$msg
"; + $form['message'] = array('#value' => "$msg
"); } $form['name'] = array('#type' => 'textfield', '#title' => t('Username'), '#size' => 30, '#maxlength' => 64, '#required' => TRUE); if (count(user_auth_help_links()) > 0) { @@ -889,10 +849,40 @@ function user_login($edit = array(), $msg = '') { return drupal_get_form('user_login', $form); } -function user_login_execute($form) { - global $form_values; - if (!isset($form_values['error'])) { - return user_login($form_values); +function user_login_validate($form_id, $form_values) { + if (isset($form_values['name'])) { + if (user_is_blocked($form_values['name'])) { + // blocked in user administration + form_set_error('login', t('The username %name has been blocked.', array('%name' => theme('placeholder', $form_values['name'])))); + } + else if (drupal_is_denied('user', $form_values['name'])) { + // denied by access controls + form_set_error('login', t('The name %name is a reserved username.', array('%name' => theme('placeholder', $form_values['name'])))); + } + else if ($form_values['pass']) { + + $user = user_authenticate($form_values['name'], trim($form_values['pass'])); + + if (!$user->uid) { + form_set_error('login', t('Sorry. Unrecognized username or password.') .' '. l(t('Have you forgotten your password?'), 'user/password')); + watchdog('user', t('Login attempt failed for %user: %error.', array('%user' => theme('placeholder', $form_values['name']), '%error' => theme('placeholder', $error)))); + } + } + } +} + +function user_login_execute($form_id, $form_values) { + global $user; + if ($user->uid) { + watchdog('user', t('Session opened for %name.', array('%name' => theme('placeholder', $user->name)))); + + // Update the user table timestamp noting user has logged in. + db_query("UPDATE {users} SET login = %d WHERE uid = '%s'", time(), $user->uid); + + user_module_invoke('login', $form_values, $user); + + // Redirect the user to the page he logged on from. + drupal_goto(); } } @@ -964,48 +954,55 @@ function user_logout() { } function user_pass() { - global $base_url; - $edit = isset($_POST['edit']) ? $_POST['edit'] : ''; - if ($edit['name'] && !($account = user_load(array('name' => $edit['name'], 'status' => 1)))) { - form_set_error('name', t('Sorry. The username %name is not recognized.', array('%name' => theme('placeholder', $edit['name'])))); - } - else if ($edit['mail'] && !($account = user_load(array('mail' => $edit['mail'], 'status' => 1)))) { - form_set_error('mail', t('Sorry. The e-mail address %email is not recognized.', array('%email' => theme('placeholder', $edit['mail'])))); - } - if ($account) { - $from = variable_get('site_mail', ini_get('sendmail_from')); + // Display form: + $form['name'] = array('#type' => 'textfield', '#title' => t('Username'), '#size' => 30, '#maxlength' => 64); + $form['mail'] = array('#type' => 'textfield', '#title' => t('E-mail address'), '#size' => 30, '#maxlength' => 64); + $form['submit'] = array('#type' => 'submit', '#value' => t('E-mail new password'), '#weight' => 2); + return drupal_get_form('user_pass', $form); +} - // Mail one time login URL and instructions. - $variables = array('%username' => $account->name, '%site' => variable_get('site_name', 'drupal'), '%login_url' => user_pass_reset_url($account), '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $account->mail, '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE)); - $subject = _user_mail_text('pass_subject', $variables); - $body = _user_mail_text('pass_body', $variables); - $headers = "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"; - $mail_success = user_mail($account->mail, $subject, $body, $headers); +function user_pass_validate() { + global $form_values; - if ($mail_success) { - watchdog('user', t('Password reset instructions mailed to %name at %email.', array('%name' => ''. $account->name .'', '%email' => ''. $account->mail .''))); - drupal_set_message(t('Further instructions have been sent to your e-mail address.')); - } - else { - watchdog('user', t('Error mailing password reset instructions to %name at %email.', array('%name' => theme('placeholder', $account->name), '%email' => theme('placeholder', $account->mail))), WATCHDOG_ERROR); - drupal_set_message(t('Unable to send mail. Please contact the site admin.')); - } - drupal_goto('user'); + $name = $form_values['name']; + $mail = $form_values['mail']; + if ($name && !($form_values['account'] = user_load(array('name' => $name, 'status' => 1)))) { + form_set_error('name', t('Sorry. The username %name is not recognized.', array('%name' => theme('placeholder', $name)))); } - else { - if ($edit) { - drupal_set_message(t('You must provide either a username or e-mail address.'), 'error'); - } - // Display form: - $form['name'] = array('#type' => 'textfield', '#title' => t('Username'), '#default_value' => $edit['name'], '#size' => 30, '#maxlength' => 64); - $form['mail'] = array('#type' => 'textfield', '#title' => t('E-mail address'), '#default_value' => $edit['mail'], '#size' => 30, '#maxlength' => 64); - $form['submit'] = array('#type' => 'submit', '#value' => t('E-mail new password')); - return drupal_get_form('user_logout', $form); + else if ($mail && !($form_values['account'] = user_load(array('mail' => $mail, 'status' => 1)))) { + form_set_error('mail', t('Sorry. The e-mail address %email is not recognized.', array('%email' => theme('placeholder', $mail)))); + } + else if (!$mail && !$name) { + form_set_error('password', t('You must provide either a username or e-mail address.')); } } -function theme_user_logout($form) { +function user_pass_execute($form_id, $form_values) { + global $base_url; + + $account = $form_values['account']; + $from = variable_get('site_mail', ini_get('sendmail_from')); + + // Mail one time login URL and instructions. + $variables = array('%username' => $account->name, '%site' => variable_get('site_name', 'drupal'), '%login_url' => user_pass_reset_url($account), '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $account->mail, '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE)); + $subject = _user_mail_text('pass_subject', $variables); + $body = _user_mail_text('pass_body', $variables); + $headers = "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"; + $mail_success = user_mail($account->mail, $subject, $body, $headers); + + if ($mail_success) { + watchdog('user', t('Password reset instructions mailed to %name at %email.', array('%name' => ''. $account->name .'', '%email' => ''. $account->mail .''))); + drupal_set_message(t('Further instructions have been sent to your e-mail address.')); + } + else { + watchdog('user', t('Error mailing password reset instructions to %name at %email.', array('%name' => theme('placeholder', $account->name), '%email' => theme('placeholder', $account->mail))), WATCHDOG_ERROR); + drupal_set_message(t('Unable to send mail. Please contact the site admin.')); + } + drupal_goto('user'); +} + +function theme_user_pass($form) { $output = ''. t('Enter your username or your e-mail address.') .'
'; $output .= form_render($form); return $output; @@ -1055,8 +1052,8 @@ function user_pass_rehash($password, $timestamp, $login) { return md5($timestamp . $password . $login); } -function user_register($edit = array()) { - global $user, $base_url; +function user_register() { + global $user; $admin = user_access('administer users'); @@ -1065,78 +1062,25 @@ function user_register($edit = array()) { drupal_goto('user/'. $user->uid); } - if ($edit) { - user_module_invoke('validate', $edit, $edit, 'account'); - - if (!form_get_errors()) { - $from = variable_get('site_mail', ini_get('sendmail_from')); - $pass = $admin ? $edit['pass'] : user_password(); - - // TODO: Is this necessary? Won't session_write() replicate this? - unset($edit['session']); - if (!$admin && array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session', 'status'))) { - watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING); - drupal_goto('user/register'); - } - $account = user_save('', array_merge($edit, array('pass' => $pass, 'init' => $edit['mail'], 'roles' => array('authenticated user' => _user_authenticated_id()), 'status' => $admin || variable_get('user_register', 1)))); - watchdog('user', t('New user: %name %email.', array('%name' => theme('placeholder', $edit['name']), '%email' => theme('placeholder', '<'. $edit['mail'] .'>'))), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $account->uid .'/edit')); - - $variables = array('%username' => $edit['name'], '%site' => variable_get('site_name', 'drupal'), '%password' => $pass, '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $edit['mail'], '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE), '%login_url' => user_pass_reset_url($account)); - - // The first user may login immediately, and receives a customized welcome e-mail. - if ($account->uid == 1) { - user_mail($edit['mail'], t('drupal user account details for %s', array('%s' => $edit['name'])), strtr(t("%username,\n\nYou may now login to %uri using the following username and password:\n\n username: %username\n password: %password\n\n%edit_uri\n\n--drupal"), $variables), "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); - // This should not be t()'ed. No point as its only shown once in the sites lifetime, and it would be bad to store the password. - $form['instructions'] = array('#type' => 'markup', '#value' => "Welcome to Drupal. You are user #1, which gives you full and immediate access. All future registrants will receive their passwords via e-mail, so please configure your e-mail settings using the Administration pages.
Your password is $pass. You may change your password on the next page.
Please login below.
"); - $form['#action'] = url('user', 'destination=user/1/edit'); - $form['name'] = array('#type' => 'hidden', '#value' => $account->name); - $form['pass'] = array('#type' => 'hidden', '#value' => $pass); - $form['submit'] = array('#type' => 'submit', '#value' => t('Log in')); - return drupal_get_form('user_register', $form); - } - else { - if ($admin) { - drupal_set_message(t('Created a new user account. No e-mail has been sent.')); - - drupal_goto('admin/user'); - } - else if ($account->status) { - // Create new user account, no administrator approval required. - $subject = _user_mail_text('welcome_subject', $variables); - $body = _user_mail_text('welcome_body', $variables); - user_mail($edit['mail'], $subject, $body, "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); - return t('Your password and further instructions have been sent to your e-mail address.'); - } - else { - // Create new user account, administrator approval required. - $subject = _user_mail_text('approval_subject', $variables); - $body = _user_mail_text('approval_body', $variables); - - user_mail($edit['mail'], $subject, $body, "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); - user_mail(variable_get('site_mail', ini_get('sendmail_from')), $subject, t("%u has applied for an account.\n\n%uri", array('%u' => $account->name, '%uri' => url("user/$account->uid/edit", NULL, NULL, TRUE))), "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); - return t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.'. t('Note: if you have an account with one of our affiliates (%s), you may login now instead of registering.', array('%s' => $affiliates, '%login_uri' => url('user'))) .'
'); } - $form['name'] = array('#type' => 'textfield', '#title' => t('Username'), '#default_value' => $edit['name'], '#size' => 30, '#maxlength' => 64, '#description' => t('Your full name or your preferred username; only letters, numbers and spaces are allowed.'), '#required' => TRUE); - $form['mail'] = array('#type' => 'textfield', '#title' => t('E-mail address'), '#default_value' => $edit['mail'], '#size' => 30, '#maxlength' => 64, '#description' => t('A password and instructions will be sent to this e-mail address, so make sure it is accurate.'), '#required' => TRUE); + $form['name'] = array('#type' => 'textfield', '#title' => t('Username'), '#size' => 30, '#maxlength' => 64, '#description' => t('Your full name or your preferred username; only letters, numbers and spaces are allowed.'), '#required' => TRUE); + $form['mail'] = array('#type' => 'textfield', '#title' => t('E-mail address'), '#size' => 30, '#maxlength' => 64, '#description' => t('A password and instructions will be sent to this e-mail address, so make sure it is accurate.'), '#required' => TRUE); if ($admin) { - $form['pass'] = array('#type' => 'password', '#title' => t('Password'), '#default_value' => $edit['pass'], '#size' => 30, '#maxlength' => 55, '#description' => t('Provide a password for the new account.'), '#required' => TRUE); + $form['pass'] = array('#type' => 'password', '#title' => t('Password'), '#size' => 30, '#maxlength' => 55, '#description' => t('Provide a password for the new account.'), '#required' => TRUE); } - $extra = _user_forms($edit, $account, $category, 'register'); + $extra = _user_forms($null, $null, $null, 'register'); // Only display form_group around default fields if there are other groups. if ($extra) { - $form['account'] = array('#type' => 'fieldset', '#value' => t('Account information')); + $form['account'] = array('#type' => 'fieldset', '#title' => t('Account information')); $form['account']['name'] = $form['name']; $form['account']['mail'] = $form['mail']; $form['account']['pass'] = $form['pass']; @@ -1150,6 +1094,65 @@ function user_register($edit = array()) { return drupal_get_form('user_register', $form); } +function user_register_validate($form_id, $form_values) { + user_module_invoke('validate', $form_values, $form_values, 'account'); +} + +function user_register_execute($form_id, $form_values) { + global $base_url; + + $admin = user_access('administer users'); + + $mail = $form_values['mail']; + $name = $form_values['name']; + $pass = $admin ? $form_values['pass'] : user_password(); + $from = variable_get('site_mail', ini_get('sendmail_from')); + + if (!$admin && array_intersect(array_keys($form_values), array('uid', 'roles', 'init', 'session', 'status'))) { + watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING); + drupal_goto('user/register'); + } + $account = user_save('', array_merge($form_values, array('pass' => $pass, 'init' => $mail, 'roles' => array('authenticated user' => _user_authenticated_id()), 'status' => $admin || variable_get('user_register', 1)))); + watchdog('user', t('New user: %name %email.', array('%name' => theme('placeholder', $name), '%email' => theme('placeholder', '<'. $mail .'>'))), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $account->uid .'/edit')); + + $variables = array('%username' => $name, '%site' => variable_get('site_name', 'drupal'), '%password' => $pass, '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $mail, '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE), '%login_url' => user_pass_reset_url($account)); + + // The first user may login immediately, and receives a customized welcome e-mail. + if ($account->uid == 1) { + user_mail($mail, t('drupal user account details for %s', array('%s' => $name)), strtr(t("%username,\n\nYou may now login to %uri using the following username and password:\n\n username: %username\n password: %password\n\n%edit_uri\n\n--drupal"), $variables), "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); + // This should not be t()'ed. No point as its only shown once in the sites lifetime, and it would be bad to store the password. + $form['instructions'] = array('#type' => 'markup', '#value' => "Welcome to Drupal. You are user #1, which gives you full and immediate access. All future registrants will receive their passwords via e-mail, so please configure your e-mail settings using the Administration pages.
Your password is $pass. You may change your password on the next page.
Please login below.
"); + $form['#action'] = url('user', 'destination=user/1/edit'); + $form['name'] = array('#type' => 'hidden', '#value' => $account->name); + $form['pass'] = array('#type' => 'hidden', '#value' => $pass); + $form['submit'] = array('#type' => 'submit', '#value' => t('Log in')); + return drupal_get_form('user_register', $form); + } + else { + if ($admin) { + drupal_set_message(t('Created a new user account. No e-mail has been sent.')); + + drupal_goto('admin/user'); + } + else if ($account->status) { + // Create new user account, no administrator approval required. + $subject = _user_mail_text('welcome_subject', $variables); + $body = _user_mail_text('welcome_body', $variables); + user_mail($mail, $subject, $body, "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); + return t('Your password and further instructions have been sent to your e-mail address.'); + } + else { + // Create new user account, administrator approval required. + $subject = _user_mail_text('approval_subject', $variables); + $body = _user_mail_text('approval_body', $variables); + + user_mail($mail, $subject, $body, "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); + user_mail(variable_get('site_mail', ini_get('sendmail_from')), $subject, t("%u has applied for an account.\n\n%uri", array('%u' => $account->name, '%uri' => url("user/$account->uid/edit", NULL, NULL, TRUE))), "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); + return t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.$msg
"; + $form['message'] = array('#value' => "$msg
"); } $form['name'] = array('#type' => 'textfield', '#title' => t('Username'), '#size' => 30, '#maxlength' => 64, '#required' => TRUE); if (count(user_auth_help_links()) > 0) { @@ -889,10 +849,40 @@ function user_login($edit = array(), $msg = '') { return drupal_get_form('user_login', $form); } -function user_login_execute($form) { - global $form_values; - if (!isset($form_values['error'])) { - return user_login($form_values); +function user_login_validate($form_id, $form_values) { + if (isset($form_values['name'])) { + if (user_is_blocked($form_values['name'])) { + // blocked in user administration + form_set_error('login', t('The username %name has been blocked.', array('%name' => theme('placeholder', $form_values['name'])))); + } + else if (drupal_is_denied('user', $form_values['name'])) { + // denied by access controls + form_set_error('login', t('The name %name is a reserved username.', array('%name' => theme('placeholder', $form_values['name'])))); + } + else if ($form_values['pass']) { + + $user = user_authenticate($form_values['name'], trim($form_values['pass'])); + + if (!$user->uid) { + form_set_error('login', t('Sorry. Unrecognized username or password.') .' '. l(t('Have you forgotten your password?'), 'user/password')); + watchdog('user', t('Login attempt failed for %user: %error.', array('%user' => theme('placeholder', $form_values['name']), '%error' => theme('placeholder', $error)))); + } + } + } +} + +function user_login_execute($form_id, $form_values) { + global $user; + if ($user->uid) { + watchdog('user', t('Session opened for %name.', array('%name' => theme('placeholder', $user->name)))); + + // Update the user table timestamp noting user has logged in. + db_query("UPDATE {users} SET login = %d WHERE uid = '%s'", time(), $user->uid); + + user_module_invoke('login', $form_values, $user); + + // Redirect the user to the page he logged on from. + drupal_goto(); } } @@ -964,48 +954,55 @@ function user_logout() { } function user_pass() { - global $base_url; - $edit = isset($_POST['edit']) ? $_POST['edit'] : ''; - if ($edit['name'] && !($account = user_load(array('name' => $edit['name'], 'status' => 1)))) { - form_set_error('name', t('Sorry. The username %name is not recognized.', array('%name' => theme('placeholder', $edit['name'])))); - } - else if ($edit['mail'] && !($account = user_load(array('mail' => $edit['mail'], 'status' => 1)))) { - form_set_error('mail', t('Sorry. The e-mail address %email is not recognized.', array('%email' => theme('placeholder', $edit['mail'])))); - } - if ($account) { - $from = variable_get('site_mail', ini_get('sendmail_from')); + // Display form: + $form['name'] = array('#type' => 'textfield', '#title' => t('Username'), '#size' => 30, '#maxlength' => 64); + $form['mail'] = array('#type' => 'textfield', '#title' => t('E-mail address'), '#size' => 30, '#maxlength' => 64); + $form['submit'] = array('#type' => 'submit', '#value' => t('E-mail new password'), '#weight' => 2); + return drupal_get_form('user_pass', $form); +} - // Mail one time login URL and instructions. - $variables = array('%username' => $account->name, '%site' => variable_get('site_name', 'drupal'), '%login_url' => user_pass_reset_url($account), '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $account->mail, '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE)); - $subject = _user_mail_text('pass_subject', $variables); - $body = _user_mail_text('pass_body', $variables); - $headers = "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"; - $mail_success = user_mail($account->mail, $subject, $body, $headers); +function user_pass_validate() { + global $form_values; - if ($mail_success) { - watchdog('user', t('Password reset instructions mailed to %name at %email.', array('%name' => ''. $account->name .'', '%email' => ''. $account->mail .''))); - drupal_set_message(t('Further instructions have been sent to your e-mail address.')); - } - else { - watchdog('user', t('Error mailing password reset instructions to %name at %email.', array('%name' => theme('placeholder', $account->name), '%email' => theme('placeholder', $account->mail))), WATCHDOG_ERROR); - drupal_set_message(t('Unable to send mail. Please contact the site admin.')); - } - drupal_goto('user'); + $name = $form_values['name']; + $mail = $form_values['mail']; + if ($name && !($form_values['account'] = user_load(array('name' => $name, 'status' => 1)))) { + form_set_error('name', t('Sorry. The username %name is not recognized.', array('%name' => theme('placeholder', $name)))); } - else { - if ($edit) { - drupal_set_message(t('You must provide either a username or e-mail address.'), 'error'); - } - // Display form: - $form['name'] = array('#type' => 'textfield', '#title' => t('Username'), '#default_value' => $edit['name'], '#size' => 30, '#maxlength' => 64); - $form['mail'] = array('#type' => 'textfield', '#title' => t('E-mail address'), '#default_value' => $edit['mail'], '#size' => 30, '#maxlength' => 64); - $form['submit'] = array('#type' => 'submit', '#value' => t('E-mail new password')); - return drupal_get_form('user_logout', $form); + else if ($mail && !($form_values['account'] = user_load(array('mail' => $mail, 'status' => 1)))) { + form_set_error('mail', t('Sorry. The e-mail address %email is not recognized.', array('%email' => theme('placeholder', $mail)))); + } + else if (!$mail && !$name) { + form_set_error('password', t('You must provide either a username or e-mail address.')); } } -function theme_user_logout($form) { +function user_pass_execute($form_id, $form_values) { + global $base_url; + + $account = $form_values['account']; + $from = variable_get('site_mail', ini_get('sendmail_from')); + + // Mail one time login URL and instructions. + $variables = array('%username' => $account->name, '%site' => variable_get('site_name', 'drupal'), '%login_url' => user_pass_reset_url($account), '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $account->mail, '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE)); + $subject = _user_mail_text('pass_subject', $variables); + $body = _user_mail_text('pass_body', $variables); + $headers = "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"; + $mail_success = user_mail($account->mail, $subject, $body, $headers); + + if ($mail_success) { + watchdog('user', t('Password reset instructions mailed to %name at %email.', array('%name' => ''. $account->name .'', '%email' => ''. $account->mail .''))); + drupal_set_message(t('Further instructions have been sent to your e-mail address.')); + } + else { + watchdog('user', t('Error mailing password reset instructions to %name at %email.', array('%name' => theme('placeholder', $account->name), '%email' => theme('placeholder', $account->mail))), WATCHDOG_ERROR); + drupal_set_message(t('Unable to send mail. Please contact the site admin.')); + } + drupal_goto('user'); +} + +function theme_user_pass($form) { $output = ''. t('Enter your username or your e-mail address.') .'
'; $output .= form_render($form); return $output; @@ -1055,8 +1052,8 @@ function user_pass_rehash($password, $timestamp, $login) { return md5($timestamp . $password . $login); } -function user_register($edit = array()) { - global $user, $base_url; +function user_register() { + global $user; $admin = user_access('administer users'); @@ -1065,78 +1062,25 @@ function user_register($edit = array()) { drupal_goto('user/'. $user->uid); } - if ($edit) { - user_module_invoke('validate', $edit, $edit, 'account'); - - if (!form_get_errors()) { - $from = variable_get('site_mail', ini_get('sendmail_from')); - $pass = $admin ? $edit['pass'] : user_password(); - - // TODO: Is this necessary? Won't session_write() replicate this? - unset($edit['session']); - if (!$admin && array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session', 'status'))) { - watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING); - drupal_goto('user/register'); - } - $account = user_save('', array_merge($edit, array('pass' => $pass, 'init' => $edit['mail'], 'roles' => array('authenticated user' => _user_authenticated_id()), 'status' => $admin || variable_get('user_register', 1)))); - watchdog('user', t('New user: %name %email.', array('%name' => theme('placeholder', $edit['name']), '%email' => theme('placeholder', '<'. $edit['mail'] .'>'))), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $account->uid .'/edit')); - - $variables = array('%username' => $edit['name'], '%site' => variable_get('site_name', 'drupal'), '%password' => $pass, '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $edit['mail'], '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE), '%login_url' => user_pass_reset_url($account)); - - // The first user may login immediately, and receives a customized welcome e-mail. - if ($account->uid == 1) { - user_mail($edit['mail'], t('drupal user account details for %s', array('%s' => $edit['name'])), strtr(t("%username,\n\nYou may now login to %uri using the following username and password:\n\n username: %username\n password: %password\n\n%edit_uri\n\n--drupal"), $variables), "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); - // This should not be t()'ed. No point as its only shown once in the sites lifetime, and it would be bad to store the password. - $form['instructions'] = array('#type' => 'markup', '#value' => "Welcome to Drupal. You are user #1, which gives you full and immediate access. All future registrants will receive their passwords via e-mail, so please configure your e-mail settings using the Administration pages.
Your password is $pass. You may change your password on the next page.
Please login below.
"); - $form['#action'] = url('user', 'destination=user/1/edit'); - $form['name'] = array('#type' => 'hidden', '#value' => $account->name); - $form['pass'] = array('#type' => 'hidden', '#value' => $pass); - $form['submit'] = array('#type' => 'submit', '#value' => t('Log in')); - return drupal_get_form('user_register', $form); - } - else { - if ($admin) { - drupal_set_message(t('Created a new user account. No e-mail has been sent.')); - - drupal_goto('admin/user'); - } - else if ($account->status) { - // Create new user account, no administrator approval required. - $subject = _user_mail_text('welcome_subject', $variables); - $body = _user_mail_text('welcome_body', $variables); - user_mail($edit['mail'], $subject, $body, "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); - return t('Your password and further instructions have been sent to your e-mail address.'); - } - else { - // Create new user account, administrator approval required. - $subject = _user_mail_text('approval_subject', $variables); - $body = _user_mail_text('approval_body', $variables); - - user_mail($edit['mail'], $subject, $body, "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); - user_mail(variable_get('site_mail', ini_get('sendmail_from')), $subject, t("%u has applied for an account.\n\n%uri", array('%u' => $account->name, '%uri' => url("user/$account->uid/edit", NULL, NULL, TRUE))), "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); - return t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.'. t('Note: if you have an account with one of our affiliates (%s), you may login now instead of registering.', array('%s' => $affiliates, '%login_uri' => url('user'))) .'
'); } - $form['name'] = array('#type' => 'textfield', '#title' => t('Username'), '#default_value' => $edit['name'], '#size' => 30, '#maxlength' => 64, '#description' => t('Your full name or your preferred username; only letters, numbers and spaces are allowed.'), '#required' => TRUE); - $form['mail'] = array('#type' => 'textfield', '#title' => t('E-mail address'), '#default_value' => $edit['mail'], '#size' => 30, '#maxlength' => 64, '#description' => t('A password and instructions will be sent to this e-mail address, so make sure it is accurate.'), '#required' => TRUE); + $form['name'] = array('#type' => 'textfield', '#title' => t('Username'), '#size' => 30, '#maxlength' => 64, '#description' => t('Your full name or your preferred username; only letters, numbers and spaces are allowed.'), '#required' => TRUE); + $form['mail'] = array('#type' => 'textfield', '#title' => t('E-mail address'), '#size' => 30, '#maxlength' => 64, '#description' => t('A password and instructions will be sent to this e-mail address, so make sure it is accurate.'), '#required' => TRUE); if ($admin) { - $form['pass'] = array('#type' => 'password', '#title' => t('Password'), '#default_value' => $edit['pass'], '#size' => 30, '#maxlength' => 55, '#description' => t('Provide a password for the new account.'), '#required' => TRUE); + $form['pass'] = array('#type' => 'password', '#title' => t('Password'), '#size' => 30, '#maxlength' => 55, '#description' => t('Provide a password for the new account.'), '#required' => TRUE); } - $extra = _user_forms($edit, $account, $category, 'register'); + $extra = _user_forms($null, $null, $null, 'register'); // Only display form_group around default fields if there are other groups. if ($extra) { - $form['account'] = array('#type' => 'fieldset', '#value' => t('Account information')); + $form['account'] = array('#type' => 'fieldset', '#title' => t('Account information')); $form['account']['name'] = $form['name']; $form['account']['mail'] = $form['mail']; $form['account']['pass'] = $form['pass']; @@ -1150,6 +1094,65 @@ function user_register($edit = array()) { return drupal_get_form('user_register', $form); } +function user_register_validate($form_id, $form_values) { + user_module_invoke('validate', $form_values, $form_values, 'account'); +} + +function user_register_execute($form_id, $form_values) { + global $base_url; + + $admin = user_access('administer users'); + + $mail = $form_values['mail']; + $name = $form_values['name']; + $pass = $admin ? $form_values['pass'] : user_password(); + $from = variable_get('site_mail', ini_get('sendmail_from')); + + if (!$admin && array_intersect(array_keys($form_values), array('uid', 'roles', 'init', 'session', 'status'))) { + watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING); + drupal_goto('user/register'); + } + $account = user_save('', array_merge($form_values, array('pass' => $pass, 'init' => $mail, 'roles' => array('authenticated user' => _user_authenticated_id()), 'status' => $admin || variable_get('user_register', 1)))); + watchdog('user', t('New user: %name %email.', array('%name' => theme('placeholder', $name), '%email' => theme('placeholder', '<'. $mail .'>'))), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $account->uid .'/edit')); + + $variables = array('%username' => $name, '%site' => variable_get('site_name', 'drupal'), '%password' => $pass, '%uri' => $base_url, '%uri_brief' => substr($base_url, strlen('http://')), '%mailto' => $mail, '%date' => format_date(time()), '%login_uri' => url('user', NULL, NULL, TRUE), '%edit_uri' => url('user/'. $account->uid .'/edit', NULL, NULL, TRUE), '%login_url' => user_pass_reset_url($account)); + + // The first user may login immediately, and receives a customized welcome e-mail. + if ($account->uid == 1) { + user_mail($mail, t('drupal user account details for %s', array('%s' => $name)), strtr(t("%username,\n\nYou may now login to %uri using the following username and password:\n\n username: %username\n password: %password\n\n%edit_uri\n\n--drupal"), $variables), "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); + // This should not be t()'ed. No point as its only shown once in the sites lifetime, and it would be bad to store the password. + $form['instructions'] = array('#type' => 'markup', '#value' => "Welcome to Drupal. You are user #1, which gives you full and immediate access. All future registrants will receive their passwords via e-mail, so please configure your e-mail settings using the Administration pages.
Your password is $pass. You may change your password on the next page.
Please login below.
"); + $form['#action'] = url('user', 'destination=user/1/edit'); + $form['name'] = array('#type' => 'hidden', '#value' => $account->name); + $form['pass'] = array('#type' => 'hidden', '#value' => $pass); + $form['submit'] = array('#type' => 'submit', '#value' => t('Log in')); + return drupal_get_form('user_register', $form); + } + else { + if ($admin) { + drupal_set_message(t('Created a new user account. No e-mail has been sent.')); + + drupal_goto('admin/user'); + } + else if ($account->status) { + // Create new user account, no administrator approval required. + $subject = _user_mail_text('welcome_subject', $variables); + $body = _user_mail_text('welcome_body', $variables); + user_mail($mail, $subject, $body, "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); + return t('Your password and further instructions have been sent to your e-mail address.'); + } + else { + // Create new user account, administrator approval required. + $subject = _user_mail_text('approval_subject', $variables); + $body = _user_mail_text('approval_body', $variables); + + user_mail($mail, $subject, $body, "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); + user_mail(variable_get('site_mail', ini_get('sendmail_from')), $subject, t("%u has applied for an account.\n\n%uri", array('%u' => $account->name, '%uri' => url("user/$account->uid/edit", NULL, NULL, TRUE))), "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); + return t('Thank you for applying for an account. Your account is currently pending approval by the site administrator.