Commit a8597119 authored by Dries's avatar Dries

- Patch #394594 by ksenzee: converted most of the user module code to the new...

- Patch #394594 by ksenzee: converted most of the user module code to the new database abstraction layer.
parent 079cac33
......@@ -144,7 +144,11 @@ function user_admin_account() {
t('Operations')
);
$sql = 'SELECT DISTINCT u.uid, u.name, u.status, u.created, u.access FROM {users} u LEFT JOIN {users_roles} ur ON u.uid = ur.uid ' . $filter['join'] . ' WHERE u.uid != 0 ' . $filter['where'];
$query = db_select('users', 'u');
$query->fields('u', array('uid', 'name', 'status', 'created', 'access'));
$sql = 'SELECT DISTINCT u.uid, u.name, u.status, u.created, u.access FROM {users} u
LEFT JOIN {users_roles} ur ON u.uid = ur.uid ' . $filter['join'] . '
WHERE u.uid != 0 ' . $filter['where'];
$sql .= tablesort_sql($header);
$query_count = 'SELECT COUNT(DISTINCT u.uid) FROM {users} u LEFT JOIN {users_roles} ur ON u.uid = ur.uid ' . $filter['join'] . ' WHERE u.uid != 0 ' . $filter['where'];
$result = pager_query($sql, 50, 0, $query_count, $filter['args']);
......@@ -174,13 +178,13 @@ function user_admin_account() {
$status = array(t('blocked'), t('active'));
$roles = user_roles(TRUE);
$accounts = array();
while ($account = db_fetch_object($result)) {
foreach ($result as $account) {
$accounts[$account->uid] = '';
$form['name'][$account->uid] = array('#markup' => theme('username', $account));
$form['status'][$account->uid] = array('#markup' => $status[$account->status]);
$users_roles = array();
$roles_result = db_query('SELECT rid FROM {users_roles} WHERE uid = %d', $account->uid);
while ($user_role = db_fetch_object($roles_result)) {
$roles_result = db_query('SELECT rid FROM {users_roles} WHERE uid = :uid', array(':uid' => $account->uid));
foreach ($roles_result as $user_role) {
$users_roles[] = $roles[$user_role->rid];
}
asort($users_roles);
......@@ -601,9 +605,14 @@ function user_admin_perm_submit($form, &$form_state) {
foreach ($form_state['values']['role_names'] as $rid => $name) {
$checked = array_filter($form_state['values'][$rid]);
// Delete existing permissions for the role. This handles "unchecking" checkboxes.
db_query("DELETE FROM {role_permission} WHERE rid = %d", $rid);
db_delete('role_permission')->condition('rid', $rid)->execute();
foreach ($checked as $permission) {
db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", $rid, $permission);
db_insert('role_permission')
->fields(array(
'rid' => $rid,
'permission' => $permission,
))
->execute();
}
}
......@@ -670,7 +679,7 @@ function user_admin_role() {
drupal_goto('admin/user/roles');
}
// Display the edit role form.
$role = db_fetch_object(db_query('SELECT * FROM {role} WHERE rid = %d', $rid));
$role = db_query('SELECT * FROM {role} WHERE rid = :rid', array(':rid' => $rid))->fetchObject();
$form['name'] = array(
'#type' => 'textfield',
'#title' => t('Role name'),
......@@ -712,12 +721,16 @@ function user_admin_role() {
function user_admin_role_validate($form, &$form_state) {
if ($form_state['values']['name']) {
if ($form_state['values']['op'] == t('Save role')) {
if (db_result(db_query("SELECT COUNT(*) FROM {role} WHERE name = '%s' AND rid != %d", $form_state['values']['name'], $form_state['values']['rid']))) {
$existing_role = db_query("SELECT COUNT(*) FROM {role} WHERE name = :name AND rid != :rid",
array(':name' => $form_state['values']['name'],
':rid' => $form_state['values']['rid']))
->fetchField();
if ($existing_role) {
form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_state['values']['name'])));
}
}
elseif ($form_state['values']['op'] == t('Add role')) {
if (db_result(db_query("SELECT COUNT(*) FROM {role} WHERE name = '%s'", $form_state['values']['name']))) {
if (db_query("SELECT COUNT(*) FROM {role} WHERE name = :name", array(':name' => $form_state['values']['name']))->fetchField()) {
form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_state['values']['name'])));
}
}
......@@ -729,19 +742,24 @@ function user_admin_role_validate($form, &$form_state) {
function user_admin_role_submit($form, &$form_state) {
if ($form_state['values']['op'] == t('Save role')) {
db_query("UPDATE {role} SET name = '%s' WHERE rid = %d", $form_state['values']['name'], $form_state['values']['rid']);
db_update('role')
->fields(array(
'name' => $form_state['values']['name'],
))
->condition('rid', $form_state['values']['rid'])
->execute();
drupal_set_message(t('The role has been renamed.'));
}
elseif ($form_state['values']['op'] == t('Delete role')) {
db_query('DELETE FROM {role} WHERE rid = %d', $form_state['values']['rid']);
db_query('DELETE FROM {role_permission} WHERE rid = %d', $form_state['values']['rid']);
db_delete('role')->condition('rid', $form_state['values']['rid'])->execute();
db_delete('role_permission')->condition('rid', $form_state['values']['rid'])->execute();
// Update the users who have this role set:
db_query('DELETE FROM {users_roles} WHERE rid = %d', $form_state['values']['rid']);
db_delete('users_roles')->condition('rid', $form_state['values']['rid'])->execute();
drupal_set_message(t('The role has been deleted.'));
}
elseif ($form_state['values']['op'] == t('Add role')) {
db_query("INSERT INTO {role} (name) VALUES ('%s')", $form_state['values']['name']);
db_insert('role')->fields(array('name' => $form_state['values']['name']))->execute();
drupal_set_message(t('The role has been added.'));
}
$form_state['redirect'] = 'admin/user/roles';
......
......@@ -247,7 +247,7 @@ function user_update_7000(&$sandbox) {
if (!isset($sandbox['user_from'])) {
db_change_field($ret, 'users', 'pass', 'pass', array('type' => 'varchar', 'length' => 128, 'not null' => TRUE, 'default' => ''));
$sandbox['user_from'] = 0;
$sandbox['user_count'] = db_result(db_query("SELECT COUNT(uid) FROM {users}"));
$sandbox['user_count'] = db_query("SELECT COUNT(uid) FROM {users}")->fetchField();
}
else {
require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
......@@ -255,14 +255,14 @@ function user_update_7000(&$sandbox) {
$has_rows = FALSE;
// Update this many per page load.
$count = 1000;
$result = db_query_range("SELECT uid, pass FROM {users} WHERE uid > 0 ORDER BY uid", $sandbox['user_from'], $count);
while ($account = db_fetch_array($result)) {
$result = db_query_range("SELECT uid, pass FROM {users} WHERE uid > 0 ORDER BY uid", array(), $sandbox['user_from'], $count);
foreach ($result as $account) {
$has_rows = TRUE;
$new_hash = user_hash_password($account['pass'], $hash_count_log2);
$new_hash = user_hash_password($account->pass, $hash_count_log2);
if ($new_hash) {
// Indicate an updated password.
$new_hash = 'U' . $new_hash;
db_query("UPDATE {users} SET pass = '%s' WHERE uid = %d", $new_hash, $account['uid']);
db_update('users')->fields(array('pass' => $new_hash))->condition('uid', $account->uid)->execute();
}
}
$ret['#finished'] = $sandbox['user_from']/$sandbox['user_count'];
......@@ -300,7 +300,7 @@ function user_update_7002(&$sandbox) {
if (!isset($sandbox['user_from'])) {
db_change_field($ret, 'users', 'timezone', 'timezone', array('type' => 'varchar', 'length' => 32, 'not null' => FALSE));
$sandbox['user_from'] = 0;
$sandbox['user_count'] = db_result(db_query("SELECT COUNT(uid) FROM {users}"));
$sandbox['user_count'] = db_query("SELECT COUNT(uid) FROM {users}")->fetchField();
$sandbox['user_not_migrated'] = 0;
}
else {
......
......@@ -398,7 +398,7 @@ function user_save($account, $edit = array(), $category = 'account') {
if (is_object($account) && $account->uid) {
user_module_invoke('update', $edit, $account, $category);
$data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid)));
$data = unserialize(db_query('SELECT data FROM {users} WHERE uid = :uid', array(':uid' => $account->uid))->fetchField());
// Consider users edited by an administrator as logged in, if they haven't
// already, so anonymous users can view the profile (if allowed).
if (empty($edit['access']) && empty($account->access) && user_access('administer users')) {
......@@ -459,11 +459,16 @@ function user_save($account, $edit = array(), $category = 'account') {
// Reload user roles if provided.
if (isset($edit['roles']) && is_array($edit['roles'])) {
db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
db_delete('users_roles')->condition('uid', $account->uid)->execute();
foreach (array_keys($edit['roles']) as $rid) {
if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $account->uid, $rid);
db_insert('users_roles')
->fields(array(
'uid' => $account->uid,
'rid' => $rid,
))
->execute();
}
}
}
......@@ -542,10 +547,15 @@ function user_save($account, $edit = array(), $category = 'account') {
// Save user roles (delete just to be safe).
if (isset($edit['roles']) && is_array($edit['roles'])) {
db_query('DELETE FROM {users_roles} WHERE uid = %d', $edit['uid']);
db_delete('users_roles')->condition('uid', $edit['uid'])->execute();
foreach (array_keys($edit['roles']) as $rid) {
if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $edit['uid'], $rid);
db_insert('users_roles')
->fields(array(
'uid' => $edit['uid'],
'rid' => $rid,
))
->execute();
}
}
}
......@@ -757,7 +767,7 @@ function user_access($string, $account = NULL, $reset = FALSE) {
* @return boolean TRUE for blocked users, FALSE for active.
*/
function user_is_blocked($name) {
$deny = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name));
$deny = db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER(:name)", array(':name' => $name))->fetchObject();
return $deny;
}
......@@ -843,18 +853,22 @@ function user_search($op = 'search', $keys = NULL, $skip_access_check = FALSE) {
$find = array();
// Replace wildcards with MySQL/PostgreSQL wildcards.
$keys = preg_replace('!\*+!', '%', $keys);
$query = db_select('users');
$query->fields('users', array('name', 'uid', 'mail'));
if (user_access('administer users')) {
// Administrators can also search in the otherwise private email field.
$result = pager_query("SELECT name, uid, mail FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%') OR LOWER(mail) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys, $keys);
while ($account = db_fetch_object($result)) {
$find[] = array('title' => $account->name . ' (' . $account->mail . ')', 'link' => url('user/' . $account->uid, array('absolute' => TRUE)));
}
$query->condition(db_or()->
where('LOWER(name) LIKE LOWER(:name)', array(':name' => "%$keys%"))->
where('LOWER(mail) LIKE LOWER(:mail)', array(':mail' => "%$keys%")));
}
else {
$result = pager_query("SELECT name, uid FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
while ($account = db_fetch_object($result)) {
$find[] = array('title' => $account->name, 'link' => url('user/' . $account->uid, array('absolute' => TRUE)));
}
$query->where('LOWER(name) LIKE LOWER(:name)', array(':name' => "%$keys%"));
}
$query = $query->extend('PagerDefault')
->limit(2);
$result = $query->execute();
foreach ($result as $account) {
$find[] = array('title' => $account->name . ' (' . $account->mail . ')', 'link' => url('user/' . $account->uid, array('absolute' => TRUE)));
}
return $find;
}
......@@ -920,7 +934,7 @@ function user_user_validate(&$edit, &$account, $category = NULL) {
if ($error = user_validate_name($edit['name'])) {
form_set_error('name', $error);
}
elseif (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) {
elseif (db_query("SELECT COUNT(*) FROM {users} WHERE uid != :uid AND LOWER(name) = LOWER(:name)", array(':uid' => $uid, ':name' => $edit['name']))->fetchField() > 0) {
form_set_error('name', t('The name %name is already taken.', array('%name' => $edit['name'])));
}
}
......@@ -929,7 +943,7 @@ function user_user_validate(&$edit, &$account, $category = NULL) {
if ($error = user_validate_mail($edit['mail'])) {
form_set_error('mail', $error);
}
elseif (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(mail) = LOWER('%s')", $uid, $edit['mail'])) > 0) {
elseif (db_query("SELECT COUNT(*) FROM {users} WHERE uid != :uid AND LOWER(mail) = LOWER(:mail)", array(':uid' => $uid, ':mail' => $edit['mail']))->fetchField() > 0) {
// Format error message dependent on whether the user is logged in or not.
if ($GLOBALS['user']->uid) {
form_set_error('mail', t('The e-mail address %email is already taken.', array('%email' => $edit['mail'])));
......@@ -1501,10 +1515,10 @@ function user_page_title($account) {
* An associative array with module as key and username as value.
*/
function user_get_authmaps($authname = NULL) {
$result = db_query("SELECT authname, module FROM {authmap} WHERE authname = '%s'", $authname);
$result = db_query("SELECT authname, module FROM {authmap} WHERE authname = :authname", array(':authname' => $authname));
$authmaps = array();
$has_rows = FALSE;
while ($authmap = db_fetch_object($result)) {
foreach ($result as $authmap) {
$authmaps[$authmap->module] = $authmap->authname;
$has_rows = TRUE;
}
......@@ -1645,7 +1659,7 @@ function user_authenticate($form_values = array()) {
$password = trim($form_values['pass']);
// Name and pass keys are required.
if (!empty($form_values['name']) && !empty($password)) {
$account = db_fetch_object(db_query("SELECT * FROM {users} WHERE name = '%s' AND status = 1", $form_values['name']));
$account = db_query("SELECT * FROM {users} WHERE name = :name AND status = 1", array(':name' => $form_values['name']))->fetchObject();
if ($account) {
// Allow alternate password hashing schemes.
require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
......@@ -1653,7 +1667,10 @@ function user_authenticate($form_values = array()) {
if (user_needs_new_hash($account)) {
$new_hash = user_hash_password($password);
if ($new_hash) {
db_query("UPDATE {users} SET pass = '%s' WHERE uid = %d", $new_hash, $account->uid);
db_update('users')
->fields(array('pass' => $new_hash))
->condition('uid', $account->uid)
->execute();
}
}
$users = user_load_multiple(array($account->uid), array('status' => '1'));
......@@ -1680,7 +1697,10 @@ function user_authenticate_finalize(&$edit) {
// Update the user table timestamp noting user has logged in.
// This is also used to invalidate one-time login links.
$user->login = REQUEST_TIME;
db_query("UPDATE {users} SET login = %d WHERE uid = %d", $user->login, $user->uid);
db_update('users')
->fields(array('login' => $user->login))
->condition('uid', $user->uid)
->execute();
// Regenerate the session ID to prevent against session fixation attacks.
// This is called before hook_user in case one of those functions fails
// or incorrectly does a redirect which would leave the old session in place.
......@@ -2112,13 +2132,13 @@ function user_roles($membersonly = FALSE, $permission = NULL) {
);
if (!empty($permission)) {
$result = db_query("SELECT r.* FROM {role} r INNER JOIN {role_permission} p ON r.rid = p.rid WHERE p.permission = '%s' ORDER BY r.name", $permission);
$result = db_query("SELECT r.* FROM {role} r INNER JOIN {role_permission} p ON r.rid = p.rid WHERE p.permission = :permission ORDER BY r.name", array(':permission' => $permission));
}
else {
$result = db_query('SELECT * FROM {role} ORDER BY name');
}
while ($role = db_fetch_object($result)) {
foreach ($result as $role) {
switch ($role->rid) {
// We only translate the built in role names
case DRUPAL_ANONYMOUS_RID:
......@@ -2239,7 +2259,7 @@ function user_user_operations_block($accounts) {
function user_multiple_role_edit($accounts, $operation, $rid) {
// The role name is not necessary as user_save() will reload the user
// object, but some modules' hook_user() may look at this first.
$role_name = db_result(db_query('SELECT name FROM {role} WHERE rid = %d', $rid));
$role_name = db_query('SELECT name FROM {role} WHERE rid = :rid', array(':rid' => $rid))->fetchField();
switch ($operation) {
case 'add_role':
......@@ -2271,7 +2291,7 @@ function user_multiple_cancel_confirm(&$form_state) {
$form['accounts'] = array('#prefix' => '<ul>', '#suffix' => '</ul>', '#tree' => TRUE);
// array_filter() returns only elements with TRUE values.
foreach (array_filter($edit['accounts']) as $uid => $value) {
$user = db_result(db_query('SELECT name FROM {users} WHERE uid = %d', $uid));
$user = db_query('SELECT name FROM {users} WHERE uid = :uid', array(':uid' => $uid))->fetchField();
$form['accounts'][$uid] = array('#type' => 'hidden', '#value' => $uid, '#prefix' => '<li>', '#suffix' => check_plain($user) . "</li>\n");
}
......@@ -2697,7 +2717,7 @@ function user_block_user_action(&$object, $context = array()) {
global $user;
$uid = $user->uid;
}
db_query("UPDATE {users} SET status = 0 WHERE uid = %d", $uid);
db_update('users')->fields(array('status' => 0))->condition('uid', $uid)->execute();
drupal_session_destroy_uid($uid);
watchdog('action', 'Blocked user %name.', array('%name' => $user->name));
}
......
......@@ -13,7 +13,7 @@ function user_autocomplete($string = '') {
$matches = array();
if ($string) {
$result = db_query_range("SELECT name FROM {users} WHERE LOWER(name) LIKE LOWER(:name)", array(':name' => $string .'%'), 0, 10);
while ($user = db_fetch_object($result)) {
foreach ($result as $user) {
$matches[$user->name] = check_plain($user->name);
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment