Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Applied user.module patch from Marco's sandbox. 

- Added profile.module written by Marco.
4.1.x
Dries Buytaert 2002-08-08 18:52:55 +00:00
parent b8c815d245
commit f5173ef233
4 changed files with 588 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

281
modules/profile.module Normal file
View File

@ -0,0 +1,281 @@
<?php
function _profile_init() {
/*
** Add here any field you might need. Leave array[0] blank if you
** need a special tool (like birthday or avatar).
** TODO: add a clear description/explanation.
*/
$GLOBALS["profile_fields"] = array(
"address" => array("textfield", t("Address"), "", 64, 64, t("Your address: street and number.")),
"city" => array("textfield", t("City"), "", 64, 64, t("Your city.")),
"state" => array("textfield", t("State"), "", 4, 2, t("Your state as a two letter code.")),
"zip" => array("textfield", t("Zip"), "", 7, 5, t("Your ZIP code.")),
"birthday" => array("", t("Birthday"), ""),
"gender" => array("select", t("Gender"), "", array(0 => "-", "m" => t("male"), "f" => t("female")), "", 0, 0),
"job" => array("textfield", t("Job title"), "", 64, 64, t("Your job title or position.")),
"icq" => array("textfield", t("ICQ messenger ID"), "", 12, 12, ""),
"msn" => array("textfield", t("MSN messenger ID"), "", 64, 64, ""),
"yahoo" => array("textfield", t("Yahoo messenger ID"), "", 64, 64, ""),
"aim" => array("textfield", t("AIM messenger ID"), "", 64, 64, ""),
"homepage" => array("textfield", t("URL of homepage"), "", 64, 64, t("Make sure you enter a fully qualified URL: remember to include \"http://\".")),
"biography" => array("textarea", t("Biography"), "", 64, 4, ""),
"interests" => array("textarea", t("Interests"), "", 64, 4, t("What you like.")),
"publickey" => array("textarea", t("Public key"), "", 64, 4, ""),
"avatar" => array("", t("Avatar or picture"), t("Your virtual face or picture."))
);
$GLOBALS["profile_days"][0] = t("day");
for ($n=1; $n<=31; $n++) {
$GLOBALS["profile_days"][$n] = $n;
}
$GLOBALS["profile_months"] = array(0 => t("month"), 1 => t("January"), 2 => t("February"), 3 => t("March"), 4 => t("April"), 5 => t("May"), 6 => t("June"), 7 => t("July"), 8 => t("August"), 9 => t("September"), 10 => t("October"), 11 => t("November"), 12 => t("December"));
}
function profile_system($field){
$system["description"] = t("Support for configurable user profiles.");
return $system[$field];
}
function profile_conf_options() {
global $profile_fields;
if (!$profile_fields) {
_profile_init();
}
foreach ($profile_fields as $key => $field) {
$fields[$key] = $field[1];
}
$output .= form_select(t("Registration time fields"), "profile_register_fields", variable_get("profile_register_fields", array()), $fields, t("The fields users will be able to set at registration time. Any required fields (see below) must appear here too."), "size=\"6\"", 1);
$output .= form_select(t("Required fields"), "profile_required_fields", variable_get("profile_required_fields", array()), $fields, t("The fields users that are required to be set."), "size=\"6\"", 1);
$output .= form_select(t("Publicly accessible fields"), "profile_public_fields", variable_get("profile_public_fields", array()), $fields, t("The fields users will be able to set and that will be publicly visible."), "size=\"6\"", 1);
$output .= form_select(t("Private fields"), "profile_private_fields", variable_get("profile_private_fields", array()), $fields, t("The fields users will be able to set, but which are kept private."), "size=\"6\"", 1);
$output .= form_textfield(t("Avatar image path"), "profile_avatar_path", variable_get("profile_avatar_path", "misc/avatars/"), 30, 255, t("Path for avatar directory; it must be writeable and visible from the web."));
$output .= form_textfield(t("Avatar max size"), "profile_avatar_size", variable_get("profile_avatar_size", "85x85"), 10, 10, t("Maximum size for avatars."));
$output .= form_textfield(t("Avatar max filesize"), "profile_avatar_filesize", variable_get("profile_avatar_filesize", "30"), 10, 10, t("Maximum filesize for avatars, in kb."));
return $output;
}
function profile_user($type, $edit, &$user) {
global $profile_fields;
if (!$profile_fields) {
_profile_init();
}
switch ($type) {
case "register_form":
// first registration form (to add something to just email and nick)
return _profile_form($edit, "register");
case "register_validate":
// validate first registration form
return _profile_validate($edit, "required");
case "edit_form":
// when user tries to edit his own data
return _profile_form(object2array($user), "private");
case "edit_validate":
// validate user data editing
return _profile_validate($edit, "private");
case "view_public":
// when others look at user data
return _profile_user_view($user, "public");
case "view_private":
// when user looks at his own data
return _profile_user_view($user, "private");
}
}
function profile_required($title) {
// this pleads "theme_invoke, theme_invoke" ;)
return $title ." <span style=\"color: red;\">*</span>";
}
function _profile_form($edit, $mode) {
global $profile_fields, $user;
$reg_fields = _profile_active_fields($mode);
$required_fields = _profile_active_fields("required");
foreach ($profile_fields as $name => $field) {
if ($field[0] && in_array($name, $reg_fields)) {
$f = "form_".$field[0];
$t = "profile_".$name;
$output .= $f((in_array($name, $required_fields) ? profile_required($field[1]) : $field[1]), $t, $edit[$t], $field[3], $field[4], $field[5], $field[6]);
}
}
if (in_array("birthday", $reg_fields)) {
$output .= form_item((in_array("birthday", $required_fields) ? profile_required($profile_fields["birthday"][1]) : $profile_fields["birthday"][1]), _profile_edit_birth(array2object($edit)), $profile_fields["birthday"][2]);
}
if (in_array("avatar", $reg_fields)) {
if ($edit["profile_avatar"] && $edit["uid"]) {
$file = profile_avatar_path($edit["uid"], $edit["profile_avatar"]);
if ($file) {
$output .= "<img src=\"$file\"><br />";
}
}
$output .= form_file($profile_fields["avatar"][1], "profile_avatar", 64, $profile_fields["avatar"][2]);
}
return $output;
}
function _profile_validate($edit, $mode) {
global $profile_fields, $user, $HTTP_POST_VARS;
$req_fields = _profile_active_fields($mode);
if (in_array("birthday", $req_fields) && ($birth_error = _profile_validate_birth($edit))) {
$error .= $birth_error."<br />";
}
if (in_array("avatar", $req_fields) && ($avatar_error = _profile_validate_avatar($edit))) {
$error .= $avatar_error."<br />";
}
foreach (array_keys($profile_fields) as $field) {
// replicate any key which was saved during registration but is not in this form
if (!$edit[$field] && $user->$field) {
$edit[$field] = $user->$field;
}
}
// now check for required fields
foreach(_profile_active_fields("required") as $required) {
if (in_array($required, $req_fields)) {
if (!$edit["profile_".$required]) {
$error .= t("This required field is missing: %a", array("%a" => $profile_fields[$required][1]))."<br />";
}
}
}
if ($error) {
return $error;
}
else {
return $edit;
}
}
function _profile_user_view(&$user, $mode) {
global $profile_fields;
foreach (_profile_active_fields($mode) as $name) {
$field = $profile_fields[$name];
$t = "profile_".$name;
switch ($field[0]) {
case "textfield":
case "textarea":
case "checkbox":
if (isset($user->$t)) {
$output .= form_item($field[1], check_output($user->$t));
}
break;
case "select":
if (isset($user->$t)) {
$output .= form_item($field[1], check_output($profile_fields[$name][3][$user->$t]));
}
break;
case "":
// special
if ($t == "profile_avatar") {
if (isset($user->$t)) {
$file = profile_avatar_path($user->uid, $user->profile_avatar);
if (file_exists($file)) {
$output .= form_item(t("Avatar"), "<img src=\"$file\" />");
}
}
}
if ($t == "profile_birthday") {
if (isset($user->profile_birthday) && isset($user->profile_birthmonth) && isset($user->profile_birthyear)) {
// this is very european-centric, can we use format_date?
$output .= form_item(t("Birthday"), $user->profile_birthday."/".$user->profile_birthmonth."/".$user->profile_birthyear);
}
}
}
}
return $output;
}
function _profile_validate_avatar(&$edit) {
global $HTTP_POST_FILES, $user;
// check that uploaded file is an image, with a max file size and max height/width
unset($edit["profile_avatar"]);
if ($HTTP_POST_FILES["edit"]["name"]["profile_avatar"] == "") {
$edit["profile_avatar"] = $user->profile_avatar;
return "";
}
$image_file = $HTTP_POST_FILES["edit"]["tmp_name"]["profile_avatar"];
if (is_uploaded_file($image_file)) {
$extension = strtolower(strrchr($HTTP_POST_FILES["edit"]["name"]["profile_avatar"], "."));
$size = getimagesize($image_file);
list($maxwidth, $maxheight) = explode("x", variable_get("profile_avatar_size", "85x85"));
if ((!in_array($size[2], array(1,2,3))) || (!in_array($extension, array(".gif", ".jpg", ".png", ".jpeg")))) {
$error = t("uploaded file was not an image.");
} else if (filesize($image_file) > (variable_get("profile_avatar_filesize", "30")*1000)) {
$error = t("uploaded image is too large, max %a kb.", array("%a" => variable_get("profile_avatar_filesize", "30")));
} else if ($size[0] > $maxwidth || $size[1] > $maxheight) {
$error = t("uploaded image is too large, max %a.", array("%a" => variable_get("profile_avatar_size", "85x85")));
}
else if (!copy($image_file, variable_get("profile_avatar_path", "misc/avatars/").md5($user->uid).$extension)) {
$error = t("error in file upload");
}
else {
$edit["profile_avatar"] = $extension;
}
}
return $error ? $error."<br />" : "";
}
function profile_avatar_path($uid, $extension) {
return $extension ? variable_get("profile_avatar_path", "misc/avatars/").md5($uid).$extension : "";
}
function _profile_active_fields($mode) {
return variable_get("profile_".$mode."_fields", array());
}
function _profile_edit_birth($edit = "") {
global $profile_months, $profile_days;
$output .= _profile_select("profile_birthday", $edit->profile_birthday, $profile_days);
$output .= "&nbsp;";
$output .= _profile_select("profile_birthmonth", $edit->profile_birthmonth, $profile_months);
$output .= "&nbsp;";
$output .= "<input maxlength=\"4\" name=\"edit[profile_birthyear]\" size=\"5\" value=\"$edit->profile_birthyear\" />";
return $output;
}
function _profile_validate_birth(&$edit) {
if (!$edit["profile_birthday"] && !$edit["profile_birthmonth"] && !$edit["profile_birthyear"]) {
// change this if you want required birth
return;
}
if ($edit["profile_birthyear"] > 1900 && checkdate($edit["profile_birthmonth"], $edit["profile_birthday"], $edit["profile_birthyear"])) {
return;
}
else {
return t("The specified birthday is not valid.")."<br />";
}
}
function _profile_select($name, $value, $options, $extra = 0, $multiple = 0) {
if (count($options) > 0) {
foreach ($options as $key=>$choice) {
$select .= "<option value=\"$key\"". (is_array($value) ? (in_array($key, $value) ? " selected=\"selected\"" : "") : ($key == $value ? " selected=\"selected\"" : "")) .">". check_form($choice) ."</option>";
}
return "<select name=\"edit[$name]". ($multiple ? "[]" : "") ."\"". ($multiple ? " multiple " : "") . ($extra ? " $extra" : "") .">$select</select>";
}
}
?>

281
modules/profile/profile.module Normal file
View File

@ -0,0 +1,281 @@
<?php
function _profile_init() {
/*
** Add here any field you might need. Leave array[0] blank if you
** need a special tool (like birthday or avatar).
** TODO: add a clear description/explanation.
*/
$GLOBALS["profile_fields"] = array(
"address" => array("textfield", t("Address"), "", 64, 64, t("Your address: street and number.")),
"city" => array("textfield", t("City"), "", 64, 64, t("Your city.")),
"state" => array("textfield", t("State"), "", 4, 2, t("Your state as a two letter code.")),
"zip" => array("textfield", t("Zip"), "", 7, 5, t("Your ZIP code.")),
"birthday" => array("", t("Birthday"), ""),
"gender" => array("select", t("Gender"), "", array(0 => "-", "m" => t("male"), "f" => t("female")), "", 0, 0),
"job" => array("textfield", t("Job title"), "", 64, 64, t("Your job title or position.")),
"icq" => array("textfield", t("ICQ messenger ID"), "", 12, 12, ""),
"msn" => array("textfield", t("MSN messenger ID"), "", 64, 64, ""),
"yahoo" => array("textfield", t("Yahoo messenger ID"), "", 64, 64, ""),
"aim" => array("textfield", t("AIM messenger ID"), "", 64, 64, ""),
"homepage" => array("textfield", t("URL of homepage"), "", 64, 64, t("Make sure you enter a fully qualified URL: remember to include \"http://\".")),
"biography" => array("textarea", t("Biography"), "", 64, 4, ""),
"interests" => array("textarea", t("Interests"), "", 64, 4, t("What you like.")),
"publickey" => array("textarea", t("Public key"), "", 64, 4, ""),
"avatar" => array("", t("Avatar or picture"), t("Your virtual face or picture."))
);
$GLOBALS["profile_days"][0] = t("day");
for ($n=1; $n<=31; $n++) {
$GLOBALS["profile_days"][$n] = $n;
}
$GLOBALS["profile_months"] = array(0 => t("month"), 1 => t("January"), 2 => t("February"), 3 => t("March"), 4 => t("April"), 5 => t("May"), 6 => t("June"), 7 => t("July"), 8 => t("August"), 9 => t("September"), 10 => t("October"), 11 => t("November"), 12 => t("December"));
}
function profile_system($field){
$system["description"] = t("Support for configurable user profiles.");
return $system[$field];
}
function profile_conf_options() {
global $profile_fields;
if (!$profile_fields) {
_profile_init();
}
foreach ($profile_fields as $key => $field) {
$fields[$key] = $field[1];
}
$output .= form_select(t("Registration time fields"), "profile_register_fields", variable_get("profile_register_fields", array()), $fields, t("The fields users will be able to set at registration time. Any required fields (see below) must appear here too."), "size=\"6\"", 1);
$output .= form_select(t("Required fields"), "profile_required_fields", variable_get("profile_required_fields", array()), $fields, t("The fields users that are required to be set."), "size=\"6\"", 1);
$output .= form_select(t("Publicly accessible fields"), "profile_public_fields", variable_get("profile_public_fields", array()), $fields, t("The fields users will be able to set and that will be publicly visible."), "size=\"6\"", 1);
$output .= form_select(t("Private fields"), "profile_private_fields", variable_get("profile_private_fields", array()), $fields, t("The fields users will be able to set, but which are kept private."), "size=\"6\"", 1);
$output .= form_textfield(t("Avatar image path"), "profile_avatar_path", variable_get("profile_avatar_path", "misc/avatars/"), 30, 255, t("Path for avatar directory; it must be writeable and visible from the web."));
$output .= form_textfield(t("Avatar max size"), "profile_avatar_size", variable_get("profile_avatar_size", "85x85"), 10, 10, t("Maximum size for avatars."));
$output .= form_textfield(t("Avatar max filesize"), "profile_avatar_filesize", variable_get("profile_avatar_filesize", "30"), 10, 10, t("Maximum filesize for avatars, in kb."));
return $output;
}
function profile_user($type, $edit, &$user) {
global $profile_fields;
if (!$profile_fields) {
_profile_init();
}
switch ($type) {
case "register_form":
// first registration form (to add something to just email and nick)
return _profile_form($edit, "register");
case "register_validate":
// validate first registration form
return _profile_validate($edit, "required");
case "edit_form":
// when user tries to edit his own data
return _profile_form(object2array($user), "private");
case "edit_validate":
// validate user data editing
return _profile_validate($edit, "private");
case "view_public":
// when others look at user data
return _profile_user_view($user, "public");
case "view_private":
// when user looks at his own data
return _profile_user_view($user, "private");
}
}
function profile_required($title) {
// this pleads "theme_invoke, theme_invoke" ;)
return $title ." <span style=\"color: red;\">*</span>";
}
function _profile_form($edit, $mode) {
global $profile_fields, $user;
$reg_fields = _profile_active_fields($mode);
$required_fields = _profile_active_fields("required");
foreach ($profile_fields as $name => $field) {
if ($field[0] && in_array($name, $reg_fields)) {
$f = "form_".$field[0];
$t = "profile_".$name;
$output .= $f((in_array($name, $required_fields) ? profile_required($field[1]) : $field[1]), $t, $edit[$t], $field[3], $field[4], $field[5], $field[6]);
}
}
if (in_array("birthday", $reg_fields)) {
$output .= form_item((in_array("birthday", $required_fields) ? profile_required($profile_fields["birthday"][1]) : $profile_fields["birthday"][1]), _profile_edit_birth(array2object($edit)), $profile_fields["birthday"][2]);
}
if (in_array("avatar", $reg_fields)) {
if ($edit["profile_avatar"] && $edit["uid"]) {
$file = profile_avatar_path($edit["uid"], $edit["profile_avatar"]);
if ($file) {
$output .= "<img src=\"$file\"><br />";
}
}
$output .= form_file($profile_fields["avatar"][1], "profile_avatar", 64, $profile_fields["avatar"][2]);
}
return $output;
}
function _profile_validate($edit, $mode) {
global $profile_fields, $user, $HTTP_POST_VARS;
$req_fields = _profile_active_fields($mode);
if (in_array("birthday", $req_fields) && ($birth_error = _profile_validate_birth($edit))) {
$error .= $birth_error."<br />";
}
if (in_array("avatar", $req_fields) && ($avatar_error = _profile_validate_avatar($edit))) {
$error .= $avatar_error."<br />";
}
foreach (array_keys($profile_fields) as $field) {
// replicate any key which was saved during registration but is not in this form
if (!$edit[$field] && $user->$field) {
$edit[$field] = $user->$field;
}
}
// now check for required fields
foreach(_profile_active_fields("required") as $required) {
if (in_array($required, $req_fields)) {
if (!$edit["profile_".$required]) {
$error .= t("This required field is missing: %a", array("%a" => $profile_fields[$required][1]))."<br />";
}
}
}
if ($error) {
return $error;
}
else {
return $edit;
}
}
function _profile_user_view(&$user, $mode) {
global $profile_fields;
foreach (_profile_active_fields($mode) as $name) {
$field = $profile_fields[$name];
$t = "profile_".$name;
switch ($field[0]) {
case "textfield":
case "textarea":
case "checkbox":
if (isset($user->$t)) {
$output .= form_item($field[1], check_output($user->$t));
}
break;
case "select":
if (isset($user->$t)) {
$output .= form_item($field[1], check_output($profile_fields[$name][3][$user->$t]));
}
break;
case "":
// special
if ($t == "profile_avatar") {
if (isset($user->$t)) {
$file = profile_avatar_path($user->uid, $user->profile_avatar);
if (file_exists($file)) {
$output .= form_item(t("Avatar"), "<img src=\"$file\" />");
}
}
}
if ($t == "profile_birthday") {
if (isset($user->profile_birthday) && isset($user->profile_birthmonth) && isset($user->profile_birthyear)) {
// this is very european-centric, can we use format_date?
$output .= form_item(t("Birthday"), $user->profile_birthday."/".$user->profile_birthmonth."/".$user->profile_birthyear);
}
}
}
}
return $output;
}
function _profile_validate_avatar(&$edit) {
global $HTTP_POST_FILES, $user;
// check that uploaded file is an image, with a max file size and max height/width
unset($edit["profile_avatar"]);
if ($HTTP_POST_FILES["edit"]["name"]["profile_avatar"] == "") {
$edit["profile_avatar"] = $user->profile_avatar;
return "";
}
$image_file = $HTTP_POST_FILES["edit"]["tmp_name"]["profile_avatar"];
if (is_uploaded_file($image_file)) {
$extension = strtolower(strrchr($HTTP_POST_FILES["edit"]["name"]["profile_avatar"], "."));
$size = getimagesize($image_file);
list($maxwidth, $maxheight) = explode("x", variable_get("profile_avatar_size", "85x85"));
if ((!in_array($size[2], array(1,2,3))) || (!in_array($extension, array(".gif", ".jpg", ".png", ".jpeg")))) {
$error = t("uploaded file was not an image.");
} else if (filesize($image_file) > (variable_get("profile_avatar_filesize", "30")*1000)) {
$error = t("uploaded image is too large, max %a kb.", array("%a" => variable_get("profile_avatar_filesize", "30")));
} else if ($size[0] > $maxwidth || $size[1] > $maxheight) {
$error = t("uploaded image is too large, max %a.", array("%a" => variable_get("profile_avatar_size", "85x85")));
}
else if (!copy($image_file, variable_get("profile_avatar_path", "misc/avatars/").md5($user->uid).$extension)) {
$error = t("error in file upload");
}
else {
$edit["profile_avatar"] = $extension;
}
}
return $error ? $error."<br />" : "";
}
function profile_avatar_path($uid, $extension) {
return $extension ? variable_get("profile_avatar_path", "misc/avatars/").md5($uid).$extension : "";
}
function _profile_active_fields($mode) {
return variable_get("profile_".$mode."_fields", array());
}
function _profile_edit_birth($edit = "") {
global $profile_months, $profile_days;
$output .= _profile_select("profile_birthday", $edit->profile_birthday, $profile_days);
$output .= "&nbsp;";
$output .= _profile_select("profile_birthmonth", $edit->profile_birthmonth, $profile_months);
$output .= "&nbsp;";
$output .= "<input maxlength=\"4\" name=\"edit[profile_birthyear]\" size=\"5\" value=\"$edit->profile_birthyear\" />";
return $output;
}
function _profile_validate_birth(&$edit) {
if (!$edit["profile_birthday"] && !$edit["profile_birthmonth"] && !$edit["profile_birthyear"]) {
// change this if you want required birth
return;
}
if ($edit["profile_birthyear"] > 1900 && checkdate($edit["profile_birthmonth"], $edit["profile_birthday"], $edit["profile_birthyear"])) {
return;
}
else {
return t("The specified birthday is not valid.")."<br />";
}
}
function _profile_select($name, $value, $options, $extra = 0, $multiple = 0) {
if (count($options) > 0) {
foreach ($options as $key=>$choice) {
$select .= "<option value=\"$key\"". (is_array($value) ? (in_array($key, $value) ? " selected=\"selected\"" : "") : ($key == $value ? " selected=\"selected\"" : "")) .">". check_form($choice) ."</option>";
}
return "<select name=\"edit[$name]". ($multiple ? "[]" : "") ."\"". ($multiple ? " multiple " : "") . ($extra ? " $extra" : "") .">$select</select>";
}
}
?>

34
modules/user.module
View File

@ -47,7 +47,7 @@ function sess_gc($lifetime) {
/*** Common functions ******************************************************/
function user_external_load($authname) {
$arr_uid = db_query("SELECT uid FROM authmap WHERE authname = '$authname'");
$arr_uid = db_query("SELECT uid FROM authmap WHERE authname = '%s'", $authname);
if (db_fetch_object($arr_uid)) {
$uid = db_result($arr_uid);
@ -71,7 +71,7 @@ function user_load($array = array()) {
$query .= "u.$key = '". md5($value) ."' AND ";
}
else {
$query .= "u.$key = '". addslashes($value) ."' AND ";
$query .= "u.$key = '". check_query($value) ."' AND ";
}
}
$result = db_query("SELECT u.*, r.name AS role FROM users u LEFT JOIN role r ON u.rid = r.rid WHERE $query u.status < 3 LIMIT 1");
@ -135,7 +135,7 @@ function user_save($account, $array = array()) {
}
$fields[] = "data";
$values[] = "'". serialize($data) ."'";
$values[] = "'". check_query(serialize($data)) ."'";
db_query("INSERT INTO users (". implode(", ", $fields) .") VALUES (". implode(", ", $values) .")");
@ -187,13 +187,13 @@ function user_validate_mail($mail) {
** allowed.
*/
if ($mail && !eregi("^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$")) {
if ($mail && !eregi("^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$", $mail)) {
return t("The e-mail address '$mail' is not valid.");
}
}
function user_validate_authmap($account, $authname, $module) {
$result = db_query("SELECT COUNT(*) from authmap WHERE uid != '$account->uid' && authname = '$authname'");
$result = db_query("SELECT COUNT(*) from authmap WHERE uid != '$account->uid' && authname = '%s'", $authname);
if (db_result($result) > 0) {
$name = module_invoke($module, "info", "name");
return t("The %u ID %s is already taken.", array("%u" => ucfirst($name), "%s" => "<i>$authname</i>"));
@ -260,9 +260,9 @@ function user_mail($mail, $subject, $message, $header) {
function user_deny($type, $mask) {
$allow = db_fetch_object(db_query("SELECT * FROM access WHERE status = '1' AND type = '$type' AND LOWER('$mask') LIKE LOWER(mask)"));
$allow = db_fetch_object(db_query("SELECT * FROM access WHERE status = '1' AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask));
$deny = db_fetch_object(db_query("SELECT * FROM access WHERE status = '0' AND type = '$type' AND LOWER('$mask') LIKE LOWER(mask)"));
$deny = db_fetch_object(db_query("SELECT * FROM access WHERE status = '0' AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask));
if ($deny && !$allow) {
return 1;
@ -437,7 +437,7 @@ function user_get_authmaps($authname = NULL) {
** associtive array of modules and DA names. Called at external login.
*/
$result = db_query("SELECT authname, module FROM authmap WHERE authname = '$authname'");
$result = db_query("SELECT authname, module FROM authmap WHERE authname = '%s'", $authname);
if (db_num_rows($result) > 0) {
while ($authmap = db_fetch_object($result)) {
$authmaps[$authmap->module] = $authmap->authname;
@ -458,7 +458,7 @@ function user_set_authmaps($account, $authmaps) {
$result = db_query("INSERT INTO authmap (authname, uid, module) VALUES ('%s', '%s', '%s')", $value, $account->uid, $module[1]);
}
else {
$result = db_query("UPDATE authmap SET authname = '$value' WHERE uid = '$account->uid' && module = '$module[1]'");
$result = db_query("UPDATE authmap SET authname = '%s' WHERE uid = '$account->uid' && module = '$module[1]'", $value);
}
}
else {
@ -929,7 +929,6 @@ function user_edit($edit = array()) {
}
}
$output .= form_textfield(t("Homepage"), "homepage", $edit["homepage"], 30, 55, t("Optional") .". ". t("Make sure you enter a fully qualified URL: remember to include \"http://\"."));
$options = "<option value=\"\"". (("" == $key) ? " selected=\"selected\"" : "") .">". t("Default theme") ."</option>\n";
foreach (theme_list() as $key => $value) {
$options .= "<option value=\"$key\"". (($edit["theme"] == $key) ? " selected=\"selected\"" : "") .">$key - $value->description</option>\n";
@ -938,11 +937,10 @@ function user_edit($edit = array()) {
for ($zone = -43200; $zone <= 46800; $zone += 3600) $zones[$zone] = date("l, F dS, Y - h:i A", time() - date("Z") + $zone) ." (GMT ". $zone / 3600 .")";
$output .= form_select(t("Timezone"), "timezone", $edit["timezone"], $zones, t("Select what time you currently have and your timezone settings will be set appropriate."));
$output .= form_select(t("Language"), "language", $edit["language"], $languages, t("Selecting a different language will change the language of the site."));
$output .= form_textarea(t("Signature"), "signature", $edit["signature"], 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$output .= form_item(t("Password"), "<input type=\"password\" name=\"edit[pass1]\" size=\"12\" maxlength=\"24\" /> <input type=\"password\" name=\"edit[pass2]\" size=\"12\" maxlength=\"24\" />", t("Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password."));
$output .= form_submit(t("Save user information"));
$output = form($output);
$output = form($output, "post", 0, "enctype=\"multipart/form-data\"");
}
else {
$output = user_login();
@ -976,9 +974,6 @@ function user_view($uid = 0) {
}
}
$output .= form_item(t("Homepage"), "<a href=\"$user->homepage\">$user->homepage</a>");
$output .= form_item(t("Signature"), check_output($user->signature, 1));
$theme->header();
$theme->box(t("User account"), user_menu());
$theme->box(t("View user information"), $output);
@ -986,7 +981,6 @@ function user_view($uid = 0) {
}
else if ($uid && $account = user_load(array("uid" => $uid, "status" => 1))) {
$output .= form_item(t("Name"), check_output($account->name));
$output .= form_item(t("Homepage"), "<a href=\"$account->homepage\">$account->homepage</a>");
foreach (module_list() as $module) {
if (module_hook($module, "user")) {
@ -1180,7 +1174,7 @@ function user_admin_access($edit = array()) {
}
}
else if ($id) {
db_query("DELETE FROM access WHERE aid = '$id'");
db_query("DELETE FROM access WHERE aid = '%s'", $id);
}
$output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">";
@ -1239,10 +1233,10 @@ function user_admin_perm($edit = array()) {
while ($role = db_fetch_object($result)) {
// delete, so if we clear every checkbox we reset that role;
// otherwise permissions are active and denied everywhere
db_query("DELETE FROM permission WHERE rid = '%s' AND tid = '$tid'", $role->rid);
db_query("DELETE FROM permission WHERE rid = '%s' AND tid = '%s'", $role->rid, $tid);
$perm = $edit[$role->rid] ? implode(", ", array_keys($edit[$role->rid])) : "";
if ($perm) {
db_query("INSERT INTO permission (rid, perm, tid) VALUES ('%s', '$perm', '$tid')", $role->rid);
db_query("INSERT INTO permission (rid, perm, tid) VALUES ('%s', '%s', %s'')", $role->rid, $perm, $tid);
}
}
@ -1426,7 +1420,6 @@ function user_admin_edit($edit = array()) {
}
}
$output .= form_textfield(t("Homepage"), "homepage", $account->homepage, 30, 55, t("Optional") .". ". t("Make sure you enter a fully qualified URL: remember to include \"http://\"."));
foreach (theme_list() as $key => $value) {
$options .= "$value[type]<option value=\"$key\"". (($account->theme == $key) ? " selected=\"selected\"" : "") .">$key - $value->description</option>\n";
}
@ -1434,7 +1427,6 @@ function user_admin_edit($edit = array()) {
for ($zone = -43200; $zone <= 46800; $zone += 3600) $zones[$zone] = date("l, F dS, Y - h:i A", time() - date("Z") + $zone) ." (GMT ". $zone / 3600 .")";
$output .= form_select(t("Timezone"), "timezone", $account->timezone, $zones, t("Select what time you currently have and your timezone settings will be set appropriate."));
$output .= form_select(t("Language"), "language", $account->language, $languages, t("Selecting a different language will change the language of the site."));
$output .= form_textarea(t("Signature"), "signature", $account->signature, 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$output .= form_item(t("Password"), "<input type=\"password\" name=\"edit[pass1]\" size=\"12\" maxlength=\"24\" /> <input type=\"password\" name=\"edit[pass2]\" size=\"12\" maxlength=\"24\" />", t("Enter a new password twice if you want to change the current password for this user or leave it blank if you are happy with the current password."));
$output .= form_select("Status", "status", $account->status, array("blocked", "active"));
$output .= form_select("Role", "rid", $account->rid, user_roles(1));

34
modules/user/user.module
View File

@ -47,7 +47,7 @@ function sess_gc($lifetime) {
/*** Common functions ******************************************************/
function user_external_load($authname) {
$arr_uid = db_query("SELECT uid FROM authmap WHERE authname = '$authname'");
$arr_uid = db_query("SELECT uid FROM authmap WHERE authname = '%s'", $authname);
if (db_fetch_object($arr_uid)) {
$uid = db_result($arr_uid);
@ -71,7 +71,7 @@ function user_load($array = array()) {
$query .= "u.$key = '". md5($value) ."' AND ";
}
else {
$query .= "u.$key = '". addslashes($value) ."' AND ";
$query .= "u.$key = '". check_query($value) ."' AND ";
}
}
$result = db_query("SELECT u.*, r.name AS role FROM users u LEFT JOIN role r ON u.rid = r.rid WHERE $query u.status < 3 LIMIT 1");
@ -135,7 +135,7 @@ function user_save($account, $array = array()) {
}
$fields[] = "data";
$values[] = "'". serialize($data) ."'";
$values[] = "'". check_query(serialize($data)) ."'";
db_query("INSERT INTO users (". implode(", ", $fields) .") VALUES (". implode(", ", $values) .")");
@ -187,13 +187,13 @@ function user_validate_mail($mail) {
** allowed.
*/
if ($mail && !eregi("^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$")) {
if ($mail && !eregi("^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$", $mail)) {
return t("The e-mail address '$mail' is not valid.");
}
}
function user_validate_authmap($account, $authname, $module) {
$result = db_query("SELECT COUNT(*) from authmap WHERE uid != '$account->uid' && authname = '$authname'");
$result = db_query("SELECT COUNT(*) from authmap WHERE uid != '$account->uid' && authname = '%s'", $authname);
if (db_result($result) > 0) {
$name = module_invoke($module, "info", "name");
return t("The %u ID %s is already taken.", array("%u" => ucfirst($name), "%s" => "<i>$authname</i>"));
@ -260,9 +260,9 @@ function user_mail($mail, $subject, $message, $header) {
function user_deny($type, $mask) {
$allow = db_fetch_object(db_query("SELECT * FROM access WHERE status = '1' AND type = '$type' AND LOWER('$mask') LIKE LOWER(mask)"));
$allow = db_fetch_object(db_query("SELECT * FROM access WHERE status = '1' AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask));
$deny = db_fetch_object(db_query("SELECT * FROM access WHERE status = '0' AND type = '$type' AND LOWER('$mask') LIKE LOWER(mask)"));
$deny = db_fetch_object(db_query("SELECT * FROM access WHERE status = '0' AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask));
if ($deny && !$allow) {
return 1;
@ -437,7 +437,7 @@ function user_get_authmaps($authname = NULL) {
** associtive array of modules and DA names. Called at external login.
*/
$result = db_query("SELECT authname, module FROM authmap WHERE authname = '$authname'");
$result = db_query("SELECT authname, module FROM authmap WHERE authname = '%s'", $authname);
if (db_num_rows($result) > 0) {
while ($authmap = db_fetch_object($result)) {
$authmaps[$authmap->module] = $authmap->authname;
@ -458,7 +458,7 @@ function user_set_authmaps($account, $authmaps) {
$result = db_query("INSERT INTO authmap (authname, uid, module) VALUES ('%s', '%s', '%s')", $value, $account->uid, $module[1]);
}
else {
$result = db_query("UPDATE authmap SET authname = '$value' WHERE uid = '$account->uid' && module = '$module[1]'");
$result = db_query("UPDATE authmap SET authname = '%s' WHERE uid = '$account->uid' && module = '$module[1]'", $value);
}
}
else {
@ -929,7 +929,6 @@ function user_edit($edit = array()) {
}
}
$output .= form_textfield(t("Homepage"), "homepage", $edit["homepage"], 30, 55, t("Optional") .". ". t("Make sure you enter a fully qualified URL: remember to include \"http://\"."));
$options = "<option value=\"\"". (("" == $key) ? " selected=\"selected\"" : "") .">". t("Default theme") ."</option>\n";
foreach (theme_list() as $key => $value) {
$options .= "<option value=\"$key\"". (($edit["theme"] == $key) ? " selected=\"selected\"" : "") .">$key - $value->description</option>\n";
@ -938,11 +937,10 @@ function user_edit($edit = array()) {
for ($zone = -43200; $zone <= 46800; $zone += 3600) $zones[$zone] = date("l, F dS, Y - h:i A", time() - date("Z") + $zone) ." (GMT ". $zone / 3600 .")";
$output .= form_select(t("Timezone"), "timezone", $edit["timezone"], $zones, t("Select what time you currently have and your timezone settings will be set appropriate."));
$output .= form_select(t("Language"), "language", $edit["language"], $languages, t("Selecting a different language will change the language of the site."));
$output .= form_textarea(t("Signature"), "signature", $edit["signature"], 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$output .= form_item(t("Password"), "<input type=\"password\" name=\"edit[pass1]\" size=\"12\" maxlength=\"24\" /> <input type=\"password\" name=\"edit[pass2]\" size=\"12\" maxlength=\"24\" />", t("Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password."));
$output .= form_submit(t("Save user information"));
$output = form($output);
$output = form($output, "post", 0, "enctype=\"multipart/form-data\"");
}
else {
$output = user_login();
@ -976,9 +974,6 @@ function user_view($uid = 0) {
}
}
$output .= form_item(t("Homepage"), "<a href=\"$user->homepage\">$user->homepage</a>");
$output .= form_item(t("Signature"), check_output($user->signature, 1));
$theme->header();
$theme->box(t("User account"), user_menu());
$theme->box(t("View user information"), $output);
@ -986,7 +981,6 @@ function user_view($uid = 0) {
}
else if ($uid && $account = user_load(array("uid" => $uid, "status" => 1))) {
$output .= form_item(t("Name"), check_output($account->name));
$output .= form_item(t("Homepage"), "<a href=\"$account->homepage\">$account->homepage</a>");
foreach (module_list() as $module) {
if (module_hook($module, "user")) {
@ -1180,7 +1174,7 @@ function user_admin_access($edit = array()) {
}
}
else if ($id) {
db_query("DELETE FROM access WHERE aid = '$id'");
db_query("DELETE FROM access WHERE aid = '%s'", $id);
}
$output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">";
@ -1239,10 +1233,10 @@ function user_admin_perm($edit = array()) {
while ($role = db_fetch_object($result)) {
// delete, so if we clear every checkbox we reset that role;
// otherwise permissions are active and denied everywhere
db_query("DELETE FROM permission WHERE rid = '%s' AND tid = '$tid'", $role->rid);
db_query("DELETE FROM permission WHERE rid = '%s' AND tid = '%s'", $role->rid, $tid);
$perm = $edit[$role->rid] ? implode(", ", array_keys($edit[$role->rid])) : "";
if ($perm) {
db_query("INSERT INTO permission (rid, perm, tid) VALUES ('%s', '$perm', '$tid')", $role->rid);
db_query("INSERT INTO permission (rid, perm, tid) VALUES ('%s', '%s', %s'')", $role->rid, $perm, $tid);
}
}
@ -1426,7 +1420,6 @@ function user_admin_edit($edit = array()) {
}
}
$output .= form_textfield(t("Homepage"), "homepage", $account->homepage, 30, 55, t("Optional") .". ". t("Make sure you enter a fully qualified URL: remember to include \"http://\"."));
foreach (theme_list() as $key => $value) {
$options .= "$value[type]<option value=\"$key\"". (($account->theme == $key) ? " selected=\"selected\"" : "") .">$key - $value->description</option>\n";
}
@ -1434,7 +1427,6 @@ function user_admin_edit($edit = array()) {
for ($zone = -43200; $zone <= 46800; $zone += 3600) $zones[$zone] = date("l, F dS, Y - h:i A", time() - date("Z") + $zone) ." (GMT ". $zone / 3600 .")";
$output .= form_select(t("Timezone"), "timezone", $account->timezone, $zones, t("Select what time you currently have and your timezone settings will be set appropriate."));
$output .= form_select(t("Language"), "language", $account->language, $languages, t("Selecting a different language will change the language of the site."));
$output .= form_textarea(t("Signature"), "signature", $account->signature, 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$output .= form_item(t("Password"), "<input type=\"password\" name=\"edit[pass1]\" size=\"12\" maxlength=\"24\" /> <input type=\"password\" name=\"edit[pass2]\" size=\"12\" maxlength=\"24\" />", t("Enter a new password twice if you want to change the current password for this user or leave it blank if you are happy with the current password."));
$output .= form_select("Status", "status", $account->status, array("blocked", "active"));
$output .= form_select("Role", "rid", $account->rid, user_roles(1));