Commit a8597119 authored by Dries's avatar Dries

- Patch #394594 by ksenzee: converted most of the user module code to the new...

- Patch #394594 by ksenzee: converted most of the user module code to the new database abstraction layer.
parent 079cac33
...@@ -144,7 +144,11 @@ function user_admin_account() { ...@@ -144,7 +144,11 @@ function user_admin_account() {
t('Operations') t('Operations')
); );
$sql = 'SELECT DISTINCT u.uid, u.name, u.status, u.created, u.access FROM {users} u LEFT JOIN {users_roles} ur ON u.uid = ur.uid ' . $filter['join'] . ' WHERE u.uid != 0 ' . $filter['where']; $query = db_select('users', 'u');
$query->fields('u', array('uid', 'name', 'status', 'created', 'access'));
$sql = 'SELECT DISTINCT u.uid, u.name, u.status, u.created, u.access FROM {users} u
LEFT JOIN {users_roles} ur ON u.uid = ur.uid ' . $filter['join'] . '
WHERE u.uid != 0 ' . $filter['where'];
$sql .= tablesort_sql($header); $sql .= tablesort_sql($header);
$query_count = 'SELECT COUNT(DISTINCT u.uid) FROM {users} u LEFT JOIN {users_roles} ur ON u.uid = ur.uid ' . $filter['join'] . ' WHERE u.uid != 0 ' . $filter['where']; $query_count = 'SELECT COUNT(DISTINCT u.uid) FROM {users} u LEFT JOIN {users_roles} ur ON u.uid = ur.uid ' . $filter['join'] . ' WHERE u.uid != 0 ' . $filter['where'];
$result = pager_query($sql, 50, 0, $query_count, $filter['args']); $result = pager_query($sql, 50, 0, $query_count, $filter['args']);
...@@ -174,13 +178,13 @@ function user_admin_account() { ...@@ -174,13 +178,13 @@ function user_admin_account() {
$status = array(t('blocked'), t('active')); $status = array(t('blocked'), t('active'));
$roles = user_roles(TRUE); $roles = user_roles(TRUE);
$accounts = array(); $accounts = array();
while ($account = db_fetch_object($result)) { foreach ($result as $account) {
$accounts[$account->uid] = ''; $accounts[$account->uid] = '';
$form['name'][$account->uid] = array('#markup' => theme('username', $account)); $form['name'][$account->uid] = array('#markup' => theme('username', $account));
$form['status'][$account->uid] = array('#markup' => $status[$account->status]); $form['status'][$account->uid] = array('#markup' => $status[$account->status]);
$users_roles = array(); $users_roles = array();
$roles_result = db_query('SELECT rid FROM {users_roles} WHERE uid = %d', $account->uid); $roles_result = db_query('SELECT rid FROM {users_roles} WHERE uid = :uid', array(':uid' => $account->uid));
while ($user_role = db_fetch_object($roles_result)) { foreach ($roles_result as $user_role) {
$users_roles[] = $roles[$user_role->rid]; $users_roles[] = $roles[$user_role->rid];
} }
asort($users_roles); asort($users_roles);
...@@ -601,9 +605,14 @@ function user_admin_perm_submit($form, &$form_state) { ...@@ -601,9 +605,14 @@ function user_admin_perm_submit($form, &$form_state) {
foreach ($form_state['values']['role_names'] as $rid => $name) { foreach ($form_state['values']['role_names'] as $rid => $name) {
$checked = array_filter($form_state['values'][$rid]); $checked = array_filter($form_state['values'][$rid]);
// Delete existing permissions for the role. This handles "unchecking" checkboxes. // Delete existing permissions for the role. This handles "unchecking" checkboxes.
db_query("DELETE FROM {role_permission} WHERE rid = %d", $rid); db_delete('role_permission')->condition('rid', $rid)->execute();
foreach ($checked as $permission) { foreach ($checked as $permission) {
db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", $rid, $permission); db_insert('role_permission')
->fields(array(
'rid' => $rid,
'permission' => $permission,
))
->execute();
} }
} }
...@@ -670,7 +679,7 @@ function user_admin_role() { ...@@ -670,7 +679,7 @@ function user_admin_role() {
drupal_goto('admin/user/roles'); drupal_goto('admin/user/roles');
} }
// Display the edit role form. // Display the edit role form.
$role = db_fetch_object(db_query('SELECT * FROM {role} WHERE rid = %d', $rid)); $role = db_query('SELECT * FROM {role} WHERE rid = :rid', array(':rid' => $rid))->fetchObject();
$form['name'] = array( $form['name'] = array(
'#type' => 'textfield', '#type' => 'textfield',
'#title' => t('Role name'), '#title' => t('Role name'),
...@@ -712,12 +721,16 @@ function user_admin_role() { ...@@ -712,12 +721,16 @@ function user_admin_role() {
function user_admin_role_validate($form, &$form_state) { function user_admin_role_validate($form, &$form_state) {
if ($form_state['values']['name']) { if ($form_state['values']['name']) {
if ($form_state['values']['op'] == t('Save role')) { if ($form_state['values']['op'] == t('Save role')) {
if (db_result(db_query("SELECT COUNT(*) FROM {role} WHERE name = '%s' AND rid != %d", $form_state['values']['name'], $form_state['values']['rid']))) { $existing_role = db_query("SELECT COUNT(*) FROM {role} WHERE name = :name AND rid != :rid",
array(':name' => $form_state['values']['name'],
':rid' => $form_state['values']['rid']))
->fetchField();
if ($existing_role) {
form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_state['values']['name']))); form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_state['values']['name'])));
} }
} }
elseif ($form_state['values']['op'] == t('Add role')) { elseif ($form_state['values']['op'] == t('Add role')) {
if (db_result(db_query("SELECT COUNT(*) FROM {role} WHERE name = '%s'", $form_state['values']['name']))) { if (db_query("SELECT COUNT(*) FROM {role} WHERE name = :name", array(':name' => $form_state['values']['name']))->fetchField()) {
form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_state['values']['name']))); form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_state['values']['name'])));
} }
} }
...@@ -729,19 +742,24 @@ function user_admin_role_validate($form, &$form_state) { ...@@ -729,19 +742,24 @@ function user_admin_role_validate($form, &$form_state) {
function user_admin_role_submit($form, &$form_state) { function user_admin_role_submit($form, &$form_state) {
if ($form_state['values']['op'] == t('Save role')) { if ($form_state['values']['op'] == t('Save role')) {
db_query("UPDATE {role} SET name = '%s' WHERE rid = %d", $form_state['values']['name'], $form_state['values']['rid']); db_update('role')
->fields(array(
'name' => $form_state['values']['name'],
))
->condition('rid', $form_state['values']['rid'])
->execute();
drupal_set_message(t('The role has been renamed.')); drupal_set_message(t('The role has been renamed.'));
} }
elseif ($form_state['values']['op'] == t('Delete role')) { elseif ($form_state['values']['op'] == t('Delete role')) {
db_query('DELETE FROM {role} WHERE rid = %d', $form_state['values']['rid']); db_delete('role')->condition('rid', $form_state['values']['rid'])->execute();
db_query('DELETE FROM {role_permission} WHERE rid = %d', $form_state['values']['rid']); db_delete('role_permission')->condition('rid', $form_state['values']['rid'])->execute();
// Update the users who have this role set: // Update the users who have this role set:
db_query('DELETE FROM {users_roles} WHERE rid = %d', $form_state['values']['rid']); db_delete('users_roles')->condition('rid', $form_state['values']['rid'])->execute();
drupal_set_message(t('The role has been deleted.')); drupal_set_message(t('The role has been deleted.'));
} }
elseif ($form_state['values']['op'] == t('Add role')) { elseif ($form_state['values']['op'] == t('Add role')) {
db_query("INSERT INTO {role} (name) VALUES ('%s')", $form_state['values']['name']); db_insert('role')->fields(array('name' => $form_state['values']['name']))->execute();
drupal_set_message(t('The role has been added.')); drupal_set_message(t('The role has been added.'));
} }
$form_state['redirect'] = 'admin/user/roles'; $form_state['redirect'] = 'admin/user/roles';
......
...@@ -247,7 +247,7 @@ function user_update_7000(&$sandbox) { ...@@ -247,7 +247,7 @@ function user_update_7000(&$sandbox) {
if (!isset($sandbox['user_from'])) { if (!isset($sandbox['user_from'])) {
db_change_field($ret, 'users', 'pass', 'pass', array('type' => 'varchar', 'length' => 128, 'not null' => TRUE, 'default' => '')); db_change_field($ret, 'users', 'pass', 'pass', array('type' => 'varchar', 'length' => 128, 'not null' => TRUE, 'default' => ''));
$sandbox['user_from'] = 0; $sandbox['user_from'] = 0;
$sandbox['user_count'] = db_result(db_query("SELECT COUNT(uid) FROM {users}")); $sandbox['user_count'] = db_query("SELECT COUNT(uid) FROM {users}")->fetchField();
} }
else { else {
require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc'); require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
...@@ -255,14 +255,14 @@ function user_update_7000(&$sandbox) { ...@@ -255,14 +255,14 @@ function user_update_7000(&$sandbox) {
$has_rows = FALSE; $has_rows = FALSE;
// Update this many per page load. // Update this many per page load.
$count = 1000; $count = 1000;
$result = db_query_range("SELECT uid, pass FROM {users} WHERE uid > 0 ORDER BY uid", $sandbox['user_from'], $count); $result = db_query_range("SELECT uid, pass FROM {users} WHERE uid > 0 ORDER BY uid", array(), $sandbox['user_from'], $count);
while ($account = db_fetch_array($result)) { foreach ($result as $account) {
$has_rows = TRUE; $has_rows = TRUE;
$new_hash = user_hash_password($account['pass'], $hash_count_log2); $new_hash = user_hash_password($account->pass, $hash_count_log2);
if ($new_hash) { if ($new_hash) {
// Indicate an updated password. // Indicate an updated password.
$new_hash = 'U' . $new_hash; $new_hash = 'U' . $new_hash;
db_query("UPDATE {users} SET pass = '%s' WHERE uid = %d", $new_hash, $account['uid']); db_update('users')->fields(array('pass' => $new_hash))->condition('uid', $account->uid)->execute();
} }
} }
$ret['#finished'] = $sandbox['user_from']/$sandbox['user_count']; $ret['#finished'] = $sandbox['user_from']/$sandbox['user_count'];
...@@ -300,7 +300,7 @@ function user_update_7002(&$sandbox) { ...@@ -300,7 +300,7 @@ function user_update_7002(&$sandbox) {
if (!isset($sandbox['user_from'])) { if (!isset($sandbox['user_from'])) {
db_change_field($ret, 'users', 'timezone', 'timezone', array('type' => 'varchar', 'length' => 32, 'not null' => FALSE)); db_change_field($ret, 'users', 'timezone', 'timezone', array('type' => 'varchar', 'length' => 32, 'not null' => FALSE));
$sandbox['user_from'] = 0; $sandbox['user_from'] = 0;
$sandbox['user_count'] = db_result(db_query("SELECT COUNT(uid) FROM {users}")); $sandbox['user_count'] = db_query("SELECT COUNT(uid) FROM {users}")->fetchField();
$sandbox['user_not_migrated'] = 0; $sandbox['user_not_migrated'] = 0;
} }
else { else {
......
...@@ -398,7 +398,7 @@ function user_save($account, $edit = array(), $category = 'account') { ...@@ -398,7 +398,7 @@ function user_save($account, $edit = array(), $category = 'account') {
if (is_object($account) && $account->uid) { if (is_object($account) && $account->uid) {
user_module_invoke('update', $edit, $account, $category); user_module_invoke('update', $edit, $account, $category);
$data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid))); $data = unserialize(db_query('SELECT data FROM {users} WHERE uid = :uid', array(':uid' => $account->uid))->fetchField());
// Consider users edited by an administrator as logged in, if they haven't // Consider users edited by an administrator as logged in, if they haven't
// already, so anonymous users can view the profile (if allowed). // already, so anonymous users can view the profile (if allowed).
if (empty($edit['access']) && empty($account->access) && user_access('administer users')) { if (empty($edit['access']) && empty($account->access) && user_access('administer users')) {
...@@ -459,11 +459,16 @@ function user_save($account, $edit = array(), $category = 'account') { ...@@ -459,11 +459,16 @@ function user_save($account, $edit = array(), $category = 'account') {
// Reload user roles if provided. // Reload user roles if provided.
if (isset($edit['roles']) && is_array($edit['roles'])) { if (isset($edit['roles']) && is_array($edit['roles'])) {
db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid); db_delete('users_roles')->condition('uid', $account->uid)->execute();
foreach (array_keys($edit['roles']) as $rid) { foreach (array_keys($edit['roles']) as $rid) {
if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) { if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $account->uid, $rid); db_insert('users_roles')
->fields(array(
'uid' => $account->uid,
'rid' => $rid,
))
->execute();
} }
} }
} }
...@@ -542,10 +547,15 @@ function user_save($account, $edit = array(), $category = 'account') { ...@@ -542,10 +547,15 @@ function user_save($account, $edit = array(), $category = 'account') {
// Save user roles (delete just to be safe). // Save user roles (delete just to be safe).
if (isset($edit['roles']) && is_array($edit['roles'])) { if (isset($edit['roles']) && is_array($edit['roles'])) {
db_query('DELETE FROM {users_roles} WHERE uid = %d', $edit['uid']); db_delete('users_roles')->condition('uid', $edit['uid'])->execute();
foreach (array_keys($edit['roles']) as $rid) { foreach (array_keys($edit['roles']) as $rid) {
if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) { if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $edit['uid'], $rid); db_insert('users_roles')
->fields(array(
'uid' => $edit['uid'],
'rid' => $rid,
))
->execute();
} }
} }
} }
...@@ -757,7 +767,7 @@ function user_access($string, $account = NULL, $reset = FALSE) { ...@@ -757,7 +767,7 @@ function user_access($string, $account = NULL, $reset = FALSE) {
* @return boolean TRUE for blocked users, FALSE for active. * @return boolean TRUE for blocked users, FALSE for active.
*/ */
function user_is_blocked($name) { function user_is_blocked($name) {
$deny = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name)); $deny = db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER(:name)", array(':name' => $name))->fetchObject();
return $deny; return $deny;
} }
...@@ -843,18 +853,22 @@ function user_search($op = 'search', $keys = NULL, $skip_access_check = FALSE) { ...@@ -843,18 +853,22 @@ function user_search($op = 'search', $keys = NULL, $skip_access_check = FALSE) {
$find = array(); $find = array();
// Replace wildcards with MySQL/PostgreSQL wildcards. // Replace wildcards with MySQL/PostgreSQL wildcards.
$keys = preg_replace('!\*+!', '%', $keys); $keys = preg_replace('!\*+!', '%', $keys);
$query = db_select('users');
$query->fields('users', array('name', 'uid', 'mail'));
if (user_access('administer users')) { if (user_access('administer users')) {
// Administrators can also search in the otherwise private email field. // Administrators can also search in the otherwise private email field.
$result = pager_query("SELECT name, uid, mail FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%') OR LOWER(mail) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys, $keys); $query->condition(db_or()->
while ($account = db_fetch_object($result)) { where('LOWER(name) LIKE LOWER(:name)', array(':name' => "%$keys%"))->
$find[] = array('title' => $account->name . ' (' . $account->mail . ')', 'link' => url('user/' . $account->uid, array('absolute' => TRUE))); where('LOWER(mail) LIKE LOWER(:mail)', array(':mail' => "%$keys%")));
}
} }
else { else {
$result = pager_query("SELECT name, uid FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys); $query->where('LOWER(name) LIKE LOWER(:name)', array(':name' => "%$keys%"));
while ($account = db_fetch_object($result)) { }
$find[] = array('title' => $account->name, 'link' => url('user/' . $account->uid, array('absolute' => TRUE))); $query = $query->extend('PagerDefault')
} ->limit(2);
$result = $query->execute();
foreach ($result as $account) {
$find[] = array('title' => $account->name . ' (' . $account->mail . ')', 'link' => url('user/' . $account->uid, array('absolute' => TRUE)));
} }
return $find; return $find;
} }
...@@ -920,7 +934,7 @@ function user_user_validate(&$edit, &$account, $category = NULL) { ...@@ -920,7 +934,7 @@ function user_user_validate(&$edit, &$account, $category = NULL) {
if ($error = user_validate_name($edit['name'])) { if ($error = user_validate_name($edit['name'])) {
form_set_error('name', $error); form_set_error('name', $error);
} }
elseif (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) { elseif (db_query("SELECT COUNT(*) FROM {users} WHERE uid != :uid AND LOWER(name) = LOWER(:name)", array(':uid' => $uid, ':name' => $edit['name']))->fetchField() > 0) {
form_set_error('name', t('The name %name is already taken.', array('%name' => $edit['name']))); form_set_error('name', t('The name %name is already taken.', array('%name' => $edit['name'])));
} }
} }
...@@ -929,7 +943,7 @@ function user_user_validate(&$edit, &$account, $category = NULL) { ...@@ -929,7 +943,7 @@ function user_user_validate(&$edit, &$account, $category = NULL) {
if ($error = user_validate_mail($edit['mail'])) { if ($error = user_validate_mail($edit['mail'])) {
form_set_error('mail', $error); form_set_error('mail', $error);
} }
elseif (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(mail) = LOWER('%s')", $uid, $edit['mail'])) > 0) { elseif (db_query("SELECT COUNT(*) FROM {users} WHERE uid != :uid AND LOWER(mail) = LOWER(:mail)", array(':uid' => $uid, ':mail' => $edit['mail']))->fetchField() > 0) {
// Format error message dependent on whether the user is logged in or not. // Format error message dependent on whether the user is logged in or not.
if ($GLOBALS['user']->uid) { if ($GLOBALS['user']->uid) {
form_set_error('mail', t('The e-mail address %email is already taken.', array('%email' => $edit['mail']))); form_set_error('mail', t('The e-mail address %email is already taken.', array('%email' => $edit['mail'])));
...@@ -1501,10 +1515,10 @@ function user_page_title($account) { ...@@ -1501,10 +1515,10 @@ function user_page_title($account) {
* An associative array with module as key and username as value. * An associative array with module as key and username as value.
*/ */
function user_get_authmaps($authname = NULL) { function user_get_authmaps($authname = NULL) {
$result = db_query("SELECT authname, module FROM {authmap} WHERE authname = '%s'", $authname); $result = db_query("SELECT authname, module FROM {authmap} WHERE authname = :authname", array(':authname' => $authname));
$authmaps = array(); $authmaps = array();
$has_rows = FALSE; $has_rows = FALSE;
while ($authmap = db_fetch_object($result)) { foreach ($result as $authmap) {
$authmaps[$authmap->module] = $authmap->authname; $authmaps[$authmap->module] = $authmap->authname;
$has_rows = TRUE; $has_rows = TRUE;
} }
...@@ -1645,7 +1659,7 @@ function user_authenticate($form_values = array()) { ...@@ -1645,7 +1659,7 @@ function user_authenticate($form_values = array()) {
$password = trim($form_values['pass']); $password = trim($form_values['pass']);
// Name and pass keys are required. // Name and pass keys are required.
if (!empty($form_values['name']) && !empty($password)) { if (!empty($form_values['name']) && !empty($password)) {
$account = db_fetch_object(db_query("SELECT * FROM {users} WHERE name = '%s' AND status = 1", $form_values['name'])); $account = db_query("SELECT * FROM {users} WHERE name = :name AND status = 1", array(':name' => $form_values['name']))->fetchObject();
if ($account) { if ($account) {
// Allow alternate password hashing schemes. // Allow alternate password hashing schemes.
require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc'); require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
...@@ -1653,7 +1667,10 @@ function user_authenticate($form_values = array()) { ...@@ -1653,7 +1667,10 @@ function user_authenticate($form_values = array()) {
if (user_needs_new_hash($account)) { if (user_needs_new_hash($account)) {
$new_hash = user_hash_password($password); $new_hash = user_hash_password($password);
if ($new_hash) { if ($new_hash) {
db_query("UPDATE {users} SET pass = '%s' WHERE uid = %d", $new_hash, $account->uid); db_update('users')
->fields(array('pass' => $new_hash))
->condition('uid', $account->uid)
->execute();
} }
} }
$users = user_load_multiple(array($account->uid), array('status' => '1')); $users = user_load_multiple(array($account->uid), array('status' => '1'));
...@@ -1680,7 +1697,10 @@ function user_authenticate_finalize(&$edit) { ...@@ -1680,7 +1697,10 @@ function user_authenticate_finalize(&$edit) {
// Update the user table timestamp noting user has logged in. // Update the user table timestamp noting user has logged in.
// This is also used to invalidate one-time login links. // This is also used to invalidate one-time login links.
$user->login = REQUEST_TIME; $user->login = REQUEST_TIME;
db_query("UPDATE {users} SET login = %d WHERE uid = %d", $user->login, $user->uid); db_update('users')
->fields(array('login' => $user->login))
->condition('uid', $user->uid)
->execute();
// Regenerate the session ID to prevent against session fixation attacks. // Regenerate the session ID to prevent against session fixation attacks.
// This is called before hook_user in case one of those functions fails // This is called before hook_user in case one of those functions fails
// or incorrectly does a redirect which would leave the old session in place. // or incorrectly does a redirect which would leave the old session in place.
...@@ -2112,13 +2132,13 @@ function user_roles($membersonly = FALSE, $permission = NULL) { ...@@ -2112,13 +2132,13 @@ function user_roles($membersonly = FALSE, $permission = NULL) {
); );
if (!empty($permission)) { if (!empty($permission)) {
$result = db_query("SELECT r.* FROM {role} r INNER JOIN {role_permission} p ON r.rid = p.rid WHERE p.permission = '%s' ORDER BY r.name", $permission); $result = db_query("SELECT r.* FROM {role} r INNER JOIN {role_permission} p ON r.rid = p.rid WHERE p.permission = :permission ORDER BY r.name", array(':permission' => $permission));
} }
else { else {
$result = db_query('SELECT * FROM {role} ORDER BY name'); $result = db_query('SELECT * FROM {role} ORDER BY name');
} }
while ($role = db_fetch_object($result)) { foreach ($result as $role) {
switch ($role->rid) { switch ($role->rid) {
// We only translate the built in role names // We only translate the built in role names
case DRUPAL_ANONYMOUS_RID: case DRUPAL_ANONYMOUS_RID:
...@@ -2239,7 +2259,7 @@ function user_user_operations_block($accounts) { ...@@ -2239,7 +2259,7 @@ function user_user_operations_block($accounts) {
function user_multiple_role_edit($accounts, $operation, $rid) { function user_multiple_role_edit($accounts, $operation, $rid) {
// The role name is not necessary as user_save() will reload the user // The role name is not necessary as user_save() will reload the user
// object, but some modules' hook_user() may look at this first. // object, but some modules' hook_user() may look at this first.
$role_name = db_result(db_query('SELECT name FROM {role} WHERE rid = %d', $rid)); $role_name = db_query('SELECT name FROM {role} WHERE rid = :rid', array(':rid' => $rid))->fetchField();
switch ($operation) { switch ($operation) {
case 'add_role': case 'add_role':
...@@ -2271,7 +2291,7 @@ function user_multiple_cancel_confirm(&$form_state) { ...@@ -2271,7 +2291,7 @@ function user_multiple_cancel_confirm(&$form_state) {
$form['accounts'] = array('#prefix' => '<ul>', '#suffix' => '</ul>', '#tree' => TRUE); $form['accounts'] = array('#prefix' => '<ul>', '#suffix' => '</ul>', '#tree' => TRUE);
// array_filter() returns only elements with TRUE values. // array_filter() returns only elements with TRUE values.
foreach (array_filter($edit['accounts']) as $uid => $value) { foreach (array_filter($edit['accounts']) as $uid => $value) {
$user = db_result(db_query('SELECT name FROM {users} WHERE uid = %d', $uid)); $user = db_query('SELECT name FROM {users} WHERE uid = :uid', array(':uid' => $uid))->fetchField();
$form['accounts'][$uid] = array('#type' => 'hidden', '#value' => $uid, '#prefix' => '<li>', '#suffix' => check_plain($user) . "</li>\n"); $form['accounts'][$uid] = array('#type' => 'hidden', '#value' => $uid, '#prefix' => '<li>', '#suffix' => check_plain($user) . "</li>\n");
} }
...@@ -2697,7 +2717,7 @@ function user_block_user_action(&$object, $context = array()) { ...@@ -2697,7 +2717,7 @@ function user_block_user_action(&$object, $context = array()) {
global $user; global $user;
$uid = $user->uid; $uid = $user->uid;
} }
db_query("UPDATE {users} SET status = 0 WHERE uid = %d", $uid); db_update('users')->fields(array('status' => 0))->condition('uid', $uid)->execute();
drupal_session_destroy_uid($uid); drupal_session_destroy_uid($uid);
watchdog('action', 'Blocked user %name.', array('%name' => $user->name)); watchdog('action', 'Blocked user %name.', array('%name' => $user->name));
} }
......
...@@ -13,7 +13,7 @@ function user_autocomplete($string = '') { ...@@ -13,7 +13,7 @@ function user_autocomplete($string = '') {
$matches = array(); $matches = array();
if ($string) { if ($string) {
$result = db_query_range("SELECT name FROM {users} WHERE LOWER(name) LIKE LOWER(:name)", array(':name' => $string .'%'), 0, 10); $result = db_query_range("SELECT name FROM {users} WHERE LOWER(name) LIKE LOWER(:name)", array(':name' => $string .'%'), 0, 10);
while ($user = db_fetch_object($result)) { foreach ($result as $user) {
$matches[$user->name] = check_plain($user->name); $matches[$user->name] = check_plain($user->name);
} }
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment