headers
 *   An array containing an HTTP header => value pair.
 * @param $method
 *   A string defining the HTTP request to use.
 * @param $data
 *   A string containing data to include in the request.
 * @param $retry
 *   An integer representing how many times to retry the request in case of a
 *   redirect.
 * @return
 *   An object containing the HTTP request headers, response code, headers,
 *   data, and redirect status.
Dries's avatar
 
Dries committed
327 328
 */
function drupal_http_request($url, $headers = array(), $method = 'GET', $data = NULL, $retry = 3) {
Dries's avatar
 
Dries committed
329 330
  $result = new StdClass();

Dries's avatar
 
Dries committed
331
  // Parse the URL, and make sure we can handle the schema.
Dries's avatar
 
Dries committed
332 333 334 335 336 337
  $uri = parse_url($url);
  switch ($uri['scheme']) {
    case 'http':
      $fp = @fsockopen($uri['host'], ($uri['port'] ? $uri['port'] : 80), $errno, $errstr, 15);
      break;
    case 'https':
Dries's avatar
 
Dries committed
338 339
      // Note: Only works for PHP 4.3 compiled with OpenSSL.
      $fp = @fsockopen('ssl://'. $uri['host'], ($uri['port'] ? $uri['port'] : 443), $errno, $errstr, 20);
Dries's avatar
 
Dries committed
340 341
      break;
    default:
Dries's avatar
 
Dries committed
342
      $result->error = 'invalid schema '. $uri['scheme'];
Dries's avatar
 
Dries committed
343 344 345
      return $result;
  }

Dries's avatar
 
Dries committed
346
  // Make sure the socket opened properly.
Dries's avatar
 
Dries committed
347
  if (!$fp) {
Dries's avatar
 
Dries committed
348
    $result->error = trim($errno .' '. $errstr);
Dries's avatar
 
Dries committed
349 350 351
    return $result;
  }

Dries's avatar
 
Dries committed
352
  // Construct the path to act on.
Dries's avatar
 
Dries committed
353 354
  $path = $uri['path'] ? $uri['path'] : '/';
  if ($uri['query']) {
Dries's avatar
 
Dries committed
355
    $path .= '?'. $uri['query'];
Dries's avatar
 
Dries committed
356 357
  }

Dries's avatar
 
Dries committed
358
  // Create HTTP request.
Dries's avatar
 
Dries committed
359
  $defaults = array(
Dries's avatar
 
Dries committed
360
    'Host' => 'Host: '. $uri['host'],
361 362
    'User-Agent' => 'User-Agent: Drupal (+http://www.drupal.org/)',
    'Content-Length' => 'Content-Length: '. strlen($data)
Dries's avatar
 
Dries committed
363 364 365
  );

  foreach ($headers as $header => $value) {
Dries's avatar
 
Dries committed
366
    $defaults[$header] = $header .': '. $value;
Dries's avatar
 
Dries committed
367 368
  }

Dries's avatar
 
Dries committed
369
  $request = $method .' '. $path ." HTTP/1.0\r\n";
Dries's avatar
 
Dries committed
370 371 372
  $request .= implode("\r\n", $defaults);
  $request .= "\r\n\r\n";
  if ($data) {
Dries's avatar
 
Dries committed
373
    $request .= $data ."\r\n";
Dries's avatar
 
Dries committed
374 375 376 377 378 379
  }
  $result->request = $request;

  fwrite($fp, $request);

  // Fetch response.
380
  $response = '';
381
  while (!feof($fp) && $data = fread($fp, 1024)) {
382
    $response .= $data;
Dries's avatar
 
Dries committed
383 384 385 386
  }
  fclose($fp);

  // Parse response.
387 388 389 390
  list($headers, $result->data) = explode("\r\n\r\n", $response, 2);
  $headers = preg_split("/\r\n|\n|\r/", $headers);

  list($protocol, $code, $text) = explode(' ', trim(array_shift($headers)), 3);
Dries's avatar
 
Dries committed
391 392 393
  $result->headers = array();

  // Parse headers.
394
  while ($line = trim(array_shift($headers))) {
Dries's avatar
 
Dries committed
395
    list($header, $value) = explode(':', $line, 2);
396 397 398 399 400 401 402 403
    if (isset($result->headers[$header]) && $header == 'Set-Cookie') {
      // RFC 2109: the Set-Cookie response header comprises the token Set-
      // Cookie:, followed by a comma-separated list of one or more cookies.
      $result->headers[$header] .= ','. trim($value);
    }
    else {
      $result->headers[$header] = trim($value);
    }
Dries's avatar
 
Dries committed
404 405 406 407 408 409 410 411 412 413
  }

  $responses = array(
    100 => 'Continue', 101 => 'Switching Protocols',
    200 => 'OK', 201 => 'Created', 202 => 'Accepted', 203 => 'Non-Authoritative Information', 204 => 'No Content', 205 => 'Reset Content', 206 => 'Partial Content',
    300 => 'Multiple Choices', 301 => 'Moved Permanently', 302 => 'Found', 303 => 'See Other', 304 => 'Not Modified', 305 => 'Use Proxy', 307 => 'Temporary Redirect',
    400 => 'Bad Request', 401 => 'Unauthorized', 402 => 'Payment Required', 403 => 'Forbidden', 404 => 'Not Found', 405 => 'Method Not Allowed', 406 => 'Not Acceptable', 407 => 'Proxy Authentication Required', 408 => 'Request Time-out', 409 => 'Conflict', 410 => 'Gone', 411 => 'Length Required', 412 => 'Precondition Failed', 413 => 'Request Entity Too Large', 414 => 'Request-URI Too Large', 415 => 'Unsupported Media Type', 416 => 'Requested range not satisfiable', 417 => 'Expectation Failed',
    500 => 'Internal Server Error', 501 => 'Not Implemented', 502 => 'Bad Gateway', 503 => 'Service Unavailable', 504 => 'Gateway Time-out', 505 => 'HTTP Version not supported'
  );
  // RFC 2616 states that all unknown HTTP codes must be treated the same as
Dries's avatar
 
Dries committed
414
  // the base code in their class.
Dries's avatar
 
Dries committed
415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441
  if (!isset($responses[$code])) {
    $code = floor($code / 100) * 100;
  }

  switch ($code) {
    case 200: // OK
    case 304: // Not modified
      break;
    case 301: // Moved permanently
    case 302: // Moved temporarily
    case 307: // Moved temporarily
      $location = $result->headers['Location'];

      if ($retry) {
        $result = drupal_http_request($result->headers['Location'], $headers, $method, $data, --$retry);
        $result->redirect_code = $result->code;
      }
      $result->redirect_url = $location;

      break;
    default:
      $result->error = $text;
  }

  $result->code = $code;
  return $result;
}
Dries's avatar
 
Dries committed
442 443 444
/**
 * @} End of "HTTP handling".
 */
Dries's avatar
 
Dries committed
445

Dries's avatar
 
Dries committed
446
/**
Dries's avatar
 
Dries committed
447 448
 * Log errors as defined by administrator
 * Error levels:
449 450
 *  0 = Log errors to database.
 *  1 = Log errors to database and to screen.
Dries's avatar
 
Dries committed
451
 */
Dries's avatar
 
Dries committed
452
function error_handler($errno, $message, $filename, $line) {
453
  if ($errno & (E_ALL ^ E_NOTICE)) {
Dries's avatar
 
Dries committed
454 455
    $types = array(1 => 'error', 2 => 'warning', 4 => 'parse error', 8 => 'notice', 16 => 'core error', 32 => 'core warning', 64 => 'compile error', 128 => 'compile warning', 256 => 'user error', 512 => 'user warning', 1024 => 'user notice', 2048 => 'strict warning');
    $entry = $types[$errno] .': '. $message .' in '. $filename .' on line '. $line .'.';
Dries's avatar
 
Dries committed
456

Dries's avatar
 
Dries committed
457
    if (variable_get('error_level', 1) == 1) {
Dries's avatar
 
Dries committed
458
      print '<pre>'. $entry .'</pre>';
Dries's avatar
Dries committed
459
    }
460 461

    watchdog('php', t('%message in %file on line %line.', array('%error' => $types[$errno], '%message' => $message, '%file' => $filename, '%line' => $line)), WATCHDOG_ERROR);
Dries's avatar
 
Dries committed
462 463 464
  }
}

Dries's avatar
 
Dries committed
465
function _fix_gpc_magic(&$item) {
Dries's avatar
Dries committed
466
  if (is_array($item)) {
Kjartan's avatar
Kjartan committed
467 468 469
    array_walk($item, '_fix_gpc_magic');
  }
  else {
Kjartan's avatar
Kjartan committed
470
    $item = stripslashes($item);
Dries's avatar
 
Dries committed
471 472 473
  }
}

Dries's avatar
 
Dries committed
474 475 476 477
/**
 * Correct double-escaping problems caused by "magic quotes" in some PHP
 * installations.
 */
Dries's avatar
 
Dries committed
478 479
function fix_gpc_magic() {
  static $fixed = false;
Dries's avatar
 
Dries committed
480
  if (!$fixed && ini_get('magic_quotes_gpc')) {
Dries's avatar
Dries committed
481 482 483 484 485 486
    array_walk($_GET, '_fix_gpc_magic');
    array_walk($_POST, '_fix_gpc_magic');
    array_walk($_COOKIE, '_fix_gpc_magic');
    array_walk($_REQUEST, '_fix_gpc_magic');
    $fixed = true;
  }
Dries's avatar
 
Dries committed
487 488
}

489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520
/**
 * An unchecked checkbox is not present in $_POST so we fix it here by
 * proving a default value of 0.  Also, with form_checkboxes() we expect
 * an array, but HTML does not send the empty array.  This is also taken
 * care off.
 */
function fix_checkboxes() {
  if (isset($_POST['form_array'])) {
    $_POST['edit'] = _fix_checkboxes($_POST['edit'], $_POST['form_array'], array());
  }
  if (isset($_POST['form_zero'])) {
    $_POST['edit'] = _fix_checkboxes($_POST['edit'], $_POST['form_zero'], 0);
  }
}

function _fix_checkboxes($array1, $array2, $value) {
  if (is_array($array2) && count($array2)) {
    foreach ($array2 as $k => $v) {
      if (is_array($v) && count($v)) {
        $array1[$k] = _fix_checkboxes($array1[$k], $v, $value);
      }
      else if (!isset($array1[$k])) {
        $array1[$k] = $value;
      }
    }
  }
  else {
    $array1 = $value;
  }
  return $array1;
}

Kjartan's avatar
Kjartan committed
521 522 523
/**
 * @name Conversion
 * @{
Dries's avatar
 
Dries committed
524
 * Converts data structures to different types.
Kjartan's avatar
Kjartan committed
525
 */
Dries's avatar
 
Dries committed
526 527 528 529

/**
 * Convert an associative array to an anonymous object.
 */
Dries's avatar
Dries committed
530 531
function array2object($array) {
  if (is_array($array)) {
Dries's avatar
 
Dries committed
532
    $object = new StdClass();
Dries's avatar
Dries committed
533
    foreach ($array as $key => $value) {
Dries's avatar
 
Dries committed
534 535 536 537
      $object->$key = $value;
    }
  }
  else {
Dries's avatar
Dries committed
538
    $object = $array;
Dries's avatar
 
Dries committed
539 540 541 542 543
  }

  return $object;
}

Dries's avatar
 
Dries committed
544 545 546
/**
 * Convert an object to an associative array.
 */
Dries's avatar
Dries committed
547 548 549
function object2array($object) {
  if (is_object($object)) {
    foreach ($object as $key => $value) {
Dries's avatar
 
Dries committed
550 551 552 553
      $array[$key] = $value;
    }
  }
  else {
Dries's avatar
Dries committed
554
    $array = $object;
Dries's avatar
 
Dries committed
555 556 557 558
  }

  return $array;
}
Dries's avatar
 
Dries committed
559 560 561 562

/**
 * @} End of "Conversion".
 */
Dries's avatar
 
Dries committed
563

Kjartan's avatar
Kjartan committed
564 565 566
/**
 * @name Messages
 * @{
Dries's avatar
 
Dries committed
567
 * Frequently used messages.
Kjartan's avatar
Kjartan committed
568
 */
Dries's avatar
 
Dries committed
569 570 571 572

/**
 * Return a string with a "not applicable" message.
 */
Dries's avatar
 
Dries committed
573
function message_na() {
Dries's avatar
 
Dries committed
574
  return t('n/a');
Dries's avatar
 
Dries committed
575 576
}

Dries's avatar
 
Dries committed
577 578 579
/**
 * @} End of "Messages".
 */
Dries's avatar
 
Dries committed
580

Dries's avatar
 
Dries committed
581 582 583
/**
 * Initialize the localization system.
 */
Dries's avatar
 
Dries committed
584 585
function locale_initialize() {
  global $user;
Dries's avatar
 
Dries committed
586 587 588 589 590

  if (function_exists('i18n_get_lang')) {
    return i18n_get_lang();
  }

Dries's avatar
 
Dries committed
591 592 593 594 595
  if (function_exists('locale')) {
    $languages = locale_supported_languages();
    $languages = $languages['name'];
  }
  else {
596 597 598
    // Ensure the locale/language is correctly returned, even without locale.module.
    // Useful for e.g. XML/HTML 'lang' attributes.
    $languages = array('en' => 'English');
Dries's avatar
 
Dries committed
599
  }
Dries's avatar
 
Dries committed
600 601 602 603 604 605
  if ($user->uid && $languages[$user->language]) {
    return $user->language;
  }
  else {
    return key($languages);
  }
Dries's avatar
 
Dries committed
606 607
}

Kjartan's avatar
Kjartan committed
608
/**
Dries's avatar
 
Dries committed
609
 * Translate strings to the current locale.
Kjartan's avatar
Kjartan committed
610
 *
611
 * When using t(), try to put entire sentences and strings in one t() call.
Dries's avatar
 
Dries committed
612 613 614 615
 * This makes it easier for translators. HTML markup within translation strings
 * is acceptable, if necessary. The suggested syntax for a link embedded
 * within a translation string is:
 * @code
Dries's avatar
 
Dries committed
616 617 618
 *   $msg = t('You must log in below or <a href="%url">create a new
 *             account</a> before viewing the next page.', array('%url'
 *             => url('user/register')));
Dries's avatar
 
Dries committed
619
 * @endcode
620 621 622
 * We suggest the same syntax for links to other sites. This makes it easy to
 * change link URLs if needed (which happens often) without requiring updates
 * to translations.
Kjartan's avatar
Kjartan committed
623
 *
Dries's avatar
 
Dries committed
624
 * @param $string
Dries's avatar
 
Dries committed
625
 *   A string containing the English string to translate.
Dries's avatar
 
Dries committed
626 627
 * @param $args
 *   An associative array of replacements to make after translation. Incidences
Dries's avatar
 
Dries committed
628
 *   of any key in this array are replaced with the corresponding value.
Dries's avatar
 
Dries committed
629 630
 * @return
 *   The translated string.
Kjartan's avatar
Kjartan committed
631
 */
Dries's avatar
 
Dries committed
632
function t($string, $args = 0) {
Dries's avatar
 
Dries committed
633 634 635 636
  global $locale;
  if (function_exists('locale') && $locale != 'en') {
    $string = locale($string);
  }
637

Dries's avatar
 
Dries committed
638 639
  if (!$args) {
    return $string;
Kjartan's avatar
Kjartan committed
640 641
  }
  else {
Dries's avatar
 
Dries committed
642 643
    return strtr($string, $args);
  }
Dries's avatar
 
Dries committed
644 645
}

Dries's avatar
 
Dries committed
646
/**
647
 * Encode special characters in a plain-text string for display as HTML.
Dries's avatar
 
Dries committed
648
 */
649
function check_plain($text) {
650
  return htmlspecialchars($text, ENT_QUOTES);
Dries's avatar
 
Dries committed
651 652
}

Kjartan's avatar
Kjartan committed
653
/**
Dries's avatar
 
Dries committed
654
 * @defgroup validation Input validation
Dries's avatar
 
Dries committed
655
 * @{
Dries's avatar
 
Dries committed
656
 * Functions to validate user input.
Kjartan's avatar
Kjartan committed
657 658
 */

659
/**
Dries's avatar
 
Dries committed
660 661 662
 * Verify the syntax of the given e-mail address.
 *
 * Empty e-mail addresses are allowed. See RFC 2822 for details.
663
 *
Dries's avatar
 
Dries committed
664 665
 * @param $mail
 *   A string containing an email address.
Dries's avatar
 
Dries committed
666
 * @return
Dries's avatar
 
Dries committed
667
 *   TRUE if the address is in a valid format.
668
 */
Dries's avatar
 
Dries committed
669
function valid_email_address($mail) {
670
  $user = '[a-zA-Z0-9_\-\.\+\^!#\$%&*+\/\=\?\`\|\{\}~\']+';
671
  $domain = '(?:(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.?)+';
672 673 674
  $ipv4 = '[0-9]{1,3}(\.[0-9]{1,3}){3}';
  $ipv6 = '[0-9a-fA-F]{1,4}(\:[0-9a-fA-F]{1,4}){7}';

Dries's avatar
Dries committed
675
  return preg_match("/^$user@($domain|(\[($ipv4|$ipv6)\]))$/", $mail);
676 677
}

Dries's avatar
 
Dries committed
678 679 680
/**
 * Verify the syntax of the given URL.
 *
Dries's avatar
 
Dries committed
681
 * @param $url
Dries's avatar
 
Dries committed
682
 *   The URL to verify.
Dries's avatar
 
Dries committed
683
 * @param $absolute
Dries's avatar
 
Dries committed
684
 *   Whether the URL is absolute (beginning with a scheme such as "http:").
Dries's avatar
 
Dries committed
685
 * @return
Dries's avatar
 
Dries committed
686
 *   TRUE if the URL is in a valid format.
Dries's avatar
 
Dries committed
687
 */
Dries's avatar
 
Dries committed
688
function valid_url($url, $absolute = FALSE) {
689
  $allowed_characters = '[a-z0-9\/:_\-_\.\?\$,~=#&%\+]';
690
  if ($absolute) {
691
    return preg_match("/^(http|https|ftp):\/\/". $allowed_characters ."+$/i", $url);
692 693
  }
  else {
694
    return preg_match("/^". $allowed_characters ."+$/i", $url);
695
  }
Dries's avatar
 
Dries committed
696 697
}

Dries's avatar
 
Dries committed
698 699 700 701 702 703 704 705 706 707
/**
 * Validate data input by a user.
 *
 * Ensures that user data cannot be used to perform attacks on the site.
 *
 * @param $data
 *   The input to check.
 * @return
 *   TRUE if the input data is acceptable.
 */
Kjartan's avatar
Kjartan committed
708 709
function valid_input_data($data) {
  if (is_array($data) || is_object($data)) {
Dries's avatar
 
Dries committed
710
    // Form data can contain a number of nested arrays.
Kjartan's avatar
Kjartan committed
711
    foreach ($data as $key => $value) {
Dries's avatar
 
Dries committed
712
      if (!valid_input_data($key) || !valid_input_data($value)) {
Dries's avatar
 
Dries committed
713
        return FALSE;
Kjartan's avatar
Kjartan committed
714 715 716
      }
    }
  }
Dries's avatar
Dries committed
717
  else if (isset($data)) {
Dries's avatar
 
Dries committed
718
    // Detect dangerous input data.
Kjartan's avatar
Kjartan committed
719

720 721 722
    // Decode all normal character entities.
    $data = decode_entities($data, array('<', '&', '"'));

Dries's avatar
 
Dries committed
723 724 725 726
    // Check strings:
    $match  = preg_match('/\Wjavascript\s*:/i', $data);
    $match += preg_match('/\Wexpression\s*\(/i', $data);
    $match += preg_match('/\Walert\s*\(/i', $data);
Kjartan's avatar
Kjartan committed
727

Dries's avatar
 
Dries committed
728
    // Check attributes:
Kjartan's avatar
Kjartan committed
729 730
    $match += preg_match("/\W(dynsrc|datasrc|data|lowsrc|on[a-z]+)\s*=[^>]+?>/i", $data);

Dries's avatar
 
Dries committed
731
    // Check tags:
Kjartan's avatar
Kjartan committed
732 733 734
    $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data);

    if ($match) {
735
      watchdog('security', t('Terminated request because of suspicious input data: %data.', array('%data' => theme('placeholder', $data))));
Dries's avatar
 
Dries committed
736
      return FALSE;
Kjartan's avatar
Kjartan committed
737 738 739
    }
  }

Dries's avatar
 
Dries committed
740
  return TRUE;
Kjartan's avatar
Kjartan committed
741
}
Dries's avatar
 
Dries committed
742 743 744
/**
 * @} End of "defgroup validation".
 */
Kjartan's avatar
Kjartan committed
745

Dries's avatar
 
Dries committed
746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772
/**
 * Register an event for the current visitor (hostname/IP) to the flood control mechanism.
 *
 * @param $name
 *   The name of the event.
 */
function flood_register_event($name) {
  db_query("INSERT INTO {flood} (event, hostname, timestamp) VALUES ('%s', '%s', %d)", $name, $_SERVER['REMOTE_ADDR'], time());
}

/**
 * Check if the current visitor (hostname/IP) is allowed to proceed with the specified event.
 * The user is allowed to proceed if he did not trigger the specified event more than
 * $threshold times per hour.
 *
 * @param $name
 *   The name of the event.
 * @param $number
 *   The maximum number of the specified event per hour (per visitor).
 * @return
 *   True if the user did not exceed the hourly threshold.  False otherwise.
 */
function flood_is_allowed($name, $threshold) {
  $number = db_num_rows(db_query("SELECT event FROM {flood} WHERE event = '%s' AND hostname = '%s' AND timestamp > %d", $name, $_SERVER['REMOTE_ADDR'], time() - 3600));
  return ($number < $threshold ? TRUE : FALSE);
}

773 774
function check_file($filename) {
  return is_uploaded_file($filename);
Dries's avatar
 
Dries committed
775 776
}

Dries's avatar
 
Dries committed
777
/**
Dries's avatar
 
Dries committed
778
 * @defgroup format Formatting
Dries's avatar
 
Dries committed
779
 * @{
Dries's avatar
 
Dries committed
780
 * Functions to format numbers, strings, dates, etc.
Dries's avatar
 
Dries committed
781 782
 */

Dries's avatar
 
Dries committed
783 784 785 786 787 788
/**
 * Formats an RSS channel.
 *
 * Arbitrary elements may be added using the $args associative array.
 */
function format_rss_channel($title, $link, $description, $items, $language = 'en', $args = array()) {
Dries's avatar
 
Dries committed
789 790
  // arbitrary elements may be added using the $args associative array

Dries's avatar
Dries committed
791
  $output = "<channel>\n";
792 793 794 795
  $output .= ' <title>'. check_plain($title) ."</title>\n";
  $output .= ' <link>'. check_url($link) ."</link>\n";
  $output .= ' <description>'. check_plain($description) ."</description>\n";
  $output .= ' <language>'. check_plain($language) ."</language>\n";
Dries's avatar
 
Dries committed
796
  foreach ($args as $key => $value) {
797
    $output .= ' <'. $key .'>'. check_plain($value) ."</$key>\n";
Dries's avatar
 
Dries committed
798
  }
Dries's avatar
 
Dries committed
799 800 801 802 803 804
  $output .= $items;
  $output .= "</channel>\n";

  return $output;
}

Dries's avatar
 
Dries committed
805 806 807 808 809
/**
 * Format a single RSS item.
 *
 * Arbitrary elements may be added using the $args associative array.
 */
Dries's avatar
 
Dries committed
810
function format_rss_item($title, $link, $description, $args = array()) {
Dries's avatar
Dries committed
811
  $output = "<item>\n";
812 813 814
  $output .= ' <title>'. check_plain($title) ."</title>\n";
  $output .= ' <link>'. check_url($link) ."</link>\n";
  $output .= ' <description>'. check_plain($description) ."</description>\n";
Dries's avatar
 
Dries committed
815
  foreach ($args as $key => $value) {
Dries's avatar
 
Dries committed
816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831
    if (is_array($value)) {
      if ($value['key']) {
        $output .= ' <'. $value['key'];
        if (is_array($value['attributes'])) {
          $output .= drupal_attributes($value['attributes']);
        }

        if ($value['value']) {
          $output .= '>'. $value['value'] .'</'. $value['key'] .">\n";
        }
        else {
          $output .= " />\n";
        }
      }
    }
    else {
832
      $output .= ' <'. $key .'>'. check_plain($value) ."</$key>\n";
Dries's avatar
 
Dries committed
833
    }
Dries's avatar
 
Dries committed
834
  }
Dries's avatar
 
Dries committed
835 836 837 838 839
  $output .= "</item>\n";

  return $output;
}

Dries's avatar
 
Dries committed
840
/**
Dries's avatar
 
Dries committed
841
 * Format a string containing a count of items.
Dries's avatar
 
Dries committed
842
 *
Dries's avatar
 
Dries committed
843 844 845 846 847 848 849 850 851 852 853 854 855 856
 * This function ensures that the string is pluralized correctly. Since t() is
 * called by this function, make sure not to pass already-localized strings to it.
 *
 * @param $count
 *   The item count to display.
 * @param $singular
 *   The string for the singular case. Please make sure it is clear this is
 *   singular, to ease translation (e.g. use "1 new comment" instead of "1 new").
 * @param $plural
 *   The string for the plural case. Please make sure it is clear this is plural,
 *   to ease translation. Use %count in place of the item count, as in "%count
 *   new comments".
 * @return
 *   A translated string.
Dries's avatar
 
Dries committed
857
 */
Dries's avatar
 
Dries committed
858
function format_plural($count, $singular, $plural) {
859
  if ($count == 1) return t($singular, array("%count" => $count));
Dries's avatar
 
Dries committed
860 861

  // get the plural index through the gettext formula
862
  $index = (function_exists('locale_get_plural')) ? locale_get_plural($count) : -1;
Dries's avatar
 
Dries committed
863 864 865 866 867 868
  if ($index < 0) { // backward compatibility
    return t($plural, array("%count" => $count));
  }
  else {
    switch ($index) {
      case "0":
869
        return t($singular, array("%count" => $count));
Dries's avatar
 
Dries committed
870 871 872 873 874 875
      case "1":
        return t($plural, array("%count" => $count));
      default:
        return t(strtr($plural, array("%count" => '%count['. $index .']')), array('%count['. $index .']' => $count));
    }
  }
Dries's avatar
 
Dries committed
876 877
}

Dries's avatar
 
Dries committed
878
/**
Dries's avatar
 
Dries committed
879
 * Generate a string representation for the given byte count.
Dries's avatar
 
Dries committed
880
 *
Dries's avatar
 
Dries committed
881 882 883 884
 * @param $size
 *   The size in bytes.
 * @return
 *   A translated string representation of the size.
Dries's avatar
 
Dries committed
885
 */
Dries's avatar
 
Dries committed
886
function format_size($size) {
Dries's avatar
 
Dries committed
887
  $suffix = t('bytes');
888
  if ($size >= 1024) {
Dries's avatar
 
Dries committed
889
    $size = round($size / 1024, 2);
Dries's avatar
 
Dries committed
890
    $suffix = t('KB');
Dries's avatar
 
Dries committed
891
  }
892
  if ($size >= 1024) {
Dries's avatar
 
Dries committed
893
    $size = round($size / 1024, 2);
Dries's avatar
 
Dries committed
894
    $suffix = t('MB');
Dries's avatar
 
Dries committed
895
  }
Dries's avatar
 
Dries committed
896
  return t('%size %suffix', array('%size' => $size, '%suffix' => $suffix));
Dries's avatar
 
Dries committed
897 898
}

Dries's avatar
 
Dries committed
899
/**
Dries's avatar
 
Dries committed
900
 * Format a time interval with the requested granularity.
Dries's avatar
 
Dries committed
901
 *
Dries's avatar
 
Dries committed
902 903 904 905 906 907
 * @param $timestamp
 *   The length of the interval in seconds.
 * @param $granularity
 *   How many different units to display in the string.
 * @return
 *   A translated string representation of the interval.
Dries's avatar
 
Dries committed
908
 */
Dries's avatar
 
Dries committed
909
function format_interval($timestamp, $granularity = 2) {
Dries's avatar
 
Dries committed
910
  $units = array('1 year|%count years' => 31536000, '1 week|%count weeks' => 604800, '1 day|%count days' => 86400, '1 hour|%count hours' => 3600, '1 min|%count min' => 60, '1 sec|%count sec' => 1);
Dries's avatar
 
Dries committed
911
  $output = '';
Dries's avatar
 
Dries committed
912
  foreach ($units as $key => $value) {
Dries's avatar
 
Dries committed
913
    $key = explode('|', $key);
Dries's avatar
 
Dries committed
914
    if ($timestamp >= $value) {
Dries's avatar
 
Dries committed
915
      $output .= ($output ? ' ' : '') . format_plural(floor($timestamp / $value), $key[0], $key[1]);
Dries's avatar
 
Dries committed
916
      $timestamp %= $value;
Dries's avatar
 
Dries committed
917 918 919 920 921
      $granularity--;
    }

    if ($granularity == 0) {
      break;
Dries's avatar
 
Dries committed
922 923
    }
  }
Dries's avatar
 
Dries committed
924
  return $output ? $output : t('0 sec');
Dries's avatar
 
Dries committed
925 926
}

Dries's avatar
 
Dries committed
927
/**
Dries's avatar
 
Dries committed
928 929
 * Format a date with the given configured format or a custom format string.
 *
Dries's avatar
 
Dries committed
930 931 932 933
 * Drupal allows administrators to select formatting strings for 'small',
 * 'medium' and 'large' date formats. This function can handle these formats,
 * as well as any custom format.
 *
Dries's avatar
 
Dries committed
934 935 936 937 938 939
 * @param $timestamp
 *   The exact date to format, as a UNIX timestamp.
 * @param $type
 *   The format to use. Can be "small", "medium" or "large" for the preconfigured
 *   date formats. If "custom" is specified, then $format is required as well.
 * @param $format
940 941 942
 *   A PHP date format string as required by date(). A backslash should be used
 *   before a character to avoid interpreting the character as part of a date
 *   format.
Dries's avatar
 
Dries committed
943 944 945 946
 * @param $timezone
 *   Time zone offset in seconds; if omitted, the user's time zone is used.
 * @return
 *   A translated date string in the requested format.
Dries's avatar
 
Dries committed
947
 */
948 949 950
function format_date($timestamp, $type = 'medium', $format = '', $timezone = NULL) {
  if ($timezone === NULL) {
    global $user;
Steven Wittens's avatar
Steven Wittens committed
951 952 953 954 955 956
    if (variable_get('configurable_timezones', 1) && $user->uid && strlen($user->timezone)) {
      $timezone = $user->timezone;
    }
    else {
      $timezone = variable_get('date_default_timezone', 0);
    }
957
  }
Dries's avatar
 
Dries committed
958

959
  $timestamp += $timezone;
Dries's avatar
 
Dries committed
960 961

  switch ($type) {
962 963
    case 'small':
      $format = variable_get('date_format_short', 'm/d/Y - H:i');
Dries's avatar
 
Dries committed
964
      break;
965 966
    case 'large':
      $format = variable_get('date_format_long', 'l, F j, Y - H:i');
Dries's avatar
 
Dries committed
967
      break;
968
    case 'custom':
Dries's avatar
 
Dries committed
969
      // No change to format
Dries's avatar
 
Dries committed
970
      break;
971
    case 'medium':
Dries's avatar
 
Dries committed
972
    default:
973
      $format = variable_get('date_format_medium', 'D, m/d/Y - H:i');
Dries's avatar
 
Dries committed
974 975
  }

976
  $max = strlen($format);
Dries's avatar
 
Dries committed
977
  $date = '';
Dries's avatar
 
Dries committed
978 979
  for ($i = 0; $i < $max; $i++) {
    $c = $format{$i};
980
    if (strpos('AaDFlM', $c) !== false) {
981
      $date .= t(gmdate($c, $timestamp));
982
    }
983
    else if (strpos('BdgGhHiIjLmnsStTUwWYyz', $c) !== false) {
984 985 986 987
      $date .= gmdate($c, $timestamp);
    }
    else if ($c == 'r') {
      $date .= format_date($timestamp - $timezone, 'custom', 'D, d M Y H:i:s O', $timezone);
Dries's avatar
 
Dries committed
988
    }
989 990 991 992 993
    else if ($c == 'O') {
      $date .= sprintf('%s%02d%02d', ($timezone < 0 ? '-' : '+'), abs($timezone / 3600), abs($timezone % 3600) / 60);
    }
    else if ($c == 'Z') {
      $date .= $timezone;
Dries's avatar
 
Dries committed
994
    }
995 996 997
    else if ($c == '\\') {
      $date .= $format[++$i];
    }
Dries's avatar
 
Dries committed
998
    else {
999
      $date .= $c;
Dries's avatar
 
Dries committed
1000
    }
Dries's avatar
 
Dries committed
1001
  }
1002

Dries's avatar
 
Dries committed
1003 1004 1005
  return $date;
}

Dries's avatar
 
Dries committed
1006 1007 1008
/**
 * @} End of "defgroup format".
 */
Dries's avatar
 
Dries committed
1009

Kjartan's avatar
Kjartan committed
1010
/**
Dries's avatar
 
Dries committed
1011
 * @defgroup form Form generation
Kjartan's avatar
Kjartan committed
1012
 * @{
Dries's avatar
 
Dries committed
1013
 * Functions to enable output of HTML forms and form elements.
1014
 *
Dries's avatar
 
Dries committed
1015 1016
 * Drupal uses these functions to achieve consistency in its form presentation,
 * while at the same time simplifying code and reducing the amount of HTML that
1017
 * must be explicitly generated by modules.
Kjartan's avatar
Kjartan committed
1018
 */
Dries's avatar
 
Dries committed
1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034

/**
 * Generate a form from a set of form elements.
 *
 * @param $form
 *   An HTML string containing one or more form elements.
 * @param $method
 *   The query method to use ("post" or "get").
 * @param $action
 *   The URL to send the form contents to, if not the current page.
 * @param $attributes
 *   An associative array of attributes to add to the form tag.
 * @result
 *   An HTML string with the contents of $form wrapped in a form tag.
 */
function form($form, $method = 'post', $action = NULL, $attributes = NULL) {
Dries's avatar
 
Dries committed
1035
  if (!$action) {
1036
    $action = request_uri();
Dries's avatar
 
Dries committed
1037
  }
1038
  // Anonymous div to satisfy XHTML compliancy.
1039
  return '<form action="'. check_url($action) .'" method="'. $method .'"'. drupal_attributes($attributes) .">\n<div>". $form ."\n</div></form>\n";
Dries's avatar
 
Dries committed
1040 1041
}

1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059
/**
 * Set a hidden 'form_token' field to be included in a form, used to validate
 * that the resulting submission was actually generated by a local form.
 *
 * @param $key
 *   A unique key to identify the form that is currently being displayed.
 *   This identical key is later used to validate that the resulting submission
 *   actually originated with this form.
 * @result
 *   A themed HTML string representing the hidden token field.
 */
function form_token($key) {
  // this private key should always be kept secret
  if (!variable_get('drupal_private_key', '')) {
    variable_set('drupal_private_key', mt_rand());
  }

  // the verification token is an md5 hash of the form key and our private key
1060
  return form_hidden('form_token', md5($_SERVER['REMOTE_ADDR'] . $key . variable_get('drupal_private_key', '')));
1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082
}

/**
 * Verify that the hidden 'form_token' field was actually generated with our
 * private key.
 *
 * @param $edit
 *  An array containing the form that needs to be validated.
 * @param $key
 *  The same key that was used to generate the 'form_token'.
 * @param $error_message
 *  An optional error message to display if the form does not validate.
 * @result
 *  There is nothing returned from this function, but if the 'form_token' does
 *  not validate an error is generated, preventing the submission.
 */
function form_validate($edit, $key, $error_message = NULL) {
  if ($error_message == NULL) {
    // set a generic default error message
    $error = t('Validation error, please try again.  If this error persists, please contact the site administrator.');
  }

1083
  if ($edit['form_token'] != md5($_SERVER['REMOTE_ADDR'] . $key . variable_get('drupal_private_key', ''))) {
1084 1085 1086 1087 1088
    // setting this error will cause the form to fail validation
    form_set_error('form_token', $error);
  }
}

Dries's avatar
 
Dries committed
1089
/**
Dries's avatar
 
Dries committed
1090
 * File an error against the form element with the specified name.
Dries's avatar
 
Dries committed
1091 1092 1093 1094 1095 1096 1097
 */
function form_set_error($name, $message) {
  $GLOBALS['form'][$name] = $message;
  drupal_set_message($message, 'error');
}

/**
Dries's avatar
 
Dries committed
1098
 * Return an associative array of all errors.
Dries's avatar
 
Dries committed
1099
 */
Dries's avatar
 
Dries committed
1100
function form_get_errors() {
1101 1102 1103
  if (array_key_exists('form', $GLOBALS)) {
    return $GLOBALS['form'];
  }
Dries's avatar
 
Dries committed
1104 1105 1106 1107 1108 1109
}

/**
 * Return the error message filed against the form with the specified name.
 */
function _form_get_error($name) {
Dries's avatar
 
Dries committed
1110 1111 1112
  if (array_key_exists('form', $GLOBALS)) {
    return $GLOBALS['form'][$name];
  }
Dries's avatar
 
Dries committed
1113 1114 1115 1116 1117 1118
}

function _form_get_class($name, $required, $error) {
  return $name. ($required ? ' required' : '') . ($error ? ' error' : '');
}

Dries's avatar
 
Dries committed
1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136
/**
 * Format a general form item.
 *
 * @param $title
 *   The label for the form item.
 * @param $value
 *   The contents of the form item.
 * @param $description
 *   Explanatory text to display after the form item.
 * @param $id
 *   A unique identifier for the form item.
 * @param $required
 *   Whether the user must fill in this form element before submitting the form.
 * @param $error
 *   An error message to display alongside the form element.
 * @return
 *   A themed HTML string representing the form item.
 */
Dries's avatar
 
Dries committed
1137
function form_item($title, $value, $description = NULL, $id = NULL, $required = FALSE, $error = FALSE) {
Dries's avatar
 
Dries committed
1138
  return theme('form_element', $title, $value, $description, $id, $required, $error);
Dries's avatar
 
Dries committed
1139
}
Dries's avatar
 
Dries committed
1140

Dries's avatar
 
Dries committed
1141 1142 1143 1144 1145 1146 1147 1148 1149
/**
 * Format a group of form items.
 *
 * @param $legend
 *   The label for the form item group.
 * @param $group
 *   The form items within the group, as an HTML string.
 * @param $description
 *   Explanatory text to display after the form item group.
1150 1151
 * @param $attributes
 *   An associative array of HTML attributes to add to the fieldset tag.
Dries's avatar
 
Dries committed
1152 1153 1154
 * @return
 *   A themed HTML string representing the form item group.
 */
1155 1156
function form_group($legend, $group, $description = NULL, $attributes = NULL) {
  return '<fieldset' . drupal_attributes($attributes) .'>' . ($legend ? '<legend>'. $legend .'</legend>' : '') . $group . ($description ? '<div class="description">'. $description .'</div>' : '') . "</fieldset>\n";
Dries's avatar
 
Dries committed
1157
}
Dries's avatar
 
Dries committed
1158

1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185
/**
 * Format a group of form items.
 *
 * @param $legend
 *   The label for the form item group.
 * @param $group
 *   The form items within the group, as an HTML string.
 * @param $collapsed
 *   A boolean value decided whether the group starts collapsed.
 * @param $description
 *   Explanatory text to display after the form item group.
 * @param $attributes
 *   An associative array of HTML attributes to add to the fieldset tag.
 * @return
 *   A themed HTML string representing the form item group.
 */
function form_group_collapsible($legend, $group, $collapsed = FALSE, $description = NULL, $attributes = NULL) {
  drupal_add_js('misc/collapse.js');

  $attributes['class'] .= ' collapsible';
  if ($collapsed) {
    $attributes['class'] .= ' collapsed';
  }

  return '<fieldset' . drupal_attributes($attributes) .'>' . ($legend ? '<legend>'. $legend .'</legend>' : '') . $group . ($description ? '<div class="description">'. $description .'</div>' : '') . "</fieldset>\n";
}

Dries's avatar
 
Dries committed
1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207
/**
 * Format a radio button.
 *
 * @param $title
 *   The label for the radio button.
 * @param $name
 *   The internal name used to refer to the button.
 * @param $value
 *   The value that the form element takes on when selected.
 * @param $checked
 *   Whether the button will be initially selected when the page is rendered.
 * @param $description
 *   Explanatory text to display after the form item.
 * @param $attributes
 *   An associative array of HTML attributes to add to the button.
 * @param $required
 *   Whether the user must select this radio button before submitting the form.
 * @return
 *   A themed HTML string representing the radio button.
 */
function form_radio($title, $name, $value = 1, $checked = FALSE, $description = NULL, $attributes = NULL, $required = FALSE) {
  $element = '<input type="radio" class="'. _form_get_class('form-radio', $required, _form_get_error($name)) .'" name="edit['. $name .']" value="'. $value .'"'. ($checked ? ' checked="checked"' : '') . drupal_attributes($attributes) .' />';
1208
  if (!is_null($title)) {
Dries's avatar
 
Dries committed
1209
    $element = '<label class="option">'. $element .' '. $title .'</label>';
1210
  }