Commit 869a91b7 authored by Dries's avatar Dries

- Patch #11505 by Steven: 'my account' information is not saved.

  + Drupal 4.4 stored profile data in the serialized user->data column. Drupal 4.5 stores profile data in tables (but user->data is still available and used for other stuff, like locale or themes).  The update from 4.4 to 4.5 didn't remove the old data from the user->data column properly, because there is no mechanism in user_save to do so (it did try to unset the fields, but this has no effect).

  + On registration, hook_user('insert') is invoked after saving the data column. This means that any module-specific data is put into the data field. We cannot move hook_user('insert') higher up, because before that point, we do not have a complete $user object yet.
parent 5a2e0d03
...@@ -759,7 +759,7 @@ INSERT INTO permission VALUES (1,'access content',0); ...@@ -759,7 +759,7 @@ INSERT INTO permission VALUES (1,'access content',0);
INSERT INTO role (rid, name) VALUES (2, 'authenticated user'); INSERT INTO role (rid, name) VALUES (2, 'authenticated user');
INSERT INTO permission VALUES (2,'access comments, access content, post comments, post comments without approval',0); INSERT INTO permission VALUES (2,'access comments, access content, post comments, post comments without approval',0);
REPLACE variable SET name='update_start', value='s:10:"2004-09-17;"'; REPLACE variable SET name='update_start', value='s:10:"2004-10-16;"';
REPLACE variable SET name='theme_default', value='s:10:"bluemarine";'; REPLACE variable SET name='theme_default', value='s:10:"bluemarine";';
REPLACE blocks SET module = 'user', delta = '0', status = '1'; REPLACE blocks SET module = 'user', delta = '0', status = '1';
......
...@@ -752,7 +752,7 @@ INSERT INTO system VALUES ('modules/taxonomy.module','taxonomy','module','',1,0, ...@@ -752,7 +752,7 @@ INSERT INTO system VALUES ('modules/taxonomy.module','taxonomy','module','',1,0,
INSERT INTO system VALUES ('themes/bluemarine/xtemplate.xtmpl','bluemarine','theme','themes/engines/xtemplate/xtemplate.engine',1,0,0); INSERT INTO system VALUES ('themes/bluemarine/xtemplate.xtmpl','bluemarine','theme','themes/engines/xtemplate/xtemplate.engine',1,0,0);
INSERT INTO system VALUES ('themes/engines/xtemplate/xtemplate.engine','xtemplate','theme_engine','',1,0,0); INSERT INTO system VALUES ('themes/engines/xtemplate/xtemplate.engine','xtemplate','theme_engine','',1,0,0);
INSERT INTO variable(name,value) VALUES('update_start', 's:10:"2004-09-17";'); INSERT INTO variable(name,value) VALUES('update_start', 's:10:"2004-10-16";');
INSERT INTO variable(name,value) VALUES('theme_default','s:10:"bluemarine";'); INSERT INTO variable(name,value) VALUES('theme_default','s:10:"bluemarine";');
INSERT INTO users(uid,name,mail) VALUES(0,'',''); INSERT INTO users(uid,name,mail) VALUES(0,'','');
INSERT INTO users_roles(uid,rid) VALUES(0, 1); INSERT INTO users_roles(uid,rid) VALUES(0, 1);
......
...@@ -83,7 +83,8 @@ ...@@ -83,7 +83,8 @@
"2004-08-19" => "update_104", "2004-08-19" => "update_104",
"2004-09-14" => "update_105", "2004-09-14" => "update_105",
"2004-09-15" => "update_106", "2004-09-15" => "update_106",
"2004-09-17" => "update_107" "2004-09-17" => "update_107",
"2004-10-16" => "update_108"
); );
function update_32() { function update_32() {
...@@ -946,14 +947,16 @@ function update_80() { ...@@ -946,14 +947,16 @@ function update_80() {
if ($account->$old) { if ($account->$old) {
$edit[$new] = $account->$old; $edit[$new] = $account->$old;
} }
unset($account->$old); // Force deletion of old field
$edit[$old] = NULL;
} }
// Birthday format change: // Birthday format change:
if ($edit['birthday']) { if ($edit['birthday']) {
$edit['birthday'] = array('day' => $edit['birthday'], 'month' => $account->profile_birthmonth, 'year' => $account->profile_birthyear); $edit['birthday'] = array('day' => $edit['birthday'], 'month' => $account->profile_birthmonth, 'year' => $account->profile_birthyear);
unset($account->profile_birthmonth); // Force deletion of old field
unset($account->profile_birthyear); $edit['profile_birthmonth'] = NULL;
$edit['profile_birthyear'] = NULL;
} }
// Gender specific changes: // Gender specific changes:
...@@ -963,13 +966,18 @@ function update_80() { ...@@ -963,13 +966,18 @@ function update_80() {
// Avatar specific changes: // Avatar specific changes:
if ($account->profile_avatar) { if ($account->profile_avatar) {
$edit['picture'] = $account->profile_avatar; $edit['picture'] = $account->profile_avatar;
// Force deletion of old field
$edit['profile_avatar'] = NULL;
} }
unset($account->profile_avatar);
// Save the update record: // Save the update record:
user_save($account, $edit, 'Personal information'); user_save($account, $edit, 'Personal information');
} }
// This variable is needed to distinguish betweene 4.5-RC sites which ran a faulty
// update_80() and 4.5-final sites. See update_108.
variable_set('update_80_fix', true);
return $ret; return $ret;
} }
...@@ -1873,6 +1881,26 @@ function update_107() { ...@@ -1873,6 +1881,26 @@ function update_107() {
return $ret; return $ret;
} }
function update_108() {
// This update is needed for 4.5-RC sites, where profile data was not being
// wiped from the user->data column correctly because update_80() was faulty.
if (!variable_get('update_80_fix', false)) {
// The data field needs to be cleared of profile fields.
$result = db_query("SELECT uid FROM {users} WHERE data LIKE '%profile%'");
while ($uid = db_fetch_object($result)) {
$user = user_load(array('uid' => $uid->uid));
$unset = array();
foreach ($user as $key => $value) {
if (substr($key, 0, 8) == 'profile_') {
// Fields with a NULL value are wiped from the data column.
$unset[$key] = NULL;
}
}
user_save($user, $unset);
}
}
}
function update_sql($sql) { function update_sql($sql) {
$edit = $_POST["edit"]; $edit = $_POST["edit"];
$result = db_query($sql); $result = db_query($sql);
......
...@@ -162,7 +162,8 @@ function profile_save_profile(&$edit, &$user, $category) { ...@@ -162,7 +162,8 @@ function profile_save_profile(&$edit, &$user, $category) {
} }
db_query("DELETE FROM {profile_values} WHERE fid = %d AND uid = %d", $field->fid, $user->uid); db_query("DELETE FROM {profile_values} WHERE fid = %d AND uid = %d", $field->fid, $user->uid);
db_query("INSERT INTO {profile_values} (fid, uid, value) VALUES (%d, %d, '%s')", $field->fid, $user->uid, $edit[$field->name]); db_query("INSERT INTO {profile_values} (fid, uid, value) VALUES (%d, %d, '%s')", $field->fid, $user->uid, $edit[$field->name]);
unset($edit[$field->name], $user->{$field->name}); // Mark field as handled (prevents saving to user->data).
$edit[$field->name] = null;
} }
} }
......
...@@ -162,7 +162,8 @@ function profile_save_profile(&$edit, &$user, $category) { ...@@ -162,7 +162,8 @@ function profile_save_profile(&$edit, &$user, $category) {
} }
db_query("DELETE FROM {profile_values} WHERE fid = %d AND uid = %d", $field->fid, $user->uid); db_query("DELETE FROM {profile_values} WHERE fid = %d AND uid = %d", $field->fid, $user->uid);
db_query("INSERT INTO {profile_values} (fid, uid, value) VALUES (%d, %d, '%s')", $field->fid, $user->uid, $edit[$field->name]); db_query("INSERT INTO {profile_values} (fid, uid, value) VALUES (%d, %d, '%s')", $field->fid, $user->uid, $edit[$field->name]);
unset($edit[$field->name], $user->{$field->name}); // Mark field as handled (prevents saving to user->data).
$edit[$field->name] = null;
} }
} }
......
...@@ -9,13 +9,15 @@ ...@@ -9,13 +9,15 @@
/** /**
* Invokes hook_user() in every module. * Invokes hook_user() in every module.
* *
* We cannot use module_invoke() for this, becuse the arguments need to * We cannot use module_invoke() for this, because the arguments need to
* be passed by reference. * be passed by reference.
*/ */
function user_module_invoke($type, &$array, &$user, $category = NULL) { function user_module_invoke($type, &$array, &$user, $category = NULL) {
foreach (module_list() as $module) { foreach (module_list() as $module) {
$function = $module .'_user'; $function = $module .'_user';
if (function_exists($function)) $function($type, $array, $user, $category); if (function_exists($function)) {
$function($type, $array, $user, $category);
}
} }
} }
...@@ -82,6 +84,18 @@ function user_load($array = array()) { ...@@ -82,6 +84,18 @@ function user_load($array = array()) {
return $user; return $user;
} }
/**
* Save changes to a user account.
*
* @param $account
* The $user object for the user to modify.
*
* @param $array
* An array of fields and values to save. For example array('name' => 'My name');
*
* @param $category
* (optional) The category for storing profile information in.
*/
function user_save($account, $array = array(), $category = 'account') { function user_save($account, $array = array(), $category = 'account') {
// Dynamically compose a SQL query: // Dynamically compose a SQL query:
$user_fields = user_fields(); $user_fields = user_fields();
...@@ -96,13 +110,18 @@ function user_save($account, $array = array(), $category = 'account') { ...@@ -96,13 +110,18 @@ function user_save($account, $array = array(), $category = 'account') {
} }
else if (substr($key, 0, 4) !== 'auth') { else if (substr($key, 0, 4) !== 'auth') {
if (in_array($key, $user_fields)) { if (in_array($key, $user_fields)) {
// escape '%'s: // Save standard fields
$value = str_replace('%', '%%', $value);
$query .= "$key = '%s', "; $query .= "$key = '%s', ";
$v[] = $value; $v[] = $value;
} }
else { else {
$data[$key] = $value; if ($value === null) {
// Setting a field to null deletes it from the data column.
unset($data[$key]);
}
else {
$data[$key] = $value;
}
} }
} }
} }
...@@ -111,7 +130,7 @@ function user_save($account, $array = array(), $category = 'account') { ...@@ -111,7 +130,7 @@ function user_save($account, $array = array(), $category = 'account') {
db_query("UPDATE {users} SET $query changed = %d WHERE uid = %d", array_merge($v, array(time(), $account->uid))); db_query("UPDATE {users} SET $query changed = %d WHERE uid = %d", array_merge($v, array(time(), $account->uid)));
// reload user roles if provided // Reload user roles if provided
if (is_array($array['roles'])) { if (is_array($array['roles'])) {
db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid); db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
...@@ -120,6 +139,7 @@ function user_save($account, $array = array(), $category = 'account') { ...@@ -120,6 +139,7 @@ function user_save($account, $array = array(), $category = 'account') {
} }
} }
// Refresh user object
$user = user_load(array('uid' => $account->uid)); $user = user_load(array('uid' => $account->uid));
} }
else { else {
...@@ -127,6 +147,9 @@ function user_save($account, $array = array(), $category = 'account') { ...@@ -127,6 +147,9 @@ function user_save($account, $array = array(), $category = 'account') {
$array['changed'] = time(); $array['changed'] = time();
$array['uid'] = db_next_id('{users}_uid'); $array['uid'] = db_next_id('{users}_uid');
// Note, we wait with saving the data column to prevent module-handled
// fields from being saved there. We cannot invoke hook_user('insert') here
// because we don't have a fully initialized user object yet.
foreach ($array as $key => $value) { foreach ($array as $key => $value) {
if ($key == 'pass') { if ($key == 'pass') {
$fields[] = check_query($key); $fields[] = check_query($key);
...@@ -139,36 +162,40 @@ function user_save($account, $array = array(), $category = 'account') { ...@@ -139,36 +162,40 @@ function user_save($account, $array = array(), $category = 'account') {
$values[] = $value; $values[] = $value;
$s[] = "'%s'"; $s[] = "'%s'";
} }
else {
$data[$key] = $value;
}
} }
} }
$fields[] = 'data';
$values[] = serialize($data);
$s[] = "'%s'";
db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values); db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
// Reload user roles (delete just to be safe). // Reload user roles (delete just to be safe).
db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']); db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
foreach ($array['roles'] as $rid) { foreach ($array['roles'] as $rid) {
db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid); db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
} }
$user = user_load(array('name' => $array['name'])); // Build the initial user object.
$user = user_load(array('uid' => $array['uid']));
user_module_invoke('insert', $array, $user, $category);
module_invoke_all('user', 'insert', $array, $user, $category); // Build and save the serialized data field now
$data = array();
foreach ($array as $key => $value) {
if ((substr($key, 0, 4) !== 'auth') && (!in_array($key, $user_fields)) && ($value !== null)) {
$data[$key] = $value;
}
}
db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid);
// Build the finished user object.
$user = user_load(array('uid' => $array['uid']));
} }
// Save distributed authentication mappings
foreach ($array as $key => $value) { foreach ($array as $key => $value) {
if (substr($key, 0, 4) == 'auth') { if (substr($key, 0, 4) == 'auth') {
$authmaps[$key] = $value; $authmaps[$key] = $value;
} }
} }
if ($authmaps) { if ($authmaps) {
user_set_authmaps($user, $authmaps); user_set_authmaps($user, $authmaps);
} }
......
...@@ -9,13 +9,15 @@ ...@@ -9,13 +9,15 @@
/** /**
* Invokes hook_user() in every module. * Invokes hook_user() in every module.
* *
* We cannot use module_invoke() for this, becuse the arguments need to * We cannot use module_invoke() for this, because the arguments need to
* be passed by reference. * be passed by reference.
*/ */
function user_module_invoke($type, &$array, &$user, $category = NULL) { function user_module_invoke($type, &$array, &$user, $category = NULL) {
foreach (module_list() as $module) { foreach (module_list() as $module) {
$function = $module .'_user'; $function = $module .'_user';
if (function_exists($function)) $function($type, $array, $user, $category); if (function_exists($function)) {
$function($type, $array, $user, $category);
}
} }
} }
...@@ -82,6 +84,18 @@ function user_load($array = array()) { ...@@ -82,6 +84,18 @@ function user_load($array = array()) {
return $user; return $user;
} }
/**
* Save changes to a user account.
*
* @param $account
* The $user object for the user to modify.
*
* @param $array
* An array of fields and values to save. For example array('name' => 'My name');
*
* @param $category
* (optional) The category for storing profile information in.
*/
function user_save($account, $array = array(), $category = 'account') { function user_save($account, $array = array(), $category = 'account') {
// Dynamically compose a SQL query: // Dynamically compose a SQL query:
$user_fields = user_fields(); $user_fields = user_fields();
...@@ -96,13 +110,18 @@ function user_save($account, $array = array(), $category = 'account') { ...@@ -96,13 +110,18 @@ function user_save($account, $array = array(), $category = 'account') {
} }
else if (substr($key, 0, 4) !== 'auth') { else if (substr($key, 0, 4) !== 'auth') {
if (in_array($key, $user_fields)) { if (in_array($key, $user_fields)) {
// escape '%'s: // Save standard fields
$value = str_replace('%', '%%', $value);
$query .= "$key = '%s', "; $query .= "$key = '%s', ";
$v[] = $value; $v[] = $value;
} }
else { else {
$data[$key] = $value; if ($value === null) {
// Setting a field to null deletes it from the data column.
unset($data[$key]);
}
else {
$data[$key] = $value;
}
} }
} }
} }
...@@ -111,7 +130,7 @@ function user_save($account, $array = array(), $category = 'account') { ...@@ -111,7 +130,7 @@ function user_save($account, $array = array(), $category = 'account') {
db_query("UPDATE {users} SET $query changed = %d WHERE uid = %d", array_merge($v, array(time(), $account->uid))); db_query("UPDATE {users} SET $query changed = %d WHERE uid = %d", array_merge($v, array(time(), $account->uid)));
// reload user roles if provided // Reload user roles if provided
if (is_array($array['roles'])) { if (is_array($array['roles'])) {
db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid); db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
...@@ -120,6 +139,7 @@ function user_save($account, $array = array(), $category = 'account') { ...@@ -120,6 +139,7 @@ function user_save($account, $array = array(), $category = 'account') {
} }
} }
// Refresh user object
$user = user_load(array('uid' => $account->uid)); $user = user_load(array('uid' => $account->uid));
} }
else { else {
...@@ -127,6 +147,9 @@ function user_save($account, $array = array(), $category = 'account') { ...@@ -127,6 +147,9 @@ function user_save($account, $array = array(), $category = 'account') {
$array['changed'] = time(); $array['changed'] = time();
$array['uid'] = db_next_id('{users}_uid'); $array['uid'] = db_next_id('{users}_uid');
// Note, we wait with saving the data column to prevent module-handled
// fields from being saved there. We cannot invoke hook_user('insert') here
// because we don't have a fully initialized user object yet.
foreach ($array as $key => $value) { foreach ($array as $key => $value) {
if ($key == 'pass') { if ($key == 'pass') {
$fields[] = check_query($key); $fields[] = check_query($key);
...@@ -139,36 +162,40 @@ function user_save($account, $array = array(), $category = 'account') { ...@@ -139,36 +162,40 @@ function user_save($account, $array = array(), $category = 'account') {
$values[] = $value; $values[] = $value;
$s[] = "'%s'"; $s[] = "'%s'";
} }
else {
$data[$key] = $value;
}
} }
} }
$fields[] = 'data';
$values[] = serialize($data);
$s[] = "'%s'";
db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values); db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
// Reload user roles (delete just to be safe). // Reload user roles (delete just to be safe).
db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']); db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
foreach ($array['roles'] as $rid) { foreach ($array['roles'] as $rid) {
db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid); db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
} }
$user = user_load(array('name' => $array['name'])); // Build the initial user object.
$user = user_load(array('uid' => $array['uid']));
user_module_invoke('insert', $array, $user, $category);
module_invoke_all('user', 'insert', $array, $user, $category); // Build and save the serialized data field now
$data = array();
foreach ($array as $key => $value) {
if ((substr($key, 0, 4) !== 'auth') && (!in_array($key, $user_fields)) && ($value !== null)) {
$data[$key] = $value;
}
}
db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid);
// Build the finished user object.
$user = user_load(array('uid' => $array['uid']));
} }
// Save distributed authentication mappings
foreach ($array as $key => $value) { foreach ($array as $key => $value) {
if (substr($key, 0, 4) == 'auth') { if (substr($key, 0, 4) == 'auth') {
$authmaps[$key] = $value; $authmaps[$key] = $value;
} }
} }
if ($authmaps) { if ($authmaps) {
user_set_authmaps($user, $authmaps); user_set_authmaps($user, $authmaps);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment