user.module 111 KB
Newer Older
Dries Buytaert's avatar
   
Dries Buytaert committed
1
2
3
<?php
// $Id$

Dries Buytaert's avatar
   
Dries Buytaert committed
4
5
6
7
8
/**
 * @file
 * Enables the user registration and login system.
 */

9
10
11
define('USERNAME_MAX_LENGTH', 60);
define('EMAIL_MAX_LENGTH', 64);

12
13
14
/**
 * Invokes hook_user() in every module.
 *
15
 * We cannot use module_invoke() for this, because the arguments need to
16
17
 * be passed by reference.
 */
18
function user_module_invoke($type, &$array, &$user, $category = NULL) {
Dries Buytaert's avatar
   
Dries Buytaert committed
19
20
  foreach (module_list() as $module) {
    $function = $module .'_user';
21
22
23
    if (function_exists($function)) {
      $function($type, $array, $user, $category);
    }
Dries Buytaert's avatar
   
Dries Buytaert committed
24
25
26
  }
}

Dries Buytaert's avatar
   
Dries Buytaert committed
27
function user_external_load($authname) {
Dries Buytaert's avatar
   
Dries Buytaert committed
28
  $result = db_query("SELECT uid FROM {authmap} WHERE authname = '%s'", $authname);
Dries Buytaert's avatar
   
Dries Buytaert committed
29

30
  if ($user = db_fetch_array($result)) {
Dries Buytaert's avatar
   
Dries Buytaert committed
31
    return user_load($user);
Dries Buytaert's avatar
   
Dries Buytaert committed
32
33
34
35
36
37
  }
  else {
    return 0;
  }
}

38
39
40
41
42
/**
 * Fetch a user object.
 *
 * @param $array
 *   An associative array of attributes to search for in selecting the
43
 *   user, such as user name or e-mail address.
44
45
 *
 * @return
46
 *   A fully-loaded $user object upon successful user load or FALSE if user cannot be loaded.
47
 */
Dries Buytaert's avatar
   
Dries Buytaert committed
48
function user_load($array = array()) {
49
  // Dynamically compose a SQL query:
50
  $query = array();
51
  $params = array();
52

53
54
55
56
  if (is_numeric($array)) {
    $array = array('uid' => $array);
  }

Dries Buytaert's avatar
   
Dries Buytaert committed
57
  foreach ($array as $key => $value) {
58
59
    if ($key == 'uid' || $key == 'status') {
      $query[] = "$key = %d";
60
      $params[] = $value;
61
    }
62
63
64
65
    else if ($key == 'pass') {
      $query[] = "pass = '%s'";
      $params[] = md5($value);
    }
Dries Buytaert's avatar
   
Dries Buytaert committed
66
    else {
67
      $query[]= "LOWER($key) = LOWER('%s')";
68
      $params[] = $value;
Dries Buytaert's avatar
   
Dries Buytaert committed
69
70
    }
  }
71
  $result = db_query('SELECT * FROM {users} u WHERE '. implode(' AND ', $query), $params);
Dries Buytaert's avatar
   
Dries Buytaert committed
72

73
74
75
  if (db_num_rows($result)) {
    $user = db_fetch_object($result);
    $user = drupal_unpack($user);
Dries Buytaert's avatar
   
Dries Buytaert committed
76

77
    $user->roles = array();
78
79
80
81
82
83
    if ($user->uid) {
      $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
    }
    else {
      $user->roles[DRUPAL_ANONYMOUS_RID] = 'anonymous user';
    }
84
85
86
87
    $result = db_query('SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
    while ($role = db_fetch_object($result)) {
      $user->roles[$role->rid] = $role->name;
    }
88
    user_module_invoke('load', $array, $user);
89
90
  }
  else {
91
    $user = FALSE;
Dries Buytaert's avatar
   
Dries Buytaert committed
92
  }
Dries Buytaert's avatar
   
Dries Buytaert committed
93
94
95
96

  return $user;
}

97
/**
98
 * Save changes to a user account or add a new user.
99
100
 *
 * @param $account
101
102
 *   The $user object for the user to modify or add. If $user->uid is
 *   omitted, a new user will be added.
103
104
105
 *
 * @param $array
 *   An array of fields and values to save. For example array('name' => 'My name');
106
 *   Setting a field to NULL deletes it from the data column.
107
108
109
110
 *
 * @param $category
 *   (optional) The category for storing profile information in.
 */
111
function user_save($account, $array = array(), $category = 'account') {
112
  // Dynamically compose a SQL query:
113
  $user_fields = user_fields();
Dries Buytaert's avatar
   
Dries Buytaert committed
114
  if ($account->uid) {
115
    user_module_invoke('update', $array, $account, $category);
116
    $query = '';
117
    $data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid)));
Dries Buytaert's avatar
   
Dries Buytaert committed
118
    foreach ($array as $key => $value) {
119
      if ($key == 'pass' && !empty($value)) {
Dries Buytaert's avatar
   
Dries Buytaert committed
120
121
        $query .= "$key = '%s', ";
        $v[] = md5($value);
Dries Buytaert's avatar
   
Dries Buytaert committed
122
      }
123
      else if ((substr($key, 0, 4) !== 'auth') && ($key != 'pass')) {
124
        if (in_array($key, $user_fields)) {
125
          // Save standard fields
Dries Buytaert's avatar
   
Dries Buytaert committed
126
127
          $query .= "$key = '%s', ";
          $v[] = $value;
Dries Buytaert's avatar
   
Dries Buytaert committed
128
        }
Dries Buytaert's avatar
   
Dries Buytaert committed
129
        else if ($key != 'roles') {
130
          // Roles is a special case: it used below.
131
          if ($value === NULL) {
132
133
134
135
136
            unset($data[$key]);
          }
          else {
            $data[$key] = $value;
          }
Dries Buytaert's avatar
   
Dries Buytaert committed
137
        }
Dries Buytaert's avatar
   
Dries Buytaert committed
138
139
      }
    }
140
    $query .= "data = '%s' ";
Dries Buytaert's avatar
   
Dries Buytaert committed
141
    $v[] = serialize($data);
Dries Buytaert's avatar
   
Dries Buytaert committed
142

143
    db_query("UPDATE {users} SET $query WHERE uid = %d", array_merge($v, array($account->uid)));
Dries Buytaert's avatar
   
Dries Buytaert committed
144

145
    // Reload user roles if provided
146
    if (isset($array['roles']) && is_array($array['roles'])) {
147
      db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
Dries Buytaert's avatar
   
Dries Buytaert committed
148

149
      foreach (array_keys($array['roles']) as $rid) {
150
151
152
        if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
          db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $account->uid, $rid);
        }
153
      }
Dries Buytaert's avatar
   
Dries Buytaert committed
154
155
    }

156
    // Delete a blocked user's sessions to kick them if they are online.
157
    if (isset($array['status']) && $array['status'] == 0) {
158
      sess_destroy_uid($account->uid);
159
160
    }

161
    // Refresh user object
Dries Buytaert's avatar
   
Dries Buytaert committed
162
    $user = user_load(array('uid' => $account->uid));
163
    user_module_invoke('after_update', $array, $user, $category);
Dries Buytaert's avatar
   
Dries Buytaert committed
164
165
  }
  else {
166
    $array['uid'] = db_next_id('{users}_uid');
Dries Buytaert's avatar
   
Dries Buytaert committed
167

168
169
170
171
    if (!isset($array['created'])) {    // Allow 'created' to be set by hook_auth
      $array['created'] = time();
    }

172
173
174
    // Note, we wait with saving the data column to prevent module-handled
    // fields from being saved there. We cannot invoke hook_user('insert') here
    // because we don't have a fully initialized user object yet.
Dries Buytaert's avatar
   
Dries Buytaert committed
175
    foreach ($array as $key => $value) {
176
      switch ($key) {
177
178
179
        case 'pass':
          $fields[] = $key;
          $values[] = md5($value);
Dries Buytaert's avatar
   
Dries Buytaert committed
180
          $s[] = "'%s'";
181
          break;
182
183
184
185
186
187
188
189
190
191
192
193
194
195
        case 'uid':        case 'mode':     case 'sort':
        case 'threshold':  case 'created':  case 'access':
        case 'login':      case 'status':
          $fields[] = $key;
          $values[] = $value;
          $s[] = "%d";
          break;
        default:
          if (substr($key, 0, 4) !== 'auth' && in_array($key, $user_fields)) {
            $fields[] = $key;
            $values[] = $value;
            $s[] = "'%s'";
          }
          break;
Dries Buytaert's avatar
   
Dries Buytaert committed
196
197
      }
    }
198
    db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
Dries Buytaert's avatar
   
Dries Buytaert committed
199

200
201
    // Build the initial user object.
    $user = user_load(array('uid' => $array['uid']));
Dries Buytaert's avatar
   
Dries Buytaert committed
202

203
204
205
206
207
    user_module_invoke('insert', $array, $user, $category);

    // Build and save the serialized data field now
    $data = array();
    foreach ($array as $key => $value) {
208
      if ((substr($key, 0, 4) !== 'auth') && ($key != 'roles') && (!in_array($key, $user_fields)) && ($value !== NULL)) {
209
210
211
212
213
        $data[$key] = $value;
      }
    }
    db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid);

214
    // Save user roles (delete just to be safe).
215
216
217
218
219
220
    if (is_array($array['roles'])) {
      db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
      foreach (array_keys($array['roles']) as $rid) {
        if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
          db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
        }
221
222
223
      }
    }

224
225
    // Build the finished user object.
    $user = user_load(array('uid' => $array['uid']));
Dries Buytaert's avatar
   
Dries Buytaert committed
226
227
  }

228
  // Save distributed authentication mappings
229
  $authmaps = array();
Dries Buytaert's avatar
   
Dries Buytaert committed
230
  foreach ($array as $key => $value) {
Dries Buytaert's avatar
   
Dries Buytaert committed
231
    if (substr($key, 0, 4) == 'auth') {
Dries Buytaert's avatar
   
Dries Buytaert committed
232
233
234
      $authmaps[$key] = $value;
    }
  }
235
  if (sizeof($authmaps) > 0) {
Dries Buytaert's avatar
   
Dries Buytaert committed
236
    user_set_authmaps($user, $authmaps);
Dries Buytaert's avatar
   
Dries Buytaert committed
237
238
239
240
241
  }

  return $user;
}

242
243
244
/**
 * Verify the syntax of the given name.
 */
Dries Buytaert's avatar
   
Dries Buytaert committed
245
function user_validate_name($name) {
246
  if (!strlen($name)) return t('You must enter a username.');
247
248
  if (substr($name, 0, 1) == ' ') return t('The username cannot begin with a space.');
  if (substr($name, -1) == ' ') return t('The username cannot end with a space.');
249
  if (strpos($name, '  ') !== FALSE) return t('The username cannot contain multiple spaces in a row.');
250
  if (ereg("[^\x80-\xF7 [:alnum:]@_.-]", $name)) return t('The username contains an illegal character.');
251
252
253
254
255
256
257
  if (preg_match('/[\x{80}-\x{A0}'.          // Non-printable ISO-8859-1 + NBSP
                   '\x{AD}'.                 // Soft-hyphen
                   '\x{2000}-\x{200F}'.      // Various space characters
                   '\x{2028}-\x{202F}'.      // Bidirectional text overrides
                   '\x{205F}-\x{206F}'.      // Various text hinting characters
                   '\x{FEFF}'.               // Byte order mark
                   '\x{FF01}-\x{FF60}'.      // Full-width latin
258
259
                   '\x{FFF9}-\x{FFFD}'.      // Replacement characters
                   '\x{0}]/u',               // NULL byte
260
261
262
                   $name)) {
    return t('The username contains an illegal character.');
  }
263
  if (strpos($name, '@') !== FALSE && !eregi('@([0-9a-z](-?[0-9a-z])*.)+[a-z]{2}([zmuvtg]|fo|me)?$', $name)) return t('The username is not a valid authentication ID.');
264
  if (strlen($name) > USERNAME_MAX_LENGTH) return t('The username %name is too long: it must be %max characters or less.', array('%name' => $name, '%max' => USERNAME_MAX_LENGTH));
Dries Buytaert's avatar
   
Dries Buytaert committed
265
266
267
}

function user_validate_mail($mail) {
268
  if (!$mail) return t('You must enter an e-mail address.');
269
  if (!valid_email_address($mail)) {
270
    return t('The e-mail address %mail is not valid.', array('%mail' => $mail));
Dries Buytaert's avatar
   
Dries Buytaert committed
271
272
273
  }
}

Dries Buytaert's avatar
   
Dries Buytaert committed
274
function user_validate_picture($file, &$edit, $user) {
275
  global $form_values;
276
  // Initialize the picture:
277
  $form_values['picture'] = $user->picture;
Dries Buytaert's avatar
   
Dries Buytaert committed
278

279
280
  // Check that uploaded file is an image, with a maximum file size
  // and maximum height/width.
281
  $info = image_get_info($file->filepath);
282
  list($maxwidth, $maxheight) = explode('x', variable_get('user_picture_dimensions', '85x85'));
Dries Buytaert's avatar
   
Dries Buytaert committed
283

284
  if (!$info || !$info['extension']) {
285
    form_set_error('picture_upload', t('The uploaded file was not an image.'));
Dries Buytaert's avatar
   
Dries Buytaert committed
286
  }
287
288
  else if (image_get_toolkit()) {
    image_scale($file->filepath, $file->filepath, $maxwidth, $maxheight);
Dries Buytaert's avatar
   
Dries Buytaert committed
289
  }
290
  else if (filesize($file->filepath) > (variable_get('user_picture_file_size', '30') * 1000)) {
291
    form_set_error('picture_upload', t('The uploaded image is too large; the maximum file size is %size kB.', array('%size' => variable_get('user_picture_file_size', '30'))));
292
  }
293
  else if ($info['width'] > $maxwidth || $info['height'] > $maxheight) {
294
    form_set_error('picture_upload', t('The uploaded image is too large; the maximum dimensions are %dimensions pixels.', array('%dimensions' => variable_get('user_picture_dimensions', '85x85'))));
Dries Buytaert's avatar
   
Dries Buytaert committed
295
  }
296
297

  if (!form_get_errors()) {
298
    if ($file = file_save_upload('picture_upload', variable_get('user_picture_path', 'pictures') .'/picture-'. $user->uid .'.'. $info['extension'], 1)) {
299
      $form_values['picture'] = $file->filepath;
300
301
    }
    else {
302
      form_set_error('picture_upload', t("Failed to upload the picture image; the %directory directory doesn't exist.", array('%directory' => variable_get('user_picture_path', 'pictures'))));
303
    }
Dries Buytaert's avatar
   
Dries Buytaert committed
304
305
306
  }
}

307
308
309
/**
 * Generate a random alphanumeric password.
 */
Dries Buytaert's avatar
   
Dries Buytaert committed
310
311
function user_password($length = 10) {
  // This variable contains the list of allowable characters for the
312
313
  // password. Note that the number 0 and the letter 'O' have been
  // removed to avoid confusion between the two. The same is true
314
315
  // of 'I', 1, and l.
  $allowable_characters = 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789';
316

317
318
  // Zero-based count of characters in the allowable list:
  $len = strlen($allowable_characters) - 1;
Dries Buytaert's avatar
   
Dries Buytaert committed
319

320
321
  // Declare the password as a blank string.
  $pass = '';
Dries Buytaert's avatar
   
Dries Buytaert committed
322

323
  // Loop the number of times specified by $length.
Dries Buytaert's avatar
   
Dries Buytaert committed
324
325
326
327
  for ($i = 0; $i < $length; $i++) {

    // Each iteration, pick a random character from the
    // allowable string and append it to the password:
328
    $pass .= $allowable_characters[mt_rand(0, $len)];
Dries Buytaert's avatar
   
Dries Buytaert committed
329
330
331
  }

  return $pass;
Dries Buytaert's avatar
   
Dries Buytaert committed
332
333
}

334
335
336
337
338
/**
 * Determine whether the user has a given privilege.
 *
 * @param $string
 *   The permission, such as "administer nodes", being checked for.
Dries Buytaert's avatar
   
Dries Buytaert committed
339
340
 * @param $account
 *   (optional) The account to check, if not given use currently logged in user.
341
342
 *
 * @return
343
 *   boolean TRUE if the current user has the requested permission.
344
345
346
347
348
 *
 * All permission checks in Drupal should go through this function. This
 * way, we guarantee consistent behavior, and ensure that the superuser
 * can perform all actions.
 */
Dries Buytaert's avatar
   
Dries Buytaert committed
349
function user_access($string, $account = NULL) {
Dries Buytaert's avatar
   
Dries Buytaert committed
350
  global $user;
Dries Buytaert's avatar
   
Dries Buytaert committed
351
  static $perm = array();
Dries Buytaert's avatar
   
Dries Buytaert committed
352

353
354
355
356
  if (is_null($account)) {
    $account = $user;
  }

357
  // User #1 has all privileges:
358
  if ($account->uid == 1) {
359
    return TRUE;
Dries Buytaert's avatar
   
Dries Buytaert committed
360
361
  }

362
363
  // To reduce the number of SQL queries, we cache the user's permissions
  // in a static variable.
364
  if (!isset($perm[$account->uid])) {
365
    $result = db_query("SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (%s)", implode(',', array_keys($account->roles)));
Dries Buytaert's avatar
   
Dries Buytaert committed
366

Steven Wittens's avatar
Steven Wittens committed
367
    $perm[$account->uid] = '';
Dries Buytaert's avatar
   
Dries Buytaert committed
368
    while ($row = db_fetch_object($result)) {
369
      $perm[$account->uid] .= "$row->perm, ";
Dries Buytaert's avatar
   
Dries Buytaert committed
370
    }
Dries Buytaert's avatar
   
Dries Buytaert committed
371
  }
372

373
  if (isset($perm[$account->uid])) {
374
    return strpos($perm[$account->uid], "$string, ") !== FALSE;
375
  }
376

377
  return FALSE;
Dries Buytaert's avatar
   
Dries Buytaert committed
378
379
}

380
381
382
/**
 * Checks for usernames blocked by user administration
 *
383
 * @return boolean TRUE for blocked users, FALSE for active
384
385
 */
function user_is_blocked($name) {
386
  $deny  = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name));
387

388
  return $deny;
389
390
}

Dries Buytaert's avatar
   
Dries Buytaert committed
391
392
function user_fields() {
  static $fields;
Dries Buytaert's avatar
   
Dries Buytaert committed
393

Dries Buytaert's avatar
   
Dries Buytaert committed
394
  if (!$fields) {
395
    $result = db_query('SELECT * FROM {users} WHERE uid = 1');
396
397
398
    if (db_num_rows($result)) {
      $fields = array_keys(db_fetch_array($result));
    }
Dries Buytaert's avatar
   
Dries Buytaert committed
399
400
    else {
      // Make sure we return the default fields at least
401
      $fields = array('uid', 'name', 'pass', 'mail', 'picture', 'mode', 'sort', 'threshold', 'theme', 'signature', 'created', 'access', 'login', 'status', 'timezone', 'language', 'init', 'data');
Dries Buytaert's avatar
   
Dries Buytaert committed
402
    }
Dries Buytaert's avatar
   
Dries Buytaert committed
403
  }
Dries Buytaert's avatar
   
Dries Buytaert committed
404

Dries Buytaert's avatar
   
Dries Buytaert committed
405
  return $fields;
Dries Buytaert's avatar
   
Dries Buytaert committed
406
407
}

408
409
410
/**
 * Implementation of hook_perm().
 */
Dries Buytaert's avatar
   
Dries Buytaert committed
411
function user_perm() {
412
  return array('administer access control', 'administer users', 'access user profiles', 'change own username');
Dries Buytaert's avatar
   
Dries Buytaert committed
413
414
}

415
416
417
418
419
/**
 * Implementation of hook_file_download().
 *
 * Ensure that user pictures (avatars) are always downloadable.
 */
Dries Buytaert's avatar
   
Dries Buytaert committed
420
function user_file_download($file) {
Steven Wittens's avatar
Steven Wittens committed
421
  if (strpos($file, variable_get('user_picture_path', 'pictures') .'/picture-') === 0) {
422
423
    $info = image_get_info(file_create_path($file));
    return array('Content-type: '. $info['mime_type']);
Dries Buytaert's avatar
   
Dries Buytaert committed
424
425
426
  }
}

427
428
429
/**
 * Implementation of hook_search().
 */
430
function user_search($op = 'search', $keys = NULL) {
431
432
  switch ($op) {
    case 'name':
433
      if (user_access('access user profiles')) {
434
        return t('Users');
435
      }
436
    case 'search':
437
438
439
440
441
442
      if (user_access('access user profiles')) {
        $find = array();
        // Replace wildcards with MySQL/PostgreSQL wildcards.
        $keys = preg_replace('!\*+!', '%', $keys);
        $result = pager_query("SELECT * FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
        while ($account = db_fetch_object($result)) {
443
          $find[] = array('title' => $account->name, 'link' => url('user/'. $account->uid, NULL, NULL, TRUE));
444
445
        }
        return $find;
446
      }
Dries Buytaert's avatar
   
Dries Buytaert committed
447
448
449
  }
}

450
451
452
/**
 * Implementation of hook_user().
 */
453
function user_user($type, &$edit, &$user, $category = NULL) {
454
  if ($type == 'view') {
455
    $items['history'] = array('title' => t('Member for'),
456
457
458
459
460
      'value' => format_interval(time() - $user->created),
      'class' => 'member',
    );

    return array(t('History') => $items);
461
  }
462
463
464
465
466
  if ($type == 'form' && $category == 'account') {
    return user_edit_form(arg(1), $edit);
  }

  if ($type == 'validate' && $category == 'account') {
467
    return _user_edit_validate(arg(1), $edit);
468
469
  }

470
471
472
473
  if ($type == 'submit' && $category == 'account') {
    return _user_edit_submit(arg(1), $edit);
  }

474
  if ($type == 'categories') {
475
    return array(array('name' => 'account', 'title' => t('Account settings'), 'weight' => 1));
476
  }
477
478
}

479
480
481
482
483
484
485
486
function user_login_block() {
  $form = array(
    '#action' => url($_GET['q'], drupal_get_destination()),
    '#id' => 'user-login-form',
    '#base' => 'user_login',
  );
  $form['name'] = array('#type' => 'textfield',
    '#title' => t('Username'),
487
    '#maxlength' => USERNAME_MAX_LENGTH,
488
489
490
491
492
    '#size' => 15,
    '#required' => TRUE,
  );
  $form['pass'] = array('#type' => 'password',
    '#title' => t('Password'),
493
    '#maxlength' => 60,
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
    '#size' => 15,
    '#required' => TRUE,
  );
  $form['submit'] = array('#type' => 'submit',
    '#value' => t('Log in'),
  );
  $items = array();
  if (variable_get('user_register', 1)) {
    $items[] = l(t('Create new account'), 'user/register', array('title' => t('Create a new user account.')));
  }
  $items[] = l(t('Request new password'), 'user/password', array('title' => t('Request new password via e-mail.')));
  $form['links'] = array('#value' => theme('item_list', $items));
  return $form;
}

509
510
511
/**
 * Implementation of hook_block().
 */
512
function user_block($op = 'list', $delta = 0, $edit = array()) {
Dries Buytaert's avatar
   
Dries Buytaert committed
513
514
  global $user;

515
516
517
518
519
  if ($op == 'list') {
     $blocks[0]['info'] = t('User login');
     $blocks[1]['info'] = t('Navigation');
     $blocks[2]['info'] = t('Who\'s new');
     $blocks[3]['info'] = t('Who\'s online');
520

521
     return $blocks;
522
  }
523
524
525
526
527
528
529
530
531
  else if ($op == 'configure' && $delta == 2) {
    $form['user_block_whois_new_count'] = array(
      '#type' => 'select',
      '#title' => t('Number of users to display'),
      '#default_value' => variable_get('user_block_whois_new_count', 5),
      '#options' => drupal_map_assoc(array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10)),
    );
    return $form;
  }
532
533
  else if ($op == 'configure' && $delta == 3) {
    $period = drupal_map_assoc(array(30, 60, 120, 180, 300, 600, 900, 1800, 2700, 3600, 5400, 7200, 10800, 21600, 43200, 86400), 'format_interval');
534
535
    $form['user_block_seconds_online'] = array('#type' => 'select', '#title' => t('User activity'), '#default_value' => variable_get('user_block_seconds_online', 900), '#options' => $period, '#description' => t('A user is considered online for this long after they have last viewed a page.'));
    $form['user_block_max_list_count'] = array('#type' => 'select', '#title' => t('User list length'), '#default_value' => variable_get('user_block_max_list_count', 10), '#options' => drupal_map_assoc(array(0, 5, 10, 15, 20, 25, 30, 40, 50, 75, 100)), '#description' => t('Maximum number of currently online users to display.'));
536

537
    return $form;
538
  }
539
540
541
  else if ($op == 'save' && $delta == 2) {
    variable_set('user_block_whois_new_count', $edit['user_block_whois_new_count']);
  }
542
543
544
545
546
  else if ($op == 'save' && $delta == 3) {
    variable_set('user_block_seconds_online', $edit['user_block_seconds_online']);
    variable_set('user_block_max_list_count', $edit['user_block_max_list_count']);
  }
  else if ($op == 'view') {
Dries Buytaert's avatar
   
Dries Buytaert committed
547
548
    $block = array();

Dries Buytaert's avatar
   
Dries Buytaert committed
549
550
    switch ($delta) {
      case 0:
Dries Buytaert's avatar
Dries Buytaert committed
551
552
        // For usability's sake, avoid showing two login forms on one page.
        if (!$user->uid && !(arg(0) == 'user' && !is_numeric(arg(1)))) {
Dries Buytaert's avatar
   
Dries Buytaert committed
553

554
          $block['subject'] = t('User login');
555
          $block['content'] = drupal_get_form('user_login_block');
Dries Buytaert's avatar
   
Dries Buytaert committed
556
        }
Dries Buytaert's avatar
Dries Buytaert committed
557
        return $block;
Dries Buytaert's avatar
Dries Buytaert committed
558

559
      case 1:
560
        if ($menu = menu_tree()) {
Dries Buytaert's avatar
Dries Buytaert committed
561
           $block['subject'] = $user->uid ? check_plain($user->name) : t('Navigation');
562
           $block['content'] = $menu;
Dries Buytaert's avatar
   
Dries Buytaert committed
563
        }
564
        return $block;
Dries Buytaert's avatar
Dries Buytaert committed
565

Dries Buytaert's avatar
   
Dries Buytaert committed
566
      case 2:
567
        if (user_access('access content')) {
Steven Wittens's avatar
Steven Wittens committed
568
          // Retrieve a list of new users who have subsequently accessed the site successfully.
569
          $result = db_query_range('SELECT uid, name FROM {users} WHERE status != 0 AND access != 0 ORDER BY created DESC', 0, variable_get('user_block_whois_new_count', 5));
570
          while ($account = db_fetch_object($result)) {
571
            $items[] = $account;
572
          }
573
          $output = theme('user_list', $items);
Dries Buytaert's avatar
   
Dries Buytaert committed
574

575
576
          $block['subject'] = t('Who\'s new');
          $block['content'] = $output;
577
        }
Dries Buytaert's avatar
Dries Buytaert committed
578
579
        return $block;

Dries Buytaert's avatar
   
Dries Buytaert committed
580
      case 3:
581
        if (user_access('access content')) {
582
          // Count users with activity in the past defined period.
583
          $interval = time() - variable_get('user_block_seconds_online', 900);
584

585
586
587
588
589
          // Perform database queries to gather online user lists.  We use s.timestamp
          // rather than u.access because it is much faster is much faster..
          $anonymous_count = sess_count($interval);
          $authenticated_users = db_query('SELECT u.uid, u.name FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.timestamp >= %d AND s.uid > 0 ORDER BY s.timestamp DESC', $interval);
          $authenticated_count = db_num_rows($authenticated_users);
Dries Buytaert's avatar
   
Dries Buytaert committed
590

591
          // Format the output with proper grammar.
592
593
          if ($anonymous_count == 1 && $authenticated_count == 1) {
            $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
Dries Buytaert's avatar
   
Dries Buytaert committed
594
595
          }
          else {
596
            $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
Dries Buytaert's avatar
   
Dries Buytaert committed
597
598
          }

599
600
          // Display a list of currently online users.
          $max_users = variable_get('user_block_max_list_count', 10);
601
          if ($authenticated_count && $max_users) {
602
            $items = array();
603

604
            while ($max_users-- && $account = db_fetch_object($authenticated_users)) {
605
606
              $items[] = $account;
            }
607

608
609
            $output .= theme('user_list', $items, t('Online users'));
          }
610

611
612
          $block['subject'] = t('Who\'s online');
          $block['content'] = $output;
Dries Buytaert's avatar
   
Dries Buytaert committed
613
        }
Dries Buytaert's avatar
   
Dries Buytaert committed
614
        return $block;
Dries Buytaert's avatar
   
Dries Buytaert committed
615
616
    }
  }
617
618
}

Dries Buytaert's avatar
   
Dries Buytaert committed
619
620
621
622
623
624
625
626
627
function theme_user_picture($account) {
  if (variable_get('user_pictures', 0)) {
    if ($account->picture && file_exists($account->picture)) {
      $picture = file_create_url($account->picture);
    }
    else if (variable_get('user_picture_default', '')) {
      $picture = variable_get('user_picture_default', '');
    }

628
    if (isset($picture)) {
629
      $alt = t("@user's picture", array('@user' => $account->name ? $account->name : variable_get('anonymous', t('Anonymous'))));
630
      $picture = theme('image', $picture, $alt, $alt, '', FALSE);
631
      if (!empty($account->uid) && user_access('access user profiles')) {
632
        $picture = l($picture, "user/$account->uid", array('title' => t('View user profile.')), NULL, NULL, FALSE, TRUE);
Dries Buytaert's avatar
   
Dries Buytaert committed
633
634
635
636
637
638
639
      }

      return "<div class=\"picture\">$picture</div>";
    }
  }
}

640
641
642
/**
 * Theme a user page
 * @param $account the user object
643
644
645
646
647
 * @param $fields a multidimensional array for the fields, in the form of array (
 *   'category1' => array(item_array1, item_array2), 'category2' => array(item_array3,
 *    .. etc.). Item arrays are formatted as array(array('title' => 'item title',
 * 'value' => 'item value', 'class' => 'class-name'), ... etc.). Module names are incorporated
 * into the CSS class.
648
649
650
 *
 * @ingroup themeable
 */
651
function theme_user_profile($account, $fields) {
652
  $output = '<div class="profile">';
Dries Buytaert's avatar
   
Dries Buytaert committed
653
  $output .= theme('user_picture', $account);
654
  foreach ($fields as $category => $items) {
655
    if (strlen($category) > 0) {
656
      $output .= '<h2 class="title">'. $category .'</h2>';
657
    }
658
659
    $output .= '<dl>';
    foreach ($items as $item) {
660
      if (isset($item['title'])) {
661
        $output .= '<dt class="'. $item['class'] .'">'. $item['title'] .'</dt>';
662
663
      }
      $output .= '<dd class="'. $item['class'] .'">'. $item['value'] .'</dd>';
664
665
    }
    $output .= '</dl>';
666
  }
667
  $output .= '</div>';
Dries Buytaert's avatar
   
Dries Buytaert committed
668
669
670
671

  return $output;
}

672
673
674
675
676
677
678
/**
 * Make a list of users.
 * @param $items an array with user objects. Should contain at least the name and uid
 *
 * @ingroup themeable
 */
function theme_user_list($users, $title = NULL) {
679
680
681
682
  if (!empty($users)) {
    foreach ($users as $user) {
      $items[] = theme('username', $user);
    }
683
  }
684
  return theme('item_list', $items, $title);
Dries Buytaert's avatar
   
Dries Buytaert committed
685
686
}

687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
function user_is_anonymous() {
  return !$GLOBALS['user']->uid;
}

function user_is_logged_in() {
  return (bool)$GLOBALS['user']->uid;
}

function user_register_access() {
  return !$GLOBALS['user']->uid && variable_get('user_register', 1);
}

function user_view_access($account) {
  return $account && $account->uid &&
    (
      // Always let users view their own profile.
      ($GLOBALS['user']->uid == $account->uid) ||
      // Administrators can view all accounts.
      user_access('administer users') ||
      // The user is not blocked and logged in at least once.
      ($account->access && $account->status && user_access('access user profiles'))
    );
}

711
712
function user_edit_access($account) {
  return ($GLOBALS['user']->uid == $account->uid) || array('administer users');
713
714
715
716
717
718
719
}

function user_load_self($arg) {
  $arg[1] = user_load($GLOBALS['user']->uid);
  return $arg;
}

Dries Buytaert's avatar
   
Dries Buytaert committed
720
/**
Dries Buytaert's avatar
   
Dries Buytaert committed
721
 * Implementation of hook_menu().
Dries Buytaert's avatar
   
Dries Buytaert committed
722
 */
723
724
725
726
727
728
729
function user_menu() {
  $items['user/autocomplete'] = array(
    'title' => t('User autocomplete'),
    'page callback' => 'user_autocomplete',
    'access arguments' => array('access user profiles'),
    'type' => MENU_CALLBACK,
  );
Dries Buytaert's avatar
   
Dries Buytaert committed
730

731
732
733
734
735
736
737
738
  // Registration and login pages.
  $items['user/login'] = array(
    'title' => t('Log in'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_login'),
    'access callback' => 'user_is_anonymous',
    'type' => MENU_DEFAULT_LOCAL_TASK,
  );
Dries Buytaert's avatar
   
Dries Buytaert committed
739

740
741
742
743
744
745
746
747
748
749
750
751
  $items['user/register'] = array(
    'title' => t('Create new account'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_register'),
    'access callback' => 'user_register_access',
    'type' => MENU_LOCAL_TASK,
  );

  $items['user/password'] = array(
    'title' => t('Request new password'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_pass'),
752
    'access callback' => 'user_is_anonymous',
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
    'type' => MENU_LOCAL_TASK,
  );
  $items['user/reset/%/%/%'] = array(
    'title' => t('Reset password'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_pass_reset', 2, 3, 4),
    'access callback' => TRUE,
    'type' => MENU_CALLBACK,
  );
  $items['user/help'] = array(
    'title' => t('Help'),
    'page callback' => 'user_help_page',
    'type' => MENU_CALLBACK,
  );

  // Admin user pages
  $items['admin/user'] = array(
    'title' => t('User management'),
    'description' => t('Manage your site\'s users, groups and access to site features.'),
    'position' => 'left',
    'page callback' => 'system_admin_menu_block_page',
    'access arguments' => array('administer site configuration'),
  );
  $items['admin/user/user'] = array(
    'title' => t('Users'),
    'description' => t('List, add, and edit users.'),
    'page callback' => 'user_admin',
    'page arguments' => array('list'),
    'access arguments' => array('administer users'));
  $items['admin/user/user/list'] = array(
    'title' => t('List'),
    'type' => MENU_DEFAULT_LOCAL_TASK,
    'weight' => -10,
  );
  $items['admin/user/user/create'] = array(
    'title' => t('Add user'),
    'page arguments' => array('create'),
    'type' => MENU_LOCAL_TASK,
  );
  $items['admin/user/settings'] = array(
    'title' => t('User settings'),
    'description' => t('Configure default behavior of users, including registration requirements, e-mails, and user pictures.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_settings'),
  );

  // Admin access pages
  $items['admin/user/access'] = array(
    'title' => t('Access control'),
    'description' => t('Determine access to features by selecting permissions for roles.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_perm'),
    'access arguments' => array('administer access control'),
  );
  $items['admin/user/roles'] = array(
    'title' => t('Roles'),
    'description' => t('List, edit, or add user roles.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_new_role'),
    'access arguments' => array('administer access control'),
  );
  $items['admin/user/roles/edit'] = array(
    'title' => t('Edit role'),
    'page arguments' => array('user_admin_role'),
    'type' => MENU_CALLBACK,
  );
  $items['admin/user/rules'] = array(
    'title' => t('Access rules'),
    'description' => t('List and create rules to disallow usernames, e-mail addresses, and IP addresses.'),
    'page callback' => 'user_admin_access',
    'access arguments' => array('administer access control'),
  );
  $items['admin/user/rules/list'] = array(
    'title' => t('List'),
    'type' => MENU_DEFAULT_LOCAL_TASK,
    'weight' => -10,
  );
  $items['admin/user/rules/add'] = array(
    'title' => t('Add rule'),
    'page callback' => 'user_admin_access_add',
    'type' => MENU_LOCAL_TASK,
  );
  $items['admin/user/rules/check'] = array(
    'title' => t('Check rules'),
    'page callback' => 'user_admin_access_check',
    'type' => MENU_LOCAL_TASK,
  );
  $items['admin/user/rules/edit'] = array(
    'title' => t('Edit rule'),
    'page callback' => 'user_admin_access_edit',
    'type' => MENU_CALLBACK,
  );
  $items['admin/user/rules/delete'] = array(
    'title' => t('Delete rule'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_access_delete_confirm'),
    'type' => MENU_CALLBACK,
  );
Dries Buytaert's avatar
   
Dries Buytaert committed
851

852
853
854
855
856
857
858
859
860
  if (module_exists('search')) {
    $items['admin/user/search'] = array(
      'title' => t('Search users'),
      'description' => t('Search users by name.'),
      'page callback' => 'user_admin',
      'page arguments' => array('search'),
      'access arguments' => array('administer users'),
      'type' => MENU_NORMAL_ITEM,
    );
Dries Buytaert's avatar
   
Dries Buytaert committed
861
  }
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911

  $items['logout'] = array(
    'title' => t('Log out'),
    'access callback' => 'user_is_logged_in',
    'page callback' => 'user_logout',
    'weight' => 10,
  );

  $items['user'] = array(
    'title' => t('My account'),
    'page callback' => 'user_view',
    'page arguments' => array(1),
    'access callback' => 'user_view_access',
    'access arguments' => array(1),
    'map callback' => 'user_load_self',
  );

  $items['user/%'] = array(
    'title' => t('My account'),
    'page callback' => 'user_view',
    'page arguments' => array(1),
    'access callback' => 'user_view_access',
    'access arguments' => array(1),
    'map arguments' => array('user_load', 1),
    'type' => MENU_CALLBACK,
  );

  $items['user/%/view'] = array(
    'title' => t('View'),
    'type' => MENU_DEFAULT_LOCAL_TASK,
    'weight' => -10,
  );

  $items['user/%/delete'] = array(
    'title' => t('Delete'),
    'page callback' => 'user_edit',
    'access callback' => 'user_access',
    'access arguments' => array('administer users'),
    'type' => MENU_CALLBACK,
  );

  $items['user/%/edit'] = array(
    'title' => t('Edit'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_edit'),
    'access callback' => 'user_edit_access',
    'access arguments' => array(1),
    'type' => MENU_LOCAL_TASK,
  );

912
913
  $empty_account = new stdClass();
  if (($categories = _user_categories($empty_account)) && (count($categories) > 1)) {
914
915
916
917
918
919
920
    foreach ($categories as $key => $category) {
      $items['user/%/edit/'. $category['name']] = array(
        'title' => $category['title'],
        'page arguments' => array('user_edit', 3),
        'type' => $category['name'] == 'account' ? MENU_DEFAULT_LOCAL_TASK : MENU_LOCAL_TASK,
        'weight' => $category['weight'],
      );
Dries Buytaert's avatar
   
Dries Buytaert committed
921
    }
Dries Buytaert's avatar
   
Dries Buytaert committed
922
  }
Dries Buytaert's avatar
   
Dries Buytaert committed
923
  return $items;
Dries Buytaert's avatar
   
Dries Buytaert committed
924
925
}

926
927
928
929
function user_init() {
  drupal_add_css(drupal_get_path('module', 'user') .'/user.css', 'module');
}

930
931
932
933
/**
 * Accepts an user object, $account, or a DA name and returns an associative
 * array of modules and DA names. Called at external login.
 */
934
function user_get_authmaps($authname = NULL) {
Dries Buytaert's avatar
   
Dries Buytaert committed
935
  $result = db_query("SELECT authname, module FROM {authmap} WHERE authname = '%s'", $authname);
Dries Buytaert's avatar
   
Dries Buytaert committed
936
937
938
939
940
941
942
943
944
945
946
947
948
  if (db_num_rows($result) > 0) {
    while ($authmap = db_fetch_object($result)) {
      $authmaps[$authmap->module] = $authmap->authname;
    }
    return $authmaps;
  }
  else {
    return 0;
  }
}

function user_set_authmaps($account, $authmaps) {
  foreach ($authmaps as $key => $value) {
949
    $module = explode('_', $key, 2);
Dries Buytaert's avatar
   
Dries Buytaert committed
950
    if ($value) {
951
      db_query("UPDATE {authmap} SET authname = '%s' WHERE uid = %d AND module = '%s'", $value, $account->uid, $module[1]);
Dries Buytaert's avatar
   
Dries Buytaert committed
952
953
      if (!db_affected_rows()) {
        db_query("INSERT INTO {authmap} (authname, uid, module) VALUES ('%s', %d, '%s')", $value, $account->uid, $module[1]);
Dries Buytaert's avatar
   
Dries Buytaert committed
954
955
956
      }
    }
    else {
957
      db_query("DELETE FROM {authmap} WHERE uid = %d AND module = '%s'", $account->uid, $module[1]);
Dries Buytaert's avatar
   
Dries Buytaert committed
958
959
960
961
962
    }
  }
}

function user_auth_help_links() {
963
  $links = array();
Dries Buytaert's avatar
   
Dries Buytaert committed
964
  foreach (module_list() as $module) {
965
    if (module_hook($module, 'auth')) {
966
      $links[] = l(module_invoke($module, 'info', 'name'), 'user/help', array(), NULL, $module);
Dries Buytaert's avatar
   
Dries Buytaert committed
967
968
969
970
971
972
973
    }
  }
  return $links;
}

/*** User features *********************************************************/

974
975


976
function user_login($msg = '') {
977
  global $user;
Dries Buytaert's avatar
   
Dries Buytaert committed
978

979
  // If we are already logged on, go to the user page instead.
Dries Buytaert's avatar
   
Dries Buytaert committed
980
  if ($user->uid) {
981
    drupal_goto('user/'. $user->uid);
Dries Buytaert's avatar
   
Dries Buytaert committed
982
983
  }

984
  // Display login form:
Dries Buytaert's avatar
   
Dries Buytaert committed
985
  if ($msg) {
Gerhard Killesreiter's avatar
Gerhard Killesreiter committed
986
    $form['message'] = array('#value' => '<p>'. check_plain($msg) .'</p>');
Dries Buytaert's avatar
   
Dries Buytaert committed
987
  }
Dries Buytaert's avatar
Dries Buytaert committed
988
989
  $form['name'] = array('#type' => 'textfield',
    '#title' => t('Username'),
990
    '#size' => 60,
991
    '#maxlength' => USERNAME_MAX_LENGTH,
Dries Buytaert's avatar
Dries Buytaert committed
992
993
994
    '#required' => TRUE,
    '#attributes' => array('tabindex' => '1'),
  );
995
  if (variable_get('drupal_authentication_service', FALSE) && count(user_auth_help_links()) > 0) {
996
    $form['name']['#description'] = t('Enter your @s username, or an ID from one of our affiliates: !a.', array('@s' => variable_get('site_name', 'Drupal'), '!a' => implode(', ', user_auth_help_links())));
Dries Buytaert's avatar
   
Dries Buytaert committed
997
998
  }
  else {
999
    $form['name']['#description'] = t('Enter your @s username.', array('@s' => variable_get('site_name', 'Drupal')));
Dries Buytaert's avatar
   
Dries Buytaert committed
1000
  }
For faster browsing, not all history is shown. View entire blame