View source
<?php
define('USERNAME_MAX_LENGTH', 60);
define('EMAIL_MAX_LENGTH', 64);
function user_module_invoke($op, &$edit, &$account, $category = NULL) {
foreach (module_list() as $module) {
$function = $module . '_user';
if (function_exists($function)) {
$function($op, $edit, $account, $category);
}
}
}
function user_theme() {
return array(
'user_picture' => array(
'arguments' => array(
'account' => NULL,
),
'template' => 'user-picture',
),
'user_profile' => array(
'arguments' => array(
'account' => NULL,
),
'template' => 'user-profile',
'file' => 'user.pages.inc',
),
'user_profile_category' => array(
'arguments' => array(
'element' => NULL,
),
'template' => 'user-profile-category',
'file' => 'user.pages.inc',
),
'user_profile_item' => array(
'arguments' => array(
'element' => NULL,
),
'template' => 'user-profile-item',
'file' => 'user.pages.inc',
),
'user_list' => array(
'arguments' => array(
'users' => NULL,
'title' => NULL,
),
),
'user_admin_perm' => array(
'arguments' => array(
'form' => NULL,
),
'file' => 'user.admin.inc',
),
'user_admin_new_role' => array(
'arguments' => array(
'form' => NULL,
),
'file' => 'user.admin.inc',
),
'user_admin_account' => array(
'arguments' => array(
'form' => NULL,
),
'file' => 'user.admin.inc',
),
'user_filter_form' => array(
'arguments' => array(
'form' => NULL,
),
'file' => 'user.admin.inc',
),
'user_filters' => array(
'arguments' => array(
'form' => NULL,
),
'file' => 'user.admin.inc',
),
'user_signature' => array(
'arguments' => array(
'signature' => NULL,
),
),
);
}
function user_external_load($authname) {
$result = db_query("SELECT uid FROM {authmap} WHERE authname = '%s'", $authname);
if ($user = db_fetch_array($result)) {
return user_load($user);
}
else {
return 0;
}
}
function user_external_login($account, $edit = array()) {
$form = drupal_get_form('user_login');
$state['values'] = $edit;
if (empty($state['values']['name'])) {
$state['values']['name'] = $account->name;
}
user_login_name_validate($form, $state, (array) $account);
if (form_get_errors()) {
return FALSE;
}
global $user;
$user = $account;
user_authenticate_finalize($state['values']);
return TRUE;
}
function user_load($user_info = array()) {
$query = array();
$params = array();
if (is_numeric($user_info)) {
$user_info = array(
'uid' => $user_info,
);
}
elseif (!is_array($user_info)) {
return FALSE;
}
foreach ($user_info as $key => $value) {
if ($key == 'uid' || $key == 'status') {
$query[] = "{$key} = %d";
$params[] = $value;
}
else {
if ($key == 'pass') {
$query[] = "pass = '%s'";
$params[] = md5($value);
}
else {
$query[] = "LOWER({$key}) = LOWER('%s')";
$params[] = $value;
}
}
}
$result = db_query('SELECT * FROM {users} u WHERE ' . implode(' AND ', $query), $params);
if ($user = db_fetch_object($result)) {
$user = drupal_unpack($user);
$user->roles = array();
if ($user->uid) {
$user->roles[DRUPAL_AUTHENTICATED_RID] = 'authenticated user';
}
else {
$user->roles[DRUPAL_ANONYMOUS_RID] = 'anonymous user';
}
$result = db_query('SELECT r.rid, r.name FROM {role} r INNER JOIN {users_roles} ur ON ur.rid = r.rid WHERE ur.uid = %d', $user->uid);
while ($role = db_fetch_object($result)) {
$user->roles[$role->rid] = $role->name;
}
user_module_invoke('load', $user_info, $user);
}
else {
$user = FALSE;
}
return $user;
}
function user_save($account, $array = array(), $category = 'account') {
$user_fields = user_fields();
if (is_object($account) && $account->uid) {
user_module_invoke('update', $array, $account, $category);
$query = '';
$data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid)));
if (empty($array['access']) && empty($account->access) && user_access('administer users')) {
$array['access'] = time();
}
foreach ($array as $key => $value) {
if ($key == 'pass' && !empty($value)) {
$query .= "{$key} = '%s', ";
$v[] = md5($value);
}
else {
if (substr($key, 0, 4) !== 'auth' && $key != 'pass') {
if (in_array($key, $user_fields)) {
$query .= "{$key} = '%s', ";
$v[] = $value;
}
else {
if ($key != 'roles') {
if ($value === NULL) {
unset($data[$key]);
}
elseif (!empty($key)) {
$data[$key] = $value;
}
}
}
}
}
}
$query .= "data = '%s' ";
$v[] = serialize($data);
$success = db_query("UPDATE {users} SET {$query} WHERE uid = %d", array_merge($v, array(
$account->uid,
)));
if (!$success) {
return FALSE;
}
if (isset($array['roles']) && is_array($array['roles'])) {
db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
foreach (array_keys($array['roles']) as $rid) {
if (!in_array($rid, array(
DRUPAL_ANONYMOUS_RID,
DRUPAL_AUTHENTICATED_RID,
))) {
db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $account->uid, $rid);
}
}
}
if (isset($array['status']) && $array['status'] == 0) {
sess_destroy_uid($account->uid);
}
if (!empty($array['pass'])) {
sess_destroy_uid($account->uid);
if ($account->uid == $GLOBALS['user']->uid) {
sess_regenerate();
}
}
$user = user_load(array(
'uid' => $account->uid,
));
if (isset($array['status']) && $array['status'] != $account->status) {
$op = $array['status'] == 1 ? 'status_activated' : 'status_blocked';
_user_mail_notify($op, $user);
}
user_module_invoke('after_update', $array, $user, $category);
}
else {
if (!isset($array['created'])) {
$array['created'] = time();
}
if (empty($array['access']) && user_access('administer users')) {
$array['access'] = time();
}
foreach ($array as $key => $value) {
switch ($key) {
case 'pass':
$fields[] = $key;
$values[] = md5($value);
$s[] = "'%s'";
break;
case 'mode':
case 'sort':
case 'timezone':
case 'threshold':
case 'created':
case 'access':
case 'login':
case 'status':
$fields[] = $key;
$values[] = $value;
$s[] = "%d";
break;
default:
if (substr($key, 0, 4) !== 'auth' && in_array($key, $user_fields)) {
$fields[] = $key;
$values[] = $value;
$s[] = "'%s'";
}
break;
}
}
$success = db_query('INSERT INTO {users} (' . implode(', ', $fields) . ') VALUES (' . implode(', ', $s) . ')', $values);
if (!$success) {
return FALSE;
}
$array['uid'] = db_last_insert_id('users', 'uid');
$user = user_load(array(
'uid' => $array['uid'],
));
user_module_invoke('insert', $array, $user, $category);
$data = array();
foreach ($array as $key => $value) {
if (substr($key, 0, 4) !== 'auth' && $key != 'roles' && !in_array($key, $user_fields) && $value !== NULL) {
$data[$key] = $value;
}
}
db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid);
if (isset($array['roles']) && is_array($array['roles'])) {
db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
foreach (array_keys($array['roles']) as $rid) {
if (!in_array($rid, array(
DRUPAL_ANONYMOUS_RID,
DRUPAL_AUTHENTICATED_RID,
))) {
db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
}
}
}
$user = user_load(array(
'uid' => $array['uid'],
));
}
$authmaps = array();
foreach ($array as $key => $value) {
if (substr($key, 0, 4) == 'auth') {
$authmaps[$key] = $value;
}
}
if (sizeof($authmaps) > 0) {
user_set_authmaps($user, $authmaps);
}
return $user;
}
function user_validate_name($name) {
if (!strlen($name)) {
return t('You must enter a username.');
}
if (substr($name, 0, 1) == ' ') {
return t('The username cannot begin with a space.');
}
if (substr($name, -1) == ' ') {
return t('The username cannot end with a space.');
}
if (strpos($name, ' ') !== FALSE) {
return t('The username cannot contain multiple spaces in a row.');
}
if (preg_match('/[^\\x{80}-\\x{F7} a-z0-9@_.\'-]/i', $name)) {
return t('The username contains an illegal character.');
}
if (preg_match('/[\\x{80}-\\x{A0}' . '\\x{AD}' . '\\x{2000}-\\x{200F}' . '\\x{2028}-\\x{202F}' . '\\x{205F}-\\x{206F}' . '\\x{FEFF}' . '\\x{FF01}-\\x{FF60}' . '\\x{FFF9}-\\x{FFFD}' . '\\x{0}-\\x{1F}]/u', $name)) {
return t('The username contains an illegal character.');
}
if (drupal_strlen($name) > USERNAME_MAX_LENGTH) {
return t('The username %name is too long: it must be %max characters or less.', array(
'%name' => $name,
'%max' => USERNAME_MAX_LENGTH,
));
}
}
function user_validate_mail($mail) {
if (!$mail) {
return t('You must enter an e-mail address.');
}
if (!valid_email_address($mail)) {
return t('The e-mail address %mail is not valid.', array(
'%mail' => $mail,
));
}
}
function user_validate_picture(&$form, &$form_state) {
$validators = array(
'file_validate_is_image' => array(),
'file_validate_image_resolution' => array(
variable_get('user_picture_dimensions', '85x85'),
),
'file_validate_size' => array(
variable_get('user_picture_file_size', '30') * 1024,
),
);
if ($file = file_save_upload('picture_upload', $validators)) {
if (isset($form_state['values']['_account']->picture) && file_exists($form_state['values']['_account']->picture)) {
file_delete($form_state['values']['_account']->picture);
}
$info = image_get_info($file->filepath);
$destination = variable_get('user_picture_path', 'pictures') . '/picture-' . $form['#uid'] . '.' . $info['extension'];
if (file_copy($file, $destination, FILE_EXISTS_REPLACE)) {
$form_state['values']['picture'] = $file->filepath;
}
else {
form_set_error('picture_upload', t("Failed to upload the picture image; the %directory directory doesn't exist or is not writable.", array(
'%directory' => variable_get('user_picture_path', 'pictures'),
)));
}
}
}
function user_password($length = 10) {
$allowable_characters = 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789';
$len = strlen($allowable_characters) - 1;
$pass = '';
for ($i = 0; $i < $length; $i++) {
do {
$index = ord(drupal_random_bytes(1));
} while ($index > $len);
$pass .= $allowable_characters[$index];
}
return $pass;
}
function user_access($string, $account = NULL, $reset = FALSE) {
global $user;
static $perm = array();
if ($reset) {
$perm = array();
}
if (!isset($account)) {
$account = $user;
}
if ($account->uid == 1) {
return TRUE;
}
if (!isset($perm[$account->uid])) {
$result = db_query("SELECT p.perm FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (" . db_placeholders($account->roles) . ")", array_keys($account->roles));
$perms = array();
while ($row = db_fetch_object($result)) {
$perms += array_flip(explode(', ', $row->perm));
}
$perm[$account->uid] = $perms;
}
return isset($perm[$account->uid][$string]);
}
function user_is_blocked($name) {
$deny = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name));
return $deny;
}
function user_fields() {
static $fields;
if (!$fields) {
$result = db_query('SELECT * FROM {users} WHERE uid = 1');
if ($field = db_fetch_array($result)) {
$fields = array_keys($field);
}
else {
$fields = array(
'uid',
'name',
'pass',
'mail',
'picture',
'mode',
'sort',
'threshold',
'theme',
'signature',
'signature_format',
'created',
'access',
'login',
'status',
'timezone',
'language',
'init',
'data',
);
}
}
return $fields;
}
function user_perm() {
return array(
'administer permissions',
'administer users',
'access user profiles',
'change own username',
);
}
function user_file_download($file) {
if (strpos($file, variable_get('user_picture_path', 'pictures') . '/picture-') === 0) {
$info = image_get_info(file_create_path($file));
return array(
'Content-type: ' . $info['mime_type'],
);
}
}
function user_search($op = 'search', $keys = NULL, $skip_access_check = FALSE) {
switch ($op) {
case 'name':
if ($skip_access_check || user_access('access user profiles')) {
return t('Users');
}
case 'search':
if (user_access('access user profiles')) {
$find = array();
$keys = preg_replace('!\\*+!', '%', $keys);
if (user_access('administer users')) {
$result = pager_query("SELECT name, uid, mail FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%') OR LOWER(mail) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys, $keys);
while ($account = db_fetch_object($result)) {
$find[] = array(
'title' => $account->name . ' (' . $account->mail . ')',
'link' => url('user/' . $account->uid, array(
'absolute' => TRUE,
)),
);
}
}
else {
$result = pager_query("SELECT name, uid FROM {users} WHERE status = 1 AND LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
while ($account = db_fetch_object($result)) {
$find[] = array(
'title' => $account->name,
'link' => url('user/' . $account->uid, array(
'absolute' => TRUE,
)),
);
}
}
return $find;
}
}
}
function user_elements() {
return array(
'user_profile_category' => array(),
'user_profile_item' => array(),
);
}
function user_user($type, &$edit, &$account, $category = NULL) {
if ($type == 'view') {
$account->content['user_picture'] = array(
'#value' => theme('user_picture', $account),
'#weight' => -10,
);
if (!isset($account->content['summary'])) {
$account->content['summary'] = array();
}
$account->content['summary'] += array(
'#type' => 'user_profile_category',
'#attributes' => array(
'class' => 'user-member',
),
'#weight' => 5,
'#title' => t('History'),
);
$account->content['summary']['member_for'] = array(
'#type' => 'user_profile_item',
'#title' => t('Member for'),
'#value' => format_interval(time() - $account->created),
);
}
if ($type == 'form' && $category == 'account') {
$form_state = array();
return user_edit_form($form_state, isset($account->uid) ? $account->uid : FALSE, $edit);
}
if ($type == 'validate' && $category == 'account') {
return _user_edit_validate(isset($account->uid) ? $account->uid : FALSE, $edit);
}
if ($type == 'submit') {
if ($category == 'account') {
return _user_edit_submit(isset($account->uid) ? $account->uid : FALSE, $edit);
}
elseif (isset($edit['roles'])) {
$edit['roles'] = array_filter($edit['roles']);
}
}
if ($type == 'categories') {
return array(
array(
'name' => 'account',
'title' => t('Account settings'),
'weight' => 1,
),
);
}
}
function user_login_block() {
$form = array(
'#action' => url($_GET['q'], array(
'query' => drupal_get_destination(),
'external' => FALSE,
)),
'#id' => 'user-login-form',
'#validate' => user_login_default_validators(),
'#submit' => array(
'user_login_submit',
),
);
$form['name'] = array(
'#type' => 'textfield',
'#title' => t('Username'),
'#maxlength' => USERNAME_MAX_LENGTH,
'#size' => 15,
'#required' => TRUE,
);
$form['pass'] = array(
'#type' => 'password',
'#title' => t('Password'),
'#maxlength' => 60,
'#size' => 15,
'#required' => TRUE,
);
$form['submit'] = array(
'#type' => 'submit',
'#value' => t('Log in'),
);
$items = array();
if (variable_get('user_register', 1)) {
$items[] = l(t('Create new account'), 'user/register', array(
'attributes' => array(
'title' => t('Create a new user account.'),
),
));
}
$items[] = l(t('Request new password'), 'user/password', array(
'attributes' => array(
'title' => t('Request new password via e-mail.'),
),
));
$form['links'] = array(
'#value' => theme('item_list', $items),
);
return $form;
}
function user_block($op = 'list', $delta = 0, $edit = array()) {
global $user;
if ($op == 'list') {
$blocks[0]['info'] = t('User login');
$blocks[0]['cache'] = BLOCK_NO_CACHE;
$blocks[1]['info'] = t('Navigation');
$blocks[1]['cache'] = BLOCK_NO_CACHE;
$blocks[2]['info'] = t('Who\'s new');
$blocks[3]['info'] = t('Who\'s online');
$blocks[3]['cache'] = BLOCK_NO_CACHE;
return $blocks;
}
else {
if ($op == 'configure' && $delta == 2) {
$form['user_block_whois_new_count'] = array(
'#type' => 'select',
'#title' => t('Number of users to display'),
'#default_value' => variable_get('user_block_whois_new_count', 5),
'#options' => drupal_map_assoc(array(
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
)),
);
return $form;
}
else {
if ($op == 'configure' && $delta == 3) {
$period = drupal_map_assoc(array(
30,
60,
120,
180,
300,
600,
900,
1800,
2700,
3600,
5400,
7200,
10800,
21600,
43200,
86400,
), 'format_interval');
$form['user_block_seconds_online'] = array(
'#type' => 'select',
'#title' => t('User activity'),
'#default_value' => variable_get('user_block_seconds_online', 900),
'#options' => $period,
'#description' => t('A user is considered online for this long after they have last viewed a page.'),
);
$form['user_block_max_list_count'] = array(
'#type' => 'select',
'#title' => t('User list length'),
'#default_value' => variable_get('user_block_max_list_count', 10),
'#options' => drupal_map_assoc(array(
0,
5,
10,
15,
20,
25,
30,
40,
50,
75,
100,
)),
'#description' => t('Maximum number of currently online users to display.'),
);
return $form;
}
else {
if ($op == 'save' && $delta == 2) {
variable_set('user_block_whois_new_count', $edit['user_block_whois_new_count']);
}
else {
if ($op == 'save' && $delta == 3) {
variable_set('user_block_seconds_online', $edit['user_block_seconds_online']);
variable_set('user_block_max_list_count', $edit['user_block_max_list_count']);
}
else {
if ($op == 'view') {
$block = array();
switch ($delta) {
case 0:
if (!$user->uid && !(arg(0) == 'user' && !is_numeric(arg(1)))) {
$block['subject'] = t('User login');
$block['content'] = drupal_get_form('user_login_block');
}
return $block;
case 1:
if ($menu = menu_tree()) {
$block['subject'] = $user->uid ? check_plain($user->name) : t('Navigation');
$block['content'] = $menu;
}
return $block;
case 2:
if (user_access('access content')) {
$result = db_query_range('SELECT uid, name FROM {users} WHERE status != 0 AND access != 0 ORDER BY created DESC', 0, variable_get('user_block_whois_new_count', 5));
while ($account = db_fetch_object($result)) {
$items[] = $account;
}
$output = theme('user_list', $items);
$block['subject'] = t('Who\'s new');
$block['content'] = $output;
}
return $block;
case 3:
if (user_access('access content')) {
$interval = time() - variable_get('user_block_seconds_online', 900);
$anonymous_count = sess_count($interval);
$authenticated_count = db_result(db_query('SELECT COUNT(DISTINCT s.uid) FROM {sessions} s WHERE s.timestamp >= %d AND s.uid > 0', $interval));
if ($anonymous_count == 1 && $authenticated_count == 1) {
$output = t('There is currently %members and %visitors online.', array(
'%members' => format_plural($authenticated_count, '1 user', '@count users'),
'%visitors' => format_plural($anonymous_count, '1 guest', '@count guests'),
));
}
else {
$output = t('There are currently %members and %visitors online.', array(
'%members' => format_plural($authenticated_count, '1 user', '@count users'),
'%visitors' => format_plural($anonymous_count, '1 guest', '@count guests'),
));
}
$max_users = variable_get('user_block_max_list_count', 10);
if ($authenticated_count && $max_users) {
$authenticated_users = db_query_range('SELECT u.uid, u.name, MAX(s.timestamp) AS timestamp FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.timestamp >= %d AND s.uid > 0 GROUP BY u.uid, u.name ORDER BY s.timestamp DESC', $interval, 0, $max_users);
while ($account = db_fetch_object($authenticated_users)) {
$items[] = $account;
}
$output .= theme('user_list', $items, t('Online users'));
}
$block['subject'] = t('Who\'s online');
$block['content'] = $output;
}
return $block;
}
}
}
}
}
}
}
}
function template_preprocess_user_picture(&$variables) {
$variables['picture'] = '';
if (variable_get('user_pictures', 0)) {
$account = $variables['account'];
if (!empty($account->picture) && file_exists($account->picture)) {
$picture = file_create_url($account->picture);
}
else {
if (variable_get('user_picture_default', '')) {
$picture = variable_get('user_picture_default', '');
}
}
if (isset($picture)) {
$alt = t("@user's picture", array(
'@user' => $account->name ? $account->name : variable_get('anonymous', t('Anonymous')),
));
$variables['picture'] = theme('image', $picture, $alt, $alt, '', FALSE);
if (!empty($account->uid) && user_access('access user profiles')) {
$attributes = array(
'attributes' => array(
'title' => t('View user profile.'),
),
'html' => TRUE,
);
$variables['picture'] = l($variables['picture'], "user/{$account->uid}", $attributes);
}
}
}
}
function theme_user_list($users, $title = NULL) {
if (!empty($users)) {
foreach ($users as $user) {
$items[] = theme('username', $user);
}
}
return theme('item_list', $items, $title);
}
function user_is_anonymous() {
return !$GLOBALS['user']->uid || !empty($GLOBALS['menu_admin']);
}
function user_is_logged_in() {
return (bool) $GLOBALS['user']->uid;
}
function user_register_access() {
return user_is_anonymous() && variable_get('user_register', 1);
}
function user_view_access($account) {
return $account && $account->uid && ($GLOBALS['user']->uid == $account->uid || user_access('administer users') || $account->access && $account->status && user_access('access user profiles'));
}
function user_edit_access($account) {
return ($GLOBALS['user']->uid == $account->uid || user_access('administer users')) && $account->uid > 0;
}
function user_load_self($arg) {
$arg[1] = user_load($GLOBALS['user']->uid);
return $arg;
}
function user_menu() {
$items['user/autocomplete'] = array(
'title' => 'User autocomplete',
'page callback' => 'user_autocomplete',
'access callback' => 'user_access',
'access arguments' => array(
'access user profiles',
),
'type' => MENU_CALLBACK,
'file' => 'user.pages.inc',
);
$items['user'] = array(
'title' => 'User account',
'page callback' => 'user_page',
'access callback' => TRUE,
'type' => MENU_CALLBACK,
'file' => 'user.pages.inc',
);
$items['user/login'] = array(
'title' => 'Log in',
'access callback' => 'user_is_anonymous',
'type' => MENU_DEFAULT_LOCAL_TASK,
);
$items['user/register'] = array(
'title' => 'Create new account',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'user_register',
),
'access callback' => 'user_register_access',
'type' => MENU_LOCAL_TASK,
'file' => 'user.pages.inc',
);
$items['user/password'] = array(
'title' => 'Request new password',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'user_pass',
),
'access callback' => 'user_is_anonymous',
'type' => MENU_LOCAL_TASK,
'file' => 'user.pages.inc',
);
$items['user/reset/%/%/%'] = array(
'title' => 'Reset password',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'user_pass_reset',
2,
3,
4,
),
'access callback' => TRUE,
'type' => MENU_CALLBACK,
'file' => 'user.pages.inc',
);
$items['admin/user'] = array(
'title' => 'User management',
'description' => "Manage your site's users, groups and access to site features.",
'position' => 'left',
'page callback' => 'system_admin_menu_block_page',
'access arguments' => array(
'access administration pages',
),
'file' => 'system.admin.inc',
'file path' => drupal_get_path('module', 'system'),
);
$items['admin/user/user'] = array(
'title' => 'Users',
'description' => 'List, add, and edit users.',
'page callback' => 'user_admin',
'page arguments' => array(
'list',
),
'access arguments' => array(
'administer users',
),
'file' => 'user.admin.inc',
);
$items['admin/user/user/list'] = array(
'title' => 'List',
'type' => MENU_DEFAULT_LOCAL_TASK,
'weight' => -10,
);
$items['admin/user/user/create'] = array(
'title' => 'Add user',
'page arguments' => array(
'create',
),
'access arguments' => array(
'administer users',
),
'type' => MENU_LOCAL_TASK,
'file' => 'user.admin.inc',
);
$items['admin/user/settings'] = array(
'title' => 'User settings',
'description' => 'Configure default behavior of users, including registration requirements, e-mails, and user pictures.',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'user_admin_settings',
),
'access arguments' => array(
'administer users',
),
'file' => 'user.admin.inc',
);
$items['admin/user/permissions'] = array(
'title' => 'Permissions',
'description' => 'Determine access to features by selecting permissions for roles.',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'user_admin_perm',
),
'access arguments' => array(
'administer permissions',
),
'file' => 'user.admin.inc',
);
$items['admin/user/roles'] = array(
'title' => 'Roles',
'description' => 'List, edit, or add user roles.',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'user_admin_new_role',
),
'access arguments' => array(
'administer permissions',
),
'file' => 'user.admin.inc',
);
$items['admin/user/roles/edit'] = array(
'title' => 'Edit role',
'page arguments' => array(
'user_admin_role',
),
'access arguments' => array(
'administer permissions',
),
'type' => MENU_CALLBACK,
'file' => 'user.admin.inc',
);
$items['admin/user/rules'] = array(
'title' => 'Access rules',
'description' => 'List and create rules to disallow usernames, e-mail addresses, and IP addresses.',
'page callback' => 'user_admin_access',
'access arguments' => array(
'administer permissions',
),
'file' => 'user.admin.inc',
);
$items['admin/user/rules/list'] = array(
'title' => 'List',
'type' => MENU_DEFAULT_LOCAL_TASK,
'weight' => -10,
);
$items['admin/user/rules/add'] = array(
'title' => 'Add rule',
'page callback' => 'user_admin_access_add',
'access arguments' => array(
'administer permissions',
),
'type' => MENU_LOCAL_TASK,
'file' => 'user.admin.inc',
);
$items['admin/user/rules/check'] = array(
'title' => 'Check rules',
'page callback' => 'user_admin_access_check',
'access arguments' => array(
'administer permissions',
),
'type' => MENU_LOCAL_TASK,
'file' => 'user.admin.inc',
);
$items['admin/user/rules/edit'] = array(
'title' => 'Edit rule',
'page callback' => 'user_admin_access_edit',
'access arguments' => array(
'administer permissions',
),
'type' => MENU_CALLBACK,
'file' => 'user.admin.inc',
);
$items['admin/user/rules/delete'] = array(
'title' => 'Delete rule',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'user_admin_access_delete_confirm',
),
'access arguments' => array(
'administer permissions',
),
'type' => MENU_CALLBACK,
'file' => 'user.admin.inc',
);
$items['logout'] = array(
'title' => 'Log out',
'access callback' => 'user_is_logged_in',
'page callback' => 'user_logout',
'weight' => 10,
'file' => 'user.pages.inc',
);
$items['user/%user_uid_optional'] = array(
'title' => 'My account',
'title callback' => 'user_page_title',
'title arguments' => array(
1,
),
'page callback' => 'user_view',
'page arguments' => array(
1,
),
'access callback' => 'user_view_access',
'access arguments' => array(
1,
),
'parent' => '',
'file' => 'user.pages.inc',
);
$items['user/%user/view'] = array(
'title' => 'View',
'type' => MENU_DEFAULT_LOCAL_TASK,
'weight' => -10,
);
$items['user/%user/delete'] = array(
'title' => 'Delete',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'user_confirm_delete',
1,
),
'access callback' => 'user_delete_access',
'access arguments' => array(
1,
),
'type' => MENU_CALLBACK,
'file' => 'user.pages.inc',
);
$items['user/%user_category/edit'] = array(
'title' => 'Edit',
'page callback' => 'user_edit',
'page arguments' => array(
1,
),
'access callback' => 'user_edit_access',
'access arguments' => array(
1,
),
'type' => MENU_LOCAL_TASK,
'load arguments' => array(
'%map',
'%index',
),
'file' => 'user.pages.inc',
);
$items['user/%user_category/edit/account'] = array(
'title' => 'Account',
'type' => MENU_DEFAULT_LOCAL_TASK,
'load arguments' => array(
'%map',
'%index',
),
);
$empty_account = new stdClass();
if (($categories = _user_categories($empty_account)) && count($categories) > 1) {
foreach ($categories as $key => $category) {
if ($category['name'] != 'account') {
$items['user/%user_category/edit/' . $category['name']] = array(
'title callback' => 'check_plain',
'title arguments' => array(
$category['title'],
),
'page callback' => 'user_edit',
'page arguments' => array(
1,
3,
),
'access callback' => isset($category['access callback']) ? $category['access callback'] : 'user_edit_access',
'access arguments' => isset($category['access arguments']) ? $category['access arguments'] : array(
1,
),
'type' => MENU_LOCAL_TASK,
'weight' => $category['weight'],
'load arguments' => array(
'%map',
'%index',
),
'tab_parent' => 'user/%/edit',
'file' => 'user.pages.inc',
);
}
}
}
return $items;
}
function user_init() {
drupal_add_css(drupal_get_path('module', 'user') . '/user.css', 'module');
}
function user_uid_optional_load($uid = NULL) {
if (!isset($uid)) {
$uid = $GLOBALS['user']->uid;
}
return user_load($uid);
}
function user_category_load($uid, &$map, $index) {
static $user_categories, $accounts;
if (!isset($accounts[$uid])) {
$accounts[$uid] = user_load($uid);
}
$valid = TRUE;
if (($account = $accounts[$uid]) && isset($map[$index + 1]) && $map[$index + 1] == 'edit') {
$category_index = $index + 2;
$category_path = implode('/', array_slice($map, $category_index));
if ($category_path) {
$valid = FALSE;
if (!isset($user_categories)) {
$empty_account = new stdClass();
$user_categories = _user_categories($empty_account);
}
foreach ($user_categories as $category) {
if ($category['name'] == $category_path) {
$valid = TRUE;
$map = array_slice($map, 0, $category_index);
$map[$category_index] = $category_path;
break;
}
}
}
}
return $valid ? $account : FALSE;
}
function user_uid_optional_to_arg($arg) {
return empty($arg) || $arg == '%' ? $GLOBALS['user']->uid : $arg;
}
function user_page_title($account) {
if ($account->uid == $GLOBALS['user']->uid) {
return t('My account');
}
return $account->name;
}
function user_get_authmaps($authname = NULL) {
$result = db_query("SELECT authname, module FROM {authmap} WHERE authname = '%s'", $authname);
$authmaps = array();
$has_rows = FALSE;
while ($authmap = db_fetch_object($result)) {
$authmaps[$authmap->module] = $authmap->authname;
$has_rows = TRUE;
}
return $has_rows ? $authmaps : 0;
}
function user_set_authmaps($account, $authmaps) {
foreach ($authmaps as $key => $value) {
$module = explode('_', $key, 2);
if ($value) {
db_query("UPDATE {authmap} SET authname = '%s' WHERE uid = %d AND module = '%s'", $value, $account->uid, $module[1]);
if (!db_affected_rows()) {
@db_query("INSERT INTO {authmap} (authname, uid, module) VALUES ('%s', %d, '%s')", $value, $account->uid, $module[1]);
}
}
else {
db_query("DELETE FROM {authmap} WHERE uid = %d AND module = '%s'", $account->uid, $module[1]);
}
}
}
function user_login(&$form_state) {
global $user;
if ($user->uid) {
drupal_goto('user/' . $user->uid);
}
$form['name'] = array(
'#type' => 'textfield',
'#title' => t('Username'),
'#size' => 60,
'#maxlength' => USERNAME_MAX_LENGTH,
'#required' => TRUE,
);
$form['name']['#description'] = t('Enter your @s username.', array(
'@s' => variable_get('site_name', 'Drupal'),
));
$form['pass'] = array(
'#type' => 'password',
'#title' => t('Password'),
'#description' => t('Enter the password that accompanies your username.'),
'#required' => TRUE,
);
$form['#validate'] = user_login_default_validators();
$form['submit'] = array(
'#type' => 'submit',
'#value' => t('Log in'),
'#weight' => 2,
);
return $form;
}
function user_login_default_validators() {
return array(
'user_login_name_validate',
'user_login_authenticate_validate',
'user_login_final_validate',
);
}
function user_login_name_validate($form, &$form_state) {
if (isset($form_state['values']['name'])) {
if (user_is_blocked($form_state['values']['name'])) {
form_set_error('name', t('The username %name has not been activated or is blocked.', array(
'%name' => $form_state['values']['name'],
)));
}
else {
if (drupal_is_denied('user', $form_state['values']['name'])) {
form_set_error('name', t('The name %name is a reserved username.', array(
'%name' => $form_state['values']['name'],
)));
}
}
}
}
function user_login_authenticate_validate($form, &$form_state) {
user_authenticate($form_state['values']);
}
function user_login_final_validate($form, &$form_state) {
global $user;
if (!$user->uid) {
form_set_error('name', t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array(
'@password' => url('user/password'),
)));
}
}
function user_authenticate($form_values = array()) {
global $user;
$account = user_load(array(
'name' => $form_values['name'],
'pass' => trim($form_values['pass']),
'status' => 1,
));
if ($account && drupal_is_denied('mail', $account->mail)) {
form_set_error('name', t('The name %name is registered using a reserved e-mail address and therefore could not be logged in.', array(
'%name' => $account->name,
)));
}
if (!form_get_errors() && !empty($form_values['name']) && !empty($form_values['pass']) && $account) {
$user = $account;
user_authenticate_finalize($form_values);
return $user;
}
else {
watchdog('user', 'Login attempt failed for %user.', array(
'%user' => $form_values['name'],
));
}
}
function user_authenticate_finalize(&$edit) {
global $user;
watchdog('user', 'Session opened for %name.', array(
'%name' => $user->name,
));
$user->login = time();
db_query("UPDATE {users} SET login = %d WHERE uid = %d", $user->login, $user->uid);
sess_regenerate();
user_module_invoke('login', $edit, $user);
}
function user_login_submit($form, &$form_state) {
global $user;
if ($user->uid) {
$form_state['redirect'] = 'user/' . $user->uid;
return;
}
}
function user_external_login_register($name, $module) {
global $user;
$existing_user = user_load(array(
'name' => $name,
));
if (isset($existing_user->uid)) {
$user = $existing_user;
}
else {
$userinfo = array(
'name' => $name,
'pass' => user_password(),
'init' => $name,
'status' => 1,
"authname_{$module}" => $name,
'access' => time(),
);
$account = user_save('', $userinfo);
if (!$account) {
drupal_set_message(t("Error saving user account."), 'error');
return;
}
$user = $account;
watchdog('user', 'New external user: %name using module %module.', array(
'%name' => $name,
'%module' => $module,
), WATCHDOG_NOTICE, l(t('edit'), 'user/' . $user->uid . '/edit'));
}
}
function user_pass_reset_url($account) {
$timestamp = time();
return url("user/reset/{$account->uid}/{$timestamp}/" . user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid), array(
'absolute' => TRUE,
));
}
function user_pass_rehash($password, $timestamp, $login, $uid) {
if (!isset($uid)) {
$uids = array();
$result = db_query_range("SELECT uid FROM {users} WHERE pass = '%s' AND login = '%s' AND uid > 0", $password, $login, 0, 2);
while ($row = db_fetch_array($result)) {
$uids[] = $row['uid'];
}
if (count($uids) == 1) {
$uid = reset($uids);
}
else {
return drupal_random_key();
}
}
return drupal_hmac_base64($timestamp . $login . $uid, drupal_get_private_key() . $password);
}
function user_edit_form(&$form_state, $uid, $edit, $register = FALSE) {
_user_password_dynamic_validation();
$admin = user_access('administer users');
$form['account'] = array(
'#type' => 'fieldset',
'#title' => t('Account information'),
'#weight' => -10,
);
if ($register || $GLOBALS['user']->uid == $uid && user_access('change own username') || $admin) {
$form['account']['name'] = array(
'#type' => 'textfield',
'#title' => t('Username'),
'#default_value' => $edit['name'],
'#maxlength' => USERNAME_MAX_LENGTH,
'#description' => t('Spaces are allowed; punctuation is not allowed except for periods, hyphens, and underscores.'),
'#required' => TRUE,
);
}
$form['account']['mail'] = array(
'#type' => 'textfield',
'#title' => t('E-mail address'),
'#default_value' => $edit['mail'],
'#maxlength' => EMAIL_MAX_LENGTH,
'#description' => t('A valid e-mail address. All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.'),
'#required' => TRUE,
);
if (!$register) {
$form['account']['pass'] = array(
'#type' => 'password_confirm',
'#description' => t('To change the current user password, enter the new password in both fields.'),
'#size' => 25,
);
}
elseif (!variable_get('user_email_verification', TRUE) || $admin) {
$form['account']['pass'] = array(
'#type' => 'password_confirm',
'#description' => t('Provide a password for the new account in both fields.'),
'#required' => TRUE,
'#size' => 25,
);
}
if ($admin) {
$form['account']['status'] = array(
'#type' => 'radios',
'#title' => t('Status'),
'#default_value' => isset($edit['status']) ? $edit['status'] : 1,
'#options' => array(
t('Blocked'),
t('Active'),
),
);
}
if (user_access('administer permissions')) {
$roles = user_roles(TRUE);
$checkbox_authenticated = array(
'#type' => 'checkbox',
'#title' => $roles[DRUPAL_AUTHENTICATED_RID],
'#default_value' => TRUE,
'#disabled' => TRUE,
);
unset($roles[DRUPAL_AUTHENTICATED_RID]);
if ($roles) {
$default = empty($edit['roles']) ? array() : array_keys($edit['roles']);
$form['account']['roles'] = array(
'#type' => 'checkboxes',
'#title' => t('Roles'),
'#default_value' => $default,
'#options' => $roles,
DRUPAL_AUTHENTICATED_RID => $checkbox_authenticated,
);
}
}
if (variable_get('user_signatures', 0) && module_exists('comment') && !$register) {
$form['signature_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Signature settings'),
'#weight' => 1,
);
$form['signature_settings']['signature'] = array(
'#type' => 'textarea',
'#title' => t('Signature'),
'#default_value' => $edit['signature'],
'#description' => t('Your signature will be publicly displayed at the end of your comments.'),
);
if (!filter_access($edit['signature_format']) && empty($_POST)) {
drupal_set_message(t("The signature input format has been set to a format you don't have access to. It will be changed to a format you have access to when you save this page."));
$edit['signature_format'] = FILTER_FORMAT_DEFAULT;
}
$form['signature_settings']['signature_format'] = filter_form($edit['signature_format'], NULL, array(
'signature_format',
));
}
if (variable_get('user_pictures', 0) && !$register) {
$form['picture'] = array(
'#type' => 'fieldset',
'#title' => t('Picture'),
'#weight' => 1,
);
$picture = theme('user_picture', (object) $edit);
if ($edit['picture']) {
$form['picture']['current_picture'] = array(
'#value' => $picture,
);
$form['picture']['picture_delete'] = array(
'#type' => 'checkbox',
'#title' => t('Delete picture'),
'#description' => t('Check this box to delete your current picture.'),
);
}
else {
$form['picture']['picture_delete'] = array(
'#type' => 'hidden',
);
}
$form['picture']['picture_upload'] = array(
'#type' => 'file',
'#title' => t('Upload picture'),
'#size' => 48,
'#description' => t('Your virtual face or picture. Maximum dimensions are %dimensions and the maximum size is %size kB.', array(
'%dimensions' => variable_get('user_picture_dimensions', '85x85'),
'%size' => variable_get('user_picture_file_size', '30'),
)) . ' ' . variable_get('user_picture_guidelines', ''),
);
$form['#validate'][] = 'user_profile_form_validate';
$form['#validate'][] = 'user_validate_picture';
}
$form['#uid'] = $uid;
return $form;
}
function _user_edit_validate($uid, &$edit) {
if (!$uid || $GLOBALS['user']->uid == $uid && user_access('change own username') || user_access('administer users')) {
if ($error = user_validate_name($edit['name'])) {
form_set_error('name', $error);
}
else {
if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) {
form_set_error('name', t('The name %name is already taken.', array(
'%name' => $edit['name'],
)));
}
else {
if (drupal_is_denied('user', $edit['name'])) {
form_set_error('name', t('The name %name has been denied access.', array(
'%name' => $edit['name'],
)));
}
}
}
}
if ($error = user_validate_mail($edit['mail'])) {
form_set_error('mail', $error);
}
else {
if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(mail) = LOWER('%s')", $uid, $edit['mail'])) > 0) {
form_set_error('mail', t('The e-mail address %email is already registered. <a href="@password">Have you forgotten your password?</a>', array(
'%email' => $edit['mail'],
'@password' => url('user/password'),
)));
}
else {
if (drupal_is_denied('mail', $edit['mail'])) {
form_set_error('mail', t('The e-mail address %email has been denied access.', array(
'%email' => $edit['mail'],
)));
}
}
}
}
function _user_edit_submit($uid, &$edit) {
$account = user_load($uid);
if (!empty($edit['picture_delete'])) {
if ($account->picture && file_exists($account->picture)) {
file_delete($account->picture);
}
$edit['picture'] = '';
}
if (isset($edit['roles'])) {
$edit['roles'] = array_filter($edit['roles']);
}
}
function user_delete($edit, $uid) {
$account = user_load(array(
'uid' => $uid,
));
sess_destroy_uid($uid);
_user_mail_notify('status_deleted', $account);
db_query('DELETE FROM {users} WHERE uid = %d', $uid);
db_query('DELETE FROM {users_roles} WHERE uid = %d', $uid);
db_query('DELETE FROM {authmap} WHERE uid = %d', $uid);
$variables = array(
'%name' => $account->name,
'%email' => '<' . $account->mail . '>',
);
watchdog('user', 'Deleted user: %name %email.', $variables, WATCHDOG_NOTICE);
user_module_invoke('delete', $edit, $account);
}
function user_build_content(&$account) {
$edit = NULL;
user_module_invoke('view', $edit, $account);
drupal_alter('profile', $account);
return $account->content;
}
function user_mail($key, &$message, $params) {
$language = $message['language'];
$variables = user_mail_tokens($params['account'], $language);
$message['subject'] .= _user_mail_text($key . '_subject', $language, $variables);
$message['body'][] = _user_mail_text($key . '_body', $language, $variables);
}
function _user_mail_text($key, $language = NULL, $variables = array()) {
$langcode = isset($language) ? $language->language : NULL;
if ($admin_setting = variable_get('user_mail_' . $key, FALSE)) {
return strtr($admin_setting, $variables);
}
else {
switch ($key) {
case 'register_no_approval_required_subject':
return t('Account details for !username at !site', $variables, $langcode);
case 'register_no_approval_required_body':
return t("!username,\n\nThank you for registering at !site. You may now log in to !login_uri using the following username and password:\n\nusername: !username\npassword: !password\n\nYou may also log in by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.\n\n\n-- !site team", $variables, $langcode);
case 'register_admin_created_subject':
return t('An administrator created an account for you at !site', $variables, $langcode);
case 'register_admin_created_body':
return t("!username,\n\nA site administrator at !site has created an account for you. You may now log in to !login_uri using the following username and password:\n\nusername: !username\npassword: !password\n\nYou may also log in by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.\n\n\n-- !site team", $variables, $langcode);
case 'register_pending_approval_subject':
case 'register_pending_approval_admin_subject':
return t('Account details for !username at !site (pending admin approval)', $variables, $langcode);
case 'register_pending_approval_body':
return t("!username,\n\nThank you for registering at !site. Your application for an account is currently pending approval. Once it has been approved, you will receive another e-mail containing information about how to log in, set your password, and other details.\n\n\n-- !site team", $variables, $langcode);
case 'register_pending_approval_admin_body':
return t("!username has applied for an account.\n\n!edit_uri", $variables, $langcode);
case 'password_reset_subject':
return t('Replacement login information for !username at !site', $variables, $langcode);
case 'password_reset_body':
return t("!username,\n\nA request to reset the password for your account has been made at !site.\n\nYou may now log in to !uri_brief by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once. It expires after one day and nothing will happen if it's not used.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.", $variables, $langcode);
case 'status_activated_subject':
return t('Account details for !username at !site (approved)', $variables, $langcode);
case 'status_activated_body':
return t("!username,\n\nYour account at !site has been activated.\n\nYou may now log in by clicking on this link or copying and pasting it in your browser:\n\n!login_url\n\nThis is a one-time login, so it can be used only once.\n\nAfter logging in, you will be redirected to !edit_uri so you can change your password.\n\nOnce you have set your own password, you will be able to log in to !login_uri in the future using:\n\nusername: !username\n", $variables, $langcode);
case 'status_blocked_subject':
return t('Account details for !username at !site (blocked)', $variables, $langcode);
case 'status_blocked_body':
return t("!username,\n\nYour account on !site has been blocked.", $variables, $langcode);
case 'status_deleted_subject':
return t('Account details for !username at !site (deleted)', $variables, $langcode);
case 'status_deleted_body':
return t("!username,\n\nYour account on !site has been deleted.", $variables, $langcode);
}
}
}
function user_roles($membersonly = FALSE, $permission = NULL) {
$roles = array(
DRUPAL_ANONYMOUS_RID => NULL,
DRUPAL_AUTHENTICATED_RID => NULL,
);
if (!empty($permission)) {
$result = db_query("SELECT r.* FROM {role} r INNER JOIN {permission} p ON r.rid = p.rid WHERE p.perm LIKE '%%%s%%' ORDER BY r.name", $permission);
}
else {
$result = db_query('SELECT * FROM {role} ORDER BY name');
}
while ($role = db_fetch_object($result)) {
switch ($role->rid) {
case DRUPAL_ANONYMOUS_RID:
if (!$membersonly) {
$roles[$role->rid] = t($role->name);
}
break;
case DRUPAL_AUTHENTICATED_RID:
$roles[$role->rid] = t($role->name);
break;
default:
$roles[$role->rid] = $role->name;
}
}
return array_filter($roles);
}
function user_user_operations($form_state = array()) {
$operations = array(
'unblock' => array(
'label' => t('Unblock the selected users'),
'callback' => 'user_user_operations_unblock',
),
'block' => array(
'label' => t('Block the selected users'),
'callback' => 'user_user_operations_block',
),
'delete' => array(
'label' => t('Delete the selected users'),
),
);
if (user_access('administer permissions')) {
$roles = user_roles(TRUE);
unset($roles[DRUPAL_AUTHENTICATED_RID]);
$add_roles = array();
foreach ($roles as $key => $value) {
$add_roles['add_role-' . $key] = $value;
}
$remove_roles = array();
foreach ($roles as $key => $value) {
$remove_roles['remove_role-' . $key] = $value;
}
if (count($roles)) {
$role_operations = array(
t('Add a role to the selected users') => array(
'label' => $add_roles,
),
t('Remove a role from the selected users') => array(
'label' => $remove_roles,
),
);
$operations += $role_operations;
}
}
if (!empty($form_state['submitted'])) {
$operation_rid = explode('-', $form_state['values']['operation']);
$operation = $operation_rid[0];
if ($operation == 'add_role' || $operation == 'remove_role') {
$rid = $operation_rid[1];
if (user_access('administer permissions')) {
$operations[$form_state['values']['operation']] = array(
'callback' => 'user_multiple_role_edit',
'callback arguments' => array(
$operation,
$rid,
),
);
}
else {
watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING);
return;
}
}
}
return $operations;
}
function user_user_operations_unblock($accounts) {
foreach ($accounts as $uid) {
$account = user_load(array(
'uid' => (int) $uid,
));
if ($account !== FALSE && $account->status == 0) {
user_save($account, array(
'status' => 1,
));
}
}
}
function user_user_operations_block($accounts) {
foreach ($accounts as $uid) {
$account = user_load(array(
'uid' => (int) $uid,
));
if ($account !== FALSE && $account->status == 1) {
user_save($account, array(
'status' => 0,
));
}
}
}
function user_multiple_role_edit($accounts, $operation, $rid) {
$role_name = db_result(db_query('SELECT name FROM {role} WHERE rid = %d', $rid));
switch ($operation) {
case 'add_role':
foreach ($accounts as $uid) {
$account = user_load(array(
'uid' => (int) $uid,
));
if ($account !== FALSE && !isset($account->roles[$rid])) {
$roles = $account->roles + array(
$rid => $role_name,
);
user_save($account, array(
'roles' => $roles,
));
}
}
break;
case 'remove_role':
foreach ($accounts as $uid) {
$account = user_load(array(
'uid' => (int) $uid,
));
if ($account !== FALSE && isset($account->roles[$rid])) {
$roles = array_diff($account->roles, array(
$rid => $role_name,
));
user_save($account, array(
'roles' => $roles,
));
}
}
break;
}
}
function user_multiple_delete_confirm(&$form_state) {
$edit = $form_state['post'];
$form['accounts'] = array(
'#prefix' => '<ul>',
'#suffix' => '</ul>',
'#tree' => TRUE,
);
foreach (array_filter($edit['accounts']) as $uid => $value) {
$user = db_result(db_query('SELECT name FROM {users} WHERE uid = %d', $uid));
$form['accounts'][$uid] = array(
'#type' => 'hidden',
'#value' => $uid,
'#prefix' => '<li>',
'#suffix' => check_plain($user) . "</li>\n",
);
}
$form['operation'] = array(
'#type' => 'hidden',
'#value' => 'delete',
);
return confirm_form($form, t('Are you sure you want to delete these users?'), 'admin/user/user', t('This action cannot be undone.'), t('Delete all'), t('Cancel'));
}
function user_multiple_delete_confirm_submit($form, &$form_state) {
if ($form_state['values']['confirm']) {
foreach ($form_state['values']['accounts'] as $uid => $value) {
user_delete($form_state['values'], $uid);
}
drupal_set_message(t('The users have been deleted.'));
}
$form_state['redirect'] = 'admin/user/user';
return;
}
function user_help($path, $arg) {
global $user;
switch ($path) {
case 'admin/help#user':
$output = '<p>' . t('The user module allows users to register, login, and log out. Users benefit from being able to sign on because it associates content they create with their account and allows various permissions to be set for their roles. The user module supports user roles which establish fine grained permissions allowing each role to do only what the administrator wants them to. Each user is assigned to one or more roles. By default there are two roles <em>anonymous</em> - a user who has not logged in, and <em>authenticated</em> a user who has signed up and who has been authorized.') . '</p>';
$output .= '<p>' . t("Users can use their own name or handle and can specify personal configuration settings through their individual <em>My account</em> page. Users must authenticate by supplying a local username and password or through their OpenID, an optional and secure method for logging into many websites with a single username and password. In some configurations, users may authenticate using a username and password from another Drupal site, or through some other site-specific mechanism.") . '</p>';
$output .= '<p>' . t('A visitor accessing your website is assigned a unique ID, or session ID, which is stored in a cookie. The cookie does not contain personal information, but acts as a key to retrieve information from your site. Users should have cookies enabled in their web browser when using your site.') . '</p>';
$output .= '<p>' . t('For more information, see the online handbook entry for <a href="@user">User module</a>.', array(
'@user' => 'http://drupal.org/handbook/modules/user/',
)) . '</p>';
return $output;
case 'admin/user/user':
return '<p>' . t('Drupal allows users to register, login, log out, maintain user profiles, etc. Users of the site may not use their own names to post content until they have signed up for a user account.') . '</p>';
case 'admin/user/user/create':
case 'admin/user/user/account/create':
return '<p>' . t("This web page allows administrators to register new users. Users' e-mail addresses and usernames must be unique.") . '</p>';
case 'admin/user/rules':
return '<p>' . t('Set up username and e-mail address access rules for new <em>and</em> existing accounts (currently logged in accounts will not be logged out). If a username or e-mail address for an account matches any deny rule, but not an allow rule, then the account will not be allowed to be created or to log in. A host rule is effective for every page view, not just registrations.') . '</p>';
case 'admin/user/permissions':
return '<p>' . t('Permissions let you control what users can do on your site. Each user role (defined on the <a href="@role">user roles page</a>) has its own set of permissions. For example, you could give users classified as "Administrators" permission to "administer nodes" but deny this power to ordinary, "authenticated" users. You can use permissions to reveal new features to privileged users (those with subscriptions, for example). Permissions also allow trusted users to share the administrative burden of running a busy site.', array(
'@role' => url('admin/user/roles'),
)) . '</p>';
case 'admin/user/roles':
return t('<p>Roles allow you to fine tune the security and administration of Drupal. A role defines a group of users that have certain privileges as defined in <a href="@permissions">user permissions</a>. Examples of roles include: anonymous user, authenticated user, moderator, administrator and so on. In this area you will define the <em>role names</em> of the various roles. To delete a role choose "edit".</p><p>By default, Drupal comes with two user roles:</p>
<ul>
<li>Anonymous user: this role is used for users that don\'t have a user account or that are not authenticated.</li>
<li>Authenticated user: this role is automatically granted to all logged in users.</li>
</ul>', array(
'@permissions' => url('admin/user/permissions'),
));
case 'admin/user/search':
return '<p>' . t('Enter a simple pattern ("*" may be used as a wildcard match) to search for a username or e-mail address. For example, one may search for "br" and Drupal might return "brian", "brad", and "brenda@example.com".') . '</p>';
}
}
function _user_categories($account) {
$categories = array();
$null = NULL;
foreach (module_list() as $module) {
$function = $module . '_user';
if (function_exists($function) && ($data = $function('categories', $null, $account, ''))) {
$categories = array_merge($data, $categories);
}
}
usort($categories, '_user_sort');
return $categories;
}
function _user_sort($a, $b) {
$a = (array) $a + array(
'weight' => 0,
'title' => '',
);
$b = (array) $b + array(
'weight' => 0,
'title' => '',
);
return $a['weight'] < $b['weight'] ? -1 : ($a['weight'] > $b['weight'] ? 1 : ($a['title'] < $b['title'] ? -1 : 1));
}
function user_filters() {
$filters = array();
$roles = user_roles(TRUE);
unset($roles[DRUPAL_AUTHENTICATED_RID]);
if (count($roles)) {
$filters['role'] = array(
'title' => t('role'),
'where' => "ur.rid = %d",
'options' => $roles,
'join' => '',
);
}
$options = array();
foreach (module_list() as $module) {
if ($permissions = module_invoke($module, 'perm')) {
asort($permissions);
foreach ($permissions as $permission) {
$options[t('@module module', array(
'@module' => $module,
))][$permission] = t($permission);
}
}
}
ksort($options);
$filters['permission'] = array(
'title' => t('permission'),
'join' => 'LEFT JOIN {permission} p ON ur.rid = p.rid',
'where' => " ((p.perm IS NOT NULL AND p.perm LIKE '%%%s%%') OR u.uid = 1) ",
'options' => $options,
);
$filters['status'] = array(
'title' => t('status'),
'where' => 'u.status = %d',
'join' => '',
'options' => array(
1 => t('active'),
0 => t('blocked'),
),
);
return $filters;
}
function user_build_filter_query() {
$filters = user_filters();
$where = $args = $join = array();
foreach ($_SESSION['user_overview_filter'] as $filter) {
list($key, $value) = $filter;
if ($key == 'permission') {
$account = new stdClass();
$account->uid = 'user_filter';
$account->roles = array(
DRUPAL_AUTHENTICATED_RID => 1,
);
if (user_access($value, $account)) {
continue;
}
}
$where[] = $filters[$key]['where'];
$args[] = $value;
$join[] = $filters[$key]['join'];
}
$where = !empty($where) ? 'AND ' . implode(' AND ', $where) : '';
$join = !empty($join) ? ' ' . implode(' ', array_unique($join)) : '';
return array(
'where' => $where,
'join' => $join,
'args' => $args,
);
}
function user_forms() {
$forms['user_admin_access_add_form']['callback'] = 'user_admin_access_form';
$forms['user_admin_access_edit_form']['callback'] = 'user_admin_access_form';
$forms['user_admin_new_role']['callback'] = 'user_admin_role';
return $forms;
}
function user_comment(&$comment, $op) {
if ($op == 'view') {
if (variable_get('user_signatures', 0) && !empty($comment->signature)) {
$comment->signature = check_markup($comment->signature, $comment->signature_format, FALSE);
}
else {
$comment->signature = '';
}
}
}
function theme_user_signature($signature) {
$output = '';
if ($signature) {
$output .= '<div class="clear">';
$output .= '<div>—</div>';
$output .= $signature;
$output .= '</div>';
}
return $output;
}
function user_mail_tokens($account, $language) {
global $base_url;
$tokens = array(
'!username' => $account->name,
'!site' => variable_get('site_name', 'Drupal'),
'!login_url' => user_pass_reset_url($account),
'!uri' => $base_url,
'!uri_brief' => preg_replace('!^https?://!', '', $base_url),
'!mailto' => $account->mail,
'!date' => format_date(time(), 'medium', '', NULL, $language->language),
'!login_uri' => url('user', array(
'absolute' => TRUE,
'language' => $language,
)),
'!edit_uri' => url('user/' . $account->uid . '/edit', array(
'absolute' => TRUE,
'language' => $language,
)),
);
if (!empty($account->password)) {
$tokens['!password'] = $account->password;
}
return $tokens;
}
function user_preferred_language($account, $default = NULL) {
$language_list = language_list();
if (!empty($account->language) && isset($language_list[$account->language])) {
return $language_list[$account->language];
}
else {
return $default ? $default : language_default();
}
}
function _user_mail_notify($op, $account, $language = NULL) {
$default_notify = $op != 'status_deleted' && $op != 'status_blocked';
$notify = variable_get('user_mail_' . $op . '_notify', $default_notify);
if ($notify) {
$params['account'] = $account;
$language = $language ? $language : user_preferred_language($account);
$mail = drupal_mail('user', $op, $account->mail, $language, $params);
if ($op == 'register_pending_approval') {
drupal_mail('user', 'register_pending_approval_admin', variable_get('site_mail', ini_get('sendmail_from')), language_default(), $params);
}
}
return empty($mail) ? NULL : $mail['result'];
}
function _user_password_dynamic_validation() {
static $complete = FALSE;
global $user;
if (!$complete) {
drupal_add_js(drupal_get_path('module', 'user') . '/user.js', 'module');
drupal_add_js(array(
'password' => array(
'strengthTitle' => t('Password strength:'),
'lowStrength' => t('Low'),
'mediumStrength' => t('Medium'),
'highStrength' => t('High'),
'tooShort' => t('It is recommended to choose a password that contains at least six characters. It should include numbers, punctuation, and both upper and lowercase letters.'),
'needsMoreVariation' => t('The password does not include enough variation to be secure. Try:'),
'addLetters' => t('Adding both upper and lowercase letters.'),
'addNumbers' => t('Adding numbers.'),
'addPunctuation' => t('Adding punctuation.'),
'sameAsUsername' => t('It is recommended to choose a password different from the username.'),
'confirmSuccess' => t('Yes'),
'confirmFailure' => t('No'),
'confirmTitle' => t('Passwords match:'),
'username' => isset($user->name) ? $user->name : '',
),
), 'setting');
$complete = TRUE;
}
}
function user_hook_info() {
return array(
'user' => array(
'user' => array(
'insert' => array(
'runs when' => t('After a user account has been created'),
),
'update' => array(
'runs when' => t("After a user's profile has been updated"),
),
'delete' => array(
'runs when' => t('After a user has been deleted'),
),
'login' => array(
'runs when' => t('After a user has logged in'),
),
'logout' => array(
'runs when' => t('After a user has logged out'),
),
'view' => array(
'runs when' => t("When a user's profile is being viewed"),
),
),
),
);
}
function user_action_info() {
return array(
'user_block_user_action' => array(
'description' => t('Block current user'),
'type' => 'user',
'configurable' => FALSE,
'hooks' => array(),
),
'user_block_ip_action' => array(
'description' => t('Ban IP address of current user'),
'type' => 'user',
'configurable' => FALSE,
'hooks' => array(),
),
);
}
function user_block_user_action(&$object, $context = array()) {
if (isset($object->uid)) {
$uid = $object->uid;
}
elseif (isset($context['uid'])) {
$uid = $context['uid'];
}
else {
global $user;
$uid = $user->uid;
}
db_query("UPDATE {users} SET status = 0 WHERE uid = %d", $uid);
sess_destroy_uid($uid);
watchdog('action', 'Blocked user %name.', array(
'%name' => check_plain($user->name),
));
}
function user_block_ip_action() {
$ip = ip_address();
db_query("INSERT INTO {access} (mask, type, status) VALUES ('%s', '%s', %d)", $ip, 'host', 0);
watchdog('action', 'Banned IP address %ip', array(
'%ip' => $ip,
));
}
function user_register_submit($form, &$form_state) {
global $base_url;
$admin = user_access('administer users');
$mail = $form_state['values']['mail'];
$name = $form_state['values']['name'];
if (!variable_get('user_email_verification', TRUE) || $admin) {
$pass = $form_state['values']['pass'];
}
else {
$pass = user_password();
}
$notify = isset($form_state['values']['notify']) ? $form_state['values']['notify'] : NULL;
$from = variable_get('site_mail', ini_get('sendmail_from'));
if (isset($form_state['values']['roles'])) {
$roles = array_filter($form_state['values']['roles']);
}
else {
$roles = array();
}
if (!$admin && array_intersect(array_keys($form_state['values']), array(
'uid',
'roles',
'init',
'session',
'status',
))) {
watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING);
$form_state['redirect'] = 'user/register';
return;
}
unset($form_state['values']['form_token'], $form_state['values']['submit'], $form_state['values']['op'], $form_state['values']['notify'], $form_state['values']['form_id'], $form_state['values']['affiliates'], $form_state['values']['destination']);
$merge_data = array(
'pass' => $pass,
'init' => $mail,
'roles' => $roles,
);
if (!$admin) {
$merge_data['status'] = variable_get('user_register', 1) == 1;
}
$account = user_save('', array_merge($form_state['values'], $merge_data));
if (!$account) {
drupal_set_message(t("Error saving user account."), 'error');
$form_state['redirect'] = '';
return;
}
$form_state['user'] = $account;
watchdog('user', 'New user: %name (%email).', array(
'%name' => $name,
'%email' => $mail,
), WATCHDOG_NOTICE, l(t('edit'), 'user/' . $account->uid . '/edit'));
if ($account->uid == 1) {
drupal_set_message(t('Welcome to Drupal. You are now logged in as user #1, which gives you full control over your website.'));
if (variable_get('user_email_verification', TRUE)) {
drupal_set_message(t('</p><p> Your password is <strong>%pass</strong>. You may change your password below.</p>', array(
'%pass' => $pass,
)));
}
user_authenticate(array_merge($form_state['values'], $merge_data));
$form_state['redirect'] = 'user/1/edit';
return;
}
else {
$account->password = $pass;
if ($admin && !$notify) {
drupal_set_message(t('Created a new user account for <a href="@url">%name</a>. No e-mail has been sent.', array(
'@url' => url("user/{$account->uid}"),
'%name' => $account->name,
)));
}
else {
if (!variable_get('user_email_verification', TRUE) && $account->status && !$admin) {
_user_mail_notify('register_no_approval_required', $account);
if (user_authenticate(array_merge($form_state['values'], $merge_data))) {
drupal_set_message(t('Registration successful. You are now logged in.'));
}
$form_state['redirect'] = '';
return;
}
else {
if ($account->status || $notify) {
$op = $notify ? 'register_admin_created' : 'register_no_approval_required';
_user_mail_notify($op, $account);
if ($notify) {
drupal_set_message(t('Password and further instructions have been e-mailed to the new user <a href="@url">%name</a>.', array(
'@url' => url("user/{$account->uid}"),
'%name' => $account->name,
)));
}
else {
drupal_set_message(t('Your password and further instructions have been sent to your e-mail address.'));
$form_state['redirect'] = '';
return;
}
}
else {
_user_mail_notify('register_pending_approval', $account);
drupal_set_message(t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.<br />In the meantime, a welcome message with further instructions has been sent to your e-mail address.'));
$form_state['redirect'] = '';
return;
}
}
}
}
}
function user_register() {
global $user;
$admin = user_access('administer users');
if (!$admin && $user->uid) {
drupal_goto('user/' . $user->uid);
}
$form = array();
if (!$admin) {
$form['user_registration_help'] = array(
'#value' => filter_xss_admin(variable_get('user_registration_help', '')),
'#weight' => -20,
);
}
$form = array_merge($form, user_edit_form($form_state, NULL, NULL, TRUE));
if ($admin) {
$form['account']['notify'] = array(
'#type' => 'checkbox',
'#title' => t('Notify user of new account'),
);
$form['destination'] = array(
'#type' => 'hidden',
'#value' => $_GET['q'],
);
}
$null = NULL;
$extra = _user_forms($null, NULL, NULL, 'register');
if (!$extra) {
foreach (array(
'name',
'mail',
'pass',
'status',
'roles',
'notify',
) as $key) {
if (isset($form['account'][$key])) {
$form[$key] = $form['account'][$key];
}
}
unset($form['account']);
}
else {
$form = array_merge($form, $extra);
}
if (variable_get('configurable_timezones', 1)) {
$form['timezone'] = array(
'#type' => 'hidden',
'#default_value' => variable_get('date_default_timezone', NULL),
'#id' => 'edit-user-register-timezone',
);
drupal_add_js('
// Global Killswitch
if (Drupal.jsEnabled) {
$(document).ready(function() {
Drupal.setDefaultTimezone();
});
}', 'inline');
}
$form['submit'] = array(
'#type' => 'submit',
'#value' => t('Create new account'),
'#weight' => 30,
);
$form['#validate'][] = 'user_register_validate';
return $form;
}
function user_register_validate($form, &$form_state) {
$account = (object) $form_state['values'];
user_module_invoke('validate', $form_state['values'], $account, 'account');
}
function _user_forms(&$edit, $account, $category, $hook = 'form') {
$groups = array();
foreach (module_list() as $module) {
$function = $module . '_user';
if (function_exists($function) && ($data = $function($hook, $edit, $account, $category))) {
$groups = array_merge_recursive($data, $groups);
}
}
uasort($groups, '_user_sort');
return empty($groups) ? FALSE : $groups;
}
function user_login_destination() {
$destination = drupal_get_destination();
return $destination == 'destination=user%2Flogin' ? 'destination=user' : $destination;
}
function user_delete_access($account) {
return user_access('administer users') && $account->uid > 0;
}
