| [ Index ] |
PHP Cross Reference of Drupal 6 (gatewave) |
[Summary view] [Print] [Text view]
1 <?php 2 // $Id: user.pages.inc,v 1.11.2.3 2010/06/02 12:03:07 goba Exp $ 3 4 /** 5 * @file 6 * User page callback file for the user module. 7 */ 8 9 /** 10 * Menu callback; Retrieve a JSON object containing autocomplete suggestions for existing users. 11 */ 12 function user_autocomplete($string = '') { 13 $matches = array(); 14 if ($string) { 15 $result = db_query_range("SELECT name FROM {users} WHERE LOWER(name) LIKE LOWER('%s%%')", $string, 0, 10); 16 while ($user = db_fetch_object($result)) { 17 $matches[$user->name] = check_plain($user->name); 18 } 19 } 20 21 drupal_json($matches); 22 } 23 24 /** 25 * Form builder; Request a password reset. 26 * 27 * @ingroup forms 28 * @see user_pass_validate() 29 * @see user_pass_submit() 30 */ 31 function user_pass() { 32 $form['name'] = array( 33 '#type' => 'textfield', 34 '#title' => t('Username or e-mail address'), 35 '#size' => 60, 36 '#maxlength' => max(USERNAME_MAX_LENGTH, EMAIL_MAX_LENGTH), 37 '#required' => TRUE, 38 ); 39 $form['submit'] = array('#type' => 'submit', '#value' => t('E-mail new password')); 40 41 return $form; 42 } 43 44 function user_pass_validate($form, &$form_state) { 45 $name = trim($form_state['values']['name']); 46 47 48 // Try to load by email. 49 $account = user_load(array('mail' => $name, 'status' => 1)); 50 if (!$account) { 51 // No success, try to load by name. 52 $account = user_load(array('name' => $name, 'status' => 1)); 53 } 54 if ($account) { 55 // Blocked accounts cannot request a new password, 56 // check provided username and email against access rules. 57 if (drupal_is_denied('user', $account->name) || drupal_is_denied('mail', $account->mail)) { 58 form_set_error('name', t('%name is not allowed to request a new password.', array('%name' => $name))); 59 } 60 } 61 if (isset($account->uid)) { 62 form_set_value(array('#parents' => array('account')), $account, $form_state); 63 } 64 else { 65 form_set_error('name', t('Sorry, %name is not recognized as a user name or an e-mail address.', array('%name' => $name))); 66 } 67 } 68 69 function user_pass_submit($form, &$form_state) { 70 global $language; 71 72 $account = $form_state['values']['account']; 73 // Mail one time login URL and instructions using current language. 74 _user_mail_notify('password_reset', $account, $language); 75 watchdog('user', 'Password reset instructions mailed to %name at %email.', array('%name' => $account->name, '%email' => $account->mail)); 76 drupal_set_message(t('Further instructions have been sent to your e-mail address.')); 77 78 $form_state['redirect'] = 'user'; 79 return; 80 } 81 82 /** 83 * Menu callback; process one time login link and redirects to the user page on success. 84 */ 85 function user_pass_reset(&$form_state, $uid, $timestamp, $hashed_pass, $action = NULL) { 86 global $user; 87 88 // Check if the user is already logged in. The back button is often the culprit here. 89 if ($user->uid) { 90 drupal_set_message(t('You have already used this one-time login link. It is not necessary to use this link to login anymore. You are already logged in.')); 91 drupal_goto(); 92 } 93 else { 94 // Time out, in seconds, until login URL expires. 24 hours = 86400 seconds. 95 $timeout = 86400; 96 $current = time(); 97 // Some redundant checks for extra security ? 98 if ($timestamp < $current && $account = user_load(array('uid' => $uid, 'status' => 1)) ) { 99 // Deny one-time login to blocked accounts. 100 if (drupal_is_denied('user', $account->name) || drupal_is_denied('mail', $account->mail)) { 101 drupal_set_message(t('You have tried to use a one-time login for an account which has been blocked.'), 'error'); 102 drupal_goto(); 103 } 104 105 // No time out for first time login. 106 if ($account->login && $current - $timestamp > $timeout) { 107 drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.')); 108 drupal_goto('user/password'); 109 } 110 else if ($account->uid && $timestamp > $account->login && $timestamp < $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) { 111 // First stage is a confirmation form, then login 112 if ($action == 'login') { 113 watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp)); 114 // Set the new user. 115 $user = $account; 116 // user_authenticate_finalize() also updates the login timestamp of the 117 // user, which invalidates further use of the one-time login link. 118 user_authenticate_finalize($form_state['values']); 119 drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.')); 120 drupal_goto('user/'. $user->uid .'/edit'); 121 } 122 else { 123 $form['message'] = array('#value' => t('<p>This is a one-time login for %user_name and will expire on %expiration_date.</p><p>Click on this button to login to the site and change your password.</p>', array('%user_name' => $account->name, '%expiration_date' => format_date($timestamp + $timeout)))); 124 $form['help'] = array('#value' => '<p>'. t('This login can be used only once.') .'</p>'); 125 $form['submit'] = array('#type' => 'submit', '#value' => t('Log in')); 126 $form['#action'] = url("user/reset/$uid/$timestamp/$hashed_pass/login"); 127 return $form; 128 } 129 } 130 else { 131 drupal_set_message(t('You have tried to use a one-time login link which has either been used or is no longer valid. Please request a new one using the form below.')); 132 drupal_goto('user/password'); 133 } 134 } 135 else { 136 // Deny access, no more clues. 137 // Everything will be in the watchdog's URL for the administrator to check. 138 drupal_access_denied(); 139 } 140 } 141 } 142 143 /** 144 * Menu callback; logs the current user out, and redirects to the home page. 145 */ 146 function user_logout() { 147 global $user; 148 149 watchdog('user', 'Session closed for %name.', array('%name' => $user->name)); 150 151 // Destroy the current session: 152 session_destroy(); 153 // Only variables can be passed by reference workaround. 154 $null = NULL; 155 user_module_invoke('logout', $null, $user); 156 157 // Load the anonymous user 158 $user = drupal_anonymous_user(); 159 160 drupal_goto(); 161 } 162 163 /** 164 * Menu callback; Displays a user or user profile page. 165 */ 166 function user_view($account) { 167 drupal_set_title(check_plain($account->name)); 168 // Retrieve all profile fields and attach to $account->content. 169 user_build_content($account); 170 171 // To theme user profiles, copy modules/user/user_profile.tpl.php 172 // to your theme directory, and edit it as instructed in that file's comments. 173 return theme('user_profile', $account); 174 } 175 176 /** 177 * Process variables for user-profile.tpl.php. 178 * 179 * The $variables array contains the following arguments: 180 * - $account 181 * 182 * @see user-picture.tpl.php 183 */ 184 function template_preprocess_user_profile(&$variables) { 185 $variables['profile'] = array(); 186 // Sort sections by weight 187 uasort($variables['account']->content, 'element_sort'); 188 // Provide keyed variables so themers can print each section independantly. 189 foreach (element_children($variables['account']->content) as $key) { 190 $variables['profile'][$key] = drupal_render($variables['account']->content[$key]); 191 } 192 // Collect all profiles to make it easier to print all items at once. 193 $variables['user_profile'] = implode($variables['profile']); 194 } 195 196 /** 197 * Process variables for user-profile-item.tpl.php. 198 * 199 * The $variables array contains the following arguments: 200 * - $element 201 * 202 * @see user-profile-item.tpl.php 203 */ 204 function template_preprocess_user_profile_item(&$variables) { 205 $variables['title'] = $variables['element']['#title']; 206 $variables['value'] = $variables['element']['#value']; 207 $variables['attributes'] = ''; 208 if (isset($variables['element']['#attributes'])) { 209 $variables['attributes'] = drupal_attributes($variables['element']['#attributes']); 210 } 211 } 212 213 /** 214 * Process variables for user-profile-category.tpl.php. 215 * 216 * The $variables array contains the following arguments: 217 * - $element 218 * 219 * @see user-profile-category.tpl.php 220 */ 221 function template_preprocess_user_profile_category(&$variables) { 222 $variables['title'] = check_plain($variables['element']['#title']); 223 $variables['profile_items'] = $variables['element']['#children']; 224 $variables['attributes'] = ''; 225 if (isset($variables['element']['#attributes'])) { 226 $variables['attributes'] = drupal_attributes($variables['element']['#attributes']); 227 } 228 } 229 230 /** 231 * Form builder; Present the form to edit a given user or profile category. 232 * 233 * @ingroup forms 234 * @see user_edit_validate() 235 * @see user_edit_submit() 236 */ 237 function user_edit($account, $category = 'account') { 238 drupal_set_title(check_plain($account->name)); 239 return drupal_get_form('user_profile_form', $account, $category); 240 } 241 242 /** 243 * Form builder; edit a user account or one of their profile categories. 244 * 245 * @ingroup forms 246 * @see user_profile_form_validate() 247 * @see user_profile_form_submit() 248 * @see user_edit_delete_submit() 249 */ 250 function user_profile_form($form_state, $account, $category = 'account') { 251 252 $edit = (empty($form_state['values'])) ? (array)$account : $form_state['values']; 253 254 $form = _user_forms($edit, $account, $category); 255 $form['_category'] = array('#type' => 'value', '#value' => $category); 256 $form['_account'] = array('#type' => 'value', '#value' => $account); 257 $form['submit'] = array('#type' => 'submit', '#value' => t('Save'), '#weight' => 30); 258 if (user_access('administer users')) { 259 $form['delete'] = array( 260 '#type' => 'submit', 261 '#value' => t('Delete'), 262 '#weight' => 31, 263 '#submit' => array('user_edit_delete_submit'), 264 ); 265 } 266 $form['#attributes']['enctype'] = 'multipart/form-data'; 267 268 return $form; 269 } 270 271 /** 272 * Validation function for the user account and profile editing form. 273 */ 274 function user_profile_form_validate($form, &$form_state) { 275 user_module_invoke('validate', $form_state['values'], $form_state['values']['_account'], $form_state['values']['_category']); 276 // Validate input to ensure that non-privileged users can't alter protected data. 277 if ((!user_access('administer users') && array_intersect(array_keys($form_state['values']), array('uid', 'init', 'session'))) || (!user_access('administer permissions') && isset($form_state['values']['roles']))) { 278 watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING); 279 // set this to a value type field 280 form_set_error('category', t('Detected malicious attempt to alter protected user fields.')); 281 } 282 } 283 284 /** 285 * Submit function for the user account and profile editing form. 286 */ 287 function user_profile_form_submit($form, &$form_state) { 288 $account = $form_state['values']['_account']; 289 $category = $form_state['values']['_category']; 290 unset($form_state['values']['_account'], $form_state['values']['op'], $form_state['values']['submit'], $form_state['values']['delete'], $form_state['values']['form_token'], $form_state['values']['form_id'], $form_state['values']['_category']); 291 user_module_invoke('submit', $form_state['values'], $account, $category); 292 user_save($account, $form_state['values'], $category); 293 294 // Clear the page cache because pages can contain usernames and/or profile information: 295 cache_clear_all(); 296 297 drupal_set_message(t('The changes have been saved.')); 298 return; 299 } 300 301 /** 302 * Submit function for the 'Delete' button on the user edit form. 303 */ 304 function user_edit_delete_submit($form, &$form_state) { 305 $destination = ''; 306 if (isset($_REQUEST['destination'])) { 307 $destination = drupal_get_destination(); 308 unset($_REQUEST['destination']); 309 } 310 // Note: We redirect from user/uid/edit to user/uid/delete to make the tabs disappear. 311 $form_state['redirect'] = array("user/". $form_state['values']['_account']->uid ."/delete", $destination); 312 } 313 314 /** 315 * Form builder; confirm form for user deletion. 316 * 317 * @ingroup forms 318 * @see user_confirm_delete_submit() 319 */ 320 function user_confirm_delete(&$form_state, $account) { 321 322 $form['_account'] = array('#type' => 'value', '#value' => $account); 323 324 return confirm_form($form, 325 t('Are you sure you want to delete the account %name?', array('%name' => $account->name)), 326 'user/'. $account->uid, 327 t('All submissions made by this user will be attributed to the anonymous account. This action cannot be undone.'), 328 t('Delete'), t('Cancel')); 329 } 330 331 /** 332 * Submit function for the confirm form for user deletion. 333 */ 334 function user_confirm_delete_submit($form, &$form_state) { 335 user_delete($form_state['values'], $form_state['values']['_account']->uid); 336 drupal_set_message(t('%name has been deleted.', array('%name' => $form_state['values']['_account']->name))); 337 338 if (!isset($_REQUEST['destination'])) { 339 $form_state['redirect'] = 'admin/user/user'; 340 } 341 } 342 343 function user_edit_validate($form, &$form_state) { 344 user_module_invoke('validate', $form_state['values'], $form_state['values']['_account'], $form_state['values']['_category']); 345 // Validate input to ensure that non-privileged users can't alter protected data. 346 if ((!user_access('administer users') && array_intersect(array_keys($form_state['values']), array('uid', 'init', 'session'))) || (!user_access('administer permissions') && isset($form_state['values']['roles']))) { 347 watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING); 348 // set this to a value type field 349 form_set_error('category', t('Detected malicious attempt to alter protected user fields.')); 350 } 351 } 352 353 function user_edit_submit($form, &$form_state) { 354 $account = $form_state['values']['_account']; 355 $category = $form_state['values']['_category']; 356 unset($form_state['values']['_account'], $form_state['values']['op'], $form_state['values']['submit'], $form_state['values']['delete'], $form_state['values']['form_token'], $form_state['values']['form_id'], $form_state['values']['_category']); 357 user_module_invoke('submit', $form_state['values'], $account, $category); 358 user_save($account, $form_state['values'], $category); 359 360 // Clear the page cache because pages can contain usernames and/or profile information: 361 cache_clear_all(); 362 363 drupal_set_message(t('The changes have been saved.')); 364 return; 365 } 366 367 /** 368 * Access callback for path /user. 369 * 370 * Displays user profile if user is logged in, or login form for anonymous 371 * users. 372 */ 373 function user_page() { 374 global $user; 375 if ($user->uid) { 376 menu_set_active_item('user/'. $user->uid); 377 return menu_execute_active_handler(); 378 } 379 else { 380 return drupal_get_form('user_login'); 381 } 382 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Mar 24 11:18:33 2011 | Cross-referenced by PHPXref 0.7 |