00001 <?php
00002
00003
00012 function user_autocomplete($string = '') {
00013 $matches = array();
00014 if ($string) {
00015 $result = db_query_range("SELECT name FROM {users} WHERE LOWER(name) LIKE LOWER('%s%%')", $string, 0, 10);
00016 while ($user = db_fetch_object($result)) {
00017 $matches[$user->name] = check_plain($user->name);
00018 }
00019 }
00020
00021 drupal_json($matches);
00022 }
00023
00031 function user_pass() {
00032 $form['name'] = array(
00033 '#type' => 'textfield',
00034 '#title' => t('Username or e-mail address'),
00035 '#size' => 60,
00036 '#maxlength' => max(USERNAME_MAX_LENGTH, EMAIL_MAX_LENGTH),
00037 '#required' => TRUE,
00038 );
00039 $form['submit'] = array('#type' => 'submit', '#value' => t('E-mail new password'));
00040
00041 return $form;
00042 }
00043
00044 function user_pass_validate($form, &$form_state) {
00045 $name = trim($form_state['values']['name']);
00046
00047 $account = user_load(array('mail' => $name, 'status' => 1));
00048 if (!$account) {
00049
00050 $account = user_load(array('name' => $name, 'status' => 1));
00051 }
00052 if (isset($account->uid)) {
00053 form_set_value(array('#parents' => array('account')), $account, $form_state);
00054 }
00055 else {
00056 form_set_error('name', t('Sorry, %name is not recognized as a user name or an e-mail address.', array('%name' => $name)));
00057 }
00058 }
00059
00060 function user_pass_submit($form, &$form_state) {
00061 global $language;
00062
00063 $account = $form_state['values']['account'];
00064
00065 _user_mail_notify('password_reset', $account, $language);
00066 watchdog('user', 'Password reset instructions mailed to %name at %email.', array('%name' => $account->name, '%email' => $account->mail));
00067 drupal_set_message(t('Further instructions have been sent to your e-mail address.'));
00068
00069 $form_state['redirect'] = 'user';
00070 return;
00071 }
00072
00076 function user_pass_reset(&$form_state, $uid, $timestamp, $hashed_pass, $action = NULL) {
00077 global $user;
00078
00079
00080 if ($user->uid) {
00081 drupal_set_message(t('You have already used this one-time login link. It is not necessary to use this link to login anymore. You are already logged in.'));
00082 drupal_goto();
00083 }
00084 else {
00085
00086 $timeout = 86400;
00087 $current = time();
00088
00089 if ($timestamp < $current && $account = user_load(array('uid' => $uid, 'status' => 1)) ) {
00090
00091 if ($account->login && $current - $timestamp > $timeout) {
00092 drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'));
00093 drupal_goto('user/password');
00094 }
00095 else if ($account->uid && $timestamp > $account->login && $timestamp < $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login)) {
00096
00097 if ($action == 'login') {
00098 watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp));
00099
00100 $user = $account;
00101
00102
00103 user_authenticate_finalize($form_state['values']);
00104 drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.'));
00105 drupal_goto('user/' . $user->uid . '/edit');
00106 }
00107 else {
00108 $form['message'] = array('#value' => t('<p>This is a one-time login for %user_name and will expire on %expiration_date.</p><p>Click on this button to login to the site and change your password.</p>', array('%user_name' => $account->name, '%expiration_date' => format_date($timestamp + $timeout))));
00109 $form['help'] = array('#value' => '<p>' . t('This login can be used only once.') . '</p>');
00110 $form['submit'] = array('#type' => 'submit', '#value' => t('Log in'));
00111 $form['#action'] = url("user/reset/$uid/$timestamp/$hashed_pass/login");
00112 return $form;
00113 }
00114 }
00115 else {
00116 drupal_set_message(t('You have tried to use a one-time login link which has either been used or is no longer valid. Please request a new one using the form below.'));
00117 drupal_goto('user/password');
00118 }
00119 }
00120 else {
00121
00122
00123 drupal_access_denied();
00124 }
00125 }
00126 }
00127
00131 function user_logout() {
00132 global $user;
00133
00134 watchdog('user', 'Session closed for %name.', array('%name' => $user->name));
00135
00136
00137 session_destroy();
00138 module_invoke_all('user', 'logout', NULL, $user);
00139
00140
00141 $user = drupal_anonymous_user();
00142
00143 drupal_goto();
00144 }
00145
00149 function user_view($account) {
00150 drupal_set_title(check_plain($account->name));
00151
00152 user_build_content($account);
00153
00154
00155
00156 return theme('user_profile', $account);
00157 }
00158
00167 function template_preprocess_user_profile(&$variables) {
00168 $variables['profile'] = array();
00169
00170 uasort($variables['account']->content, 'element_sort');
00171
00172 foreach (element_children($variables['account']->content) as $key) {
00173 $variables['profile'][$key] = drupal_render($variables['account']->content[$key]);
00174 }
00175
00176 $variables['user_profile'] = implode($variables['profile']);
00177 }
00178
00187 function template_preprocess_user_profile_item(&$variables) {
00188 $variables['title'] = $variables['element']['#title'];
00189 $variables['value'] = $variables['element']['#value'];
00190 $variables['attributes'] = '';
00191 if (isset($variables['element']['#attributes'])) {
00192 $variables['attributes'] = drupal_attributes($variables['element']['#attributes']);
00193 }
00194 }
00195
00204 function template_preprocess_user_profile_category(&$variables) {
00205 $variables['title'] = check_plain($variables['element']['#title']);
00206 $variables['profile_items'] = $variables['element']['#children'];
00207 $variables['attributes'] = '';
00208 if (isset($variables['element']['#attributes'])) {
00209 $variables['attributes'] = drupal_attributes($variables['element']['#attributes']);
00210 }
00211 }
00212
00220 function user_edit($account, $category = 'account') {
00221 drupal_set_title(check_plain($account->name));
00222 return drupal_get_form('user_profile_form', $account, $category);
00223 }
00224
00233 function user_profile_form($form_state, $account, $category = 'account') {
00234
00235 $edit = (empty($form_state['values'])) ? (array)$account : $form_state['values'];
00236
00237 $form = _user_forms($edit, $account, $category);
00238 $form['_category'] = array('#type' => 'value', '#value' => $category);
00239 $form['_account'] = array('#type' => 'value', '#value' => $account);
00240 $form['submit'] = array('#type' => 'submit', '#value' => t('Save'), '#weight' => 30);
00241 if (user_access('administer users')) {
00242 $form['delete'] = array(
00243 '#type' => 'submit',
00244 '#value' => t('Delete'),
00245 '#weight' => 31,
00246 '#submit' => array('user_edit_delete_submit'),
00247 );
00248 }
00249 $form['#attributes']['enctype'] = 'multipart/form-data';
00250
00251 return $form;
00252 }
00253
00257 function user_profile_form_validate($form, &$form_state) {
00258 user_module_invoke('validate', $form_state['values'], $form_state['values']['_account'], $form_state['values']['_category']);
00259
00260 if ((!user_access('administer users') && array_intersect(array_keys($form_state['values']), array('uid', 'init', 'session'))) || (!user_access('administer permissions') && isset($form_state['values']['roles']))) {
00261 watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING);
00262
00263 form_set_error('category', t('Detected malicious attempt to alter protected user fields.'));
00264 }
00265 }
00266
00270 function user_profile_form_submit($form, &$form_state) {
00271 $account = $form_state['values']['_account'];
00272 $category = $form_state['values']['_category'];
00273 unset($form_state['values']['_account'], $form_state['values']['op'], $form_state['values']['submit'], $form_state['values']['delete'], $form_state['values']['form_token'], $form_state['values']['form_id'], $form_state['values']['_category'], $form_state['values']['form_build_id']);
00274 user_module_invoke('submit', $form_state['values'], $account, $category);
00275 user_save($account, $form_state['values'], $category);
00276
00277
00278 cache_clear_all();
00279
00280 drupal_set_message(t('The changes have been saved.'));
00281 return;
00282 }
00283
00287 function user_edit_delete_submit($form, &$form_state) {
00288 $destination = '';
00289 if (isset($_REQUEST['destination'])) {
00290 $destination = drupal_get_destination();
00291 unset($_REQUEST['destination']);
00292 }
00293
00294 $form_state['redirect'] = array("user/" . $form_state['values']['_account']->uid . "/delete", $destination);
00295 }
00296
00303 function user_confirm_delete(&$form_state, $account) {
00304
00305 $form['_account'] = array('#type' => 'value', '#value' => $account);
00306
00307 return confirm_form($form,
00308 t('Are you sure you want to delete the account %name?', array('%name' => $account->name)),
00309 'user/' . $account->uid,
00310 t('All submissions made by this user will be attributed to the anonymous account. This action cannot be undone.'),
00311 t('Delete'), t('Cancel'));
00312 }
00313
00317 function user_confirm_delete_submit($form, &$form_state) {
00318 user_delete($form_state['values'], $form_state['values']['_account']->uid);
00319 drupal_set_message(t('%name has been deleted.', array('%name' => $form_state['values']['_account']->name)));
00320
00321 if (!isset($_REQUEST['destination'])) {
00322 $form_state['redirect'] = 'admin/user/user';
00323 }
00324 }
00325
00326 function user_edit_validate($form, &$form_state) {
00327 user_module_invoke('validate', $form_state['values'], $form_state['values']['_account'], $form_state['values']['_category']);
00328
00329 if ((!user_access('administer users') && array_intersect(array_keys($form_state['values']), array('uid', 'init', 'session'))) || (!user_access('administer permissions') && isset($form_state['values']['roles']))) {
00330 watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING);
00331
00332 form_set_error('category', t('Detected malicious attempt to alter protected user fields.'));
00333 }
00334 }
00335
00336 function user_edit_submit($form, &$form_state) {
00337 $account = $form_state['values']['_account'];
00338 $category = $form_state['values']['_category'];
00339 unset($form_state['values']['_account'], $form_state['values']['op'], $form_state['values']['submit'], $form_state['values']['delete'], $form_state['values']['form_token'], $form_state['values']['form_id'], $form_state['values']['_category'], $form_state['values']['form_build_id']);
00340 user_module_invoke('submit', $form_state['values'], $account, $category);
00341 user_save($account, $form_state['values'], $category);
00342
00343
00344 cache_clear_all();
00345
00346 drupal_set_message(t('The changes have been saved.'));
00347 return;
00348 }
00349
00356 function user_page() {
00357 global $user;
00358 if ($user->uid) {
00359 menu_set_active_item('user/' . $user->uid);
00360 return menu_execute_active_handler();
00361 }
00362 else {
00363 return drupal_get_form('user_login');
00364 }
00365 }