profile.module in Drupal 6

<?php

/**
 * @file
 * Support for configurable user profiles.
 */

/**
 * Private field, content only available to privileged users.
 */
define('PROFILE_PRIVATE', 1);

/**
 * Public field, content shown on profile page but not used on member list pages.
 */
define('PROFILE_PUBLIC', 2);

/**
 * Public field, content shown on profile page and on member list pages.
 */
define('PROFILE_PUBLIC_LISTINGS', 3);

/**
 * Hidden profile field, only accessible by administrators, modules and themes.
 */
define('PROFILE_HIDDEN', 4);

/**
 * Implementation of hook_help().
 */
function profile_help($path, $arg) {
  switch ($path) {
    case 'admin/help#profile':
      $output = '<p>' . t('The profile module allows custom fields (such as country, full name, or age) to be defined and displayed in the <em>My Account</em> section. This permits users of a site to share more information about themselves, and can help community-based sites organize users around specific information.') . '</p>';
      $output .= '<p>' . t('The following types of fields can be added to a user profile:') . '</p>';
      $output .= '<ul><li>' . t('single-line textfield') . '</li>';
      $output .= '<li>' . t('multi-line textfield') . '</li>';
      $output .= '<li>' . t('checkbox') . '</li>';
      $output .= '<li>' . t('list selection') . '</li>';
      $output .= '<li>' . t('freeform list') . '</li>';
      $output .= '<li>' . t('URL') . '</li>';
      $output .= '<li>' . t('date') . '</li></ul>';
      $output .= '<p>' . t('For more information, see the online handbook entry for <a href="@profile">Profile module</a>.', array(
        '@profile' => 'http://drupal.org/handbook/modules/profile/',
      )) . '</p>';
      return $output;
    case 'admin/user/profile':
      return '<p>' . t("This page displays a list of the existing custom profile fields to be displayed on a user's <em>My Account</em> page. To provide structure, similar or related fields may be placed inside a category. To add a new category (or edit an existing one), edit a profile field and provide a new category name. To change the category of a field or the order of fields within a category, grab a drag-and-drop handle under the Title column and drag the field to a new location in the list. (Grab a handle by clicking and holding the mouse while hovering over a handle icon.) Remember that your changes will not be saved until you click the <em>Save configuration</em> button at the bottom of the page.") . '</p>';
  }
}

/**
 * Implementation of hook_theme()
 */
function profile_theme() {
  return array(
    'profile_block' => array(
      'arguments' => array(
        'account' => NULL,
        'fields' => array(),
      ),
      'template' => 'profile-block',
    ),
    'profile_listing' => array(
      'arguments' => array(
        'account' => NULL,
        'fields' => array(),
      ),
      'template' => 'profile-listing',
    ),
    'profile_wrapper' => array(
      'arguments' => array(
        'content' => NULL,
      ),
      'template' => 'profile-wrapper',
    ),
    'profile_admin_overview' => array(
      'arguments' => array(
        'form' => NULL,
      ),
      'file' => 'profile.admin.inc',
    ),
  );
}

/**
 * Implementation of hook_menu().
 */
function profile_menu() {
  $items['profile'] = array(
    'title' => 'User list',
    'page callback' => 'profile_browse',
    'access arguments' => array(
      'access user profiles',
    ),
    'type' => MENU_SUGGESTED_ITEM,
    'file' => 'profile.pages.inc',
  );
  $items['admin/user/profile'] = array(
    'title' => 'Profiles',
    'description' => 'Create customizable fields for your users.',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'profile_admin_overview',
    ),
    'access arguments' => array(
      'administer users',
    ),
    'file' => 'profile.admin.inc',
  );
  $items['admin/user/profile/add'] = array(
    'title' => 'Add field',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'profile_field_form',
    ),
    'access arguments' => array(
      'administer users',
    ),
    'type' => MENU_CALLBACK,
    'file' => 'profile.admin.inc',
  );
  $items['admin/user/profile/autocomplete'] = array(
    'title' => 'Profile category autocomplete',
    'page callback' => 'profile_admin_settings_autocomplete',
    'access arguments' => array(
      'administer users',
    ),
    'type' => MENU_CALLBACK,
    'file' => 'profile.admin.inc',
  );
  $items['admin/user/profile/edit'] = array(
    'title' => 'Edit field',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'profile_field_form',
    ),
    'access arguments' => array(
      'administer users',
    ),
    'type' => MENU_CALLBACK,
    'file' => 'profile.admin.inc',
  );
  $items['admin/user/profile/delete'] = array(
    'title' => 'Delete field',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'profile_field_delete',
    ),
    'access arguments' => array(
      'administer users',
    ),
    'type' => MENU_CALLBACK,
    'file' => 'profile.admin.inc',
  );
  $items['profile/autocomplete'] = array(
    'title' => 'Profile autocomplete',
    'page callback' => 'profile_autocomplete',
    'access arguments' => array(
      'access user profiles',
    ),
    'type' => MENU_CALLBACK,
    'file' => 'profile.pages.inc',
  );
  return $items;
}

/**
 * Implementation of hook_block().
 */
function profile_block($op = 'list', $delta = 0, $edit = array()) {
  if ($op == 'list') {
    $blocks[0]['info'] = t('Author information');
    $blocks[0]['cache'] = BLOCK_CACHE_PER_PAGE | BLOCK_CACHE_PER_ROLE;
    return $blocks;
  }
  else {
    if ($op == 'configure' && $delta == 0) {

      // Compile a list of fields to show
      $fields = array();
      $result = db_query('SELECT name, title, weight, visibility FROM {profile_fields} WHERE visibility IN (%d, %d) ORDER BY weight', PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS);
      while ($record = db_fetch_object($result)) {
        $fields[$record->name] = check_plain($record->title);
      }
      $fields['user_profile'] = t('Link to full user profile');
      $form['profile_block_author_fields'] = array(
        '#type' => 'checkboxes',
        '#title' => t('Profile fields to display'),
        '#default_value' => variable_get('profile_block_author_fields', array()),
        '#options' => $fields,
        '#description' => t('Select which profile fields you wish to display in the block. Only fields designated as public in the <a href="@profile-admin">profile field configuration</a> are available.', array(
          '@profile-admin' => url('admin/user/profile'),
        )),
      );
      return $form;
    }
    else {
      if ($op == 'save' && $delta == 0) {
        variable_set('profile_block_author_fields', $edit['profile_block_author_fields']);
      }
      else {
        if ($op == 'view') {
          if (user_access('access user profiles')) {
            $output = '';
            if (arg(0) == 'node' && is_numeric(arg(1)) && arg(2) == NULL) {
              $node = node_load(arg(1));
              $account = user_load(array(
                'uid' => $node->uid,
              ));
              if ($use_fields = variable_get('profile_block_author_fields', array())) {

                // Compile a list of fields to show.
                $fields = array();
                $result = db_query('SELECT name, title, type, visibility, weight FROM {profile_fields} WHERE visibility IN (%d, %d) ORDER BY weight', PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS);
                while ($record = db_fetch_object($result)) {

                  // Ensure that field is displayed only if it is among the defined block fields and, if it is private, the user has appropriate permissions.
                  if (isset($use_fields[$record->name]) && $use_fields[$record->name]) {
                    $fields[] = $record;
                  }
                }
              }
              if (!empty($fields)) {
                $profile = _profile_update_user_fields($fields, $account);
                $output .= theme('profile_block', $account, $profile, TRUE);
              }
              if (isset($use_fields['user_profile']) && $use_fields['user_profile']) {
                $output .= '<div>' . l(t('View full user profile'), 'user/' . $account->uid) . '</div>';
              }
            }
            if ($output) {
              $block['subject'] = t('About %name', array(
                '%name' => $account->name,
              ));
              $block['content'] = $output;
              return $block;
            }
          }
        }
      }
    }
  }
}

/**
 * Implementation of hook_user().
 */
function profile_user($type, &$edit, &$user, $category = NULL) {
  switch ($type) {
    case 'load':
      return profile_load_profile($user);
    case 'register':
      return profile_form_profile($edit, $user, $category, TRUE);
    case 'update':
      return profile_save_profile($edit, $user, $category);
    case 'insert':
      return profile_save_profile($edit, $user, $category, TRUE);
    case 'view':
      return profile_view_profile($user);
    case 'form':
      return profile_form_profile($edit, $user, $category);
    case 'validate':
      return profile_validate_profile($edit, $category);
    case 'categories':
      return profile_categories();
    case 'delete':
      db_query('DELETE FROM {profile_values} WHERE uid = %d', $user->uid);
  }
}
function profile_load_profile(&$user) {
  $result = db_query('SELECT f.name, f.type, v.value FROM {profile_fields} f INNER JOIN {profile_values} v ON f.fid = v.fid WHERE uid = %d', $user->uid);
  while ($field = db_fetch_object($result)) {
    if (empty($user->{$field->name})) {
      $user->{$field->name} = _profile_field_serialize($field->type) ? unserialize($field->value) : $field->value;
    }
  }
}
function profile_save_profile(&$edit, &$user, $category, $register = FALSE) {
  $result = _profile_get_fields($category, $register);
  while ($field = db_fetch_object($result)) {
    if (_profile_field_serialize($field->type)) {
      $edit[$field->name] = serialize($edit[$field->name]);
    }
    db_query("DELETE FROM {profile_values} WHERE fid = %d AND uid = %d", $field->fid, $user->uid);
    db_query("INSERT INTO {profile_values} (fid, uid, value) VALUES (%d, %d, '%s')", $field->fid, $user->uid, $edit[$field->name]);

    // Mark field as handled (prevents saving to user->data).
    $edit[$field->name] = NULL;
  }
}
function profile_view_field($user, $field) {

  // Only allow browsing of private fields for admins, if browsing is enabled,
  // and if a user has permission to view profiles. Note that this check is
  // necessary because a user may always see their own profile.
  $browse = user_access('access user profiles') && (user_access('administer users') || $field->visibility != PROFILE_PRIVATE) && !empty($field->page);
  if (isset($user->{$field->name}) && ($value = $user->{$field->name})) {
    switch ($field->type) {
      case 'textarea':
        return check_markup($value);
      case 'textfield':
      case 'selection':
        return $browse ? l($value, 'profile/' . $field->name . '/' . $value) : check_plain($value);
      case 'checkbox':
        return $browse ? l($field->title, 'profile/' . $field->name) : check_plain($field->title);
      case 'url':
        return '<a href="' . check_url($value) . '">' . check_plain($value) . '</a>';
      case 'date':
        $format = substr(variable_get('date_format_short', 'm/d/Y - H:i'), 0, 5);

        // Note: Avoid PHP's date() because it does not handle dates before
        // 1970 on Windows. This would make the date field useless for e.g.
        // birthdays.
        $replace = array(
          'd' => sprintf('%02d', $value['day']),
          'j' => $value['day'],
          'm' => sprintf('%02d', $value['month']),
          'M' => map_month($value['month']),
          'Y' => $value['year'],
          'H:i' => NULL,
          'g:ia' => NULL,
        );
        return strtr($format, $replace);
      case 'list':
        $values = split("[,\n\r]", $value);
        $fields = array();
        foreach ($values as $value) {
          if ($value = trim($value)) {
            $fields[] = $browse ? l($value, 'profile/' . $field->name . '/' . $value) : check_plain($value);
          }
        }
        return implode(', ', $fields);
    }
  }
}
function profile_view_profile(&$user) {
  profile_load_profile($user);

  // Show private fields to administrators and people viewing their own account.
  if (user_access('administer users') || $GLOBALS['user']->uid == $user->uid) {
    $result = db_query('SELECT * FROM {profile_fields} WHERE visibility != %d ORDER BY category, weight', PROFILE_HIDDEN);
  }
  else {
    $result = db_query('SELECT * FROM {profile_fields} WHERE visibility != %d AND visibility != %d ORDER BY category, weight', PROFILE_PRIVATE, PROFILE_HIDDEN);
  }
  $fields = array();
  while ($field = db_fetch_object($result)) {
    if ($value = profile_view_field($user, $field)) {
      $title = $field->type != 'checkbox' ? check_plain($field->title) : NULL;

      // Create a single fieldset for each category.
      if (!isset($user->content[$field->category])) {
        $user->content[$field->category] = array(
          '#type' => 'user_profile_category',
          '#title' => $field->category,
        );
      }
      $user->content[$field->category][$field->name] = array(
        '#type' => 'user_profile_item',
        '#title' => $title,
        '#value' => $value,
        '#weight' => $field->weight,
        '#attributes' => array(
          'class' => 'profile-' . $field->name,
        ),
      );
    }
  }
}
function _profile_form_explanation($field) {
  $output = $field->explanation;
  if ($field->type == 'list') {
    $output .= ' ' . t('Put each item on a separate line or separate them by commas. No HTML allowed.');
  }
  if ($field->visibility == PROFILE_PRIVATE) {
    $output .= ' ' . t('The content of this field is kept private and will not be shown publicly.');
  }
  return $output;
}
function profile_form_profile($edit, $user, $category, $register = FALSE) {
  $result = _profile_get_fields($category, $register);
  $weight = 1;
  $fields = array();
  while ($field = db_fetch_object($result)) {
    $category = $field->category;
    if (!isset($fields[$category])) {
      $fields[$category] = array(
        '#type' => 'fieldset',
        '#title' => check_plain($category),
        '#weight' => $weight++,
      );
    }
    switch ($field->type) {
      case 'textfield':
      case 'url':
        $fields[$category][$field->name] = array(
          '#type' => 'textfield',
          '#title' => check_plain($field->title),
          '#default_value' => isset($edit[$field->name]) ? $edit[$field->name] : '',
          '#maxlength' => 255,
          '#description' => _profile_form_explanation($field),
          '#required' => $field->required,
        );
        if ($field->autocomplete) {
          $fields[$category][$field->name]['#autocomplete_path'] = "profile/autocomplete/" . $field->fid;
        }
        break;
      case 'textarea':
        $fields[$category][$field->name] = array(
          '#type' => 'textarea',
          '#title' => check_plain($field->title),
          '#default_value' => isset($edit[$field->name]) ? $edit[$field->name] : '',
          '#description' => _profile_form_explanation($field),
          '#required' => $field->required,
        );
        break;
      case 'list':
        $fields[$category][$field->name] = array(
          '#type' => 'textarea',
          '#title' => check_plain($field->title),
          '#default_value' => isset($edit[$field->name]) ? $edit[$field->name] : '',
          '#description' => _profile_form_explanation($field),
          '#required' => $field->required,
        );
        break;
      case 'checkbox':
        $fields[$category][$field->name] = array(
          '#type' => 'checkbox',
          '#title' => check_plain($field->title),
          '#default_value' => isset($edit[$field->name]) ? $edit[$field->name] : '',
          '#description' => _profile_form_explanation($field),
          '#required' => $field->required,
        );
        break;
      case 'selection':
        $options = $field->required ? array() : array(
          '--',
        );
        $lines = split("[\n\r]", $field->options);
        foreach ($lines as $line) {
          if ($line = trim($line)) {
            $options[$line] = $line;
          }
        }
        $fields[$category][$field->name] = array(
          '#type' => 'select',
          '#title' => check_plain($field->title),
          '#default_value' => isset($edit[$field->name]) ? $edit[$field->name] : '',
          '#options' => $options,
          '#description' => _profile_form_explanation($field),
          '#required' => $field->required,
        );
        break;
      case 'date':
        $fields[$category][$field->name] = array(
          '#type' => 'date',
          '#title' => check_plain($field->title),
          '#default_value' => isset($edit[$field->name]) ? $edit[$field->name] : '',
          '#description' => _profile_form_explanation($field),
          '#required' => $field->required,
        );
        break;
    }
  }
  return $fields;
}

/**
 * Helper function: update an array of user fields by calling profile_view_field
 */
function _profile_update_user_fields($fields, $account) {
  foreach ($fields as $key => $field) {
    $fields[$key]->value = profile_view_field($account, $field);
  }
  return $fields;
}
function profile_validate_profile($edit, $category) {
  $result = _profile_get_fields($category);
  while ($field = db_fetch_object($result)) {
    if ($edit[$field->name]) {
      if ($field->type == 'url') {
        if (!valid_url($edit[$field->name], TRUE)) {
          form_set_error($field->name, t('The value provided for %field is not a valid URL.', array(
            '%field' => $field->title,
          )));
        }
      }
    }
    else {
      if ($field->required && !user_access('administer users')) {
        form_set_error($field->name, t('The field %field is required.', array(
          '%field' => $field->title,
        )));
      }
    }
  }
  return $edit;
}
function profile_categories() {
  $result = db_query("SELECT DISTINCT(category) FROM {profile_fields}");
  $data = array();
  while ($category = db_fetch_object($result)) {
    $data[] = array(
      'name' => $category->category,
      'title' => $category->category,
      'weight' => 3,
      'access callback' => 'profile_category_access',
      'access arguments' => array(
        1,
        $category->category,
      ),
    );
  }
  return $data;
}

/**
 * Menu item access callback - check if a user has access to a profile category.
 */
function profile_category_access($account, $category) {
  if (user_access('administer users') && $account->uid > 0) {
    return TRUE;
  }
  else {
    return user_edit_access($account) && db_result(db_query("SELECT COUNT(*) FROM {profile_fields} WHERE category = '%s' AND visibility <> %d", $category, PROFILE_HIDDEN));
  }
}

/**
 * Process variables for profile-block.tpl.php.
 *
 * The $variables array contains the following arguments:
 * - $account
 * - $fields
 *
 * @see profile-block.tpl.php
 */
function template_preprocess_profile_block(&$variables) {
  $variables['picture'] = theme('user_picture', $variables['account']);
  $variables['profile'] = array();

  // Supply filtered version of $fields that have values.
  foreach ($variables['fields'] as $field) {
    if ($field->value) {
      $variables['profile'][$field->name]->title = check_plain($field->title);
      $variables['profile'][$field->name]->value = $field->value;
      $variables['profile'][$field->name]->type = $field->type;
    }
  }
}

/**
 * Process variables for profile-listing.tpl.php.
 *
 * The $variables array contains the following arguments:
 * - $account
 * - $fields
 *
 * @see profile-listing.tpl.php
 */
function template_preprocess_profile_listing(&$variables) {
  $variables['picture'] = theme('user_picture', $variables['account']);
  $variables['name'] = theme('username', $variables['account']);
  $variables['profile'] = array();

  // Supply filtered version of $fields that have values.
  foreach ($variables['fields'] as $field) {
    if ($field->value) {
      $variables['profile'][$field->name]->title = $field->title;
      $variables['profile'][$field->name]->value = $field->value;
      $variables['profile'][$field->name]->type = $field->type;
    }
  }
}

/**
 * Process variables for profile-wrapper.tpl.php.
 *
 * The $variables array contains the following arguments:
 * - $content
 *
 * @see profile-wrapper.tpl.php
 */
function template_preprocess_profile_wrapper(&$variables) {
  $variables['current_field'] = '';
  if ($field = arg(1)) {
    $variables['current_field'] = $field;

    // Supply an alternate template suggestion based on the browsable field.
    $variables['template_files'][] = 'profile-wrapper-' . $field;
  }
}
function _profile_field_types($type = NULL) {
  $types = array(
    'textfield' => t('single-line textfield'),
    'textarea' => t('multi-line textfield'),
    'checkbox' => t('checkbox'),
    'selection' => t('list selection'),
    'list' => t('freeform list'),
    'url' => t('URL'),
    'date' => t('date'),
  );
  return isset($type) ? $types[$type] : $types;
}
function _profile_field_serialize($type = NULL) {
  return $type == 'date';
}
function _profile_get_fields($category, $register = FALSE) {
  $args = array();
  $sql = 'SELECT * FROM {profile_fields} WHERE ';
  $filters = array();
  if ($register) {
    $filters[] = 'register = 1';
  }
  else {

    // Use LOWER('%s') instead of PHP's strtolower() to avoid UTF-8 conversion issues.
    $filters[] = "LOWER(category) = LOWER('%s')";
    $args[] = $category;
  }
  if (!user_access('administer users')) {
    $filters[] = 'visibility != %d';
    $args[] = PROFILE_HIDDEN;
  }
  $sql .= implode(' AND ', $filters);
  $sql .= ' ORDER BY category, weight';
  return db_query($sql, $args);
}