- applied search patch.

- added who is online block.
- made weblog module more configurable.
- users may now delete their own accounts (Feature #8)
- users may now request a password using email address *or* username.
  formerly required both items to match an account which was onerous.
- the link to request a new password is now presented whenever a user
  fails login.
- there is now a confirmation message after submitting edits to your
  user information.
- error messages in user.module may now be stylized by themes.
- <hook>_form has a $param setting you can fill with form parameters.
- improved wording for a few config settings.
- fixed various non-coding standard things.

1 files changed, 69 insertions, 22 deletions

diff --git a/modules/user.module b/modules/user.module
index 5fb552a2e..5bde04273 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -24,7 +24,7 @@ function sess_read($key) {
 function sess_write($key, $value) {
   global $HTTP_SERVER_VARS;
 
-  db_query("UPDATE users SET hostname = '". check_input($HTTP_SERVER_VARS[REMOTE_ADDR]) ."', session = '". check_query($value) ."', timestamp = '". time() ."' WHERE sid = '$key'");
+  db_query("UPDATE users SET hostname = '". check_input($HTTP_SERVER_VARS["REMOTE_ADDR"]) ."', session = '". check_query($value) ."', timestamp = '". time() ."' WHERE sid = '$key'");
 
   return '';
 }
@@ -32,7 +32,7 @@ function sess_write($key, $value) {
 function sess_destroy($key) {
   global $HTTP_SERVER_VARS;
 
-  db_query("UPDATE users SET hostname = '". check_input($HTTP_SERVER_VARS[REMOTE_ADDR]) ."', timestamp = '". time() ."', sid = '' WHERE sid = '$key'");
+  db_query("UPDATE users SET hostname = '". check_input($HTTP_SERVER_VARS["REMOTE_ADDR"]) ."', timestamp = '". time() ."', sid = '' WHERE sid = '$key'");
 }
 
 function sess_gc($lifetime) {
@@ -63,7 +63,7 @@ function user_load($array = array()) {
 
   foreach ($array as $key => $value) {
     if ($key == "pass") {
-      $query .= "u.$key = '" . md5($value) . "' AND ";
+      $query .= "u.$key = '". md5($value) ."' AND ";
      }
     else {
       $query .= "u.$key = '". addslashes($value) ."' AND ";
@@ -482,6 +482,23 @@ function user_block() {
   $block[0]["info"] = t("User information");
   $block[0]["link"] = "module.php?mod=user";
 
+  // Who's online block
+  $time = 60 * 60; // minutes * seconds
+  $limit = 0; // List the X most recent people
+
+  $result = db_query("SELECT uid, name FROM users WHERE timestamp > unix_timestamp() - ($time) ORDER BY timestamp DESC LIMIT $limit");
+
+  if (db_num_rows($result)) {
+    $output = "<ol>";
+    while ($account = db_fetch_object($result)) {
+      $output .= '<li><a href="module.php?mod=user&op=view&id='. $account->uid .'">'. (strlen($account->name) > 10 ? substr($account->name, 0, 10) . '...' : $account->name) .'</a></li>';
+    }
+    $output .= "</ol>";
+    $block[1]["content"] = $output;
+  }
+  $block[1]["subject"] = t("Who's online");
+  $block[1]["info"] = t("Who's online");
+
   return $block;
 }
 
@@ -724,7 +741,7 @@ function user_login($edit = array()) {
     }
     else {
       if (!$error) {
-        $error = t("Authentication failed.");
+        $error = sprintf(t("Sorry. Unrecognized username or password. Have you %sforgotten your password%s?"),"<a href=\"/module.php?mod=user&op=password\">","</a>");
       }
       if ($server) {
         watchdog("user", "failed login for '$name@$server': $error");
@@ -740,7 +757,7 @@ function user_login($edit = array()) {
   */
 
   if ($error) {
-    $output .= "<p><span style=\"color: red;\">". check_output($error) ."</span></p>";
+    $output .= "<p><span style=\"color: red;\" class=\"error\">". check_output($error) ."</span></p>";
   }
 
   /*
@@ -778,8 +795,15 @@ function user_logout() {
 
 function user_pass($edit = array()) {
 
-  if ($edit["name"] && $edit["mail"]) {
-    if ($account = db_fetch_object(db_query("SELECT uid FROM users WHERE name = '". check_input($edit["name"]) ."' AND mail = '". check_input($edit["mail"]) ."'"))) {
+  if ($edit["name"]) {
+    $account = db_fetch_object(db_query("SELECT uid FROM users WHERE name = '". check_input($edit["name"]) . "'"));
+    if (!$account) $error = sprintf(t("Sorry. The username <i>%s</i> is not recognized."), $edit["name"]);
+  }  
+  else if ($edit["mail"]) {
+    $account = db_fetch_object(db_query("SELECT uid FROM users WHERE mail = '". check_input($edit["mail"]) ."'"));
+    if (!$account) $error = sprintf(t("Sorry. The e-mail address <i>%s</i> is not recognized."), $edit["mail"]);
+  }
+  if ($account) {
 
       $from = variable_get("site_mail", ini_get("sendmail_from"));
       $pass = user_password();
@@ -801,17 +825,17 @@ function user_pass($edit = array()) {
       return t("Your password and further instructions have been sent to your e-mail address.");
     }
     else {
-      watchdog("user", "mail password: '". $edit["name"] ."' and &lt;". $edit["mail"] ."&gt; do not match");
-
-      return t("Could not send password: no match for the specified username and e-mail address.");
+  
+    // Display error message if necessary.
+    if ($error) {
+      $output .= "<p><span style=\"color: red;\" class=\"error\">". check_output($error) ."</span></p>";
     }
-  }
-  else {
 
     /*
     ** Display form:
     */
 
+    $output .= sprintf(t("%sEnter your username %sor%s your email address.%s"), "<p>", "<b><i>", "</i></b>", "</p>");    
     $output .= form_textfield(t("Username"), "name", $edit["name"], 30, 64);
     $output .= form_textfield(t("E-mail address"), "mail", $edit["mail"], 30, 64);
     $output .= form_submit(t("E-mail new password"));
@@ -894,7 +918,7 @@ function user_register($edit = array()) {
   else {
 
     if ($error) {
-      $output .= "<p><span style=\"color: red;\">". check_output($error) ."</span></p>";
+      $output .= "<p><span style=\"color: red;\" class=\"error\">". check_output($error) ."</span></p>";
     }
 
     $output .= form_textfield(t("Username"), "name", $edit["name"], 30, 64, t("Your full name or your prefered username: only letters, numbers and spaces are allowed."));
@@ -910,6 +934,24 @@ function user_register($edit = array()) {
   }
 }
 
+
+function user_delete() {
+  global $edit, $user;
+  
+  if ($edit["confirm"]) {
+    watchdog(user,"$user->name deactivated her own account.");    
+    db_query("UPDATE users SET mail = 'deleted', status='0' WHERE uid = '$user->uid'");
+    $output .= t("Your account has been deactivated.");
+  }
+  else {
+    $output .= form_item(t("Confirm Deletion"), t("You are about to deactivate your own user account. In addition, your email address will be removed from the database."));
+    $output .= form_hidden("confirm", 1);
+    $output .= form_submit(t("Delete account"));
+    $output = form($output);
+  }
+  return $output;
+}
+
 function user_edit($edit = array()) {
   global $HTTP_HOST, $themes, $user, $languages;
 
@@ -967,17 +1009,13 @@ function user_edit($edit = array()) {
 
           $user = user_save($user, array_merge($edit, $data));
 
-          /*
-          ** Redirect the user to his personal information page:
-          */
-
-          drupal_goto("module.php?mod=user&op=view");
+          $output .= sprintf(t("Your user information changes have been saved."), "<p><b>", "</b></p>");    
         }
       }
     }
 
     if ($error) {
-      $output .= "<p><span style=\"color: red;\">". check_output($error) ."</span></p>";
+      $output .= "<p><span style=\"color: red;\" class=\"error\">". check_output($error) ."</span></p>";
     }
 
     $output .= form_textfield(t("Username"), "name", $user->name, 30, 55, t("Your full name or your prefered username: only letters, numbers and spaces are allowed."));
@@ -1005,7 +1043,7 @@ function user_edit($edit = array()) {
     $output .= form_textarea(t("Signature"), "signature", $user->signature, 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
     $output .= form_item(t("Password"), "<input type=\"password\" name=\"edit[pass1]\" size=\"12\" maxlength=\"24\" /> <input type=\"password\" name=\"edit[pass2]\" size=\"12\" maxlength=\"24\" />", t("Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password."));
     $output .= form_submit(t("Save user information"));
-
+    
     $output = form($output);
   }
 
@@ -1015,6 +1053,7 @@ function user_edit($edit = array()) {
 function user_menu() {
   $links[] = "<a href=\"module.php?mod=user&op=view\">". t("view user information") ."</a>";
   $links[] = "<a href=\"module.php?mod=user&op=edit\">". t("edit user information") ."</a>";
+  $links[] = "<a href=\"module.php?mod=user&op=delete\">". t("delete account") ."</a>";
 
   return "<div align=\"center\">". implode(" &middot; ", $links) ."</div>";
 }
@@ -1101,7 +1140,15 @@ function user_page() {
       $theme->box(t("Log in"), $output);
       $theme->footer();
       break;
-    case t("Save user information"):
+    case t("Delete account"):    
+    case t("delete");
+      $output = user_delete();
+      $theme->header();
+      $theme->box(t("User account"), user_menu());
+      $theme->box(t("Delete account"), $output);
+      $theme->footer();
+      break;
+    case t("Save user information"):    
     case "edit":
       $output = user_edit($edit);
       $theme->header();
@@ -1193,7 +1240,7 @@ function user_admin_create($edit = array()) {
   else {
 
     if ($error) {
-      $output .= "<p><span style=\"color: red;\">". check_output($error) ."</span></p>";
+      $output .= "<p><span style=\"color: red;\" class=\"error\">". check_output($error) ."</span></p>";
     }
 
     $output .= form_textfield("Username", "name", $edit["name"], 30, 55);