user.module 114 KB
Newer Older
Dries's avatar
   
Dries committed
1
2
3
<?php
// $Id$

Dries's avatar
   
Dries committed
4
5
6
7
8
/**
 * @file
 * Enables the user registration and login system.
 */

9
10
11
define('USERNAME_MAX_LENGTH', 60);
define('EMAIL_MAX_LENGTH', 64);

Dries's avatar
Dries committed
12
13
14
/**
 * Invokes hook_user() in every module.
 *
15
 * We cannot use module_invoke() for this, because the arguments need to
Dries's avatar
Dries committed
16
17
 * be passed by reference.
 */
18
function user_module_invoke($type, &$array, &$user, $category = NULL) {
Dries's avatar
   
Dries committed
19
20
  foreach (module_list() as $module) {
    $function = $module .'_user';
21
22
23
    if (function_exists($function)) {
      $function($type, $array, $user, $category);
    }
Dries's avatar
   
Dries committed
24
25
26
  }
}

27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
/**
 * Implementation of hook_theme()
 */
function user_theme() {
  return array(
    'user_picture' => array(
      'arguments' => array('account' => NULL),
    ),
    'user_profile' => array(
      'arguments' => array('account' => NULL, 'fields' => NULL),
    ),
    'user_list' => array(
      'arguments' => array('users' => NULL, 'title' => NULL),
    ),
    'user_admin_perm' => array(
      'arguments' => array('form' => NULL),
    ),
    'user_admin_new_role' => array(
      'arguments' => array('form' => NULL),
    ),
    'user_admin_account' => array(
      'arguments' => array('form' => NULL),
    ),
    'user_filter_form' => array(
      'arguments' => array('form' => NULL),
    ),
    'user_filters' => array(
      'arguments' => array('form' => NULL),
    ),
56
57
58
    'user_signature' => array(
      'arguments' => array('signature' => NULL),
    ),
59
60
61
  );
}

Dries's avatar
   
Dries committed
62
function user_external_load($authname) {
Dries's avatar
   
Dries committed
63
  $result = db_query("SELECT uid FROM {authmap} WHERE authname = '%s'", $authname);
Dries's avatar
   
Dries committed
64

65
  if ($user = db_fetch_array($result)) {
Dries's avatar
   
Dries committed
66
    return user_load($user);
Dries's avatar
   
Dries committed
67
68
69
70
71
72
  }
  else {
    return 0;
  }
}

Dries's avatar
Dries committed
73
74
75
76
77
/**
 * Fetch a user object.
 *
 * @param $array
 *   An associative array of attributes to search for in selecting the
78
 *   user, such as user name or e-mail address.
Dries's avatar
Dries committed
79
80
 *
 * @return
81
 *   A fully-loaded $user object upon successful user load or FALSE if user cannot be loaded.
Dries's avatar
Dries committed
82
 */
Dries's avatar
   
Dries committed
83
function user_load($array = array()) {
Dries's avatar
Dries committed
84
  // Dynamically compose a SQL query:
85
  $query = array();
86
  $params = array();
87

88
89
90
91
  if (is_numeric($array)) {
    $array = array('uid' => $array);
  }

Dries's avatar
   
Dries committed
92
  foreach ($array as $key => $value) {
93
94
    if ($key == 'uid' || $key == 'status') {
      $query[] = "$key = %d";
95
      $params[] = $value;
96
    }
97
98
99
100
    else if ($key == 'pass') {
      $query[] = "pass = '%s'";
      $params[] = md5($value);
    }
Dries's avatar
   
Dries committed
101
    else {
102
      $query[]= "LOWER($key) = LOWER('%s')";
103
      $params[] = $value;
Dries's avatar
   
Dries committed
104
105
    }
  }
106
  $result = db_query('SELECT * FROM {users} u WHERE '. implode(' AND ', $query), $params);
Dries's avatar
   
Dries committed
107

108
109
110
  if (db_num_rows($result)) {
    $user = db_fetch_object($result);
    $user = drupal_unpack($user);
Dries's avatar
   
Dries committed
111

112
    $user->roles = array();
113
114
115
116
117
118
    if ($user->uid) {
      $user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
    }
    else {
      $user->roles[DRUPAL_ANONYMOUS_RID] = 'anonymous user';
    }
119
120
121
122
    $result = db_query('SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
    while ($role = db_fetch_object($result)) {
      $user->roles[$role->rid] = $role->name;
    }
123
    user_module_invoke('load', $array, $user);
124
125
  }
  else {
126
    $user = FALSE;
Dries's avatar
   
Dries committed
127
  }
Dries's avatar
   
Dries committed
128
129
130
131

  return $user;
}

132
/**
133
 * Save changes to a user account or add a new user.
134
135
 *
 * @param $account
136
137
 *   The $user object for the user to modify or add. If $user->uid is
 *   omitted, a new user will be added.
138
139
140
 *
 * @param $array
 *   An array of fields and values to save. For example array('name' => 'My name');
141
 *   Setting a field to NULL deletes it from the data column.
142
143
144
145
 *
 * @param $category
 *   (optional) The category for storing profile information in.
 */
146
function user_save($account, $array = array(), $category = 'account') {
Dries's avatar
Dries committed
147
  // Dynamically compose a SQL query:
Kjartan's avatar
Kjartan committed
148
  $user_fields = user_fields();
149
  if (is_object($account) && $account->uid) {
150
    user_module_invoke('update', $array, $account, $category);
151
    $query = '';
Dries's avatar
Dries committed
152
    $data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid)));
Dries's avatar
   
Dries committed
153
    foreach ($array as $key => $value) {
154
      if ($key == 'pass' && !empty($value)) {
Dries's avatar
   
Dries committed
155
156
        $query .= "$key = '%s', ";
        $v[] = md5($value);
Dries's avatar
   
Dries committed
157
      }
158
      else if ((substr($key, 0, 4) !== 'auth') && ($key != 'pass')) {
Kjartan's avatar
Kjartan committed
159
        if (in_array($key, $user_fields)) {
160
          // Save standard fields
Dries's avatar
   
Dries committed
161
162
          $query .= "$key = '%s', ";
          $v[] = $value;
Dries's avatar
   
Dries committed
163
        }
Dries's avatar
   
Dries committed
164
        else if ($key != 'roles') {
165
          // Roles is a special case: it used below.
166
          if ($value === NULL) {
167
168
169
170
171
            unset($data[$key]);
          }
          else {
            $data[$key] = $value;
          }
Dries's avatar
   
Dries committed
172
        }
Dries's avatar
   
Dries committed
173
174
      }
    }
175
    $query .= "data = '%s' ";
Dries's avatar
   
Dries committed
176
    $v[] = serialize($data);
Dries's avatar
   
Dries committed
177

178
    db_query("UPDATE {users} SET $query WHERE uid = %d", array_merge($v, array($account->uid)));
Dries's avatar
   
Dries committed
179

180
    // Reload user roles if provided
181
    if (isset($array['roles']) && is_array($array['roles'])) {
Dries's avatar
Dries committed
182
      db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
Dries's avatar
   
Dries committed
183

184
      foreach (array_keys($array['roles']) as $rid) {
185
186
187
        if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
          db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $account->uid, $rid);
        }
188
      }
Dries's avatar
   
Dries committed
189
190
    }

191
    // Delete a blocked user's sessions to kick them if they are online.
192
    if (isset($array['status']) && $array['status'] == 0) {
193
      sess_destroy_uid($account->uid);
194
195
    }

196
197
198
199
200
201
202
    // If the password changed, delete all open sessions and recreate
    // the current one.
    if (isset($array['pass'])) {
      sess_destroy_uid($account->uid);
      sess_regenerate();
    }

203
    // Refresh user object
Dries's avatar
   
Dries committed
204
    $user = user_load(array('uid' => $account->uid));
205
    user_module_invoke('after_update', $array, $user, $category);
Dries's avatar
   
Dries committed
206
207
  }
  else {
Dries's avatar
Dries committed
208
    $array['uid'] = db_next_id('{users}_uid');
Dries's avatar
   
Dries committed
209

210
211
212
213
    if (!isset($array['created'])) {    // Allow 'created' to be set by hook_auth
      $array['created'] = time();
    }

214
215
216
    // Note, we wait with saving the data column to prevent module-handled
    // fields from being saved there. We cannot invoke hook_user('insert') here
    // because we don't have a fully initialized user object yet.
Dries's avatar
   
Dries committed
217
    foreach ($array as $key => $value) {
218
      switch ($key) {
219
220
221
        case 'pass':
          $fields[] = $key;
          $values[] = md5($value);
Dries's avatar
   
Dries committed
222
          $s[] = "'%s'";
Dries's avatar
Dries committed
223
          break;
224
225
226
227
228
229
230
231
232
233
234
235
236
237
        case 'uid':        case 'mode':     case 'sort':
        case 'threshold':  case 'created':  case 'access':
        case 'login':      case 'status':
          $fields[] = $key;
          $values[] = $value;
          $s[] = "%d";
          break;
        default:
          if (substr($key, 0, 4) !== 'auth' && in_array($key, $user_fields)) {
            $fields[] = $key;
            $values[] = $value;
            $s[] = "'%s'";
          }
          break;
Dries's avatar
   
Dries committed
238
239
      }
    }
Dries's avatar
Dries committed
240
    db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
Dries's avatar
   
Dries committed
241

242
243
    // Build the initial user object.
    $user = user_load(array('uid' => $array['uid']));
Dries's avatar
   
Dries committed
244

245
246
247
248
249
    user_module_invoke('insert', $array, $user, $category);

    // Build and save the serialized data field now
    $data = array();
    foreach ($array as $key => $value) {
250
      if ((substr($key, 0, 4) !== 'auth') && ($key != 'roles') && (!in_array($key, $user_fields)) && ($value !== NULL)) {
251
252
253
254
255
        $data[$key] = $value;
      }
    }
    db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid);

256
    // Save user roles (delete just to be safe).
257
258
259
260
261
262
    if (is_array($array['roles'])) {
      db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
      foreach (array_keys($array['roles']) as $rid) {
        if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
          db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
        }
263
264
265
      }
    }

266
267
    // Build the finished user object.
    $user = user_load(array('uid' => $array['uid']));
Dries's avatar
   
Dries committed
268
269
  }

270
  // Save distributed authentication mappings
271
  $authmaps = array();
Dries's avatar
   
Dries committed
272
  foreach ($array as $key => $value) {
Dries's avatar
   
Dries committed
273
    if (substr($key, 0, 4) == 'auth') {
Dries's avatar
   
Dries committed
274
275
276
      $authmaps[$key] = $value;
    }
  }
277
  if (sizeof($authmaps) > 0) {
Dries's avatar
   
Dries committed
278
    user_set_authmaps($user, $authmaps);
Dries's avatar
   
Dries committed
279
280
281
282
283
  }

  return $user;
}

Dries's avatar
Dries committed
284
285
286
/**
 * Verify the syntax of the given name.
 */
Dries's avatar
   
Dries committed
287
function user_validate_name($name) {
288
  if (!strlen($name)) return t('You must enter a username.');
Dries's avatar
Dries committed
289
290
  if (substr($name, 0, 1) == ' ') return t('The username cannot begin with a space.');
  if (substr($name, -1) == ' ') return t('The username cannot end with a space.');
291
  if (strpos($name, '  ') !== FALSE) return t('The username cannot contain multiple spaces in a row.');
292
  if (ereg("[^\x80-\xF7 [:alnum:]@_.-]", $name)) return t('The username contains an illegal character.');
293
294
295
296
297
298
299
  if (preg_match('/[\x{80}-\x{A0}'.          // Non-printable ISO-8859-1 + NBSP
                   '\x{AD}'.                 // Soft-hyphen
                   '\x{2000}-\x{200F}'.      // Various space characters
                   '\x{2028}-\x{202F}'.      // Bidirectional text overrides
                   '\x{205F}-\x{206F}'.      // Various text hinting characters
                   '\x{FEFF}'.               // Byte order mark
                   '\x{FF01}-\x{FF60}'.      // Full-width latin
300
301
                   '\x{FFF9}-\x{FFFD}'.      // Replacement characters
                   '\x{0}]/u',               // NULL byte
302
303
304
                   $name)) {
    return t('The username contains an illegal character.');
  }
305
  if (strpos($name, '@') !== FALSE && !eregi('@([0-9a-z](-?[0-9a-z])*.)+[a-z]{2}([zmuvtg]|fo|me)?$', $name)) return t('The username is not a valid authentication ID.');
306
  if (strlen($name) > USERNAME_MAX_LENGTH) return t('The username %name is too long: it must be %max characters or less.', array('%name' => $name, '%max' => USERNAME_MAX_LENGTH));
Dries's avatar
   
Dries committed
307
308
309
}

function user_validate_mail($mail) {
Dries's avatar
Dries committed
310
  if (!$mail) return t('You must enter an e-mail address.');
311
  if (!valid_email_address($mail)) {
312
    return t('The e-mail address %mail is not valid.', array('%mail' => $mail));
Dries's avatar
   
Dries committed
313
314
315
  }
}

Dries's avatar
   
Dries committed
316
function user_validate_picture($file, &$edit, $user) {
317
  global $form_values;
Dries's avatar
Dries committed
318
  // Initialize the picture:
319
  $form_values['picture'] = $user->picture;
Dries's avatar
   
Dries committed
320

Dries's avatar
Dries committed
321
322
  // Check that uploaded file is an image, with a maximum file size
  // and maximum height/width.
323
  $info = image_get_info($file->filepath);
Dries's avatar
Dries committed
324
  list($maxwidth, $maxheight) = explode('x', variable_get('user_picture_dimensions', '85x85'));
Dries's avatar
   
Dries committed
325

326
  if (!$info || !$info['extension']) {
327
    form_set_error('picture_upload', t('The uploaded file was not an image.'));
Dries's avatar
   
Dries committed
328
  }
329
330
  else if (image_get_toolkit()) {
    image_scale($file->filepath, $file->filepath, $maxwidth, $maxheight);
Dries's avatar
   
Dries committed
331
  }
332
  else if (filesize($file->filepath) > (variable_get('user_picture_file_size', '30') * 1000)) {
333
    form_set_error('picture_upload', t('The uploaded image is too large; the maximum file size is %size kB.', array('%size' => variable_get('user_picture_file_size', '30'))));
334
  }
335
  else if ($info['width'] > $maxwidth || $info['height'] > $maxheight) {
336
    form_set_error('picture_upload', t('The uploaded image is too large; the maximum dimensions are %dimensions pixels.', array('%dimensions' => variable_get('user_picture_dimensions', '85x85'))));
Dries's avatar
   
Dries committed
337
  }
338
339

  if (!form_get_errors()) {
340
    if ($file = file_save_upload('picture_upload', variable_get('user_picture_path', 'pictures') .'/picture-'. $user->uid .'.'. $info['extension'], 1)) {
341
      $form_values['picture'] = $file->filepath;
342
343
    }
    else {
344
      form_set_error('picture_upload', t("Failed to upload the picture image; the %directory directory doesn't exist or is not writable.", array('%directory' => variable_get('user_picture_path', 'pictures'))));
345
    }
Dries's avatar
   
Dries committed
346
347
348
  }
}

Dries's avatar
Dries committed
349
350
351
/**
 * Generate a random alphanumeric password.
 */
Dries's avatar
   
Dries committed
352
353
function user_password($length = 10) {
  // This variable contains the list of allowable characters for the
354
355
  // password. Note that the number 0 and the letter 'O' have been
  // removed to avoid confusion between the two. The same is true
356
357
  // of 'I', 1, and l.
  $allowable_characters = 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789';
Dries's avatar
Dries committed
358

359
360
  // Zero-based count of characters in the allowable list:
  $len = strlen($allowable_characters) - 1;
Dries's avatar
   
Dries committed
361

Dries's avatar
Dries committed
362
363
  // Declare the password as a blank string.
  $pass = '';
Dries's avatar
   
Dries committed
364

Dries's avatar
Dries committed
365
  // Loop the number of times specified by $length.
Dries's avatar
   
Dries committed
366
367
368
369
  for ($i = 0; $i < $length; $i++) {

    // Each iteration, pick a random character from the
    // allowable string and append it to the password:
370
    $pass .= $allowable_characters[mt_rand(0, $len)];
Dries's avatar
   
Dries committed
371
372
373
  }

  return $pass;
Dries's avatar
   
Dries committed
374
375
}

Dries's avatar
Dries committed
376
377
378
379
380
/**
 * Determine whether the user has a given privilege.
 *
 * @param $string
 *   The permission, such as "administer nodes", being checked for.
Dries's avatar
   
Dries committed
381
382
 * @param $account
 *   (optional) The account to check, if not given use currently logged in user.
Dries's avatar
Dries committed
383
384
 *
 * @return
385
 *   boolean TRUE if the current user has the requested permission.
Dries's avatar
Dries committed
386
387
388
389
390
 *
 * All permission checks in Drupal should go through this function. This
 * way, we guarantee consistent behavior, and ensure that the superuser
 * can perform all actions.
 */
Dries's avatar
   
Dries committed
391
function user_access($string, $account = NULL) {
Dries's avatar
   
Dries committed
392
  global $user;
Dries's avatar
   
Dries committed
393
  static $perm = array();
Dries's avatar
   
Dries committed
394

395
396
397
398
  if (is_null($account)) {
    $account = $user;
  }

399
  // User #1 has all privileges:
400
  if ($account->uid == 1) {
401
    return TRUE;
Dries's avatar
   
Dries committed
402
403
  }

Dries's avatar
Dries committed
404
405
  // To reduce the number of SQL queries, we cache the user's permissions
  // in a static variable.
406
  if (!isset($perm[$account->uid])) {
407
    $result = db_query("SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (%s)", implode(',', array_keys($account->roles)));
Dries's avatar
   
Dries committed
408

Steven Wittens's avatar
Steven Wittens committed
409
    $perm[$account->uid] = '';
Dries's avatar
   
Dries committed
410
    while ($row = db_fetch_object($result)) {
411
      $perm[$account->uid] .= "$row->perm, ";
Dries's avatar
   
Dries committed
412
    }
Dries's avatar
   
Dries committed
413
  }
414

415
  if (isset($perm[$account->uid])) {
416
    return strpos($perm[$account->uid], "$string, ") !== FALSE;
417
  }
418

419
  return FALSE;
Dries's avatar
   
Dries committed
420
421
}

422
423
424
/**
 * Checks for usernames blocked by user administration
 *
425
 * @return boolean TRUE for blocked users, FALSE for active
426
427
 */
function user_is_blocked($name) {
428
  $deny  = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name));
429

430
  return $deny;
431
432
}

Dries's avatar
   
Dries committed
433
434
function user_fields() {
  static $fields;
Dries's avatar
   
Dries committed
435

Dries's avatar
   
Dries committed
436
  if (!$fields) {
Dries's avatar
Dries committed
437
    $result = db_query('SELECT * FROM {users} WHERE uid = 1');
Kjartan's avatar
Kjartan committed
438
439
440
    if (db_num_rows($result)) {
      $fields = array_keys(db_fetch_array($result));
    }
Dries's avatar
   
Dries committed
441
442
    else {
      // Make sure we return the default fields at least
443
      $fields = array('uid', 'name', 'pass', 'mail', 'picture', 'mode', 'sort', 'threshold', 'theme', 'signature', 'created', 'access', 'login', 'status', 'timezone', 'language', 'init', 'data');
Dries's avatar
   
Dries committed
444
    }
Dries's avatar
   
Dries committed
445
  }
Dries's avatar
   
Dries committed
446

Dries's avatar
   
Dries committed
447
  return $fields;
Dries's avatar
   
Dries committed
448
449
}

Dries's avatar
Dries committed
450
451
452
/**
 * Implementation of hook_perm().
 */
Dries's avatar
   
Dries committed
453
function user_perm() {
454
  return array('administer access control', 'administer users', 'access user profiles', 'change own username');
Dries's avatar
   
Dries committed
455
456
}

Dries's avatar
Dries committed
457
458
459
460
461
/**
 * Implementation of hook_file_download().
 *
 * Ensure that user pictures (avatars) are always downloadable.
 */
Dries's avatar
   
Dries committed
462
function user_file_download($file) {
Steven Wittens's avatar
Steven Wittens committed
463
  if (strpos($file, variable_get('user_picture_path', 'pictures') .'/picture-') === 0) {
464
465
    $info = image_get_info(file_create_path($file));
    return array('Content-type: '. $info['mime_type']);
Dries's avatar
   
Dries committed
466
467
468
  }
}

Dries's avatar
Dries committed
469
470
471
/**
 * Implementation of hook_search().
 */
472
function user_search($op = 'search', $keys = NULL, $skip_access_check = FALSE) {
473
474
  switch ($op) {
    case 'name':
475
      if ($skip_access_check || user_access('access user profiles')) {
476
        return t('Users');
477
      }
478
    case 'search':
479
480
481
482
      if (user_access('access user profiles')) {
        $find = array();
        // Replace wildcards with MySQL/PostgreSQL wildcards.
        $keys = preg_replace('!\*+!', '%', $keys);
483
        $result = pager_query("SELECT uid, name FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
484
        while ($account = db_fetch_object($result)) {
485
          $find[] = array('title' => $account->name, 'link' => url('user/'. $account->uid, array('absolute' => TRUE)));
486
487
        }
        return $find;
488
      }
Dries's avatar
   
Dries committed
489
490
491
  }
}

Dries's avatar
Dries committed
492
493
494
/**
 * Implementation of hook_user().
 */
495
function user_user($type, &$edit, &$user, $category = NULL) {
Dries's avatar
Dries committed
496
  if ($type == 'view') {
497
    $items['history'] = array('title' => t('Member for'),
498
499
500
501
502
      'value' => format_interval(time() - $user->created),
      'class' => 'member',
    );

    return array(t('History') => $items);
Dries's avatar
Dries committed
503
  }
504
505
506
507
508
  if ($type == 'form' && $category == 'account') {
    return user_edit_form(arg(1), $edit);
  }

  if ($type == 'validate' && $category == 'account') {
509
    return _user_edit_validate(arg(1), $edit);
510
511
  }

512
513
514
515
  if ($type == 'submit' && $category == 'account') {
    return _user_edit_submit(arg(1), $edit);
  }

516
  if ($type == 'categories') {
517
    return array(array('name' => 'account', 'title' => t('Account settings'), 'weight' => 1));
518
  }
Dries's avatar
Dries committed
519
520
}

521
522
function user_login_block() {
  $form = array(
523
    '#action' => url($_GET['q'], array('query' => drupal_get_destination())),
524
    '#id' => 'user-login-form',
Steven Wittens's avatar
Steven Wittens committed
525
526
    '#validate' => array('user_login_validate' => array()),
    '#submit' => array('user_login_submit' => array()),
527
528
529
  );
  $form['name'] = array('#type' => 'textfield',
    '#title' => t('Username'),
530
    '#maxlength' => USERNAME_MAX_LENGTH,
531
532
533
534
535
    '#size' => 15,
    '#required' => TRUE,
  );
  $form['pass'] = array('#type' => 'password',
    '#title' => t('Password'),
536
    '#maxlength' => 60,
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
    '#size' => 15,
    '#required' => TRUE,
  );
  $form['submit'] = array('#type' => 'submit',
    '#value' => t('Log in'),
  );
  $items = array();
  if (variable_get('user_register', 1)) {
    $items[] = l(t('Create new account'), 'user/register', array('title' => t('Create a new user account.')));
  }
  $items[] = l(t('Request new password'), 'user/password', array('title' => t('Request new password via e-mail.')));
  $form['links'] = array('#value' => theme('item_list', $items));
  return $form;
}

Dries's avatar
Dries committed
552
553
554
/**
 * Implementation of hook_block().
 */
555
function user_block($op = 'list', $delta = 0, $edit = array()) {
Dries's avatar
   
Dries committed
556
557
  global $user;

Dries's avatar
Dries committed
558
559
560
561
562
  if ($op == 'list') {
     $blocks[0]['info'] = t('User login');
     $blocks[1]['info'] = t('Navigation');
     $blocks[2]['info'] = t('Who\'s new');
     $blocks[3]['info'] = t('Who\'s online');
563

564
     return $blocks;
565
  }
566
567
568
569
570
571
572
573
574
  else if ($op == 'configure' && $delta == 2) {
    $form['user_block_whois_new_count'] = array(
      '#type' => 'select',
      '#title' => t('Number of users to display'),
      '#default_value' => variable_get('user_block_whois_new_count', 5),
      '#options' => drupal_map_assoc(array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10)),
    );
    return $form;
  }
575
576
  else if ($op == 'configure' && $delta == 3) {
    $period = drupal_map_assoc(array(30, 60, 120, 180, 300, 600, 900, 1800, 2700, 3600, 5400, 7200, 10800, 21600, 43200, 86400), 'format_interval');
577
578
    $form['user_block_seconds_online'] = array('#type' => 'select', '#title' => t('User activity'), '#default_value' => variable_get('user_block_seconds_online', 900), '#options' => $period, '#description' => t('A user is considered online for this long after they have last viewed a page.'));
    $form['user_block_max_list_count'] = array('#type' => 'select', '#title' => t('User list length'), '#default_value' => variable_get('user_block_max_list_count', 10), '#options' => drupal_map_assoc(array(0, 5, 10, 15, 20, 25, 30, 40, 50, 75, 100)), '#description' => t('Maximum number of currently online users to display.'));
579

580
    return $form;
581
  }
582
583
584
  else if ($op == 'save' && $delta == 2) {
    variable_set('user_block_whois_new_count', $edit['user_block_whois_new_count']);
  }
585
586
587
588
589
  else if ($op == 'save' && $delta == 3) {
    variable_set('user_block_seconds_online', $edit['user_block_seconds_online']);
    variable_set('user_block_max_list_count', $edit['user_block_max_list_count']);
  }
  else if ($op == 'view') {
Dries's avatar
   
Dries committed
590
591
    $block = array();

Dries's avatar
   
Dries committed
592
593
    switch ($delta) {
      case 0:
Dries's avatar
Dries committed
594
595
        // For usability's sake, avoid showing two login forms on one page.
        if (!$user->uid && !(arg(0) == 'user' && !is_numeric(arg(1)))) {
Dries's avatar
   
Dries committed
596

Dries's avatar
Dries committed
597
          $block['subject'] = t('User login');
598
          $block['content'] = drupal_get_form('user_login_block');
Dries's avatar
   
Dries committed
599
        }
Dries's avatar
Dries committed
600
        return $block;
Dries's avatar
Dries committed
601

602
      case 1:
603
        if ($menu = menu_tree()) {
Dries's avatar
Dries committed
604
           $block['subject'] = $user->uid ? check_plain($user->name) : t('Navigation');
605
           $block['content'] = $menu;
Dries's avatar
   
Dries committed
606
        }
607
        return $block;
Dries's avatar
Dries committed
608

Dries's avatar
   
Dries committed
609
      case 2:
610
        if (user_access('access content')) {
Steven Wittens's avatar
Steven Wittens committed
611
          // Retrieve a list of new users who have subsequently accessed the site successfully.
612
          $result = db_query_range('SELECT uid, name FROM {users} WHERE status != 0 AND access != 0 ORDER BY created DESC', 0, variable_get('user_block_whois_new_count', 5));
613
          while ($account = db_fetch_object($result)) {
614
            $items[] = $account;
615
          }
Dries's avatar
Dries committed
616
          $output = theme('user_list', $items);
Dries's avatar
   
Dries committed
617

Dries's avatar
Dries committed
618
619
          $block['subject'] = t('Who\'s new');
          $block['content'] = $output;
620
        }
Dries's avatar
Dries committed
621
622
        return $block;

Dries's avatar
   
Dries committed
623
      case 3:
624
        if (user_access('access content')) {
Dries's avatar
Dries committed
625
          // Count users with activity in the past defined period.
626
          $interval = time() - variable_get('user_block_seconds_online', 900);
627

628
629
630
          // Perform database queries to gather online user lists.  We use s.timestamp
          // rather than u.access because it is much faster is much faster..
          $anonymous_count = sess_count($interval);
631
          $authenticated_users = db_query('SELECT DISTINCT u.uid, u.name FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.timestamp >= %d AND s.uid > 0 ORDER BY s.timestamp DESC', $interval);
632
          $authenticated_count = db_num_rows($authenticated_users);
Dries's avatar
   
Dries committed
633

Dries's avatar
Dries committed
634
          // Format the output with proper grammar.
635
636
          if ($anonymous_count == 1 && $authenticated_count == 1) {
            $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
Dries's avatar
   
Dries committed
637
638
          }
          else {
639
            $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests')));
Dries's avatar
   
Dries committed
640
641
          }

642
643
          // Display a list of currently online users.
          $max_users = variable_get('user_block_max_list_count', 10);
644
          if ($authenticated_count && $max_users) {
645
            $items = array();
646

647
            while ($max_users-- && $account = db_fetch_object($authenticated_users)) {
648
649
              $items[] = $account;
            }
650

651
652
            $output .= theme('user_list', $items, t('Online users'));
          }
653

Dries's avatar
Dries committed
654
655
          $block['subject'] = t('Who\'s online');
          $block['content'] = $output;
Dries's avatar
   
Dries committed
656
        }
Dries's avatar
   
Dries committed
657
        return $block;
Dries's avatar
   
Dries committed
658
659
    }
  }
660
661
}

Dries's avatar
   
Dries committed
662
663
664
665
666
667
668
669
670
function theme_user_picture($account) {
  if (variable_get('user_pictures', 0)) {
    if ($account->picture && file_exists($account->picture)) {
      $picture = file_create_url($account->picture);
    }
    else if (variable_get('user_picture_default', '')) {
      $picture = variable_get('user_picture_default', '');
    }

671
    if (isset($picture)) {
672
      $alt = t("@user's picture", array('@user' => $account->name ? $account->name : variable_get('anonymous', t('Anonymous'))));
673
      $picture = theme('image', $picture, $alt, $alt, '', FALSE);
674
      if (!empty($account->uid) && user_access('access user profiles')) {
675
        $picture = l($picture, "user/$account->uid", array('attributes' => array('title' => t('View user profile.')), 'html' => TRUE));
Dries's avatar
   
Dries committed
676
677
678
679
680
681
682
      }

      return "<div class=\"picture\">$picture</div>";
    }
  }
}

683
684
685
/**
 * Theme a user page
 * @param $account the user object
686
687
688
689
690
 * @param $fields a multidimensional array for the fields, in the form of array (
 *   'category1' => array(item_array1, item_array2), 'category2' => array(item_array3,
 *    .. etc.). Item arrays are formatted as array(array('title' => 'item title',
 * 'value' => 'item value', 'class' => 'class-name'), ... etc.). Module names are incorporated
 * into the CSS class.
691
692
693
 *
 * @ingroup themeable
 */
Dries's avatar
Dries committed
694
function theme_user_profile($account, $fields) {
695
  $output = '<div class="profile">';
Dries's avatar
   
Dries committed
696
  $output .= theme('user_picture', $account);
697
  foreach ($fields as $category => $items) {
698
    if (strlen($category) > 0) {
699
      $output .= '<h2 class="title">'. $category .'</h2>';
700
    }
701
702
    $output .= '<dl>';
    foreach ($items as $item) {
703
      if (isset($item['title'])) {
704
        $output .= '<dt class="'. $item['class'] .'">'. $item['title'] .'</dt>';
705
706
      }
      $output .= '<dd class="'. $item['class'] .'">'. $item['value'] .'</dd>';
707
708
    }
    $output .= '</dl>';
Dries's avatar
Dries committed
709
  }
710
  $output .= '</div>';
Dries's avatar
   
Dries committed
711
712
713
714

  return $output;
}

715
716
717
718
719
720
721
/**
 * Make a list of users.
 * @param $items an array with user objects. Should contain at least the name and uid
 *
 * @ingroup themeable
 */
function theme_user_list($users, $title = NULL) {
722
723
724
725
  if (!empty($users)) {
    foreach ($users as $user) {
      $items[] = theme('username', $user);
    }
726
  }
Dries's avatar
Dries committed
727
  return theme('item_list', $items, $title);
Dries's avatar
   
Dries committed
728
729
}

730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
function user_is_anonymous() {
  return !$GLOBALS['user']->uid;
}

function user_is_logged_in() {
  return (bool)$GLOBALS['user']->uid;
}

function user_register_access() {
  return !$GLOBALS['user']->uid && variable_get('user_register', 1);
}

function user_view_access($account) {
  return $account && $account->uid &&
    (
      // Always let users view their own profile.
      ($GLOBALS['user']->uid == $account->uid) ||
      // Administrators can view all accounts.
      user_access('administer users') ||
      // The user is not blocked and logged in at least once.
      ($account->access && $account->status && user_access('access user profiles'))
    );
}

754
755
function user_edit_access($account) {
  return ($GLOBALS['user']->uid == $account->uid) || array('administer users');
756
757
758
759
760
761
762
}

function user_load_self($arg) {
  $arg[1] = user_load($GLOBALS['user']->uid);
  return $arg;
}

Dries's avatar
   
Dries committed
763
/**
Dries's avatar
   
Dries committed
764
 * Implementation of hook_menu().
Dries's avatar
   
Dries committed
765
 */
766
767
768
769
function user_menu() {
  $items['user/autocomplete'] = array(
    'title' => t('User autocomplete'),
    'page callback' => 'user_autocomplete',
770
    'access callback' => 'user_access',
771
772
773
    'access arguments' => array('access user profiles'),
    'type' => MENU_CALLBACK,
  );
Dries's avatar
   
Dries committed
774

775
  // Registration and login pages.
776
  $items['user'] = array(
777
778
779
780
    'title' => t('Log in'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_login'),
    'access callback' => 'user_is_anonymous',
781
    'type' => MENU_CALLBACK,
782
783
784
785
  );

  $items['user/login'] = array(
    'title' => t('Log in'),
786
787
    'type' => MENU_DEFAULT_LOCAL_TASK,
  );
Dries's avatar
   
Dries committed
788

789
790
791
792
793
794
795
796
797
798
799
800
  $items['user/register'] = array(
    'title' => t('Create new account'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_register'),
    'access callback' => 'user_register_access',
    'type' => MENU_LOCAL_TASK,
  );

  $items['user/password'] = array(
    'title' => t('Request new password'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_pass'),
801
    'access callback' => 'user_is_anonymous',
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
    'type' => MENU_LOCAL_TASK,
  );
  $items['user/reset/%/%/%'] = array(
    'title' => t('Reset password'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_pass_reset', 2, 3, 4),
    'access callback' => TRUE,
    'type' => MENU_CALLBACK,
  );
  $items['user/help'] = array(
    'title' => t('Help'),
    'page callback' => 'user_help_page',
    'type' => MENU_CALLBACK,
  );

  // Admin user pages
  $items['admin/user'] = array(
    'title' => t('User management'),
    'description' => t('Manage your site\'s users, groups and access to site features.'),
    'position' => 'left',
    'page callback' => 'system_admin_menu_block_page',
    'access arguments' => array('administer site configuration'),
  );
  $items['admin/user/user'] = array(
    'title' => t('Users'),
    'description' => t('List, add, and edit users.'),
    'page callback' => 'user_admin',
    'page arguments' => array('list'),
    'access arguments' => array('administer users'));
  $items['admin/user/user/list'] = array(
    'title' => t('List'),
    'type' => MENU_DEFAULT_LOCAL_TASK,
    'weight' => -10,
  );
  $items['admin/user/user/create'] = array(
    'title' => t('Add user'),
    'page arguments' => array('create'),
    'type' => MENU_LOCAL_TASK,
  );
  $items['admin/user/settings'] = array(
    'title' => t('User settings'),
    'description' => t('Configure default behavior of users, including registration requirements, e-mails, and user pictures.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_settings'),
  );

  // Admin access pages
  $items['admin/user/access'] = array(
    'title' => t('Access control'),
    'description' => t('Determine access to features by selecting permissions for roles.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_perm'),
    'access arguments' => array('administer access control'),
  );
  $items['admin/user/roles'] = array(
    'title' => t('Roles'),
    'description' => t('List, edit, or add user roles.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_new_role'),
    'access arguments' => array('administer access control'),
  );
  $items['admin/user/roles/edit'] = array(
    'title' => t('Edit role'),
    'page arguments' => array('user_admin_role'),
    'type' => MENU_CALLBACK,
  );
  $items['admin/user/rules'] = array(
    'title' => t('Access rules'),
    'description' => t('List and create rules to disallow usernames, e-mail addresses, and IP addresses.'),
    'page callback' => 'user_admin_access',
    'access arguments' => array('administer access control'),
  );
  $items['admin/user/rules/list'] = array(
    'title' => t('List'),
    'type' => MENU_DEFAULT_LOCAL_TASK,
    'weight' => -10,
  );
  $items['admin/user/rules/add'] = array(
    'title' => t('Add rule'),
    'page callback' => 'user_admin_access_add',
    'type' => MENU_LOCAL_TASK,
  );
  $items['admin/user/rules/check'] = array(
    'title' => t('Check rules'),
    'page callback' => 'user_admin_access_check',
    'type' => MENU_LOCAL_TASK,
  );
  $items['admin/user/rules/edit'] = array(
    'title' => t('Edit rule'),
    'page callback' => 'user_admin_access_edit',
    'type' => MENU_CALLBACK,
  );
  $items['admin/user/rules/delete'] = array(
    'title' => t('Delete rule'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_admin_access_delete_confirm'),
    'type' => MENU_CALLBACK,
  );
Dries's avatar
   
Dries committed
900

901
902
903
904
905
906
907
908
  if (module_exists('search')) {
    $items['admin/user/search'] = array(
      'title' => t('Search users'),
      'description' => t('Search users by name.'),
      'page callback' => 'user_admin',
      'page arguments' => array('search'),
      'access arguments' => array('administer users'),
    );
Dries's avatar
   
Dries committed
909
  }
910
911
912
913
914
915
916
917

  $items['logout'] = array(
    'title' => t('Log out'),
    'access callback' => 'user_is_logged_in',
    'page callback' => 'user_logout',
    'weight' => 10,
  );

918
  $items['user/%user_current'] = array(
919
920
921
922
923
    'title' => t('My account'),
    'page callback' => 'user_view',
    'page arguments' => array(1),
    'access callback' => 'user_view_access',
    'access arguments' => array(1),
924
    'parent' => '',
925
926
  );

927
  $items['user/%user/view'] = array(
928
929
930
931
932
    'title' => t('View'),
    'type' => MENU_DEFAULT_LOCAL_TASK,
    'weight' => -10,
  );

933
  $items['user/%user/delete'] = array(
934
935
936
937
938
939
940
    'title' => t('Delete'),
    'page callback' => 'user_edit',
    'access callback' => 'user_access',
    'access arguments' => array('administer users'),
    'type' => MENU_CALLBACK,
  );

941
  $items['user/%user/edit'] = array(
942
943
944
945
946
947
948
949
    'title' => t('Edit'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_edit'),
    'access callback' => 'user_edit_access',
    'access arguments' => array(1),
    'type' => MENU_LOCAL_TASK,
  );

950
951
  $empty_account = new stdClass();
  if (($categories = _user_categories($empty_account)) && (count($categories) > 1)) {
952
    foreach ($categories as $key => $category) {
953
      $items['user/%user/edit/'. $category['name']] = array(
954
955
956
957
958
        'title' => $category['title'],
        'page arguments' => array('user_edit', 3),
        'type' => $category['name'] == 'account' ? MENU_DEFAULT_LOCAL_TASK : MENU_LOCAL_TASK,
        'weight' => $category['weight'],
      );
Dries's avatar
   
Dries committed
959
    }
Dries's avatar
   
Dries committed
960
  }
Dries's avatar
   
Dries committed
961
  return $items;
Dries's avatar
   
Dries committed
962
963
}

964
965
966
967
function user_init() {
  drupal_add_css(drupal_get_path('module', 'user') .'/user.css', 'module');
}

968
969
970
971
972
973
974
975
function user_current_load($arg) {
  return user_load($arg);
}

function user_current_to_arg() {
  return $GLOBALS['user']->uid;
}

Dries's avatar
Dries committed
976
977
978
979
/**
 * Accepts an user object, $account, or a DA name and returns an associative
 * array of modules and DA names. Called at external login.
 */
980
function user_get_authmaps($authname = NULL) {
Dries's avatar
   
Dries committed
981
  $result = db_query("SELECT authname, module FROM {authmap} WHERE authname = '%s'", $authname);
Dries's avatar
   
Dries committed
982
983
984
985
986
987
988
989
990
991
992
993
994
  if (db_num_rows($result) > 0) {
    while ($authmap = db_fetch_object($result)) {
      $authmaps[$authmap->module] = $authmap->authname;
    }
    return $authmaps;
  }
  else {
    return 0;
  }
}

function user_set_authmaps($account, $authmaps) {
  foreach ($authmaps as $key => $value) {