user.module

<?php
// $Id$

session_set_save_handler("sess_open", "sess_close", "sess_read", "sess_write", "sess_destroy", "sess_gc");
session_start();

function user_system($field){
  $system["description"] = t("Enables the user registration and login system.");
  return $system[$field];
}

/*** Session functions *****************************************************/

function sess_open($save_path, $session_name) {
  return 1;
}

function sess_close() {
  return 1;
}

function sess_read($key) {
  global $user;
  $user = user_load(array("sid" => $key, "status" => 1));

  return !empty($user->session) ? $user->session : '';
}

function sess_write($key, $value) {
  global $HTTP_SERVER_VARS;

  db_query("UPDATE users SET hostname = '%s', session = '%s', timestamp = '%s' WHERE sid = '$key'", $HTTP_SERVER_VARS["REMOTE_ADDR"], $value, time());

  return '';
}

function sess_destroy($key) {
  global $HTTP_SERVER_VARS;

  db_query("UPDATE users SET hostname = '%s', timestamp = '%s', sid = '' WHERE sid = '$key'", $HTTP_SERVER_VARS["REMOTE_ADDR"], time());
}

function sess_gc($lifetime) {
  return 1;
}

/*** Common functions ******************************************************/

function user_external_load($authname) {
  $arr_uid = db_query("SELECT uid FROM authmap WHERE authname = '%s'", $authname);

  if (db_fetch_object($arr_uid)) {
    $uid = db_result($arr_uid);
    return user_load(array("uid" => $uid));
  }
  else {
    return 0;
  }
}

function user_load($array = array()) {

  /*
  ** Dynamically compose a SQL query:
  */

  $query = "";

  foreach ($array as $key => $value) {
    if ($key == "pass") {
      $query .= "u.$key = '". md5($value) ."' AND ";
     }
    else {
      $query .= "u.$key = '". check_query($value) ."' AND ";
    }
  }
  $result = db_query_range("SELECT u.*, r.name AS role FROM users u LEFT JOIN role r ON u.rid = r.rid WHERE $query u.status < 3", 0, 1);

  $user = db_fetch_object($result);
  if ($user->data && $data = unserialize($user->data)) {
    foreach ($data as $key => $value) {
      if (!isset($user->$key)) {
        $user->$key = $value;
      }
    }
  }

  return $user;
}

function user_save($account, $array = array()) {
  /*
  ** Dynamically compose a SQL query:
  */

  $user_fields = user_fields();
  if ($account->uid) {
    $data = unserialize(db_result(db_query("SELECT data FROM users WHERE uid = '%d'", $account->uid)));
    foreach ($array as $key => $value) {
      if ($key == "pass") {
        $query .= "$key = '". md5($value) ."', ";
      }
      else if (substr($key, 0, 4) !== "auth") {
        if (in_array($key, $user_fields)) {
          $query .= "$key = '". check_query($value) ."', ";
        }
        else {
          $data[$key] = $value;
        }
      }
    }
    $query .= "data = '". check_query(serialize($data)) ."', ";

    db_query("UPDATE users SET $query timestamp = '%s' WHERE uid = '%d'", time(), $account->uid);

    $user = user_load(array("uid" => $account->uid));
  }
  else {
    $array["timestamp"] = time();

    foreach ($array as $key => $value) {
      if ($key == "pass") {
        $fields[] = check_query($key);
        $values[] = "'". md5($value) ."'";
      }
      else if (substr($key, 0, 4) !== "auth") {
        if (in_array($key, $user_fields)) {
          $fields[] = check_query($key);
          $values[] = "'". check_query($value) ."'";
        }
        else {
          $data[$key] = $value;
        }
      }
    }

    $fields[] = "data";
    $values[] = "'". check_query(serialize($data)) ."'";

    db_query("INSERT INTO users (". implode(", ", $fields) .") VALUES (". implode(", ", $values) .")");

    $user = user_load(array("name" => $array["name"]));
  }

  foreach ($array as $key => $value) {
    if (substr($key, 0, 4) == "auth") {
      $authmaps[$key] = $value;
    }
  }

  if ($authmaps) {
    $result = user_set_authmaps($user, $authmaps);
  }

  return $user;
}

function user_set($account, $key, $value) {
  $account->data[$key] = $value;
  return $account;
}

function user_get($account, $key) {
  return $account->data[$key];
}

function user_validate_name($name) {

  /*
  ** Verify the syntax of the given name:
  */

  if (!$name) return t("You must enter a username.");
  if (ereg("^ ", $name)) return t("The username cannot begin with a space.");
  if (ereg(" \$", $name)) return t("The username cannot end with a space.");
  if (ereg("  ", $name)) return t("The username cannot contain multiple spaces in a row.");
  // if (ereg("[^a-zA-Z0-9@-@]", $name)) return t("The username contains an illegal character.");
  if (ereg('@', $name) && !eregi('@([0-9a-z](-?[0-9a-z])*\.)+[a-z]{2}([zmuvtg]|fo|me)?$', $name)) return t("The username is not a valid authentication ID.");
  if (!eregi('^[[:print:]]+', $name)) return t("The name contains an illegal character.");
  if (strlen($name) > 56) return t("The username '%name' is too long: it must be less than 56 characters.", array("%name" => $name));
}

function user_validate_mail($mail) {

  if ($mail && !valid_email_address($mail)) {
    return t("The e-mail address '%mail' is not valid.", array("%mail" => $mail));
  }
}

function user_validate_authmap($account, $authname, $module) {
  $result = db_query("SELECT COUNT(*) from authmap WHERE uid != '%d' AND authname = '%s'", $account->uid, $authname);
  if (db_result($result) > 0) {
    $name = module_invoke($module, "info", "name");
    return t("The %u ID %s is already taken.", array("%u" => ucfirst($name), "%s" => "<i>$authname</i>"));
  }
}

function user_password($min_length = 6) {

  /*
  ** Generate a human-readable password:
  */

  mt_srand((double)microtime() * 1000000);
  $words = explode(",", variable_get("user_password", "foo,bar,guy,neo,tux,moo,sun,asm,dot,god,axe,geek,nerd,fish,hack,star,mice,warp,moon,hero,cola,girl,fish,java,perl,boss,dark,sith,jedi,drop,mojo"));
  while (strlen($password) < $min_length) $password .= trim($words[mt_rand(0, count($words))]);
  return $password;
}

function user_access($string) {

  global $user;
  static $perm;

  /*
  ** To reduce the number of SQL queries, we cache the user's permissions
  ** in a static variable.
  */

  if (!$perm) {
    if ($user->uid) {
      $perm = db_result(db_query("SELECT p.perm FROM role r, permission p WHERE r.rid = p.rid AND name = '%s'", $user->role), 0);
    }
    else {
      $perm = db_result(db_query("SELECT p.perm FROM role r, permission p WHERE r.rid = p.rid AND name = 'anonymous user'"), 0);
    }
  }

  if ($user->uid == 1) {
    return 1;
  }
  else {
    return strstr($perm, $string);
  }

}

function user_mail($mail, $subject, $message, $header) {
  if (variable_get("smtp_library", "") && file_exists(variable_get("smtp_library", ""))) {
    include_once variable_get("smtp_library", "");
    return user_mail_wrapper($mail, $subject, $message, $header);
  }
  else {
    /*
    ** Note: if you are having problems with sending mail, or mails look wrong
    ** when they are recieved you may have to modify the str_replace to suit
    ** your systems.
    **  - \r\n will work under dos and windows.
    **  - \n will work for linux, unix and BSDs.
    **  - \r will work for macs.
    */
    return mail($mail, $subject, str_replace("\r", "", $message), $header);
  }
}

function user_deny($type, $mask) {

  $allow = db_fetch_object(db_query("SELECT * FROM access WHERE status = '1' AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask));

  $deny = db_fetch_object(db_query("SELECT * FROM access WHERE status = '0' AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask));

  if ($deny && !$allow) {
    return 1;
  }
  else {
    return 0;
  }
}

function user_fields() {
  static $fields;

  if (!$fields) {
    $result = db_query("SELECT * FROM users WHERE uid = 1");
    if (db_num_rows($result)) {
      $fields = array_keys(db_fetch_array($result));
    }
  }

  // Make sure we return the default fields at least
  return is_array($fields) ? $fields: array("uid", "name", "pass", "mail", "homepage", "mode", "sort", "threshold", "theme", "signature", "timestamp", "hostname", "status", "timezone", "rating", "language", "sid", "init", "session", "data", "rid");
}

/*** Module hooks **********************************************************/

function user_perm() {
  return array("administer users");
}

function user_search($keys) {
  global $PHP_SELF;
  $result = db_query_range("SELECT * FROM users WHERE name LIKE '%$keys%'", 0, 20);
  while ($account = db_fetch_object($result)) {
    $find[$i++] = array("title" => $account->name, "link" => (strstr($PHP_SELF, "admin") ? url("admin/user/edit/$account->uid") : url("user/view/$account->uid")), "user" => $account->name);
  }
  return $find;
}

function user_block($op = "list", $delta = 0) {
  global $user, $edit;

  if ($op == "list") {
     $blocks[0]["info"] = t("Log in");
     $blocks[1]["info"] = t("User information");
     $blocks[2]["info"] = t("Who's new");

     return $blocks;
  }
  else {
    switch ($delta) {
      case 0:
        if (!$user->uid) {
          $output = "<div align=\"center\">\n";
          $output .= "<form action=\"". url("user/login") ."\" method=\"post\">\n";
          /*
          ** Save the referer.  We record where the user came from such
          ** that we/ can redirect him after having completed the login
          ** form.
          */

          if (empty($edit)) {
            $edit["destination"] = request_uri();
          }
          // NOTE: special care needs to be taken because on pages with forms, such as node and comment submission pages, the $edit variable might already be set.

          $output .= "<input name=\"edit[destination]\" type=\"hidden\" value=\"" . $edit["destination"] . "\" />";
          $output .= "<b>". t("Username") .":</b><br /><input name=\"edit[name]\" size=\"15\" /><br />\n";
          $output .= "<b>". t("Password") .":</b><br /><input name=\"edit[pass]\" size=\"15\" type=\"password\" /><br />\n";

          if (variable_get("user_remember", 0) == 0) {
            $output .= "<input name=\"edit[remember_me]\" type=\"checkbox\" />". t("Remember me");
          }
          elseif (variable_get("user_remember", 1) == 1) {
            $output .= form_hidden("remember_me", 1);
          }

          $output .= "<br />\n<input name=\"edit[op]\" type=\"submit\" value=\"". t("Log in") ."\" /><br />\n";
          $output .= "</form></div>\n";

          if (variable_get("user_register", 1)) {
            $items[] = l(t("Create new account"), "user/register", array("title" => t("Create a new user account.")));
          }
          $items[] = l(t("Request new password"), "user/password", array("title" => t("Request new password via e-mail.")));

          $output .= theme("theme_item_list", $items);

          $block["subject"] = t("Log in");
          $block["content"] = "<div style=\"white-space: nowrap;\">$output</div>";
          return $block;
        }
        break;
      case 1:
        if ($user->uid) {
          $content[] = theme("theme_item_list", module_invoke_all("link", "menu.create"));
          $content[] = theme("theme_item_list", module_invoke_all("link", "menu.view"));
          $content[] = theme("theme_item_list", module_invoke_all("link", "menu.settings"));
          $content[] = theme("theme_item_list", module_invoke_all("link", "menu.misc"));

          $output = implode($content, "<br />");

          $block["subject"] = $user->name;
          $block["content"] = "<div style=\"{ white-space: nowrap; }\">$output</div>";
          return $block;
        }
        break;
      case 2:

        $result = db_query_range("SELECT uid, name FROM users WHERE status != '0' ORDER BY uid DESC", 0, 5);
        while ($account = db_fetch_object($result)) {
          $items[] = l((strlen($account->name) > 15 ? substr($account->name, 0, 15) . '...' : $account->name), "user/view/$account->uid");
        }

        $output = theme("theme_item_list", $items);

        $block["subject"] = t("Who's new");
        $block["content"] = $output;
        return $block;
    }
  }
}

function user_link($type) {

  $links = array();

  if ($type == "page") {
    $links[] = l(t("user account"), "user", array("title" => t("Create a user account, request a new password or edit your account settings.")));
  }

  if ($type == "menu.settings") {
    $links[] = l(t("edit account"), "user/edit", array("title" => t("View and edit your account information.")));
  }

  if ($type == "menu.misc") {
    if (user_access("access administration pages")) {
      $links[] = l(t("administer %a", array("%a" => variable_get("site_name", "drupal"))), "admin", array("title" => t("Access administration pages.")));
    }

    $links[] = l(t("logout"), "user/logout", array("title" => t("Logout.")));
  }

  if ($type == "admin" && user_access("administer users")) {
    $help["user"] = "Drupal allows users to register, login, logout, maintain user profiles, etc.  No participant can use his own name to post content until he signs up for a user account.  There are several configuration pages that help administrators manage user accounts.";
    $help["create"] = "If your site is completely private, and doesn't allow public registration, then you can add new users manually.  This web page allows administrator to register a new users.";
    $help["view"] = "This page allows you to review and edit any user's profile.";
    $help["access"] = "Access rules enable administrators to filter out usernames and e-mail addresses which are not allowed in Drupal.  An administrator creates a 'mask' against which each new registration is checked. Disallowed names and e-mail addresses are denied access to the site.";
    $help["permission"] = "Each user role has certain things that its users are allowed to do, and some that are disallowed. For example, authenticated users may usually post a story but anonymous users may not.  Each permission describes a fine-grained logical operation such as access administration pages or add and modify user accounts. You could say a permission represents access granted to a user to perform a set of operations.";
    $help["role"] = "Roles allow you to fine tune the security and administration of drupal.  A role defines a group of users which have certain privileges.  Examples of roles include: anonymous user, authenticated user, moderator, administrator and so on.  By default, Drupal comes with two user roles: <ul><li>Anonymous user: this role is used for users that don't have a user account or that are not authenticated.</li><li>Registered user: this role is assigned automatically to authenticated users.  Most registered users will belong to this user role unless specified otherwise.</li></ul>";
    $help["search"] = "On this page you can query any username.  For example, one may search for 'br' and Drupal might return 'brian', 'brad', and 'brenda'.";
    $help["setting"] = "Administrators may choose to restrict registration to their site.  That restriction may be accomplished on this page.  Also, the list of words which may be included in a system generated password is also listed on this page.  Drupal generates passwords by joining small words from the password list until the new password is greater than 6 characters.";

    menu("admin/user", "user management", "user_admin", $help["user"], 2);
    menu("admin/user/create", "create new account", "user_admin", $help["create"], 1);
    menu("admin/user/account", "view user accounts", "user_admin", $help["view"], 2);
    menu("admin/user/access", "access rules", NULL, $help["access"], 3);
    menu("admin/user/access/mail", "e-mail rules", "user_admin", $help["access"]);
    menu("admin/user/access/user", "username rules", "user_admin", $help["access"]);
    menu("admin/user/role", "user roles", "user_admin", $help["role"], 4);
    menu("admin/user/permission", "user permissions", "user_admin", $help["permission"], 5);
    menu("admin/user/search", "search accounts", "user_admin", $help["search"], 8);
    menu("admin/user/help", "help", "user_help", NULL, 9);
    menu("admin/user/edit", "edit user account", "user_admin", NULL, 0, 1); // hidden menu
    menu("admin/user/account/0", "active users", "user_admin", $help["view"], 1);
    menu("admin/user/account/1", "new users", "user_admin", $help["view"], 2);
    menu("admin/user/account/2", "blocked users", "user_admin", $help["view"], 3);

    $i = 3;
    foreach (user_roles(1) as $key => $value) {
      menu("admin/user/account/". $i++, "users with role '$value'", "user_admin", $help["view"], 4);
    }
  }

  return $links;
}

/*** Authentication methods ************************************************/

function user_get_authname($account, $module) {

  /*
  **  Called by authentication modules in order to edit/view their authmap information.
  */

  $result = db_query("SELECT authname FROM authmap WHERE uid = '%d' AND module = '%s'", $account->uid, $module);
  return db_result($result);
}


function user_get_authmaps($authname = NULL) {

  /*
  ** Accepts an user object, $account, or an DA name and returns an
  ** associtive array of modules and DA names. Called at external login.
  */

  $result = db_query("SELECT authname, module FROM authmap WHERE authname = '%s'", $authname);
  if (db_num_rows($result) > 0) {
    while ($authmap = db_fetch_object($result)) {
      $authmaps[$authmap->module] = $authmap->authname;
    }
    return $authmaps;
  }
  else {
    return 0;
  }
}

function user_set_authmaps($account, $authmaps) {
  foreach ($authmaps as $key => $value) {
    $module = explode("_", $key, 2);
    if ($value) {
      $result = db_query("SELECT COUNT(*) from authmap WHERE uid = '%d' AND module = '%s'", $account->uid, $module["1"]);
      if (db_result($result) == 0) {
        $result = db_query("INSERT INTO authmap (authname, uid, module) VALUES ('%s', '%d', '%s')", $value, $account->uid, $module[1]);
      }
      else {
        $result = db_query("UPDATE authmap SET authname = '%s' WHERE uid = '%d' AND module = '%s'", $value, $account->uid, $module["1"]);
      }
    }
    else {
      $result = db_query("DELETE FROM authmap WHERE uid = '%d' AND module = '%s'", $account->uid, $module["1"]);
    }
  }
  return $result;
}

function user_auth_help_links() {
  $links = array();
  foreach (module_list() as $module) {
    if (module_hook($module, "auth_help")) {
      $links[] = l(module_invoke($module, "info", "name"), "user/help#$module");
    }
  }
  return $links;
}

/*** User features *********************************************************/

function user_login($edit = array(), $msg = "") {
  global $user, $referer;

  /*
  ** If we are already logged on, go to the user page instead.
  */

  if ($user->uid) {
    drupal_goto(url("user"));
  }

  if (user_deny("user", $edit["name"])) {
    $error = t("The name '%s' has been denied access.", array("%s" => $edit["name"]));
  }
  else if ($edit["name"] && $edit["pass"]) {

    /*
    ** Try to log in the user locally:
    */

    if (!$user) {
      $name = check_input($edit["name"]);
      $pass = check_input($edit["pass"]);
      $user = user_load(array("name" => $name, "pass" => $pass, "status" => 1));
    }

    /*
    ** Strip name and server from ID:
    */

    if ($server = strrchr($edit["name"], "@")) {
      $name = check_input(substr($edit["name"], 0, strlen($edit["name"]) - strlen($server)));
      $server = check_input(substr($server, 1));
      $pass = check_input($edit["pass"]);
    }

    /*
    ** When possible, determine corrosponding external auth source. Invoke source, and login user if successful:
    */

    if (!$user && $server && $result = user_get_authmaps("$name@$server")) {
      if (module_invoke(key($result), "auth", $name, $pass, $server)) {
        $user = user_external_load("$name@$server");
        watchdog("user", "external load: $name@$server, module: ". key($result));
      }
      else {
        $error = t("Invalid password for %s.", array("%s" => "<i>$name@$server</i>"));
      }
    }

     /*
    ** Try each external authentication source in series. Register user if successful.
    */

    else if (!$user && $server) {
      foreach (module_list() as $module) {
        if (module_hook($module, "auth")) {
          if (module_invoke($module, "auth", $name, $pass, $server)) {
            if (variable_get("user_register", 1) == 1 && !user_load(array("name" => "$name@$server"))) { //register this new user
              $user = user_save("", array("name" => "$name@$server", "pass" => user_password(), "init" => "$name@$server", "status" => 1, "authname_$module" => "$name@$server", "rid" => _user_authenticated_id()));
              watchdog("user", "new user: $name@$server ($module ID)", l("edit user", "admin/user/edit/$user->uid"));
              break;
            }
          }
        }
      }
    }

    if ($user->uid) {
      watchdog("user", "session opened for '$user->name'");

      /*
      ** Write session ID to database:
      */

      user_save($user, array("sid" => session_id()));

      /*
      ** If the user wants to be remembered, set the proper cookie such
      ** that the session won't expire.
      */

      if ($edit["remember_me"]) {
        setcookie(session_name(), session_id(), time() + 3600 * 24 * 365);
      }
      else {
        setcookie(session_name(), session_id());
      }

      /*
      ** Redirect the user to the page he logged on from.
      */

      drupal_goto($edit["destination"]);
    }
    else {
      if (!$error) {
        $error = t("Sorry.  Unrecognized username or password.") ." ". l(t("Have you forgotten your password?"), "user/password");
      }
      if ($server) {
        watchdog("user", "failed login for '$name@$server': $error");
      }
      else {
        watchdog("user", "failed login for '$name': $error");
      }
    }
  }

  /*
  ** Display error message (if any):
  */

  if ($error) {
    $output .= theme("theme_error", $error);
  }

  /*
  ** Save the referer.  We record where the user came from such that we
  ** can redirect him after having completed the login form.
  */

  if (empty($edit)) {
    $edit["destination"] = request_uri();
  }
  $output .= form_hidden("destination", $edit["destination"]);

  /*
  ** Display login form:
  */

  if ($msg) {
    $output .= "<p>$msg</p>";
  }
  if (count(user_auth_help_links()) > 0) {
    $output .= form_textfield(t("Username"), "name", $edit["name"], 20, 64, t("Enter your %s username, or an ID from one of our affiliates: %a.", array("%s" => variable_get("site_name", "local"), "%a" => implode(", ", user_auth_help_links()))));
  }
  else {
    $output .= form_textfield(t("Username"), "name", $edit["name"], 20, 64, t("Enter your %s username.", array("%s" => variable_get("site_name", "local"))));
  }
  $output .= form_password(t("Password"), "pass", $pass, 20, 64, t("Enter the password that accompanies your username."));
  $output .= form_checkbox(t("Remember me"), "remember_me", 1, 0, 0);
  $output .= form_submit(t("Log in"));
  $output .= "<p>&raquo; ". l(t("Request new password"), "user/password"). "<br />";
  if (variable_get("user_register", 1)) {
    $output .= "&raquo; ". l(t("Create new account"), "user/register");
  }
  $output .= "</p>";

  return form($output, "post", url("user"));
}

function _user_authenticated_id() {
  return db_result(db_query("SELECT rid FROM role WHERE name = 'authenticated user'"));
}

function user_logout() {
  global $user;

  if ($user->uid) {
    watchdog("user", "session closed for user '$user->name'");

    /*
    ** Destroy the current session:
    */

    session_destroy();
    unset($user);
  }

  /*
  ** Redirect the user to his personal information page:
  */

  drupal_goto("index.php");

}

function user_pass($edit = array()) {

  global $base_url;

  if ($edit["name"]) {
    $account = db_fetch_object(db_query("SELECT uid, name, mail FROM users WHERE name = '%s'", $edit["name"]));
    if (!$account) $error = t("Sorry. The username <i>%s</i> is not recognized.", array("%s" => $edit["name"]));
  }
  else if ($edit["mail"]) {
    $account = db_fetch_object(db_query("SELECT uid, name, mail FROM users WHERE mail = '%s'", $edit["mail"]));
    if (!$account) $error = t("Sorry. The e-mail address <i>%s</i> is not recognized.", array("%s" => $edit["mail"]));
  }
  if ($account) {

      $from = variable_get("site_mail", ini_get("sendmail_from"));
      $pass = user_password();

      /*
      ** Save new password:
      */

      user_save($account, array("pass" => $pass));

      /*
      ** Mail new password:
      */

      $variables = array("%username" => $account->name, "%site" => variable_get("site_name", "drupal"), "%password" => $pass, "%uri" => $base_url, "%uri_brief" => substr($base_url, strlen("http://")), "%mailto" => $account->mail, "%date" => format_date(time()));
      $subject = strtr(variable_get("user_mail_pass_subject", t("Replacement login information for %username at %site")), $variables);
      $body = strtr(variable_get("user_mail_pass_body", t("%username,\n\nHere is your new password for %site.  You may now login to ". url("user/login") ." using the following username and password:\n\nusername: %username\npassword: %password\n\nAfter logging in, you may wish to change your password at ". url("user/edit") .".\n\nYour new %site membership also enables you to login to other Drupal powered websites (e.g. http://www.drop.org/) without registering.  Just use the following Drupal ID and password:\n\nDrupal ID: %username@%uri_brief\npassword: %password\n\n\n-- %site team")), $variables);
      $headers = "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from";
      user_mail($account->mail, $subject, $body, $headers);

      watchdog("user", "mail password: '". $account->name ."' &lt;". $account->mail ."&gt;");

      return t("Your password and further instructions have been sent to your e-mail address.");
    }
    else {

    // Display error message if necessary.
    if ($error) {
      $output .= theme("theme_error", $error);
    }

    /*
    ** Display form:
    */

    $output .= "<p>". sprintf(t("Enter your username %sor%s your e-mail address."), "<b><i>", "</i></b>") ."</p>";
    $output .= form_textfield(t("Username"), "name", $edit["name"], 30, 64);
    $output .= form_textfield(t("E-mail address"), "mail", $edit["mail"], 30, 64);
    $output .= form_submit(t("E-mail new password"));
    $output .= "<p>&raquo; ". l(t("Log in"), "user/login") ."<br />";
    if (variable_get("user_register", 1)) {
      $output .= "&raquo; ". l(t("Create new account"), "user/register");
    }
    $output .= "</p>";

    return form($output, "post", url("user"));
  }
}

function user_register($edit = array()) {
  global $user, $base_url;

  /*
  ** If we are already logged on, go to the user page instead.
  */

  if ($user->uid) {
    drupal_goto(url("user/edit"));
  }

  if ($edit["name"] && $edit["mail"]) {
    if ($error = user_validate_name($edit["name"])) {
      // do nothing
    }
    else if ($error = user_validate_mail($edit["mail"])) {
      // do nothing
    }
    else if (user_deny("user", $edit["name"])) {
      $error = t("The name '%s' has been denied access.", array("%s" => $edit["name"]));
    }
    else if (user_deny("mail", $edit["mail"])) {
      $error = t("The e-mail address '%s' has been denied access.", array("%s" => $edit["mail"]));
    }
    else if (db_num_rows(db_query("SELECT name FROM users WHERE LOWER(name) = LOWER('%s')", $edit["name"])) > 0) {
      $error = t("The name '%s' is already taken.", array("%s" => $edit["name"]));
    }
    else if (db_num_rows(db_query("SELECT mail FROM users WHERE LOWER(mail) = LOWER('%s')", $edit["mail"])) > 0) {
      $error = t("The e-mail address '%s' is already taken.", array("%s" => $edit["mail"]));
    }
    else if (variable_get("user_register", 1) == 0) {
      $error = t("Public registrations have been disabled by the site administrator.");
    }
    else {
      foreach (module_list() as $module) {
        if (module_hook($module, "user")) {
          $result = module_invoke($module, "user", "register_validate", $edit, $user);
          if (is_array($result)) {
            $data = array_merge($data, $result);
          }
          elseif (is_string($result)) {
            $error = $result;
            break;
          }
        }
      }
      if (!$error) {
        $success = 1;
      }
    }
  }

  if ($success) {

    $from = variable_get("site_mail", ini_get("sendmail_from"));
    $pass = user_password();

    // create new user account, noting whether administrator approval is required
    user_role_init();
    // TODO: is this necessary? Won't session_write replicate this?
    unset($edit["session"]);
    $account = user_save("", array_merge(array("name" => $edit["name"], "pass" => $pass, "init" => $edit["mail"], "mail" => $edit["mail"], "rid" => _user_authenticated_id(), "rating" => 0, "status" => (variable_get("user_register", 1) == 1 ? 1 : 0)), $data));
    watchdog("user", "new user: '". $edit["name"] ."' &lt;". $edit["mail"] ."&gt;", l("edit user", "admin/user/edit/$account->uid"));

    $variables = array("%username" => $edit["name"], "%site" => variable_get("site_name", "drupal"), "%password" => $pass, "%uri" => $base_url, "%uri_brief" => substr($base_url, strlen("http://")), "%mailto" => $edit["mail"], "%date" => format_date(time()));

    //the first user may login immediately, and receives a customized welcome e-mail.
    if ($account->uid == 1) {
      user_mail($edit["mail"], t("drupal user account details for %s", array("%s" => $edit["name"])), strtr(t("%username,\n\nYou may now login to %uri using the following username and password:\n\n  username: %username\n  password: %password\n\n". url("user/edit") ."\n\n--drupal"), $variables), "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from");
      // This should not be t()'ed. No point as its only shown once in the sites lifetime, and it would be bad to store the password
      $output .= "<p>Welcome to Drupal. You are user #1, which gives you full and immediate access.  All future registrants will receive their passwords via e-mail, so please configure your e-mail settings using the Administration pages.</p><p> Your password is <b>$pass</b>. You may change your password on the next page.</p><p>Please login below.</p>";
      $output .= form_hidden("name", $account->name);
      $output .= form_hidden("pass", $pass);
      $output .= form_submit(t("Log in"));
      return form($output);
    }
    else {
      if ($account->status) {
        /*
        ** Create new user account, no administrator approval required:
        */

        $subject = strtr(variable_get("user_mail_welcome_subject", t("User account details for %username at %site")), $variables);
        $body = strtr(variable_get("user_mail_welcome_body", t("%username,\n\nThank you for registering at %site. You may now login to ". url("user/login") ." using the following username and password:\n\nusername: %username\npassword: %password\n\nAfter logging in, you may wish to change your password at ". url("user/edit") .".\n\nYour new %site membership also enables to you to login to other Drupal powered websites (e.g. http://www.drop.org/) without registering. Just use the following Drupal ID and password:\n\nDrupal ID: %username@%uri_brief\npassword: %password\n\n\n--  %site team")), $variables);
        user_mail($edit["mail"], $subject, $body, "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from");
        return t("Your password and further instructions have been sent to your e-mail address.");
      }
      else {
        /*
        ** Create new user account, administrator approval required:
        */
        $subject = strtr(variable_get("user_mail_welcome_subject", t("User account details for %username at %site")), $variables);
        $body = strtr(variable_get("user_mail_welcome_body", t("%username,\n\nThank you for registering at %site. Your account will have to be approved by the site administrator. You may now login to ". url("user/login") ." using the following username and password:\n\nusername: %username\npassword: %password\n\nAfter logging in, you may wish to change your password at ". url("user/edit") .".\n\nYour new %site membership also enables to you to login to other Drupal powered websites (e.g. http://www.drop.org/) without registering. Just use the following Drupal ID and password:\n\nDrupal ID: %username@%uri_brief\npassword: %password\n\n\n--  %site team")), $variables);
        user_mail($edit["mail"], $subject, $body, "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from");
        user_mail(variable_get("site_mail", ini_get("sendmail_from")), $subject, t("%u has applied for an account.\n\n%uri", array("%u" => $account->name, "%uri" => url("admin/user/edit/$account->uid"))), "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from");
        return t("Your password and further instructions have been sent to your e-mail address.");
      }
    }
  }
  else {
    if ($error) {
      $output .= theme("theme_error", $error);
    }
  }

  // display the registration form
  $output .= variable_get("user_registration_help", "");
  $affiliates = user_auth_help_links();
  if (count($affiliates) > 0) {
    $affiliates = implode(", ", $affiliates);
    $output .= "<p>" . t("Note: If you have an account with one of our affiliates (%s), you may ". l("login now", "user/login") ." instead of registering.", array("%s" => $affiliates)) ."</p>";
  }
  $output .= form_textfield(t("Username"), "name", $edit["name"], 30, 64, t("Your full name or your preferred username: only letters, numbers and spaces are allowed."));
  $output .= form_textfield(t("E-mail address"), "mail", $edit["mail"], 30, 64, t("A password and instructions will be sent to this e-mail address, so make sure it is accurate."));
  foreach (module_list() as $module) {
    if (module_hook($module, "user")) {
      $output .= module_invoke($module, "user", "register_form", $edit, $user);
    }
  }
  $output .= form_submit(t("Create new account"));
  $output .= "<p>&raquo; ". l(t("E-mail new password"), "user/password"). "<br />";
  $output .= "&raquo; ". l(t("Log in"), "user/login") ."</p>";

  return form($output);
}


function user_delete() {
  global $edit, $user;

  if ($edit["confirm"]) {
    watchdog(user,"$user->name deactivated her own account.");
    db_query("UPDATE users SET mail = 'deleted', status = '0' WHERE uid = '%d'", $user->uid);
    $output .= t("Your account has been deactivated.");
  }
  else {
    $output .= form_item(t("Confirm Deletion"), t("You are about to deactivate your own user account. In addition, your e-mail address will be removed from the database."));
    $output .= form_hidden("confirm", 1);
    $output .= form_submit(t("Delete account"));
    $output = form($output);
  }
  return $output;
}

function user_edit($edit = array()) {
  global $user, $languages;

  if ($user->uid) {
    if ($edit["name"]) {
      if ($error = user_validate_name($edit["name"])) {
        // do nothing
      }
      else if ($error = user_validate_mail($edit["mail"])) {
        // do nothing
      }
      else if (db_num_rows(db_query("SELECT uid FROM users WHERE uid != '$user->uid' AND LOWER(name) = LOWER('%s')", $edit["name"])) > 0) {
        $error = t("The name '%s' is already taken.", array("%s" => $edit["name"]));
      }
      else if ($edit["mail"] && db_num_rows(db_query("SELECT uid FROM users WHERE uid != '$user->uid' AND LOWER(mail) = LOWER('%s')", $edit["mail"])) > 0) {
        $error = t("The e-mail address '%s' is already taken.", array("%s" => $edit["mail"]));
      }
      else if ($user->uid) {
        /*
        ** If required, check that proposed passwords match.  If so,
        ** add new password to $edit.
        */

        if ($edit["pass1"]) {
          if ($edit["pass1"] == $edit["pass2"]) {
            $edit["pass"] = $edit["pass1"];
          }
          else {
            $error = t("The specified passwords do not match.");
          }
        }
        unset($edit["pass1"], $edit["pass2"]);

        /*
        ** Validate input fields to make sure users don't submit
        ** invalid form data.
        */

        if (!user_access("administer users")) {
           if (array_intersect(array_keys($edit), array("rid", "init", "rating", "session"))) {
             watchdog("warning", "detected malicious attempt to alter a protected database field");
           }

           $edit["rid"] = $user->rid;
           $edit["init"] = $user->init;
           $edit["rating"] = $user->rating;
           $edit["session"] = $user->session;
        }

        /*
        ** Have the modules that extend the user information validate
        ** their data.
        */

        foreach (module_list() as $module) {
          if (module_hook($module, "user")) {
            $result = module_invoke($module, "user", "edit_validate", $edit, $user);
          }
          if (is_array($result)) {
            $data = array_merge($data, $result);
          }
          elseif (is_string($result)) {
            $error = $result;
            break;
          }
        }

        if (!$error) {
          /*
          ** Save user information:
          */

          $user = user_save($user, array_merge($edit, $data));

          $output .= t("Your user information changes have been saved.");
        }
      }
    }

    if ($error) {
      $output .= theme("theme_error", $error);
    }

    if (!$edit) {
      $edit = object2array($user);
    }

    $output .= form_textfield(t("Username"), "name", $edit["name"], 30, 55, t("Your full name or your preferred username: only letters, numbers and spaces are allowed."));
    $output .= form_textfield(t("E-mail address"), "mail", $edit["mail"], 30, 55, t("Insert a valid e-mail address.  All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail."));

    foreach (module_list() as $module) {
      if (module_hook($module, "user")) {
        $output .= module_invoke($module, "user", "edit_form", $edit, $user);
      }
    }

    $options = "<option value=\"\"". (("" == $key) ? " selected=\"selected\"" : "") .">". t("Default theme") ."</option>\n";
    foreach (theme_list() as $key => $value) {
      $options .= "<option value=\"$key\"". (($edit["theme"] == $key) ? " selected=\"selected\"" : "") .">$key - $value->description</option>\n";
    }

    $output .= form_item(t("Theme"), "<select name=\"edit[theme]\">$options</select>", t("Selecting a different theme will change the look and feel of the site."));
    for ($zone = -43200; $zone <= 46800; $zone += 3600) $zones[$zone] = date("l, F dS, Y - h:i A", time() - date("Z") + $zone) ." (GMT ". $zone / 3600 .")";
    $output .= form_select(t("Time zone"), "timezone", $edit["timezone"], $zones, t("Select what time you currently have and your time zone settings will be set appropriate."));
    $output .= form_select(t("Language"), "language", $edit["language"], $languages, t("Selecting a different language will change the language of the site."));
    $output .= form_item(t("Password"), "<input type=\"password\" name=\"edit[pass1]\" size=\"12\" maxlength=\"24\" /> <input type=\"password\" name=\"edit[pass2]\" size=\"12\" maxlength=\"24\" />", t("Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password."));
    $output .= form_submit(t("Save user information"));

    $output = form($output, "post", 0, "enctype=\"multipart/form-data\"");
  }
  else {
    $output = user_login();
  }

  return $output;
}

function user_menu() {
  $links[] = l(t("view user information"), "user/view");
  $links[] = l(t("edit user information"), "user/edit");
  $links[] = l(t("delete account"), "user/delete");

  return "<div align=\"center\">". implode(" &middot; ", $links) ."</div>";
}

function user_view($uid = 0) {
  global $user;

  if (!$uid) {
    $uid = $user->uid;
  }

  if ($user->uid && $user->uid == $uid) {
    $output = form_item(t("Name"), "$user->name ($user->init)");
    $output .= form_item(t("E-mail address"), $user->mail, "Please note that only you can see your own e-mail address - it is not publicly visible.");

    foreach (module_list() as $module) {
      if (module_hook($module, "user")) {
        $output .= module_invoke($module, "user", "view_private", "", $user);
      }
    }

    theme("header");
    theme("box", t("User account"), user_menu());
    theme("box", t("View user information"), $output);
    theme("footer");
  }
  else if ($uid && $account = user_load(array("uid" => $uid, "status" => 1))) {
    $output = form_item(t("Name"), $account->name);

    foreach (module_list() as $module) {
      if (module_hook($module, "user")) {
        $output .= module_invoke($module, "user", "view_public", "", $account);
      }
    }

    theme("header");
    theme("box", t("View user information"), $output);
    theme("footer");
  }
  else {
    $output = user_login();
    theme("header");
    theme("box", t("Log in"), $output);
    if (variable_get("user_register", 1)) {
      theme("box", t("Create new user account"), user_register());
    }
    theme("box", t("E-mail new password"), user_pass());
    theme("footer");
  }
}

function user_page() {
  global $edit, $op;

  if (empty($op)) {
    $op = arg(1);
  }

  switch ($op) {
    case t("E-mail new password"):
    case "password":
      theme("header");
      theme("box", t("E-mail new password"), user_pass($edit));
      theme("footer");
      break;
    case t("Create new account"):
    case "register":
      $output = user_register($edit);
      theme("header");
      if (variable_get("user_register", 1)) {
        theme("box", t("Create new account"), $output);
      }
      else {
        print message_access();
      }
      theme("footer");
      break;
    case t("Log in"):
    case "login":
      $output = user_login($edit);
      theme("header");
      theme("box", t("Log in"), $output);
      theme("footer");
      break;
    case t("Delete account"):
    case t("delete"):
      $output = user_delete();
      theme("header");
      theme("box", t("User account"), user_menu());
      theme("box", t("Delete account"), $output);
      theme("footer");
      break;
    case t("Save user information"):
    case "edit":
      $output = user_edit($edit);
      $theme = theme_init();
      theme("header");
      theme("box", t("User account"), user_menu());
      theme("box", t("Edit user information"), $output);
      theme("footer");
      break;
    case "view":
      user_view(arg(2));
      break;
    case t("Logout"):
    case "logout":
      print user_logout();
      break;
    case "help":
      theme("header");
      theme("box", t("Distributed authentication"), user_help_users_da());
      theme("footer");
      break;
    default:
      print user_view();
  }

}

/*** Administrative features ***********************************************/

function user_settings() {
  $output .= form_select(t("Public registrations"), "user_register", variable_get("user_register", 1), array(t("Only site administrators can create new user accounts."), t("Visitors can create accounts and no administrator approval is required."), t("Visitors can create accounts but administrator approval is required.")));
  $output .= form_textfield(t("Password words"), "user_password", variable_get("user_password", "foo,bar,guy,neo,tux,moo,sun,asm,dot,god,axe,geek,nerd,fish,hack,star,mice,warp,moon,hero,cola,girl,fish,java,perl,boss,dark,sith,jedi,drop,mojo"), 55, 256, t("A comma separated list of short words that can be concatenated to generate human-readable passwords."));
  $output .= form_select(t("Remember authenticated users"), "user_remember", variable_get("user_remember", 0), array(t("Let the user decide whether he should be logged out when leaving the site."), t("Authenticated users are not logged out upon leaving the site."), t("Authenticated users are logged out upon leaving the site.")));
  $output .= form_textarea(t("User registration guidelines"), "user_registration_help", variable_get("user_registration_help", ""), 70, 4, t("This text is displayed at the top of the user registration form.  It's useful for helping or instructing your users."));
  $output .= form_textfield(t("Subject of welcome e-mail"), "user_mail_welcome_subject", variable_get("user_mail_welcome_subject", "User account details for %username at %site"), 70, 180, t("Customize the subject of your welcome e-mail, which is sent to new members upon registering.") . " " . t("Available variables are:") . " " . "%username, %site, %password, %uri, %uri_brief, %mailto, %date");
  $output .= form_textarea(t("Body of welcome e-mail"), "user_mail_welcome_body", variable_get("user_mail_welcome_body", t("%username,\n\nThank you for registering at %site. You may now login to ". url("user/login") ." using the following username and password:\n\nusername: %username\npassword: %password\n\nAfter logging in, you may wish to change your password at ". url("user/edit") ."\n\nYour new %site membership also enables to you to login to other Drupal powered websites (e.g. http://www.drop.org/) without registering. Just use the following Drupal ID and password:\n\nDrupal ID: %username@%uri_brief\npassword: %password\n\n\n--  %site team")), 70, 10, t("Customize the body of the welcome e-mail, which is sent to new members upon registering.") . " " . t("Available variables are:") . " " . "%username, %site, %password, %uri, %uri_brief, %mailto");