user.module 111 KB
Newer Older
Dries's avatar
 
Dries committed
1 2 3
<?php
// $Id$

Dries's avatar
 
Dries committed
4 5 6 7 8
/**
 * @file
 * Enables the user registration and login system.
 */

9 10 11
define('USERNAME_MAX_LENGTH', 60);
define('EMAIL_MAX_LENGTH', 64);

Dries's avatar
Dries committed
12 13 14
/**
 * Invokes hook_user() in every module.
 *
15
 * We cannot use module_invoke() for this, because the arguments need to
Dries's avatar
Dries committed
16 17
 * be passed by reference.
 */
18
function user_module_invoke($type, &$array, &$user, $category = NULL) {
Dries's avatar
 
Dries committed
19 20
  foreach (module_list() as $module) {
    $function = $module .'_user';
21 22 23
    if (function_exists($function)) {
      $function($type, $array, $user, $category);
    }
Dries's avatar
 
Dries committed
24 25 26
  }
}

Dries's avatar
 
Dries committed
27
function user_external_load($authname) {
Dries's avatar
 
Dries committed
28
  $result = db_query("SELECT uid FROM {authmap} WHERE authname = '%s'", $authname);
Dries's avatar
 
Dries committed
29

30
  if ($user = db_fetch_array($result)) {
Dries's avatar
 
Dries committed
31
    return user_load($user);
Dries's avatar
 
Dries committed
32 33 34 35 36 37
  }
  else {
    return 0;
  }
}

Dries's avatar
Dries committed
38 39 40 41 42
/**
 * Fetch a user object.
 *
 * @param $array
 *   An associative array of attributes to search for in selecting the
43
 *   user, such as user name or e-mail address.
Dries's avatar
Dries committed
44 45
 *
 * @return
46
 *   A fully-loaded $user object upon successful user load or FALSE if user cannot be loaded.
Dries's avatar
Dries committed
47
 */
Dries's avatar
 
Dries committed
48
function user_load($array = array()) {
Dries's avatar
Dries committed
49
  // Dynamically compose a SQL query:
50
  $query = array();
51
  $params = array();
52

53 54 55 56
  if (is_numeric($array)) {
    $array = array('uid' => $array);
  }

Dries's avatar
 
Dries committed
57
  foreach ($array as $key => $value) {
58 59
    if ($key == 'uid' || $key == 'status') {
      $query[] = "$key = %d";
60
      $params[] = $value;
61
    }
62 63 64 65
    else if ($key == 'pass') {
      $query[] = "pass = '%s'";
      $params[] = md5($value);
    }
Dries's avatar
 
Dries committed
66
    else {
67
      $query[]= "LOWER($key) = LOWER('%s')";
68
      $params[] = $value;
Dries's avatar
 
Dries committed
69 70
    }
  }
71
  $result = db_query('SELECT * FROM {users} u WHERE '. implode(' AND ', $query), $params);
Dries's avatar
 
Dries committed
72

73 74 75
  if (db_num_rows($result)) {
    $user = db_fetch_object($result);
    $user = drupal_unpack($user);
Dries's avatar
 
Dries committed
76

77
    $user->roles = array();
78 79 80 81 82 83
    if ($user->uid) {
      $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
    }
    else {
      $user->roles[DRUPAL_ANONYMOUS_RID] = 'anonymous user';
    }
84 85 86 87
    $result = db_query('SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
    while ($role = db_fetch_object($result)) {
      $user->roles[$role->rid] = $role->name;
    }
88
    user_module_invoke('load', $array, $user);
89 90
  }
  else {
91
    $user = FALSE;
Dries's avatar
 
Dries committed
92
  }
Dries's avatar
 
Dries committed
93 94 95 96

  return $user;
}

97
/**
98
 * Save changes to a user account or add a new user.
99 100
 *
 * @param $account
101 102
 *   The $user object for the user to modify or add. If $user->uid is
 *   omitted, a new user will be added.
103 104 105
 *
 * @param $array
 *   An array of fields and values to save. For example array('name' => 'My name');
106
 *   Setting a field to NULL deletes it from the data column.
107 108 109 110
 *
 * @param $category
 *   (optional) The category for storing profile information in.
 */
111
function user_save($account, $array = array(), $category = 'account') {
Dries's avatar
Dries committed
112
  // Dynamically compose a SQL query:
Kjartan's avatar
Kjartan committed
113
  $user_fields = user_fields();
Dries's avatar
 
Dries committed
114
  if ($account->uid) {
115
    user_module_invoke('update', $array, $account, $category);
116
    $query = '';
Dries's avatar
Dries committed
117
    $data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid)));
Dries's avatar
 
Dries committed
118
    foreach ($array as $key => $value) {
119
      if ($key == 'pass' && !empty($value)) {
Dries's avatar
 
Dries committed
120 121
        $query .= "$key = '%s', ";
        $v[] = md5($value);
Dries's avatar
 
Dries committed
122
      }
123
      else if ((substr($key, 0, 4) !== 'auth') && ($key != 'pass')) {
Kjartan's avatar
Kjartan committed
124
        if (in_array($key, $user_fields)) {
125
          // Save standard fields
Dries's avatar
 
Dries committed
126 127
          $query .= "$key = '%s', ";
          $v[] = $value;
Dries's avatar
 
Dries committed
128
        }
Dries's avatar
 
Dries committed
129
        else if ($key != 'roles') {
130
          // Roles is a special case: it used below.
131
          if ($value === NULL) {
132 133 134 135 136
            unset($data[$key]);
          }
          else {
            $data[$key] = $value;
          }
Dries's avatar
 
Dries committed
137
        }
Dries's avatar
 
Dries committed
138 139
      }
    }
140
    $query .= "data = '%s' ";
Dries's avatar
 
Dries committed
141
    $v[] = serialize($data);
Dries's avatar
 
Dries committed
142

143
    db_query("UPDATE {users} SET $query WHERE uid = %d", array_merge($v, array($account->uid)));
Dries's avatar
 
Dries committed
144

145
    // Reload user roles if provided
146
    if (isset($array['roles']) && is_array($array['roles'])) {
Dries's avatar
Dries committed
147
      db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
Dries's avatar
 
Dries committed
148

149
      foreach (array_keys($array['roles']) as $rid) {
150 151 152
        if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
          db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $account->uid, $rid);
        }
153
      }
Dries's avatar
 
Dries committed
154 155
    }

156
    // Delete a blocked user's sessions to kick them if they are online.
157
    if (isset($array['status']) && $array['status'] == 0) {
158
      sess_destroy_uid($account->uid);
159 160
    }

161
    // Refresh user object
Dries's avatar
 
Dries committed
162
    $user = user_load(array('uid' => $account->uid));
163
    user_module_invoke('after_update', $array, $user, $category);
Dries's avatar
 
Dries committed
164 165
  }
  else {
Dries's avatar
Dries committed
166
    $array['uid'] = db_next_id('{users}_uid');
Dries's avatar
 
Dries committed
167

168 169 170 171
    if (!isset($array['created'])) {    // Allow 'created' to be set by hook_auth
      $array['created'] = time();
    }

172 173 174
    // Note, we wait with saving the data column to prevent module-handled
    // fields from being saved there. We cannot invoke hook_user('insert') here
    // because we don't have a fully initialized user object yet.
Dries's avatar
 
Dries committed
175
    foreach ($array as $key => $value) {
176
      switch ($key) {
177 178 179
        case 'pass':
          $fields[] = $key;
          $values[] = md5($value);
Dries's avatar
 
Dries committed
180
          $s[] = "'%s'";
Dries's avatar
Dries committed
181
          break;
182 183 184 185 186 187 188 189 190 191 192 193 194 195
        case 'uid':        case 'mode':     case 'sort':
        case 'threshold':  case 'created':  case 'access':
        case 'login':      case 'status':
          $fields[] = $key;
          $values[] = $value;
          $s[] = "%d";
          break;
        default:
          if (substr($key, 0, 4) !== 'auth' && in_array($key, $user_fields)) {
            $fields[] = $key;
            $values[] = $value;
            $s[] = "'%s'";
          }
          break;
Dries's avatar
 
Dries committed
196 197
      }
    }
Dries's avatar
Dries committed
198
    db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
Dries's avatar
 
Dries committed
199

200 201
    // Build the initial user object.
    $user = user_load(array('uid' => $array['uid']));
Dries's avatar
 
Dries committed
202

203 204 205 206 207
    user_module_invoke('insert', $array, $user, $category);

    // Build and save the serialized data field now
    $data = array();
    foreach ($array as $key => $value) {
208
      if ((substr($key, 0, 4) !== 'auth') && ($key != 'roles') && (!in_array($key, $user_fields)) && ($value !== NULL)) {
209 210 211 212 213
        $data[$key] = $value;
      }
    }
    db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid);

214
    // Save user roles (delete just to be safe).
215 216 217 218 219 220
    if (is_array($array['roles'])) {
      db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
      foreach (array_keys($array['roles']) as $rid) {
        if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
          db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
        }
221 222 223
      }
    }

224 225
    // Build the finished user object.
    $user = user_load(array('uid' => $array['uid']));
Dries's avatar
 
Dries committed
226 227
  }

228
  // Save distributed authentication mappings
229
  $authmaps = array();
Dries's avatar
 
Dries committed
230
  foreach ($array as $key => $value) {
Dries's avatar
 
Dries committed
231
    if (substr($key, 0, 4) == 'auth') {
Dries's avatar
 
Dries committed
232 233 234
      $authmaps[$key] = $value;
    }
  }
235
  if (sizeof($authmaps) > 0) {
Dries's avatar
 
Dries committed
236
    user_set_authmaps($user, $authmaps);
Dries's avatar
 
Dries committed
237 238 239 240 241
  }

  return $user;
}

Dries's avatar
Dries committed
242 243 244
/**
 * Verify the syntax of the given name.
 */
Dries's avatar
 
Dries committed
245
function user_validate_name($name) {
246
  if (!strlen($name)) return t('You must enter a username.');
Dries's avatar
Dries committed
247 248
  if (substr($name, 0, 1) == ' ') return t('The username cannot begin with a space.');
  if (substr($name, -1) == ' ') return t('The username cannot end with a space.');
249
  if (strpos($name, '  ') !== FALSE) return t('The username cannot contain multiple spaces in a row.');
250
  if (ereg("[^\x80-\xF7 [:alnum:]@_.-]", $name)) return t('The username contains an illegal character.');
251 252 253 254 255 256 257
  if (preg_match('/[\x{80}-\x{A0}'.          // Non-printable ISO-8859-1 + NBSP
                   '\x{AD}'.                 // Soft-hyphen
                   '\x{2000}-\x{200F}'.      // Various space characters
                   '\x{2028}-\x{202F}'.      // Bidirectional text overrides
                   '\x{205F}-\x{206F}'.      // Various text hinting characters
                   '\x{FEFF}'.               // Byte order mark
                   '\x{FF01}-\x{FF60}'.      // Full-width latin
258 259
                   '\x{FFF9}-\x{FFFD}'.      // Replacement characters
                   '\x{0}]/u',               // NULL byte
260 261 262
                   $name)) {
    return t('The username contains an illegal character.');
  }
263
  if (strpos($name, '@') !== FALSE && !eregi('@([0-9a-z](-?[0-9a-z])*.)+[a-z]{2}([zmuvtg]|fo|me)?$', $name)) return t('The username is not a valid authentication ID.');
264
  if (strlen($name) > USERNAME_MAX_LENGTH) return t('The username %name is too long: it must be %max characters or less.', array('%name' => $name, '%max' => USERNAME_MAX_LENGTH));
Dries's avatar
 
Dries committed
265 266 267
}

function user_validate_mail($mail) {
Dries's avatar
Dries committed
268
  if (!$mail) return t('You must enter an e-mail address.');
269
  if (!valid_email_address($mail)) {
270
    return t('The e-mail address %mail is not valid.', array('%mail' => $mail));
Dries's avatar
 
Dries committed
271 272 273
  }
}

Dries's avatar
 
Dries committed
274
function user_validate_picture($file, &$edit, $user) {
275
  global $form_values;
Dries's avatar
Dries committed
276
  // Initialize the picture:
277
  $form_values['picture'] = $user->picture;
Dries's avatar
 
Dries committed
278

Dries's avatar
Dries committed
279 280
  // Check that uploaded file is an image, with a maximum file size
  // and maximum height/width.
281
  $info = image_get_info($file->filepath);
Dries's avatar
Dries committed
282
  list($maxwidth, $maxheight) = explode('x', variable_get('user_picture_dimensions', '85x85'));
Dries's avatar
 
Dries committed
283

284
  if (!$info || !$info['extension']) {
285
    form_set_error('picture_upload', t('The uploaded file was not an image.'));
Dries's avatar
 
Dries committed
286
  }
287 288
  else if (image_get_toolkit()) {
    image_scale($file->filepath, $file->filepath, $maxwidth, $maxheight);
Dries's avatar
 
Dries committed
289
  }
290
  else if (filesize($file->filepath) > (variable_get('user_picture_file_size', '30') * 1000)) {
291
    form_set_error('picture_upload', t('The uploaded image is too large; the maximum file size is %size kB.', array('%size' => variable_get('user_picture_file_size', '30'))));
292
  }
293
  else if ($info['width'] > $maxwidth || $info['height'] > $maxheight) {
294
    form_set_error('picture_upload', t('The uploaded image is too large; the maximum dimensions are %dimensions pixels.', array('%dimensions' => variable_get('user_picture_dimensions', '85x85'))));
Dries's avatar
 
Dries committed
295
  }
296 297

  if (!form_get_errors()) {
298
    if ($file = file_save_upload('picture_upload', variable_get('user_picture_path', 'pictures') .'/picture-'. $user->uid .'.'. $info['extension'], 1)) {
299
      $form_values['picture'] = $file->filepath;
300 301
    }
    else {
302
      form_set_error('picture_upload', t("Failed to upload the picture image; the %directory directory doesn't exist.", array('%directory' => variable_get('user_picture_path', 'pictures'))));
303
    }
Dries's avatar
 
Dries committed
304 305 306
  }
}

Dries's avatar
Dries committed
307 308 309
/**
 * Generate a random alphanumeric password.
 */
Dries's avatar
 
Dries committed
310 311
function user_password($length = 10) {
  // This variable contains the list of allowable characters for the
312 313
  // password. Note that the number 0 and the letter 'O' have been
  // removed to avoid confusion between the two. The same is true
314 315
  // of 'I', 1, and l.
  $allowable_characters = 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789';
Dries's avatar
Dries committed
316

317 318
  // Zero-based count of characters in the allowable list:
  $len = strlen($allowable_characters) - 1;
Dries's avatar
 
Dries committed
319

Dries's avatar
Dries committed
320 321
  // Declare the password as a blank string.
  $pass = '';
Dries's avatar
 
Dries committed
322

Dries's avatar
Dries committed
323
  // Loop the number of times specified by $length.
Dries's avatar
 
Dries committed
324 325 326 327
  for ($i = 0; $i < $length; $i++) {

    // Each iteration, pick a random character from the
    // allowable string and append it to the password:
328
    $pass .= $allowable_characters[mt_rand(0, $len)];
Dries's avatar
 
Dries committed
329 330 331
  }

  return $pass;
Dries's avatar
 
Dries committed
332 333
}

Dries's avatar
Dries committed
334 335 336 337 338
/**
 * Determine whether the user has a given privilege.
 *
 * @param $string
 *   The permission, such as "administer nodes", being checked for.
Dries's avatar
 
Dries committed
339 340
 * @param $account
 *   (optional) The account to check, if not given use currently logged in user.
Dries's avatar
Dries committed
341 342
 *
 * @return
343
 *   boolean TRUE if the current user has the requested permission.
Dries's avatar
Dries committed
344 345 346 347 348
 *
 * All permission checks in Drupal should go through this function. This
 * way, we guarantee consistent behavior, and ensure that the superuser
 * can perform all actions.
 */
Dries's avatar
 
Dries committed
349
function user_access($string, $account = NULL) {
Dries's avatar
 
Dries committed
350
  global $user;
Dries's avatar
 
Dries committed
351
  static $perm = array();
Dries's avatar
 
Dries committed
352

353 354 355 356
  if (is_null($account)) {
    $account = $user;
  }

357
  // User #1 has all privileges:
358
  if ($account->uid == 1) {
359
    return TRUE;
Dries's avatar
 
Dries committed
360 361
  }

Dries's avatar
Dries committed
362 363
  // To reduce the number of SQL queries, we cache the user's permissions
  // in a static variable.
364
  if (!isset($perm[$account->uid])) {
365
    $result = db_query("SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (%s)", implode(',', array_keys($account->roles)));
Dries's avatar
 
Dries committed
366

Steven Wittens's avatar
Steven Wittens committed
367
    $perm[$account->uid] = '';
Dries's avatar
 
Dries committed
368
    while ($row = db_fetch_object($result)) {
369
      $perm[$account->uid] .= "$row->perm, ";
Dries's avatar
 
Dries committed
370
    }
Dries's avatar
 
Dries committed
371
  }
372

373
  if (isset($perm[$account->uid])) {
374
    return strpos($perm[$account->uid], "$string, ") !== FALSE;
375
  }
376

377
  return FALSE;
Dries's avatar
 
Dries committed
378 379
}

380 381 382
/**
 * Checks for usernames blocked by user administration
 *
383
 * @return boolean TRUE for blocked users, FALSE for active
384 385
 */
function user_is_blocked($name) {
386
  $deny  = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name));
387

388
  return $deny;
389 390
}

Dries's avatar
 
Dries committed
391 392
function user_fields() {
  static $fields;
Dries's avatar
 
Dries committed
393

Dries's avatar
 
Dries committed
394
  if (!$fields) {
Dries's avatar
Dries committed
395
    $result = db_query('SELECT * FROM {users} WHERE uid = 1');
Kjartan's avatar
Kjartan committed
396 397 398
    if (db_num_rows($result)) {
      $fields = array_keys(db_fetch_array($result));
    }
Dries's avatar
 
Dries committed
399 400
    else {
      // Make sure we return the default fields at least
401
      $fields = array('uid', 'name', 'pass', 'mail', 'picture', 'mode', 'sort', 'threshold', 'theme', 'signature', 'created', 'access', 'login', 'status', 'timezone', 'language', 'init', 'data');
Dries's avatar
 
Dries committed
402
    }
Dries's avatar
 
Dries committed
403
  }
Dries's avatar
 
Dries committed
404

Dries's avatar
 
Dries committed
405
  return $fields;
Dries's avatar
 
Dries committed
406 407
}

Dries's avatar
Dries committed
408 409 410
/**
 * Implementation of hook_perm().
 */
Dries's avatar
 
Dries committed
411
function user_perm() {
412
  return array('administer access control', 'administer users', 'access user profiles', 'change own username');
Dries's avatar
 
Dries committed
413 414
}

Dries's avatar
Dries committed
415 416 417 418 419
/**
 * Implementation of hook_file_download().
 *
 * Ensure that user pictures (avatars) are always downloadable.
 */
Dries's avatar
 
Dries committed
420
function user_file_download($file) {
Steven Wittens's avatar
Steven Wittens committed
421
  if (strpos($file, variable_get('user_picture_path', 'pictures') .'/picture-') === 0) {
422 423
    $info = image_get_info(file_create_path($file));
    return array('Content-type: '. $info['mime_type']);
Dries's avatar
 
Dries committed
424 425 426
  }
}

Dries's avatar
Dries committed
427 428 429
/**
 * Implementation of hook_search().
 */
430
function user_search($op = 'search', $keys = NULL) {
431 432
  switch ($op) {
    case 'name':
433
      if (user_access('access user profiles')) {
434
        return t('Users');
435
      }
436
    case 'search':
437 438 439 440 441 442
      if (user_access('access user profiles')) {
        $find = array();
        // Replace wildcards with MySQL/PostgreSQL wildcards.
        $keys = preg_replace('!\*+!', '%', $keys);
        $result = pager_query("SELECT * FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
        while ($account = db_fetch_object($result)) {
443
          $find[] = array('title' => $account->name, 'link' => url('user/'. $account->uid, NULL, NULL, TRUE));
444 445
        }
        return $find;
446
      }
Dries's avatar
 
Dries committed
447 448 449
  }
}

Dries's avatar
Dries committed
450 451 452
/**
 * Implementation of hook_user().
 */
453
function user_user($type, &$edit, &$user, $category = NULL) {
Dries's avatar
Dries committed
454
  if ($type == 'view') {
455
    $items['history'] = array('title' => t('Member for'),
456 457 458 459 460
      'value' => format_interval(time() - $user->created),
      'class' => 'member',
    );

    return array(t('History') => $items);
Dries's avatar
Dries committed
461
  }
462 463 464 465 466
  if ($type == 'form' && $category == 'account') {
    return user_edit_form(arg(1), $edit);
  }

  if ($type == 'validate' && $category == 'account') {
467
    return _user_edit_validate(arg(1), $edit);
468 469
  }

470 471 472 473
  if ($type == 'submit' && $category == 'account') {
    return _user_edit_submit(arg(1), $edit);
  }

474
  if ($type == 'categories') {
475
    return array(array('name' => 'account', 'title' => t('Account settings'), 'weight' => 1));
476
  }
Dries's avatar
Dries committed
477 478
}

479 480 481 482 483 484 485 486
function user_login_block() {
  $form = array(
    '#action' => url($_GET['q'], drupal_get_destination()),
    '#id' => 'user-login-form',
    '#base' => 'user_login',
  );
  $form['name'] = array('#type' => 'textfield',
    '#title' => t('Username'),
487
    '#maxlength' => USERNAME_MAX_LENGTH,
488 489 490 491 492
    '#size' => 15,
    '#required' => TRUE,
  );
  $form['pass'] = array('#type' => 'password',
    '#title' => t('Password'),
493
    '#maxlength' => 60,
494 495 496 497 498 499 500 501 502 503 504 505 506 507 508
    '#size' => 15,
    '#required' => TRUE,
  );
  $form['submit'] = array('#type' => 'submit',
    '#value' => t('Log in'),
  );
  $items = array();
  if (variable_get('user_register', 1)) {
    $items[] = l(t('Create new account'), 'user/register', array('title' => t('Create a new user account.')));
  }
  $items[] = l(t('Request new password'), 'user/password', array('title' => t('Request new password via e-mail.')));
  $form['links'] = array('#value' => theme('item_list', $items));
  return $form;
}

Dries's avatar
Dries committed
509 510 511
/**
 * Implementation of hook_block().
 */
512
function user_block($op = 'list', $delta = 0, $edit = array()) {
Dries's avatar
 
Dries committed
513 514
  global $user;

Dries's avatar
Dries committed
515 516 517 518 519
  if ($op == 'list') {
     $blocks[0]['info'] = t('User login');
     $blocks[1]['info'] = t('Navigation');
     $blocks[2]['info'] = t('Who\'s new');
     $blocks[3]['info'] = t('Who\'s online');
520

521
     return $blocks;
522
  }
523 524 525 526 527 528 529 530 531
  else if ($op == 'configure' && $delta == 2) {
    $form['user_block_whois_new_count'] = array(
      '#type' => 'select',
      '#title' => t('Number of users to display'),
      '#default_value' => variable_get('user_block_whois_new_count', 5),
      '#options' => drupal_map_assoc(array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10)),
    );
    return $form;
  }
532 533
  else if ($op == 'configure' && $delta == 3) {
    $period = drupal_map_assoc(array(30, 60, 120, 180, 300, 600, 900, 1800, 2700, 3600, 5400, 7200, 10800, 21600, 43200, 86400), 'format_interval');
534 535
    $form['user_block_seconds_online'] = array('#type' => 'select', '#title' => t('User activity'), '#default_value' => variable_get('user_block_seconds_online', 900), '#options' => $period, '#description' => t('A user is considered online for this long after they have last viewed a page.'));
    $form['user_block_max_list_count'] = array('#type' => 'select', '#title' => t('User list length'), '#default_value' => variable_get('user_block_max_list_count', 10), '#options' => drupal_map_assoc(array(0, 5, 10, 15, 20, 25, 30, 40, 50, 75, 100)), '#description' => t('Maximum number of currently online users to display.'));
536

537
    return $form;
538
  }
539 540 541
  else if ($op == 'save' && $delta == 2) {
    variable_set('user_block_whois_new_count', $edit['user_block_whois_new_count']);
  }
542 543 544 545 546
  else if ($op == 'save' && $delta == 3) {
    variable_set('user_block_seconds_online', $edit['user_block_seconds_online']);
    variable_set('user_block_max_list_count', $edit['user_block_max_list_count']);
  }
  else if ($op == 'view') {
Dries's avatar
 
Dries committed
547 548
    $block = array();

Dries's avatar
 
Dries committed
549 550
    switch ($delta) {
      case 0:
Dries's avatar
Dries committed
551 552
        // For usability's sake, avoid showing two login forms on one page.
        if (!$user->uid && !(arg(0) == 'user' && !is_numeric(arg(1)))) {
Dries's avatar
 
Dries committed
553

Dries's avatar
Dries committed
554
          $block['subject'] = t('User login');
555
          $block['content'] = drupal_get_form('user_login_block');
Dries's avatar
 
Dries committed
556
        }
Dries's avatar
Dries committed
557
        return $block;
Dries's avatar
Dries committed
558

559
      case 1:
560
        if ($menu = menu_tree()) {
Dries's avatar
Dries committed
561
           $block['subject'] = $user->uid ? check_plain($user->name) : t('Navigation');
562
           $block['content'] = $menu;
Dries's avatar
 
Dries committed
563
        }
564
        return $block;
Dries's avatar
Dries committed
565

Dries's avatar
 
Dries committed
566
      case 2:
567
        if (user_access('access content')) {
Steven Wittens's avatar
Steven Wittens committed
568
          // Retrieve a list of new users who have subsequently accessed the site successfully.
569
          $result = db_query_range('SELECT uid, name FROM {users} WHERE status != 0 AND access != 0 ORDER BY created DESC', 0, variable_get('user_block_whois_new_count', 5));
570
          while ($account = db_fetch_object($result)) {
571
            $items[] = $account;
572
          }
Dries's avatar
Dries committed
573
          $output = theme('user_list', $items);
Dries's avatar
 
Dries committed
574

Dries's avatar
Dries committed
575 576
          $block['subject'] = t('Who\'s new');
          $block['content'] = $output;
577
        }
Dries's avatar
Dries committed
578 579
        return $block;

Dries's avatar
 
Dries committed
580
      case 3:
581
        if (user_access('access content')) {
Dries's avatar
Dries committed
582
          // Count users with activity in the past defined period.
583
          $interval = time() - variable_get('user_block_seconds_online', 900);
584

585 586 587 588 589
          // Perform database queries to gather online user lists.  We use s.timestamp
          // rather than u.access because it is much faster is much faster..
          $anonymous_count = sess_count($interval);
          $authenticated_users = db_query('SELECT u.uid, u.name FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.timestamp >= %d AND s.uid > 0 ORDER BY s.timestamp DESC', $interval);
          $authenticated_count = db_num_rows($authenticated_users);
Dries's avatar
 
Dries committed
590

Dries's avatar
Dries committed
591
          // Format the output with proper grammar.
592 593
          if ($anonymous_count == 1 && $authenticated_count == 1) {
            $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
Dries's avatar
 
Dries committed
594 595
          }
          else {
596
            $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
Dries's avatar
 
Dries committed
597 598
          }

599 600
          // Display a list of currently online users.
          $max_users = variable_get('user_block_max_list_count', 10);
601
          if ($authenticated_count && $max_users) {
602
            $items = array();
603

604
            while ($max_users-- && $account = db_fetch_object($authenticated_users)) {
605 606
              $items[] = $account;
            }
607

608 609
            $output .= theme('user_list', $items, t('Online users'));
          }
610

Dries's avatar
Dries committed
611 612
          $block['subject'] = t('Who\'s online');
          $block['content'] = $output;
Dries's avatar
 
Dries committed
613
        }
Dries's avatar
 
Dries committed
614
        return $block;
Dries's avatar
 
Dries committed
615 616
    }
  }
617 618
}

Dries's avatar
 
Dries committed
619 620 621 622 623 624 625 626 627
function theme_user_picture($account) {
  if (variable_get('user_pictures', 0)) {
    if ($account->picture && file_exists($account->picture)) {
      $picture = file_create_url($account->picture);
    }
    else if (variable_get('user_picture_default', '')) {
      $picture = variable_get('user_picture_default', '');
    }

628
    if (isset($picture)) {
629
      $alt = t("@user's picture", array('@user' => $account->name ? $account->name : variable_get('anonymous', t('Anonymous'))));
630
      $picture = theme('image', $picture, $alt, $alt, '', FALSE);
631
      if (!empty($account->uid) && user_access('access user profiles')) {
632
        $picture = l($picture, "user/$account->uid", array('title' => t('View user profile.')), NULL, NULL, FALSE, TRUE);
Dries's avatar
 
Dries committed
633 634 635 636 637 638 639
      }

      return "<div class=\"picture\">$picture</div>";
    }
  }
}

640 641 642
/**
 * Theme a user page
 * @param $account the user object
643 644 645 646 647
 * @param $fields a multidimensional array for the fields, in the form of array (
 *   'category1' => array(item_array1, item_array2), 'category2' => array(item_array3,
 *    .. etc.). Item arrays are formatted as array(array('title' => 'item title',
 * 'value' => 'item value', 'class' => 'class-name'), ... etc.). Module names are incorporated
 * into the CSS class.
648 649 650
 *
 * @ingroup themeable
 */
Dries's avatar
Dries committed
651
function theme_user_profile($account, $fields) {
652
  $output = '<div class="profile">';
Dries's avatar
 
Dries committed
653
  $output .= theme('user_picture', $account);
654
  foreach ($fields as $category => $items) {
655
    if (strlen($category) > 0) {
656
      $output .= '<h2 class="title">'. $category .'</h2>';
657
    }
658 659
    $output .= '<dl>';
    foreach ($items as $item) {
660
      if (isset($item['title'])) {
661
        $output .= '<dt class="'. $item['class'] .'">'. $item['title'] .'</dt>';
662 663
      }
      $output .= '<dd class="'. $item['class'] .'">'. $item['value'] .'</dd>';
664 665
    }
    $output .= '</dl>';
Dries's avatar
Dries committed
666
  }
667
  $output .= '</div>';
Dries's avatar
 
Dries committed
668 669 670 671

  return $output;
}

672 673 674 675 676 677 678
/**
 * Make a list of users.
 * @param $items an array with user objects. Should contain at least the name and uid
 *
 * @ingroup themeable
 */
function theme_user_list($users, $title = NULL) {
679 680 681 682
  if (!empty($users)) {
    foreach ($users as $user) {
      $items[] = theme('username', $user);
    }
683
  }
Dries's avatar
Dries committed
684
  return theme('item_list', $items, $title);
Dries's avatar
 
Dries committed
685 686
}

687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710
function user_is_anonymous() {
  return !$GLOBALS['user']->uid;
}

function user_is_logged_in() {
  return (bool)$GLOBALS['user']->uid;
}

function user_register_access() {
  return !$GLOBALS['user']->uid && variable_get('user_register', 1);
}

function user_view_access($account) {
  return $account && $account->uid &&
    (
      // Always let users view their own profile.
      ($GLOBALS['user']->uid == $account->uid) ||
      // Administrators can view all accounts.
      user_access('administer users') ||
      // The user is not blocked and logged in at least once.
      ($account->access && $account->status && user_access('access user profiles'))
    );
}

711 712
function user_edit_access($account) {
  return ($GLOBALS['user']->uid == $account->uid) || array('administer users');
713 714 715 716 717 718 719
}

function user_load_self($arg) {
  $arg[1] = user_load($GLOBALS['user']->uid);
  return $arg;
}

Dries's avatar
 
Dries committed
720
/**
Dries's avatar
 
Dries committed
721
 * Implementation of hook_menu().
Dries's avatar
 
Dries committed
722
 */
723 724 725 726 727 728 729
function user_menu() {
  $items['user/autocomplete'] = array(
    'title' => t('User autocomplete'),
    'page callback' => 'user_autocomplete',
    'access arguments' => array('access user profiles'),
    'type' => MENU_CALLBACK,
  );
Dries's avatar
 
Dries committed
730

731 732 733 734 735 736 737 738
  // Registration and login pages.
  $items['user/login'] = array(
    'title' => t('Log in'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_login'),
    'access callback' => 'user_is_anonymous',
    'type' => MENU_DEFAULT_LOCAL_TASK,
  );
Dries's avatar
 
Dries committed
739

740 741 742 743 744 745 746 747 748 749 750 751
  $items['user/register'] = array(
    'title' => t('Create new account'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_register'),
    'access callback' => 'user_register_access',
    'type' => MENU_LOCAL_TASK,
  );

  $items['user/password'] = array(
    'title' => t('Request new password'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_pass'),
752
    'access callback' => 'user_is_anonymous',
753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850
    'type' => MENU_LOCAL_TASK,
  );
  $items['user/reset/%/%/%'] = array(
    'title' => t('Reset password'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_pass_reset', 2, 3, 4),
    'access callback' => TRUE,
    'type' => MENU_CALLBACK,
  );
  $items['user/help'] = array(
    'title' => t('Help'),
    'page callback' => 'user_help_page',
    'type' => MENU_CALLBACK,
  );

  // Admin user pages
  $items['admin/user'] = array(
    'title' => t('User management'),
    'description' => t('Manage your site\'s users, groups and access to site features.'),
    'position' => 'left',
    'page callback' => 'system_admin_menu_block_page',
    'access arguments' => array('administer site configuration'),
  );
  $items['admin/user/user'] = array(
    'title' => t('Users'),
    'description' => t('List, add, and edit users.'),
    'page callback' => 'user_admin',
    'page arguments' => array('list'),
    'access arguments' => array('administer users'));
  $items['admin/user/user/list'] = array(
    'title' => t('List'),
    'type' => MENU_DEFAULT_LOCAL_TASK,
    'weight' => -10,
  );
  $items['admin/user/user/create'] = array(
    'title' => t('Add user'),
    'page arguments' => array('create'),
    'type' => MENU_LOCAL_TASK,
  );
  $items['admin/user/settings'] = array(
    'title' => t('User settings'),
    'description' => t('Configure default behavior of users, including registration requirements, e-mails, and user pictures.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_settings'),
  );

  // Admin access pages
  $items['admin/user/access'] = array(
    'title' => t('Access control'),
    'description' => t('Determine access to features by selecting permissions for roles.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_perm'),
    'access arguments' => array('administer access control'),
  );
  $items['admin/user/roles'] = array(
    'title' => t('Roles'),
    'description' => t('List, edit, or add user roles.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_new_role'),
    'access arguments' => array('administer access control'),
  );
  $items['admin/user/roles/edit'] = array(
    'title' => t('Edit role'),
    'page arguments' => array('user_admin_role'),
    'type' => MENU_CALLBACK,
  );
  $items['admin/user/rules'] = array(
    'title' => t('Access rules'),
    'description' => t('List and create rules to disallow usernames, e-mail addresses, and IP addresses.'),
    'page callback' => 'user_admin_access',
    'access arguments' => array('administer access control'),
  );
  $items['admin/user/rules/list'] = array(
    'title' => t('List'),
    'type' => MENU_DEFAULT_LOCAL_TASK,
    'weight' => -10,
  );
  $items['admin/user/rules/add'] = array(
    'title' => t('Add rule'),
    'page callback' => 'user_admin_access_add',
    'type' => MENU_LOCAL_TASK,
  );
  $items['admin/user/rules/check'] = array(
    'title' => t('Check rules'),
    'page callback' => 'user_admin_access_check',
    'type' => MENU_LOCAL_TASK,
  );
  $items['admin/user/rules/edit'] = array(
    'title' => t('Edit rule'),
    'page callback' => 'user_admin_access_edit',
    'type' => MENU_CALLBACK,
  );
  $items['admin/user/rules/delete'] = array(
    'title' => t('Delete rule'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_access_delete_confirm'),
    'type' => MENU_CALLBACK,
  );
Dries's avatar
 
Dries committed
851

852 853 854 855 856 857 858 859 860
  if (module_exists('search')) {
    $items['admin/user/search'] = array(
      'title' => t('Search users'),
      'description' => t('Search users by name.'),
      'page callback' => 'user_admin',
      'page arguments' => array('search'),
      'access arguments' => array('administer users'),
      'type' => MENU_NORMAL_ITEM,
    );
Dries's avatar
 
Dries committed
861
  }
862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911

  $items['logout'] = array(
    'title' => t('Log out'),
    'access callback' => 'user_is_logged_in',
    'page callback' => 'user_logout',
    'weight' => 10,
  );

  $items['user'] = array(
    'title' => t('My account'),
    'page callback' => 'user_view',
    'page arguments' => array(1),
    'access callback' => 'user_view_access',
    'access arguments' => array(1),
    'map callback' => 'user_load_self',
  );

  $items['user/%'] = array(
    'title' => t('My account'),
    'page callback' => 'user_view',
    'page arguments' => array(1),
    'access callback' => 'user_view_access',
    'access arguments' => array(1),
    'map arguments' => array('user_load', 1),
    'type' => MENU_CALLBACK,
  );

  $items['user/%/view'] = array(
    'title' => t('View'),
    'type' => MENU_DEFAULT_LOCAL_TASK,
    'weight' => -10,
  );

  $items['user/%/delete'] = array(
    'title' => t('Delete'),
    'page callback' => 'user_edit',
    'access callback' => 'user_access',
    'access arguments' => array('administer users'),
    'type' => MENU_CALLBACK,
  );

  $items['user/%/edit'] = array(
    'title' => t('Edit'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_edit'),
    'access callback' => 'user_edit_access',
    'access arguments' => array(1),
    'type' => MENU_LOCAL_TASK,
  );

912 913
  $empty_account = new stdClass();
  if (($categories = _user_categories($empty_account)) && (count($categories) > 1)) {
914 915 916 917 918 919 920
    foreach ($categories as $key => $category) {
      $items['user/%/edit/'. $category['name']] = array(
        'title' => $category['title'],
        'page arguments' => array('user_edit', 3),
        'type' => $category['name'] == 'account' ? MENU_DEFAULT_LOCAL_TASK : MENU_LOCAL_TASK,
        'weight' => $category['weight'],
      );
Dries's avatar
 
Dries committed
921
    }
Dries's avatar
 
Dries committed
922
  }
Dries's avatar
 
Dries committed
923
  return $items;
Dries's avatar
 
Dries committed
924 925
}

926 927 928 929
function user_init() {
  drupal_add_css(drupal_get_path('module', 'user') .'/user.css', 'module');
}

Dries's avatar
Dries committed
930 931 932 933
/**
 * Accepts an user object, $account, or a DA name and returns an associative
 * array of modules and DA names. Called at external login.
 */
934
function user_get_authmaps($authname = NULL) {
Dries's avatar
 
Dries committed
935
  $result = db_query("SELECT authname, module FROM {authmap} WHERE authname = '%s'", $authname);
Dries's avatar
 
Dries committed
936 937 938 939 940 941 942 943 944 945 946 947 948
  if (db_num_rows($result) > 0) {
    while ($authmap = db_fetch_object($result)) {
      $authmaps[$authmap->module] = $authmap->authname;
    }
    return $authmaps;
  }
  else {
    return 0;
  }
}

function user_set_authmaps($account, $authmaps) {
  foreach ($authmaps as $key => $value) {
Dries's avatar
Dries committed
949
    $module = explode('_', $key, 2);
Dries's avatar
 
Dries committed
950
    if ($value) {
951
      db_query("UPDATE {authmap} SET authname = '%s' WHERE uid = %d AND module = '%s'", $value, $account->uid, $module[1]);
Dries's avatar
 
Dries committed
952 953
      if (!db_affected_rows()) {
        db_query("INSERT INTO {authmap} (authname, uid, module) VALUES ('%s', %d, '%s')", $value, $account->uid, $module[1]);
Dries's avatar
 
Dries committed
954 955 956
      }
    }
    else {
957
      db_query("DELETE FROM {authmap} WHERE uid = %d AND module = '%s'", $account->uid, $module[1]);
Dries's avatar
 
Dries committed
958 959 960 961 962
    }
  }
}

function user_auth_help_links() {