Commit f5173ef2 authored by Dries's avatar Dries

- Applied user.module patch from Marco's sandbox.
- Added profile.module written by Marco.
parent b8c815d2
This diff is collapsed.
This diff is collapsed.
......@@ -47,7 +47,7 @@ function sess_gc($lifetime) {
/*** Common functions ******************************************************/
function user_external_load($authname) {
$arr_uid = db_query("SELECT uid FROM authmap WHERE authname = '$authname'");
$arr_uid = db_query("SELECT uid FROM authmap WHERE authname = '%s'", $authname);
if (db_fetch_object($arr_uid)) {
$uid = db_result($arr_uid);
......@@ -71,7 +71,7 @@ function user_load($array = array()) {
$query .= "u.$key = '". md5($value) ."' AND ";
}
else {
$query .= "u.$key = '". addslashes($value) ."' AND ";
$query .= "u.$key = '". check_query($value) ."' AND ";
}
}
$result = db_query("SELECT u.*, r.name AS role FROM users u LEFT JOIN role r ON u.rid = r.rid WHERE $query u.status < 3 LIMIT 1");
......@@ -135,7 +135,7 @@ function user_save($account, $array = array()) {
}
$fields[] = "data";
$values[] = "'". serialize($data) ."'";
$values[] = "'". check_query(serialize($data)) ."'";
db_query("INSERT INTO users (". implode(", ", $fields) .") VALUES (". implode(", ", $values) .")");
......@@ -187,13 +187,13 @@ function user_validate_mail($mail) {
** allowed.
*/
if ($mail && !eregi("^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$")) {
if ($mail && !eregi("^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$", $mail)) {
return t("The e-mail address '$mail' is not valid.");
}
}
function user_validate_authmap($account, $authname, $module) {
$result = db_query("SELECT COUNT(*) from authmap WHERE uid != '$account->uid' && authname = '$authname'");
$result = db_query("SELECT COUNT(*) from authmap WHERE uid != '$account->uid' && authname = '%s'", $authname);
if (db_result($result) > 0) {
$name = module_invoke($module, "info", "name");
return t("The %u ID %s is already taken.", array("%u" => ucfirst($name), "%s" => "<i>$authname</i>"));
......@@ -260,9 +260,9 @@ function user_mail($mail, $subject, $message, $header) {
function user_deny($type, $mask) {
$allow = db_fetch_object(db_query("SELECT * FROM access WHERE status = '1' AND type = '$type' AND LOWER('$mask') LIKE LOWER(mask)"));
$allow = db_fetch_object(db_query("SELECT * FROM access WHERE status = '1' AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask));
$deny = db_fetch_object(db_query("SELECT * FROM access WHERE status = '0' AND type = '$type' AND LOWER('$mask') LIKE LOWER(mask)"));
$deny = db_fetch_object(db_query("SELECT * FROM access WHERE status = '0' AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask));
if ($deny && !$allow) {
return 1;
......@@ -437,7 +437,7 @@ function user_get_authmaps($authname = NULL) {
** associtive array of modules and DA names. Called at external login.
*/
$result = db_query("SELECT authname, module FROM authmap WHERE authname = '$authname'");
$result = db_query("SELECT authname, module FROM authmap WHERE authname = '%s'", $authname);
if (db_num_rows($result) > 0) {
while ($authmap = db_fetch_object($result)) {
$authmaps[$authmap->module] = $authmap->authname;
......@@ -458,7 +458,7 @@ function user_set_authmaps($account, $authmaps) {
$result = db_query("INSERT INTO authmap (authname, uid, module) VALUES ('%s', '%s', '%s')", $value, $account->uid, $module[1]);
}
else {
$result = db_query("UPDATE authmap SET authname = '$value' WHERE uid = '$account->uid' && module = '$module[1]'");
$result = db_query("UPDATE authmap SET authname = '%s' WHERE uid = '$account->uid' && module = '$module[1]'", $value);
}
}
else {
......@@ -929,7 +929,6 @@ function user_edit($edit = array()) {
}
}
$output .= form_textfield(t("Homepage"), "homepage", $edit["homepage"], 30, 55, t("Optional") .". ". t("Make sure you enter a fully qualified URL: remember to include \"http://\"."));
$options = "<option value=\"\"". (("" == $key) ? " selected=\"selected\"" : "") .">". t("Default theme") ."</option>\n";
foreach (theme_list() as $key => $value) {
$options .= "<option value=\"$key\"". (($edit["theme"] == $key) ? " selected=\"selected\"" : "") .">$key - $value->description</option>\n";
......@@ -938,11 +937,10 @@ function user_edit($edit = array()) {
for ($zone = -43200; $zone <= 46800; $zone += 3600) $zones[$zone] = date("l, F dS, Y - h:i A", time() - date("Z") + $zone) ." (GMT ". $zone / 3600 .")";
$output .= form_select(t("Timezone"), "timezone", $edit["timezone"], $zones, t("Select what time you currently have and your timezone settings will be set appropriate."));
$output .= form_select(t("Language"), "language", $edit["language"], $languages, t("Selecting a different language will change the language of the site."));
$output .= form_textarea(t("Signature"), "signature", $edit["signature"], 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$output .= form_item(t("Password"), "<input type=\"password\" name=\"edit[pass1]\" size=\"12\" maxlength=\"24\" /> <input type=\"password\" name=\"edit[pass2]\" size=\"12\" maxlength=\"24\" />", t("Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password."));
$output .= form_submit(t("Save user information"));
$output = form($output);
$output = form($output, "post", 0, "enctype=\"multipart/form-data\"");
}
else {
$output = user_login();
......@@ -976,9 +974,6 @@ function user_view($uid = 0) {
}
}
$output .= form_item(t("Homepage"), "<a href=\"$user->homepage\">$user->homepage</a>");
$output .= form_item(t("Signature"), check_output($user->signature, 1));
$theme->header();
$theme->box(t("User account"), user_menu());
$theme->box(t("View user information"), $output);
......@@ -986,7 +981,6 @@ function user_view($uid = 0) {
}
else if ($uid && $account = user_load(array("uid" => $uid, "status" => 1))) {
$output .= form_item(t("Name"), check_output($account->name));
$output .= form_item(t("Homepage"), "<a href=\"$account->homepage\">$account->homepage</a>");
foreach (module_list() as $module) {
if (module_hook($module, "user")) {
......@@ -1180,7 +1174,7 @@ function user_admin_access($edit = array()) {
}
}
else if ($id) {
db_query("DELETE FROM access WHERE aid = '$id'");
db_query("DELETE FROM access WHERE aid = '%s'", $id);
}
$output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">";
......@@ -1239,10 +1233,10 @@ function user_admin_perm($edit = array()) {
while ($role = db_fetch_object($result)) {
// delete, so if we clear every checkbox we reset that role;
// otherwise permissions are active and denied everywhere
db_query("DELETE FROM permission WHERE rid = '%s' AND tid = '$tid'", $role->rid);
db_query("DELETE FROM permission WHERE rid = '%s' AND tid = '%s'", $role->rid, $tid);
$perm = $edit[$role->rid] ? implode(", ", array_keys($edit[$role->rid])) : "";
if ($perm) {
db_query("INSERT INTO permission (rid, perm, tid) VALUES ('%s', '$perm', '$tid')", $role->rid);
db_query("INSERT INTO permission (rid, perm, tid) VALUES ('%s', '%s', %s'')", $role->rid, $perm, $tid);
}
}
......@@ -1426,7 +1420,6 @@ function user_admin_edit($edit = array()) {
}
}
$output .= form_textfield(t("Homepage"), "homepage", $account->homepage, 30, 55, t("Optional") .". ". t("Make sure you enter a fully qualified URL: remember to include \"http://\"."));
foreach (theme_list() as $key => $value) {
$options .= "$value[type]<option value=\"$key\"". (($account->theme == $key) ? " selected=\"selected\"" : "") .">$key - $value->description</option>\n";
}
......@@ -1434,7 +1427,6 @@ function user_admin_edit($edit = array()) {
for ($zone = -43200; $zone <= 46800; $zone += 3600) $zones[$zone] = date("l, F dS, Y - h:i A", time() - date("Z") + $zone) ." (GMT ". $zone / 3600 .")";
$output .= form_select(t("Timezone"), "timezone", $account->timezone, $zones, t("Select what time you currently have and your timezone settings will be set appropriate."));
$output .= form_select(t("Language"), "language", $account->language, $languages, t("Selecting a different language will change the language of the site."));
$output .= form_textarea(t("Signature"), "signature", $account->signature, 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$output .= form_item(t("Password"), "<input type=\"password\" name=\"edit[pass1]\" size=\"12\" maxlength=\"24\" /> <input type=\"password\" name=\"edit[pass2]\" size=\"12\" maxlength=\"24\" />", t("Enter a new password twice if you want to change the current password for this user or leave it blank if you are happy with the current password."));
$output .= form_select("Status", "status", $account->status, array("blocked", "active"));
$output .= form_select("Role", "rid", $account->rid, user_roles(1));
......
......@@ -47,7 +47,7 @@ function sess_gc($lifetime) {
/*** Common functions ******************************************************/
function user_external_load($authname) {
$arr_uid = db_query("SELECT uid FROM authmap WHERE authname = '$authname'");
$arr_uid = db_query("SELECT uid FROM authmap WHERE authname = '%s'", $authname);
if (db_fetch_object($arr_uid)) {
$uid = db_result($arr_uid);
......@@ -71,7 +71,7 @@ function user_load($array = array()) {
$query .= "u.$key = '". md5($value) ."' AND ";
}
else {
$query .= "u.$key = '". addslashes($value) ."' AND ";
$query .= "u.$key = '". check_query($value) ."' AND ";
}
}
$result = db_query("SELECT u.*, r.name AS role FROM users u LEFT JOIN role r ON u.rid = r.rid WHERE $query u.status < 3 LIMIT 1");
......@@ -135,7 +135,7 @@ function user_save($account, $array = array()) {
}
$fields[] = "data";
$values[] = "'". serialize($data) ."'";
$values[] = "'". check_query(serialize($data)) ."'";
db_query("INSERT INTO users (". implode(", ", $fields) .") VALUES (". implode(", ", $values) .")");
......@@ -187,13 +187,13 @@ function user_validate_mail($mail) {
** allowed.
*/
if ($mail && !eregi("^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$")) {
if ($mail && !eregi("^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$", $mail)) {
return t("The e-mail address '$mail' is not valid.");
}
}
function user_validate_authmap($account, $authname, $module) {
$result = db_query("SELECT COUNT(*) from authmap WHERE uid != '$account->uid' && authname = '$authname'");
$result = db_query("SELECT COUNT(*) from authmap WHERE uid != '$account->uid' && authname = '%s'", $authname);
if (db_result($result) > 0) {
$name = module_invoke($module, "info", "name");
return t("The %u ID %s is already taken.", array("%u" => ucfirst($name), "%s" => "<i>$authname</i>"));
......@@ -260,9 +260,9 @@ function user_mail($mail, $subject, $message, $header) {
function user_deny($type, $mask) {
$allow = db_fetch_object(db_query("SELECT * FROM access WHERE status = '1' AND type = '$type' AND LOWER('$mask') LIKE LOWER(mask)"));
$allow = db_fetch_object(db_query("SELECT * FROM access WHERE status = '1' AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask));
$deny = db_fetch_object(db_query("SELECT * FROM access WHERE status = '0' AND type = '$type' AND LOWER('$mask') LIKE LOWER(mask)"));
$deny = db_fetch_object(db_query("SELECT * FROM access WHERE status = '0' AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask));
if ($deny && !$allow) {
return 1;
......@@ -437,7 +437,7 @@ function user_get_authmaps($authname = NULL) {
** associtive array of modules and DA names. Called at external login.
*/
$result = db_query("SELECT authname, module FROM authmap WHERE authname = '$authname'");
$result = db_query("SELECT authname, module FROM authmap WHERE authname = '%s'", $authname);
if (db_num_rows($result) > 0) {
while ($authmap = db_fetch_object($result)) {
$authmaps[$authmap->module] = $authmap->authname;
......@@ -458,7 +458,7 @@ function user_set_authmaps($account, $authmaps) {
$result = db_query("INSERT INTO authmap (authname, uid, module) VALUES ('%s', '%s', '%s')", $value, $account->uid, $module[1]);
}
else {
$result = db_query("UPDATE authmap SET authname = '$value' WHERE uid = '$account->uid' && module = '$module[1]'");
$result = db_query("UPDATE authmap SET authname = '%s' WHERE uid = '$account->uid' && module = '$module[1]'", $value);
}
}
else {
......@@ -929,7 +929,6 @@ function user_edit($edit = array()) {
}
}
$output .= form_textfield(t("Homepage"), "homepage", $edit["homepage"], 30, 55, t("Optional") .". ". t("Make sure you enter a fully qualified URL: remember to include \"http://\"."));
$options = "<option value=\"\"". (("" == $key) ? " selected=\"selected\"" : "") .">". t("Default theme") ."</option>\n";
foreach (theme_list() as $key => $value) {
$options .= "<option value=\"$key\"". (($edit["theme"] == $key) ? " selected=\"selected\"" : "") .">$key - $value->description</option>\n";
......@@ -938,11 +937,10 @@ function user_edit($edit = array()) {
for ($zone = -43200; $zone <= 46800; $zone += 3600) $zones[$zone] = date("l, F dS, Y - h:i A", time() - date("Z") + $zone) ." (GMT ". $zone / 3600 .")";
$output .= form_select(t("Timezone"), "timezone", $edit["timezone"], $zones, t("Select what time you currently have and your timezone settings will be set appropriate."));
$output .= form_select(t("Language"), "language", $edit["language"], $languages, t("Selecting a different language will change the language of the site."));
$output .= form_textarea(t("Signature"), "signature", $edit["signature"], 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$output .= form_item(t("Password"), "<input type=\"password\" name=\"edit[pass1]\" size=\"12\" maxlength=\"24\" /> <input type=\"password\" name=\"edit[pass2]\" size=\"12\" maxlength=\"24\" />", t("Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password."));
$output .= form_submit(t("Save user information"));
$output = form($output);
$output = form($output, "post", 0, "enctype=\"multipart/form-data\"");
}
else {
$output = user_login();
......@@ -976,9 +974,6 @@ function user_view($uid = 0) {
}
}
$output .= form_item(t("Homepage"), "<a href=\"$user->homepage\">$user->homepage</a>");
$output .= form_item(t("Signature"), check_output($user->signature, 1));
$theme->header();
$theme->box(t("User account"), user_menu());
$theme->box(t("View user information"), $output);
......@@ -986,7 +981,6 @@ function user_view($uid = 0) {
}
else if ($uid && $account = user_load(array("uid" => $uid, "status" => 1))) {
$output .= form_item(t("Name"), check_output($account->name));
$output .= form_item(t("Homepage"), "<a href=\"$account->homepage\">$account->homepage</a>");
foreach (module_list() as $module) {
if (module_hook($module, "user")) {
......@@ -1180,7 +1174,7 @@ function user_admin_access($edit = array()) {
}
}
else if ($id) {
db_query("DELETE FROM access WHERE aid = '$id'");
db_query("DELETE FROM access WHERE aid = '%s'", $id);
}
$output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">";
......@@ -1239,10 +1233,10 @@ function user_admin_perm($edit = array()) {
while ($role = db_fetch_object($result)) {
// delete, so if we clear every checkbox we reset that role;
// otherwise permissions are active and denied everywhere
db_query("DELETE FROM permission WHERE rid = '%s' AND tid = '$tid'", $role->rid);
db_query("DELETE FROM permission WHERE rid = '%s' AND tid = '%s'", $role->rid, $tid);
$perm = $edit[$role->rid] ? implode(", ", array_keys($edit[$role->rid])) : "";
if ($perm) {
db_query("INSERT INTO permission (rid, perm, tid) VALUES ('%s', '$perm', '$tid')", $role->rid);
db_query("INSERT INTO permission (rid, perm, tid) VALUES ('%s', '%s', %s'')", $role->rid, $perm, $tid);
}
}
......@@ -1426,7 +1420,6 @@ function user_admin_edit($edit = array()) {
}
}
$output .= form_textfield(t("Homepage"), "homepage", $account->homepage, 30, 55, t("Optional") .". ". t("Make sure you enter a fully qualified URL: remember to include \"http://\"."));
foreach (theme_list() as $key => $value) {
$options .= "$value[type]<option value=\"$key\"". (($account->theme == $key) ? " selected=\"selected\"" : "") .">$key - $value->description</option>\n";
}
......@@ -1434,7 +1427,6 @@ function user_admin_edit($edit = array()) {
for ($zone = -43200; $zone <= 46800; $zone += 3600) $zones[$zone] = date("l, F dS, Y - h:i A", time() - date("Z") + $zone) ." (GMT ". $zone / 3600 .")";
$output .= form_select(t("Timezone"), "timezone", $account->timezone, $zones, t("Select what time you currently have and your timezone settings will be set appropriate."));
$output .= form_select(t("Language"), "language", $account->language, $languages, t("Selecting a different language will change the language of the site."));
$output .= form_textarea(t("Signature"), "signature", $account->signature, 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$output .= form_item(t("Password"), "<input type=\"password\" name=\"edit[pass1]\" size=\"12\" maxlength=\"24\" /> <input type=\"password\" name=\"edit[pass2]\" size=\"12\" maxlength=\"24\" />", t("Enter a new password twice if you want to change the current password for this user or leave it blank if you are happy with the current password."));
$output .= form_select("Status", "status", $account->status, array("blocked", "active"));
$output .= form_select("Role", "rid", $account->rid, user_roles(1));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment