Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
drupal/modules/account.module

287 lines
14 KiB
Plaintext
Raw Blame History

<?php
function account_help() {
?>
<P>The account-module is responsible for maintaining the user database. It automatically handles tasks like registration, authentication, access control, password retrieval, user settings and much more.</P>
<P>The required administration can be accomplished through the "account" interface of the administration section. From here administrators can get a quick overview of all registered users and view/edit specific accounts using the links provided. Some useful operations include blocking specific accounts (e.g. a troublesome user) and giving/taking administration permissions. Note that you should only give these permissions to people you trust!</P>
<P>Check the documentation page for detailed information about user management.</P>
<H3>Regular expressions</H3>
<P>A <I>regular expression</I> (or <I>regexp</I>, or <I>pattern</I>) is a text string that describes some (mathematical) set of strings. A regexp <CODE>R</CODE> "matches" a string <CODE>S</CODE> if <CODE>S</CODE> is in the set of strings described by <CODE>R</CODE>.</P>
<P>Regular expressions are very powerful but often get complicated and nothing in this write-up can change that.
<P>A complete explanation of regular expressions is beyond the scope of this help system. A regular expression may use any of the following special characters/constructs:</P>
<TABLE BORDER="1">
<TR><TD>^</TD><TD>Matches the beginning of a string.<TD></TR>
<TR><TD>$</TD><TD>Matches the end of a string.<TD></TR>
<TR><TD>.</TD><TD>Matches any character (including newline). For example the regular expression a.c would match the strings abc, adb, axb, but not axxc.<TD></TR>
<TR><TD>a*</TD><TD>Matches any sequence of zero or more a characters.</TD></TR>
<TR><TD>a+</TD><TD>Matches any sequence of one or more a characters.</TD></TR>
<TR><TD>a?</TD><TD>Matches either zero or one a character.</TD></TR>
<TR><TD>ab|cd</TD><TD>Matches either of the sequences "ab" or "cd".</TD></TR>
<TR><TD>(abc)*</TD><TD>Matches zero or more instances of the sequence abc.</TD></TR>
<TR><TD>[abc]</TD><TD>Matches any one of the characters between the brackets: a, b or c. Ranges of characters can specified by using a hyphen. For example, the regular expression [0-9] means match any digit. Multiple ranges can be specified as well. The regular expression [A-Za-z] means match any upper or lower case letter. To match any character except those in the range, the complement range, use the caret as the first character after the opening bracket. For example, the expression [^269A-Z] will match any characters except 2, 6, 9, and upper case letters.</TD></TR>
<TR><TD>{num}</TD><TD>Matches the preceding element num times.</TD></TR>
<TR><TD>{min, max}</TD><TD>Matches the preceding element at least min times, but not more than max times.</TD></TR>
</TABLE>
<P><B>Examples:</B></P>
<TABLE BORDER="1">
<TR><TD>apple</TD><TD>Matches any string that has the text "apple" in it.<TD></TR>
<TR><TD>^apple$</TD><TD>Matches the exact string "apple".<TD></TR>
<TR><TD>^apple</TD><TD>Matches any string that starts with "apple".<TD></TR>
<TR><TD>domain\.com$</TD><TD>Matches any string that ends with "domain.com". Note that you have to escape the dot in domain.com.</TD></TR>
</TABLE>
<?php
}
function account_search($keys) {
global $user;
$result = db_query("SELECT * FROM users WHERE userid LIKE '%$keys%' LIMIT 20");
while ($account = db_fetch_object($result)) {
$find[$i++] = array("title" => $account->userid, "link" => (user_access($user, "account") ? "admin.php?mod=account&op=view&name=$account->userid" : "account.php?op=view&name=$account->userid"), "user" => $account->userid);
}
return $find;
}
function account_ac_add($edit) {
db_query("INSERT INTO access (mask, type, reason) VALUES ('". check_input($edit[mask]) ."', '". check_input($edit[type]) ."', '". check_input($edit[reason]) ."')", 1);
}
function account_ac_del($id) {
db_query("DELETE FROM access WHERE id = '$id'");
}
function account_ac_check($edit) {
return "\"$edit[text]\" ". (($rule = user_ban($edit[text], $edit[category])) ? "matched with access rule '$rule->mask'" : "did not match any of the existing access rules") .".";
}
function account_ac() {
$access = array("e-mail address", "hostname", "username");
$result = db_query("SELECT * FROM access");
foreach ($access as $value) $type .= " <OPTION VALUE=\"$value\">$value</OPTION>\n";
$output .= "<FORM ACTION=\"admin.php?mod=account&op=access\" METHOD=\"post\">\n";
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
$output .= " <TR><TH>mask</TH><TH>type</TH><TH>reason</TH><TH>oparations</TH></TR>\n";
while ($rule = db_fetch_object($result)) {
$output .= " <TR><TD>$rule->mask</TD><TD ALIGN=\"center\">$rule->type</TD><TD>". check_output($rule->reason) ."</TD><TD><A HREF=\"admin.php?mod=account&op=delete&id=$rule->id\">delete rule</A></TD></TR>\n";
}
$output .= " <TR><TD><INPUT TYPE=\"text\" NAME=\"edit[mask]\"></TD><TD><SELECT NAME=\"edit[type]\">\n$type</SELECT></TD><TD><INPUT TYPE=\"text\" NAME=\"edit[reason]\"></TD><TD><INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Add rule\"></TD></TR>\n";
$output .= " <TR><TD COLSPAN=\"4\"><SMALL><I>Use <A HREF=\"admin.php?mod=account&op=help\">regular expressions</A> (regexs) to specify the mask pattern.</I></SMALL></TD></TR>\n";
$output .= "</TABLE>\n";
$output .= "<BR><BR>\n";
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
$output .= " <TR><TH COLSPAN=\"3\">check access rules</TH></TR>\n";
$output .= " <TR><TD><INPUT TYPE=\"text\" NAME=\"edit[text]\"></TD><TD><SELECT NAME=\"edit[category]\">\n$type</SELECT></TD><TD><INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Check\"></TD></TR>\n";
$output .= "</TABLE>\n";
$output .= "</FORM>\n";
return $output;
}
function account_overview($query = array()) {
$result = db_query("SELECT id, userid, last_access FROM users $query[1] LIMIT 50");
$output .= status($query[0]);
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
$output .= " <TR><TH>username</TH><TH>last access</TH><TH COLSPAN=\"2\">operations</TH></TR>\n";
while ($account = db_fetch_object($result)) {
$output .= " <TR><TD>". format_username($account->userid) ."</TD><TD>". format_date($account->last_access) ."</TD><TD ALIGN=\"center\"><A HREF=\"admin.php?mod=account&op=view&name=$account->userid\">view account</A></TD><TD ALIGN=\"center\"><A HREF=\"admin.php?mod=account&op=edit&name=$account->userid\">edit account</A></TD></TR>\n";
}
$output .= "</TABLE>\n";
return $output;
}
function account_access($account) {
$data = explode(";", $account->access);
foreach ($data as $array) {
$access = explode(":", $array);
if ($access[0]) $output .= " $access[0]";
}
return $output;
}
function account_blocks($id) {
$result = db_query("SELECT * FROM layout WHERE user = '$id'");
while ($layout = db_fetch_object($result)) {
$output .= "<LI>$layout->block</LI>\n";
}
return $output;
}
function account_nodes($id) {
$result = db_query("SELECT * FROM node WHERE author = $id ORDER BY timestamp DESC LIMIT 30");
while ($node = db_fetch_object($result)) {
$output .= "<LI><A HREF=\"node.php?id=$node->nid\">$node->title</A> ($node->type)</LI>\n";
}
return $output;
}
function account_comments($id) {
$result = db_query("SELECT * FROM comments WHERE author = '$id' ORDER BY timestamp DESC LIMIT 30");
while ($comment = db_fetch_object($result)) {
$output .= "<LI><A HREF=\"node.php?id=$comment->lid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">$comment->subject</A></LI>\n";
}
return $output;
}
function account_delete($name) {
$result = db_query("SELECT * FROM users WHERE userid = '$name' AND status = 0 AND id > 1");
if ($account = db_fetch_object($result)) {
db_query("DELETE FROM users WHERE id = '$account->id'");
}
else {
return "failed to delete account '". format_username($name) ."': the account must be blocked first.";
}
}
function account_edit_save($name, $edit) {
foreach ($edit as $key=>$value) {
if ($key != "access") {
$query .= "$key = '". addslashes($value) ."', ";
}
}
db_query("UPDATE users SET $query access = '' WHERE userid = '$name'");
if ($edit[access]) {
foreach ($edit[access] as $key=>$value) {
$account = user_load($name);
db_query("UPDATE users SET access = '". field_set($account->access, $value, 1) ."' WHERE id = $account->id");
}
}
watchdog("message", "account: modified user '$name'");
}
function account_edit($name) {
global $access, $account;
function access($name) {
global $access, $account;
if (module_hook($name, "admin")) $access .= "<OPTION VALUE=\"$name\"". (user_access($account, $name) ? " SELECTED" : "") .">$name</OPTION>";
}
$status = array("blocked", "not confirmed", "open");
$result = db_query("SELECT * FROM users WHERE userid = '$name'");
if ($account = db_fetch_object($result)) {
module_iterate("access");
$form .= form_item("ID", $account->id);
$form .= form_item(t("Username"), check_output($account->userid));
$form .= form_select(t("Status"), "status", $account->status, array("blocked", "not confirmed", "open"));
$form .= form_item(t("Administrator access"), "<SELECT NAME=\"edit[access][]\" MULTIPLE=\"true\" SIZE=\"10\">$access</SELECT>");
$form .= form_textfield(t("Real name"), "name", $account->name, 30, 55);
$form .= form_textfield(t("Real e-mail address"), "real_email", $account->real_email, 30, 55);
$form .= form_textfield(t("Fake e-mail address"), "fake_email", $account->fake_email, 30, 55);
$form .= form_textfield(t("Homepage"), "url", $account->url, 30, 55);
$form .= form_textarea(t("Bio"), "bio", $account->bio, 35, 5);
$form .= form_textarea(t("Signature"), "signature", $account->signature, 35, 5);
$form .= form_hidden("name", $account->userid);
$form .= form_submit("View account");
$form .= form_submit("Save account");
return form("admin.php?mod=account", $form);
}
}
function account_view($name) {
$status = array(0 => "blocked", 1 => "not confirmed", 2 => "open");
$result = db_query("SELECT * FROM users WHERE userid = '$name'");
if ($account = db_fetch_object($result)) {
$form .= form_hidden("name", $account->userid);
$form .= form_submit("Edit account");
$form .= form_submit("Delete account");
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
$output .= " <TR><TH>ID:</TH><TD>$account->id</TD></TR>\n";
$output .= " <TR><TH>Username:</TH><TD>$account->userid</TD></TR>\n";
$output .= " <TR><TH>Status:</TH><TD>". $status[$account->status] ."</TD></TR>\n";
$output .= " <TR><TH>Access:</TH><TD>". check_output(account_access($account)) ."</TD></TR>\n";
$output .= " <TR><TH>Real name:</TH><TD>". check_output($account->name) ."</TD></TR>\n";
$output .= " <TR><TH>Real e-mail address:</TH><TD>". format_email($account->real_email) ."</TD></TR>\n";
$output .= " <TR><TH>Fake e-mail address:</TH><TD>". check_output($account->fake_email) ."</TD></TR>\n";
$output .= " <TR><TH>Homepage:</TH><TD>". format_url($account->url) ."</TD></TR>\n";
$output .= " <TR><TH>Last access:</TH><TD>". format_date($account->last_access) ." from ". check_output($account->last_host) ."</TD></TR>\n";
$output .= " <TR><TH>User rating:</TH><TD>". check_output($account->rating) ."</TD></TR>\n";
$output .= " <TR><TH>Bio:</TH><TD>". check_output($account->bio) ."</TD></TR>\n";
$output .= " <TR><TH>Signature:</TH><TD>". check_output($account->signature) ."</TD></TR>\n";
$output .= " <TR><TH>Theme:</TH><TD>". check_output($account->theme) ."</TD></TR>\n";
$output .= " <TR><TH>Timezone:</TH><TD>". check_output($account->timezone / 3600) ."</TD></TR>\n";
$output .= " <TR><TH>Selected blocks:</TH><TD>". check_output(account_blocks($account->id)) ."</TD></TR>\n";
$output .= " <TR><TH>Recent nodes:</TH><TD>". check_output(account_nodes($account->id)) ."</TD></TR>\n";
$output .= " <TR><TH>Recent comments:</TH><TD>". check_output(account_comments($account->id)) ."</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"center\" COLSPAN=\"2\">". form("admin.php?mod=account", $form) ."</TD></TR>\n";
$output .= "</TABLE>\n";
return $output;
}
}
function account_query($type = "") {
$queries = array(array("users recently visiting", "ORDER BY last_access DESC"), array("users recently joining", "ORDER BY id DESC"), array("users with access rights", "WHERE access != '' ORDER BY last_access DESC"), array("users with pending accounts", "WHERE status = 1 ORDER BY last_access DESC"), array("users with blocked accounts", "WHERE status = 0 ORDER BY last_access DESC"));
return ($queries[$type] ? $queries[$type] : $queries);
}
function account_admin() {
global $op, $edit, $id, $mod, $keys, $order, $name, $type;
print "<SMALL><A HREF=\"admin.php?mod=account&op=access\">access control</A> | <A HREF=\"admin.php?mod=account&op=listing\">account listings</A> | <A HREF=\"admin.php?mod=account&op=search\">search account</A> | <A HREF=\"admin.php?mod=account\">overview</A> | <A HREF=\"admin.php?mod=account&op=help\">help</A></SMALL><HR>";
$type = $type ? $type : 0;
$name = $name ? $name : $edit[name];
switch ($op) {
case "access":
print account_ac();
break;
case "Add rule":
print status(account_ac_add($edit));
print account_ac();
break;
case "Check":
print status(account_ac_check($edit));
print account_ac();
break;
case "delete":
print status(account_ac_del($id));
print account_ac();
break;
case "Delete account":
print status(account_delete($name));
print account_overview(account_query($type));
break;
case "Edit account":
case "edit":
print account_edit($name);
break;
case "help":
print account_help();
break;
case "listing":
print node_listing(account_query());
break;
case "search":
print search_form($keys);
print search_data($keys, $mod);
break;
case "Save account":
print status(account_edit_save($name, $edit));
print account_view($name);
break;
case "View account":
case "view":
print account_view($name);
break;
default:
print account_overview(account_query($type));
}
}
?>
Reference in New Issue View Git Blame Copy Permalink