drupal/modules/profile/profile.pages.inc

<?php
// $Id$

/**
 * @file
 * User page callbacks for the profile module.
 */

/**
 * Menu callback; display a list of user information.
 */
function profile_browse() {
  // Ensure that the path is converted to 3 levels always.
  list(, $name, $value) = array_pad(explode('/', $_GET['q'], 3), 3, '');

  $field = db_query("SELECT DISTINCT(fid), type, title, page, visibility FROM {profile_field} WHERE name = :name", array(':name' => $name))->fetchObject();

  if ($name && $field->fid) {
    // Only allow browsing of fields that have a page title set.
    if (empty($field->page)) {
      drupal_not_found();
      return;
    }
    // Do not allow browsing of private and hidden fields by non-admins.
    if (!user_access('administer users') && ($field->visibility == PROFILE_PRIVATE || $field->visibility == PROFILE_HIDDEN)) {
      drupal_access_denied();
      return;
    }

    // Compile a list of fields to show.
    $fields = db_query('SELECT name, title, type, weight, page FROM {profile_field} WHERE fid <> :fid AND visibility = :visibility ORDER BY weight', array(
      ':fid' => $field->fid,
      ':visibility' => PROFILE_PUBLIC_LISTINGS,
    ))->fetchAll();

    $query = db_select('users')->extend('PagerDefault');
    $query->join('profile_value', 'v', 'u.uid = v.uid');
    $query
      ->fields('u', array('uid', 'access'))
      ->condition('v.fid', $field->fid)
      ->condition('u.access', 0, '<>')
      ->condition('u.status', 0, '<>')
      ->orderBy('u.access', 'DESC');

    // Determine what query to use:
    $arguments = array($field->fid);
    switch ($field->type) {
      case 'checkbox':
        $query->condition('v.value', 1);
        break;
      case 'textfield':
      case 'selection':
        $query->condition('v.value', $value);
        break;
      case 'list':
        $query->condition('v.value', '%' . $value . '%', 'LIKE');
        break;
      default:
        drupal_not_found();
        return;
    }

    $uids = $query
      ->limit(20)
      ->execute()
      ->fetchCol();

    // Load the users.
    $users = user_load_multiple($uids);

    $content = '';
    foreach ($users as $account) {
      $profile = _profile_update_user_fields($fields, $account);
      $content .= theme('profile_listing', $account, $profile);
    }
    $output = theme('profile_wrapper', $content);
    $output .= theme('pager', NULL);

    if ($field->type == 'selection' || $field->type == 'list' || $field->type == 'textfield') {
      $title = strtr(check_plain($field->page), array('%value' => theme('placeholder', $value)));
    }
    else {
      $title = check_plain($field->page);
    }

    drupal_set_title($title, PASS_THROUGH);
    return $output;
  }
  elseif ($name && !$field->fid) {
    drupal_not_found();
  }
  else {
    // Compile a list of fields to show.
    $fields = db_query('SELECT name, title, type, weight, page, visibility FROM {profile_field} WHERE visibility = :visibility ORDER BY category, weight', array(':visibility' => PROFILE_PUBLIC_LISTINGS))->fetchAll();

    // Extract the affected users:
    $query = db_select('users', 'u')->extend('PagerDefault');
    $uids = $query
      ->fields('u', array('uid', 'access'))
      ->condition('u.uid', 0, '>')
      ->condition('u.status', 0, '>')
      ->condition('u.access', 0, '>')
      ->orderBy('u.access', 'DESC')
      ->limit(20)
      ->execute()
      ->fetchCol();
    $users = user_load_multiple($uids);
    $content = '';
    foreach ($users as $account) {
      $profile = _profile_update_user_fields($fields, $account);
      $content .= theme('profile_listing', $account, $profile);
    }
    $output = theme('profile_wrapper', $content);
    $output .= theme('pager', NULL);

    drupal_set_title(t('User list'));
    return $output;
  }
}

/**
 * Callback to allow autocomplete of profile text fields.
 */
function profile_autocomplete($field, $string) {
  $matches = array();
  $autocomplete_field = (bool) db_query_range("SELECT 1 FROM {profile_field} WHERE fid = :fid AND autocomplete = 1", array(':fid' => $field), 0, 1)->fetchField();
  if ($autocomplete_field) {
    $values = db_query_range("SELECT value FROM {profile_value} WHERE fid = :fid AND LOWER(value) LIKE LOWER(:value) GROUP BY value ORDER BY value ASC", array(
      ':fid' => $field,
      ':value' => $string . '%',
    ), 0, 10)->fetchCol();
    foreach ($values as $value) {
      $matches[$value] = check_plain($value);
    }
  }

  drupal_json($matches);
}
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00			`<?php`
			`// $Id$`

			`/**`
			`* @file`
			`* User page callbacks for the profile module.`
			`*/`

			`/**`
			`* Menu callback; display a list of user information.`
			`*/`
			`function profile_browse() {`
			`// Ensure that the path is converted to 3 levels always.`
			`list(, $name, $value) = array_pad(explode('/', $_GET['q'], 3), 3, '');`

- Patch #465190 by Heine: add check_plain() call. 2009-05-26 10:41:06 +00:00			`$field = db_query("SELECT DISTINCT(fid), type, title, page, visibility FROM {profile_field} WHERE name = :name", array(':name' => $name))->fetchObject();`
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00
			`if ($name && $field->fid) {`
			`// Only allow browsing of fields that have a page title set.`
			`if (empty($field->page)) {`
			`drupal_not_found();`
			`return;`
			`}`
			`// Do not allow browsing of private and hidden fields by non-admins.`
			`if (!user_access('administer users') && ($field->visibility == PROFILE_PRIVATE \|\| $field->visibility == PROFILE_HIDDEN)) {`
#198579 by webernet and hswong3i: a huge set of coding style fixes, including: - whitespaces at end of lines - indentation - control structure usage - whitespace in empty lines - phpdoc comment formatting 2007-12-08 14:06:23 +00:00			`drupal_access_denied();`
			`return;`
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00			`}`

			`// Compile a list of fields to show.`
- Patch #465190 by Heine: add check_plain() call. 2009-05-26 10:41:06 +00:00			`$fields = db_query('SELECT name, title, type, weight, page FROM {profile_field} WHERE fid <> :fid AND visibility = :visibility ORDER BY weight', array(`
			`':fid' => $field->fid,`
			`':visibility' => PROFILE_PUBLIC_LISTINGS,`
			`))->fetchAll();`

			`$query = db_select('users')->extend('PagerDefault');`
			`$query->join('profile_value', 'v', 'u.uid = v.uid');`
			`$query`
			`->fields('u', array('uid', 'access'))`
			`->condition('v.fid', $field->fid)`
			`->condition('u.access', 0, '<>')`
			`->condition('u.status', 0, '<>')`
			`->orderBy('u.access', 'DESC');`
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00
			`// Determine what query to use:`
			`$arguments = array($field->fid);`
			`switch ($field->type) {`
			`case 'checkbox':`
- Patch #465190 by Heine: add check_plain() call. 2009-05-26 10:41:06 +00:00			`$query->condition('v.value', 1);`
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00			`break;`
			`case 'textfield':`
			`case 'selection':`
- Patch #465190 by Heine: add check_plain() call. 2009-05-26 10:41:06 +00:00			`$query->condition('v.value', $value);`
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00			`break;`
			`case 'list':`
- Patch #465190 by Heine: add check_plain() call. 2009-05-26 10:41:06 +00:00			`$query->condition('v.value', '%' . $value . '%', 'LIKE');`
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00			`break;`
			`default:`
			`drupal_not_found();`
			`return;`
			`}`

- Patch #465190 by Heine: add check_plain() call. 2009-05-26 10:41:06 +00:00			`$uids = $query`
			`->limit(20)`
			`->execute()`
			`->fetchCol();`
#347250 by catch, drewish, and Berdir: Add function for loading multiple users in one request. 2009-03-14 23:01:38 +00:00
			`// Load the users.`
- Patch #465190 by Heine: add check_plain() call. 2009-05-26 10:41:06 +00:00			`$users = user_load_multiple($uids);`
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00
			`$content = '';`
#347250 by catch, drewish, and Berdir: Add function for loading multiple users in one request. 2009-03-14 23:01:38 +00:00			`foreach ($users as $account) {`
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00			`$profile = _profile_update_user_fields($fields, $account);`
			`$content .= theme('profile_listing', $account, $profile);`
			`}`
			`$output = theme('profile_wrapper', $content);`
- Patch #330748 by stBorchert: remove from theme_pager*. 2009-04-26 19:44:40 +00:00			`$output .= theme('pager', NULL);`
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00
			`if ($field->type == 'selection' \|\| $field->type == 'list' \|\| $field->type == 'textfield') {`
			`$title = strtr(check_plain($field->page), array('%value' => theme('placeholder', $value)));`
			`}`
			`else {`
			`$title = check_plain($field->page);`
			`}`

Re-commit of #242873 by pwolanin and bjaspan: Make drupal_set_title() check_plain() by default. 2008-10-13 00:33:05 +00:00			`drupal_set_title($title, PASS_THROUGH);`
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00			`return $output;`
			`}`
#282405 by Damien Tournoud, lilou, Dave Reid: Enforce coding standard on elseif. 2008-10-12 04:30:09 +00:00			`elseif ($name && !$field->fid) {`
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00			`drupal_not_found();`
			`}`
			`else {`
			`// Compile a list of fields to show.`
- Patch #465190 by Heine: add check_plain() call. 2009-05-26 10:41:06 +00:00			`$fields = db_query('SELECT name, title, type, weight, page, visibility FROM {profile_field} WHERE visibility = :visibility ORDER BY category, weight', array(':visibility' => PROFILE_PUBLIC_LISTINGS))->fetchAll();`
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00
			`// Extract the affected users:`
- Patch #465190 by Heine: add check_plain() call. 2009-05-26 10:41:06 +00:00			`$query = db_select('users', 'u')->extend('PagerDefault');`
			`$uids = $query`
			`->fields('u', array('uid', 'access'))`
			`->condition('u.uid', 0, '>')`
			`->condition('u.status', 0, '>')`
			`->condition('u.access', 0, '>')`
			`->orderBy('u.access', 'DESC')`
			`->limit(20)`
			`->execute()`
			`->fetchCol();`
			`$users = user_load_multiple($uids);`
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00			`$content = '';`
#347250 by catch, drewish, and Berdir: Add function for loading multiple users in one request. 2009-03-14 23:01:38 +00:00			`foreach ($users as $account) {`
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00			`$profile = _profile_update_user_fields($fields, $account);`
			`$content .= theme('profile_listing', $account, $profile);`
			`}`
			`$output = theme('profile_wrapper', $content);`
- Patch #330748 by stBorchert: remove from theme_pager*. 2009-04-26 19:44:40 +00:00			`$output .= theme('pager', NULL);`
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00
- Patch #465190 by Heine: add check_plain() call. 2009-05-26 10:41:06 +00:00			`drupal_set_title(t('User list'));`
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00			`return $output;`
			`}`
			`}`

			`/**`
			`* Callback to allow autocomplete of profile text fields.`
			`*/`
			`function profile_autocomplete($field, $string) {`
			`$matches = array();`
#196862 by Damien Tournoud, et al: Replace COUNT(*) queries with SELECT 1 ... LIMIT 1 queries when all that's required is a check for whether rows exist. 2009-05-16 15:23:16 +00:00			`$autocomplete_field = (bool) db_query_range("SELECT 1 FROM {profile_field} WHERE fid = :fid AND autocomplete = 1", array(':fid' => $field), 0, 1)->fetchField();`
			`if ($autocomplete_field) {`
- Patch #465190 by Heine: add check_plain() call. 2009-05-26 10:41:06 +00:00			`$values = db_query_range("SELECT value FROM {profile_value} WHERE fid = :fid AND LOWER(value) LIKE LOWER(:value) GROUP BY value ORDER BY value ASC", array(`
#308534 by Dave Reid: Remove stray whitespace core-wide. 2008-09-15 20:48:10 +00:00			`':fid' => $field,`
- Patch #471070 by stella: millions of code style fixes. 2009-05-24 17:39:35 +00:00			`':value' => $string . '%',`
- Patch #465190 by Heine: add check_plain() call. 2009-05-26 10:41:06 +00:00			`), 0, 10)->fetchCol();`
			`foreach ($values as $value) {`
			`$matches[$value] = check_plain($value);`
- Patch #191544 by Crell: split up profile module. Tested by catch. 2007-11-13 12:28:36 +00:00			`}`
			`}`

			`drupal_json($matches);`
			`}`