Commit 6e646914 authored by natrak's avatar natrak

Changes

- Moved account_password() and account_validate() to user.inc.
- Greatly reduced the number of SQL calls in account_save() when editing an
  account. Now uses one db_query() call instead of 1 + (2 * # of access
  granted).
- Fixed access not being saved when account was added.
- Should now be possible to edit and add accounts. There were certain bugs
  before that would cause odd errors.
parent e381f5b3
......@@ -63,4 +63,28 @@ function user_ban($mask, $type) {
return db_fetch_object($result);
}
function account_password($min_length=6) {
mt_srand((double)microtime() * 1000000);
$words = array("foo","bar","guy","neo","tux","moo","sun","asm","dot","god","axe","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","perl","boss","dark","sith","jedi","drop","mojo");
while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
return $password;
}
function account_validate($user) {
// Verify username and e-mail address:
if (empty($user[real_email]) || (!check_mail($user[real_email]))) $error = t("the e-mail address '$user[real_email]' is not valid");
if (empty($user[userid]) || (!check_name($user[userid]))) $error = t("the username '$user[userid]' is not valid");
if (strlen($user[userid]) > 15) $error = t("the username '$user[userid]' is too long: it must be less than 15 characters");
// Check to see whether the username or e-mail address are banned:
if ($ban = user_ban($user[userid], "username")) $error = t("the username '$user[userid]' is banned") .": <I>$ban->reason</I>";
if ($ban = user_ban($user[real_email], "e-mail address")) $error = t("the e-mail address '$user[real_email]' is banned") .": <I>$ban->reason</I>";
// Verify whether username and e-mail address are unique:
if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid) = LOWER('$user[userid]')")) > 0) $error = t("the username '$user[userid]' is already taken");
if (db_num_rows(db_query("SELECT real_email FROM users WHERE LOWER(real_email) = LOWER('$user[real_email]')")) > 0) $error = t("the e-mail address '$user[real_email]' is already in use by another account");
return $error;
}
?>
\ No newline at end of file
......@@ -37,30 +37,6 @@ function account_conf_options() {
return $output;
}
function account_password($min_length=6) {
mt_srand((double)microtime() * 1000000);
$words = array("foo","bar","guy","neo","tux","moo","sun","asm","dot","god","axe","geek","nerd","fish","hack","star","mice","warp","moon","hero","cola","girl","fish","java","perl","boss","dark","sith","jedi","drop","mojo");
while(strlen($password) < $min_length) $password .= $words[mt_rand(0, count($words))];
return $password;
}
function account_validate($user) {
// Verify username and e-mail address:
if (empty($user[real_email]) || (!check_mail($user[real_email]))) $error = t("the e-mail address '$user[real_email]' is not valid");
if (empty($user[userid]) || (!check_name($user[userid]))) $error = t("the username '$user[userid]' is not valid");
if (strlen($user[userid]) > 15) $error = t("the username '$user[userid]' is too long: it must be less than 15 characters");
// Check to see whether the username or e-mail address are banned:
if ($ban = user_ban($user[userid], "username")) $error = t("the username '$user[userid]' is banned") .": <I>$ban->reason</I>";
if ($ban = user_ban($user[real_email], "e-mail address")) $error = t("the e-mail address '$user[real_email]' is banned") .": <I>$ban->reason</I>";
// Verify whether username and e-mail address are unique:
if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid) = LOWER('$user[userid]')")) > 0) $error = t("the username '$user[userid]' is already taken");
if (db_num_rows(db_query("SELECT real_email FROM users WHERE LOWER(real_email) = LOWER('$user[real_email]')")) > 0) $error = t("the e-mail address '$user[real_email]' is already in use by another account");
return $error;
}
function account_search($keys) {
global $user;
$result = db_query("SELECT * FROM users WHERE userid LIKE '%$keys%' LIMIT 20");
......@@ -166,37 +142,74 @@ function account_delete($name) {
}
}
function account_save($edit, &$name) {
if (!empty($name)) {
function account_form($account = 0) {
global $access;
function access($name) {
global $access, $account;
if (module_hook($name, "admin")) $access .= "<OPTION VALUE=\"$name\"". (user_access($account, $name) ? " SELECTED" : "") .">$name</OPTION>";
}
module_iterate("access");
$form .= $account->id ? form_item("ID", $account->id) . form_hidden("id", $account->id) : "";
$form .= $account->userid ? form_item(t("Username"), check_output($account->userid)) . form_hidden("userid", $account->userid) : form_textfield(t("Username"), "userid", $account->userid, 15, 15);
$form .= form_select(t("Status"), "status", ($account->status ? $account->status : 1), array("blocked", "not confirmed", "open"));
$form .= form_item(t("Administrator access"), "<SELECT NAME=\"edit[access][]\" MULTIPLE=\"true\" SIZE=\"10\">$access</SELECT>");
$form .= form_textfield(t("Real name"), "name", $account->name, 30, 55);
$form .= form_textfield(t("Real e-mail address"), "real_email", $account->real_email, 30, 55);
$form .= form_textfield(t("Fake e-mail address"), "fake_email", $account->fake_email, 30, 55);
$form .= form_textfield(t("Homepage"), "url", $account->url, 30, 55);
$form .= form_textarea(t("Bio"), "bio", $account->bio, 35, 5);
$form .= form_textarea(t("Signature"), "signature", $account->signature, 35, 5);
if ($account) {
$form .= form_submit("View account");
}
$form .= form_submit("Save account");
return form("admin.php?mod=account", $form);
}
function account_save($edit) {
if ($edit[id]) {
// Updating existing account
foreach ($edit as $key=>$value) {
if ($key != "access") {
$query .= "$key = '". addslashes($value) ."', ";
}
}
db_query("UPDATE users SET $query access = '' WHERE userid = '$name'");
if ($edit[access]) {
foreach ($edit[access] as $key=>$value) {
$account = user_load($name);
db_query("UPDATE users SET access = '". field_set($account->access, $value, 1) ."' WHERE id = $account->id");
$access = field_set($access, $value, 1);
}
}
watchdog("account", "account: modified user '$name'");
$query .= "access = '$access'";
db_query("UPDATE users SET $query WHERE id = $edit[id]");
watchdog("account", "account: modified user '$edit[userid]'");
return $edit[userid];
}
else {
// Adding new account
$edit[userid] = trim($edit[userid]);
$edit[real_email] = trim($edit[real_email]);
$edit[name] = $edit[realname];
if ($error = account_validate($edit)) {
return $error;
print status($error);
return 0;
}
else {
$edit[passwd] = account_password();
$edit[hash] = substr(md5("$edit[userid]. ". time()), 0, 12);
$user = user_save("", array("userid" => $edit[userid], "real_email" => $edit[real_email], "passwd" => $edit[passwd], "status" => 1, "hash" => $edit[hash]));
if ($edit[access]) {
foreach ($edit[access] as $key=>$value) {
$access = field_set($access, $value, 1);
}
$edit[access] = $access;
}
$user = user_save("", array("userid" => $edit[userid], "access" => $edit[access], "real_email" => $edit[real_email], "passwd" => $edit[passwd], "status" => $edit[status], "hash" => $edit[hash]));
$link = path_uri() ."account.php?op=confirm&name=$edit[userid]&hash=$edit[hash]";
$subject = strtr(t("Account details for %a"), array("%a" => variable_get(site_name, "drupal")));
......@@ -204,39 +217,11 @@ function account_save($edit, &$name) {
watchdog("account", "new account: `$edit[userid]' &lt;$edit[real_email]&gt;");
mail($edit[real_email], $subject, $message, "From: noreply");
$name = $edit[userid];
}
}
}
function account_form($account = 0) {
global $access;
function access($name) {
global $access, $account;
if (module_hook($name, "admin")) $access .= "<OPTION VALUE=\"$name\"". (user_access($account, $name) ? " SELECTED" : "") .">$name</OPTION>";
}
module_iterate("access");
if ($edit[status] == 1) mail($edit[real_email], $subject, $message, "From: noreply");
$form .= $account->id ? form_item("ID", $account->id) : "";
$form .= $account->userid ? form_item(t("Username"), check_output($account->userid)) : form_textfield(t("Username"), "userid", "", 15, 15);
$form .= form_select(t("Status"), "status", ($account->status ? $account->status : 1), array("blocked", "not confirmed", "open"));
$form .= form_item(t("Administrator access"), "<SELECT NAME=\"edit[access][]\" MULTIPLE=\"true\" SIZE=\"10\">$access</SELECT>");
$form .= form_textfield(t("Real name"), "realname", $account->name, 30, 55);
$form .= form_textfield(t("Real e-mail address"), "real_email", $account->real_email, 30, 55);
$form .= form_textfield(t("Fake e-mail address"), "fake_email", $account->fake_email, 30, 55);
$form .= form_textfield(t("Homepage"), "url", $account->url, 30, 55);
$form .= form_textarea(t("Bio"), "bio", $account->bio, 35, 5);
$form .= form_textarea(t("Signature"), "signature", $account->signature, 35, 5);
if ($account) {
$form .= form_hidden("name", $account->userid);
$form .= form_submit("View account");
return $edit[userid];
}
}
$form .= form_submit("Save account");
return form("admin.php?mod=account", $form);
}
function account_edit($name) {
......@@ -339,8 +324,15 @@ function account_admin() {
print search_data($keys, $mod);
break;
case "Save account":
print status(account_save($edit, $name));
print account_view($name);
$name = account_save($edit);
if ($name)
print account_view($name);
else {
foreach ($edit as $key=>$value) {
$account->$key = $value;
}
print account_form($account);
}
break;
case "View account":
case "view":
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment