| [ Index ] |
PHP Cross Reference of Drupal 6 (yi-drupal) |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * @file 5 * User page callback file for the user module. 6 */ 7 8 /** 9 * Menu callback; Retrieve a JSON object containing autocomplete suggestions for existing users. 10 */ 11 function user_autocomplete($string = '') { 12 $matches = array(); 13 if ($string) { 14 $result = db_query_range("SELECT name FROM {users} WHERE LOWER(name) LIKE LOWER('%s%%')", $string, 0, 10); 15 while ($user = db_fetch_object($result)) { 16 $matches[$user->name] = check_plain($user->name); 17 } 18 } 19 20 drupal_json($matches); 21 } 22 23 /** 24 * Form builder; Request a password reset. 25 * 26 * @ingroup forms 27 * @see user_pass_validate() 28 * @see user_pass_submit() 29 */ 30 function user_pass() { 31 $form['name'] = array( 32 '#type' => 'textfield', 33 '#title' => t('Username or e-mail address'), 34 '#size' => 60, 35 '#maxlength' => max(USERNAME_MAX_LENGTH, EMAIL_MAX_LENGTH), 36 '#required' => TRUE, 37 ); 38 $form['submit'] = array('#type' => 'submit', '#value' => t('E-mail new password')); 39 40 return $form; 41 } 42 43 function user_pass_validate($form, &$form_state) { 44 $name = trim($form_state['values']['name']); 45 46 47 // Try to load by email. 48 $account = user_load(array('mail' => $name, 'status' => 1)); 49 if (!$account) { 50 // No success, try to load by name. 51 $account = user_load(array('name' => $name, 'status' => 1)); 52 } 53 if ($account) { 54 // Blocked accounts cannot request a new password, 55 // check provided username and email against access rules. 56 if (drupal_is_denied('user', $account->name) || drupal_is_denied('mail', $account->mail)) { 57 form_set_error('name', t('%name is not allowed to request a new password.', array('%name' => $name))); 58 } 59 } 60 if (isset($account->uid)) { 61 form_set_value(array('#parents' => array('account')), $account, $form_state); 62 } 63 else { 64 form_set_error('name', t('Sorry, %name is not recognized as a user name or an e-mail address.', array('%name' => $name))); 65 } 66 } 67 68 function user_pass_submit($form, &$form_state) { 69 global $language; 70 71 $account = $form_state['values']['account']; 72 // Mail one time login URL and instructions using current language. 73 _user_mail_notify('password_reset', $account, $language); 74 watchdog('user', 'Password reset instructions mailed to %name at %email.', array('%name' => $account->name, '%email' => $account->mail)); 75 drupal_set_message(t('Further instructions have been sent to your e-mail address.')); 76 77 $form_state['redirect'] = 'user'; 78 return; 79 } 80 81 /** 82 * Menu callback; process one time login link and redirects to the user page on success. 83 */ 84 function user_pass_reset(&$form_state, $uid, $timestamp, $hashed_pass, $action = NULL) { 85 global $user; 86 87 // Check if the user is already logged in. The back button is often the culprit here. 88 if ($user->uid) { 89 drupal_set_message(t('You have already used this one-time login link. It is not necessary to use this link to login anymore. You are already logged in.')); 90 drupal_goto(); 91 } 92 else { 93 // Time out, in seconds, until login URL expires. 24 hours = 86400 seconds. 94 $timeout = 86400; 95 $current = time(); 96 // Some redundant checks for extra security ? 97 if ($timestamp < $current && $account = user_load(array('uid' => $uid, 'status' => 1)) ) { 98 // Deny one-time login to blocked accounts. 99 if (drupal_is_denied('user', $account->name) || drupal_is_denied('mail', $account->mail)) { 100 drupal_set_message(t('You have tried to use a one-time login for an account which has been blocked.'), 'error'); 101 drupal_goto(); 102 } 103 104 // No time out for first time login. 105 if ($account->login && $current - $timestamp > $timeout) { 106 drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.')); 107 drupal_goto('user/password'); 108 } 109 else if ($account->uid && $timestamp > $account->login && $timestamp < $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) { 110 // First stage is a confirmation form, then login 111 if ($action == 'login') { 112 watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp)); 113 // Set the new user. 114 $user = $account; 115 // user_authenticate_finalize() also updates the login timestamp of the 116 // user, which invalidates further use of the one-time login link. 117 user_authenticate_finalize($form_state['values']); 118 drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.')); 119 drupal_goto('user/'. $user->uid .'/edit'); 120 } 121 else { 122 $form['message'] = array('#value' => t('<p>This is a one-time login for %user_name and will expire on %expiration_date.</p><p>Click on this button to login to the site and change your password.</p>', array('%user_name' => $account->name, '%expiration_date' => format_date($timestamp + $timeout)))); 123 $form['help'] = array('#value' => '<p>'. t('This login can be used only once.') .'</p>'); 124 $form['submit'] = array('#type' => 'submit', '#value' => t('Log in')); 125 $form['#action'] = url("user/reset/$uid/$timestamp/$hashed_pass/login"); 126 return $form; 127 } 128 } 129 else { 130 drupal_set_message(t('You have tried to use a one-time login link which has either been used or is no longer valid. Please request a new one using the form below.')); 131 drupal_goto('user/password'); 132 } 133 } 134 else { 135 // Deny access, no more clues. 136 // Everything will be in the watchdog's URL for the administrator to check. 137 drupal_access_denied(); 138 } 139 } 140 } 141 142 /** 143 * Menu callback; logs the current user out, and redirects to the home page. 144 */ 145 function user_logout() { 146 global $user; 147 148 watchdog('user', 'Session closed for %name.', array('%name' => $user->name)); 149 150 // Destroy the current session: 151 session_destroy(); 152 // Only variables can be passed by reference workaround. 153 $null = NULL; 154 user_module_invoke('logout', $null, $user); 155 156 // Load the anonymous user 157 $user = drupal_anonymous_user(); 158 159 drupal_goto(); 160 } 161 162 /** 163 * Menu callback; Displays a user or user profile page. 164 */ 165 function user_view($account) { 166 drupal_set_title(check_plain($account->name)); 167 // Retrieve all profile fields and attach to $account->content. 168 user_build_content($account); 169 170 // To theme user profiles, copy modules/user/user_profile.tpl.php 171 // to your theme directory, and edit it as instructed in that file's comments. 172 return theme('user_profile', $account); 173 } 174 175 /** 176 * Process variables for user-profile.tpl.php. 177 * 178 * The $variables array contains the following arguments: 179 * - $account 180 * 181 * @see user-picture.tpl.php 182 */ 183 function template_preprocess_user_profile(&$variables) { 184 $variables['profile'] = array(); 185 // Sort sections by weight 186 uasort($variables['account']->content, 'element_sort'); 187 // Provide keyed variables so themers can print each section independantly. 188 foreach (element_children($variables['account']->content) as $key) { 189 $variables['profile'][$key] = drupal_render($variables['account']->content[$key]); 190 } 191 // Collect all profiles to make it easier to print all items at once. 192 $variables['user_profile'] = implode($variables['profile']); 193 } 194 195 /** 196 * Process variables for user-profile-item.tpl.php. 197 * 198 * The $variables array contains the following arguments: 199 * - $element 200 * 201 * @see user-profile-item.tpl.php 202 */ 203 function template_preprocess_user_profile_item(&$variables) { 204 $variables['title'] = $variables['element']['#title']; 205 $variables['value'] = $variables['element']['#value']; 206 $variables['attributes'] = ''; 207 if (isset($variables['element']['#attributes'])) { 208 $variables['attributes'] = drupal_attributes($variables['element']['#attributes']); 209 } 210 } 211 212 /** 213 * Process variables for user-profile-category.tpl.php. 214 * 215 * The $variables array contains the following arguments: 216 * - $element 217 * 218 * @see user-profile-category.tpl.php 219 */ 220 function template_preprocess_user_profile_category(&$variables) { 221 $variables['title'] = check_plain($variables['element']['#title']); 222 $variables['profile_items'] = $variables['element']['#children']; 223 $variables['attributes'] = ''; 224 if (isset($variables['element']['#attributes'])) { 225 $variables['attributes'] = drupal_attributes($variables['element']['#attributes']); 226 } 227 } 228 229 /** 230 * Form builder; Present the form to edit a given user or profile category. 231 * 232 * @ingroup forms 233 * @see user_edit_validate() 234 * @see user_edit_submit() 235 */ 236 function user_edit($account, $category = 'account') { 237 drupal_set_title(check_plain($account->name)); 238 return drupal_get_form('user_profile_form', $account, $category); 239 } 240 241 /** 242 * Form builder; edit a user account or one of their profile categories. 243 * 244 * @ingroup forms 245 * @see user_profile_form_validate() 246 * @see user_profile_form_submit() 247 * @see user_edit_delete_submit() 248 */ 249 function user_profile_form($form_state, $account, $category = 'account') { 250 251 $edit = (empty($form_state['values'])) ? (array)$account : $form_state['values']; 252 253 $form = _user_forms($edit, $account, $category); 254 $form['_category'] = array('#type' => 'value', '#value' => $category); 255 $form['_account'] = array('#type' => 'value', '#value' => $account); 256 $form['submit'] = array('#type' => 'submit', '#value' => t('Save'), '#weight' => 30); 257 if (user_access('administer users')) { 258 $form['delete'] = array( 259 '#type' => 'submit', 260 '#value' => t('Delete'), 261 '#weight' => 31, 262 '#submit' => array('user_edit_delete_submit'), 263 ); 264 } 265 $form['#attributes']['enctype'] = 'multipart/form-data'; 266 267 return $form; 268 } 269 270 /** 271 * Validation function for the user account and profile editing form. 272 */ 273 function user_profile_form_validate($form, &$form_state) { 274 user_module_invoke('validate', $form_state['values'], $form_state['values']['_account'], $form_state['values']['_category']); 275 // Validate input to ensure that non-privileged users can't alter protected data. 276 if ((!user_access('administer users') && array_intersect(array_keys($form_state['values']), array('uid', 'init', 'session'))) || (!user_access('administer permissions') && isset($form_state['values']['roles']))) { 277 watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING); 278 // set this to a value type field 279 form_set_error('category', t('Detected malicious attempt to alter protected user fields.')); 280 } 281 } 282 283 /** 284 * Submit function for the user account and profile editing form. 285 */ 286 function user_profile_form_submit($form, &$form_state) { 287 $account = $form_state['values']['_account']; 288 $category = $form_state['values']['_category']; 289 unset($form_state['values']['_account'], $form_state['values']['op'], $form_state['values']['submit'], $form_state['values']['delete'], $form_state['values']['form_token'], $form_state['values']['form_id'], $form_state['values']['_category']); 290 user_module_invoke('submit', $form_state['values'], $account, $category); 291 user_save($account, $form_state['values'], $category); 292 293 // Clear the page cache because pages can contain usernames and/or profile information: 294 cache_clear_all(); 295 296 drupal_set_message(t('The changes have been saved.')); 297 return; 298 } 299 300 /** 301 * Submit function for the 'Delete' button on the user edit form. 302 */ 303 function user_edit_delete_submit($form, &$form_state) { 304 $destination = ''; 305 if (isset($_REQUEST['destination'])) { 306 $destination = drupal_get_destination(); 307 unset($_REQUEST['destination']); 308 } 309 // Note: We redirect from user/uid/edit to user/uid/delete to make the tabs disappear. 310 $form_state['redirect'] = array("user/". $form_state['values']['_account']->uid ."/delete", $destination); 311 } 312 313 /** 314 * Form builder; confirm form for user deletion. 315 * 316 * @ingroup forms 317 * @see user_confirm_delete_submit() 318 */ 319 function user_confirm_delete(&$form_state, $account) { 320 321 $form['_account'] = array('#type' => 'value', '#value' => $account); 322 323 return confirm_form($form, 324 t('Are you sure you want to delete the account %name?', array('%name' => $account->name)), 325 'user/'. $account->uid, 326 t('All submissions made by this user will be attributed to the anonymous account. This action cannot be undone.'), 327 t('Delete'), t('Cancel')); 328 } 329 330 /** 331 * Submit function for the confirm form for user deletion. 332 */ 333 function user_confirm_delete_submit($form, &$form_state) { 334 user_delete($form_state['values'], $form_state['values']['_account']->uid); 335 drupal_set_message(t('%name has been deleted.', array('%name' => $form_state['values']['_account']->name))); 336 337 if (!isset($_REQUEST['destination'])) { 338 $form_state['redirect'] = 'admin/user/user'; 339 } 340 } 341 342 function user_edit_validate($form, &$form_state) { 343 user_module_invoke('validate', $form_state['values'], $form_state['values']['_account'], $form_state['values']['_category']); 344 // Validate input to ensure that non-privileged users can't alter protected data. 345 if ((!user_access('administer users') && array_intersect(array_keys($form_state['values']), array('uid', 'init', 'session'))) || (!user_access('administer permissions') && isset($form_state['values']['roles']))) { 346 watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING); 347 // set this to a value type field 348 form_set_error('category', t('Detected malicious attempt to alter protected user fields.')); 349 } 350 } 351 352 function user_edit_submit($form, &$form_state) { 353 $account = $form_state['values']['_account']; 354 $category = $form_state['values']['_category']; 355 unset($form_state['values']['_account'], $form_state['values']['op'], $form_state['values']['submit'], $form_state['values']['delete'], $form_state['values']['form_token'], $form_state['values']['form_id'], $form_state['values']['_category']); 356 user_module_invoke('submit', $form_state['values'], $account, $category); 357 user_save($account, $form_state['values'], $category); 358 359 // Clear the page cache because pages can contain usernames and/or profile information: 360 cache_clear_all(); 361 362 drupal_set_message(t('The changes have been saved.')); 363 return; 364 } 365 366 /** 367 * Access callback for path /user. 368 * 369 * Displays user profile if user is logged in, or login form for anonymous 370 * users. 371 */ 372 function user_page() { 373 global $user; 374 if ($user->uid) { 375 menu_set_active_item('user/'. $user->uid); 376 return menu_execute_active_handler(); 377 } 378 else { 379 return drupal_get_form('user_login'); 380 } 381 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon Jul 9 18:01:44 2012 | Cross-referenced by PHPXref 0.7 |