diff options
author | Dries Buytaert <dries@buytaert.net> | 2009-04-13 12:14:57 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2009-04-13 12:14:57 +0000 |
commit | a85971199d192fb374c7c4ecaf9608176b6d8a9b (patch) | |
tree | 1d1a49942967fcdf43e58b043c1deb8f92edd84f | |
parent | 079cac337e75b00e270baea445bf506be3d4555a (diff) | |
download | brdo-a85971199d192fb374c7c4ecaf9608176b6d8a9b.tar.gz brdo-a85971199d192fb374c7c4ecaf9608176b6d8a9b.tar.bz2 |
- Patch #394594 by ksenzee: converted most of the user module code to the new database abstraction layer.
-rw-r--r-- | modules/user/user.admin.inc | 46 | ||||
-rw-r--r-- | modules/user/user.install | 12 | ||||
-rw-r--r-- | modules/user/user.module | 72 | ||||
-rw-r--r-- | modules/user/user.pages.inc | 2 |
4 files changed, 85 insertions, 47 deletions
diff --git a/modules/user/user.admin.inc b/modules/user/user.admin.inc index ca4d4fdeb..097acd054 100644 --- a/modules/user/user.admin.inc +++ b/modules/user/user.admin.inc @@ -144,7 +144,11 @@ function user_admin_account() { t('Operations') ); - $sql = 'SELECT DISTINCT u.uid, u.name, u.status, u.created, u.access FROM {users} u LEFT JOIN {users_roles} ur ON u.uid = ur.uid ' . $filter['join'] . ' WHERE u.uid != 0 ' . $filter['where']; + $query = db_select('users', 'u'); + $query->fields('u', array('uid', 'name', 'status', 'created', 'access')); + $sql = 'SELECT DISTINCT u.uid, u.name, u.status, u.created, u.access FROM {users} u + LEFT JOIN {users_roles} ur ON u.uid = ur.uid ' . $filter['join'] . ' + WHERE u.uid != 0 ' . $filter['where']; $sql .= tablesort_sql($header); $query_count = 'SELECT COUNT(DISTINCT u.uid) FROM {users} u LEFT JOIN {users_roles} ur ON u.uid = ur.uid ' . $filter['join'] . ' WHERE u.uid != 0 ' . $filter['where']; $result = pager_query($sql, 50, 0, $query_count, $filter['args']); @@ -174,13 +178,13 @@ function user_admin_account() { $status = array(t('blocked'), t('active')); $roles = user_roles(TRUE); $accounts = array(); - while ($account = db_fetch_object($result)) { + foreach ($result as $account) { $accounts[$account->uid] = ''; $form['name'][$account->uid] = array('#markup' => theme('username', $account)); $form['status'][$account->uid] = array('#markup' => $status[$account->status]); $users_roles = array(); - $roles_result = db_query('SELECT rid FROM {users_roles} WHERE uid = %d', $account->uid); - while ($user_role = db_fetch_object($roles_result)) { + $roles_result = db_query('SELECT rid FROM {users_roles} WHERE uid = :uid', array(':uid' => $account->uid)); + foreach ($roles_result as $user_role) { $users_roles[] = $roles[$user_role->rid]; } asort($users_roles); @@ -601,9 +605,14 @@ function user_admin_perm_submit($form, &$form_state) { foreach ($form_state['values']['role_names'] as $rid => $name) { $checked = array_filter($form_state['values'][$rid]); // Delete existing permissions for the role. This handles "unchecking" checkboxes. - db_query("DELETE FROM {role_permission} WHERE rid = %d", $rid); + db_delete('role_permission')->condition('rid', $rid)->execute(); foreach ($checked as $permission) { - db_query("INSERT INTO {role_permission} (rid, permission) VALUES (%d, '%s')", $rid, $permission); + db_insert('role_permission') + ->fields(array( + 'rid' => $rid, + 'permission' => $permission, + )) + ->execute(); } } @@ -670,7 +679,7 @@ function user_admin_role() { drupal_goto('admin/user/roles'); } // Display the edit role form. - $role = db_fetch_object(db_query('SELECT * FROM {role} WHERE rid = %d', $rid)); + $role = db_query('SELECT * FROM {role} WHERE rid = :rid', array(':rid' => $rid))->fetchObject(); $form['name'] = array( '#type' => 'textfield', '#title' => t('Role name'), @@ -712,12 +721,16 @@ function user_admin_role() { function user_admin_role_validate($form, &$form_state) { if ($form_state['values']['name']) { if ($form_state['values']['op'] == t('Save role')) { - if (db_result(db_query("SELECT COUNT(*) FROM {role} WHERE name = '%s' AND rid != %d", $form_state['values']['name'], $form_state['values']['rid']))) { + $existing_role = db_query("SELECT COUNT(*) FROM {role} WHERE name = :name AND rid != :rid", + array(':name' => $form_state['values']['name'], + ':rid' => $form_state['values']['rid'])) + ->fetchField(); + if ($existing_role) { form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_state['values']['name']))); } } elseif ($form_state['values']['op'] == t('Add role')) { - if (db_result(db_query("SELECT COUNT(*) FROM {role} WHERE name = '%s'", $form_state['values']['name']))) { + if (db_query("SELECT COUNT(*) FROM {role} WHERE name = :name", array(':name' => $form_state['values']['name']))->fetchField()) { form_set_error('name', t('The role name %name already exists. Please choose another role name.', array('%name' => $form_state['values']['name']))); } } @@ -729,19 +742,24 @@ function user_admin_role_validate($form, &$form_state) { function user_admin_role_submit($form, &$form_state) { if ($form_state['values']['op'] == t('Save role')) { - db_query("UPDATE {role} SET name = '%s' WHERE rid = %d", $form_state['values']['name'], $form_state['values']['rid']); + db_update('role') + ->fields(array( + 'name' => $form_state['values']['name'], + )) + ->condition('rid', $form_state['values']['rid']) + ->execute(); drupal_set_message(t('The role has been renamed.')); } elseif ($form_state['values']['op'] == t('Delete role')) { - db_query('DELETE FROM {role} WHERE rid = %d', $form_state['values']['rid']); - db_query('DELETE FROM {role_permission} WHERE rid = %d', $form_state['values']['rid']); + db_delete('role')->condition('rid', $form_state['values']['rid'])->execute(); + db_delete('role_permission')->condition('rid', $form_state['values']['rid'])->execute(); // Update the users who have this role set: - db_query('DELETE FROM {users_roles} WHERE rid = %d', $form_state['values']['rid']); + db_delete('users_roles')->condition('rid', $form_state['values']['rid'])->execute(); drupal_set_message(t('The role has been deleted.')); } elseif ($form_state['values']['op'] == t('Add role')) { - db_query("INSERT INTO {role} (name) VALUES ('%s')", $form_state['values']['name']); + db_insert('role')->fields(array('name' => $form_state['values']['name']))->execute(); drupal_set_message(t('The role has been added.')); } $form_state['redirect'] = 'admin/user/roles'; diff --git a/modules/user/user.install b/modules/user/user.install index de002cf5e..7a68df278 100644 --- a/modules/user/user.install +++ b/modules/user/user.install @@ -247,7 +247,7 @@ function user_update_7000(&$sandbox) { if (!isset($sandbox['user_from'])) { db_change_field($ret, 'users', 'pass', 'pass', array('type' => 'varchar', 'length' => 128, 'not null' => TRUE, 'default' => '')); $sandbox['user_from'] = 0; - $sandbox['user_count'] = db_result(db_query("SELECT COUNT(uid) FROM {users}")); + $sandbox['user_count'] = db_query("SELECT COUNT(uid) FROM {users}")->fetchField(); } else { require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc'); @@ -255,14 +255,14 @@ function user_update_7000(&$sandbox) { $has_rows = FALSE; // Update this many per page load. $count = 1000; - $result = db_query_range("SELECT uid, pass FROM {users} WHERE uid > 0 ORDER BY uid", $sandbox['user_from'], $count); - while ($account = db_fetch_array($result)) { + $result = db_query_range("SELECT uid, pass FROM {users} WHERE uid > 0 ORDER BY uid", array(), $sandbox['user_from'], $count); + foreach ($result as $account) { $has_rows = TRUE; - $new_hash = user_hash_password($account['pass'], $hash_count_log2); + $new_hash = user_hash_password($account->pass, $hash_count_log2); if ($new_hash) { // Indicate an updated password. $new_hash = 'U' . $new_hash; - db_query("UPDATE {users} SET pass = '%s' WHERE uid = %d", $new_hash, $account['uid']); + db_update('users')->fields(array('pass' => $new_hash))->condition('uid', $account->uid)->execute(); } } $ret['#finished'] = $sandbox['user_from']/$sandbox['user_count']; @@ -300,7 +300,7 @@ function user_update_7002(&$sandbox) { if (!isset($sandbox['user_from'])) { db_change_field($ret, 'users', 'timezone', 'timezone', array('type' => 'varchar', 'length' => 32, 'not null' => FALSE)); $sandbox['user_from'] = 0; - $sandbox['user_count'] = db_result(db_query("SELECT COUNT(uid) FROM {users}")); + $sandbox['user_count'] = db_query("SELECT COUNT(uid) FROM {users}")->fetchField(); $sandbox['user_not_migrated'] = 0; } else { diff --git a/modules/user/user.module b/modules/user/user.module index c6ccc530e..885a3f607 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -398,7 +398,7 @@ function user_save($account, $edit = array(), $category = 'account') { if (is_object($account) && $account->uid) { user_module_invoke('update', $edit, $account, $category); - $data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid))); + $data = unserialize(db_query('SELECT data FROM {users} WHERE uid = :uid', array(':uid' => $account->uid))->fetchField()); // Consider users edited by an administrator as logged in, if they haven't // already, so anonymous users can view the profile (if allowed). if (empty($edit['access']) && empty($account->access) && user_access('administer users')) { @@ -459,11 +459,16 @@ function user_save($account, $edit = array(), $category = 'account') { // Reload user roles if provided. if (isset($edit['roles']) && is_array($edit['roles'])) { - db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid); + db_delete('users_roles')->condition('uid', $account->uid)->execute(); foreach (array_keys($edit['roles']) as $rid) { if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) { - db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $account->uid, $rid); + db_insert('users_roles') + ->fields(array( + 'uid' => $account->uid, + 'rid' => $rid, + )) + ->execute(); } } } @@ -542,10 +547,15 @@ function user_save($account, $edit = array(), $category = 'account') { // Save user roles (delete just to be safe). if (isset($edit['roles']) && is_array($edit['roles'])) { - db_query('DELETE FROM {users_roles} WHERE uid = %d', $edit['uid']); + db_delete('users_roles')->condition('uid', $edit['uid'])->execute(); foreach (array_keys($edit['roles']) as $rid) { if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) { - db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $edit['uid'], $rid); + db_insert('users_roles') + ->fields(array( + 'uid' => $edit['uid'], + 'rid' => $rid, + )) + ->execute(); } } } @@ -757,7 +767,7 @@ function user_access($string, $account = NULL, $reset = FALSE) { * @return boolean TRUE for blocked users, FALSE for active. */ function user_is_blocked($name) { - $deny = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name)); + $deny = db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER(:name)", array(':name' => $name))->fetchObject(); return $deny; } @@ -843,18 +853,22 @@ function user_search($op = 'search', $keys = NULL, $skip_access_check = FALSE) { $find = array(); // Replace wildcards with MySQL/PostgreSQL wildcards. $keys = preg_replace('!\*+!', '%', $keys); + $query = db_select('users'); + $query->fields('users', array('name', 'uid', 'mail')); if (user_access('administer users')) { // Administrators can also search in the otherwise private email field. - $result = pager_query("SELECT name, uid, mail FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%') OR LOWER(mail) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys, $keys); - while ($account = db_fetch_object($result)) { - $find[] = array('title' => $account->name . ' (' . $account->mail . ')', 'link' => url('user/' . $account->uid, array('absolute' => TRUE))); - } + $query->condition(db_or()-> + where('LOWER(name) LIKE LOWER(:name)', array(':name' => "%$keys%"))-> + where('LOWER(mail) LIKE LOWER(:mail)', array(':mail' => "%$keys%"))); } else { - $result = pager_query("SELECT name, uid FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys); - while ($account = db_fetch_object($result)) { - $find[] = array('title' => $account->name, 'link' => url('user/' . $account->uid, array('absolute' => TRUE))); - } + $query->where('LOWER(name) LIKE LOWER(:name)', array(':name' => "%$keys%")); + } + $query = $query->extend('PagerDefault') + ->limit(2); + $result = $query->execute(); + foreach ($result as $account) { + $find[] = array('title' => $account->name . ' (' . $account->mail . ')', 'link' => url('user/' . $account->uid, array('absolute' => TRUE))); } return $find; } @@ -920,7 +934,7 @@ function user_user_validate(&$edit, &$account, $category = NULL) { if ($error = user_validate_name($edit['name'])) { form_set_error('name', $error); } - elseif (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) { + elseif (db_query("SELECT COUNT(*) FROM {users} WHERE uid != :uid AND LOWER(name) = LOWER(:name)", array(':uid' => $uid, ':name' => $edit['name']))->fetchField() > 0) { form_set_error('name', t('The name %name is already taken.', array('%name' => $edit['name']))); } } @@ -929,7 +943,7 @@ function user_user_validate(&$edit, &$account, $category = NULL) { if ($error = user_validate_mail($edit['mail'])) { form_set_error('mail', $error); } - elseif (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(mail) = LOWER('%s')", $uid, $edit['mail'])) > 0) { + elseif (db_query("SELECT COUNT(*) FROM {users} WHERE uid != :uid AND LOWER(mail) = LOWER(:mail)", array(':uid' => $uid, ':mail' => $edit['mail']))->fetchField() > 0) { // Format error message dependent on whether the user is logged in or not. if ($GLOBALS['user']->uid) { form_set_error('mail', t('The e-mail address %email is already taken.', array('%email' => $edit['mail']))); @@ -1501,10 +1515,10 @@ function user_page_title($account) { * An associative array with module as key and username as value. */ function user_get_authmaps($authname = NULL) { - $result = db_query("SELECT authname, module FROM {authmap} WHERE authname = '%s'", $authname); + $result = db_query("SELECT authname, module FROM {authmap} WHERE authname = :authname", array(':authname' => $authname)); $authmaps = array(); $has_rows = FALSE; - while ($authmap = db_fetch_object($result)) { + foreach ($result as $authmap) { $authmaps[$authmap->module] = $authmap->authname; $has_rows = TRUE; } @@ -1645,7 +1659,7 @@ function user_authenticate($form_values = array()) { $password = trim($form_values['pass']); // Name and pass keys are required. if (!empty($form_values['name']) && !empty($password)) { - $account = db_fetch_object(db_query("SELECT * FROM {users} WHERE name = '%s' AND status = 1", $form_values['name'])); + $account = db_query("SELECT * FROM {users} WHERE name = :name AND status = 1", array(':name' => $form_values['name']))->fetchObject(); if ($account) { // Allow alternate password hashing schemes. require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc'); @@ -1653,7 +1667,10 @@ function user_authenticate($form_values = array()) { if (user_needs_new_hash($account)) { $new_hash = user_hash_password($password); if ($new_hash) { - db_query("UPDATE {users} SET pass = '%s' WHERE uid = %d", $new_hash, $account->uid); + db_update('users') + ->fields(array('pass' => $new_hash)) + ->condition('uid', $account->uid) + ->execute(); } } $users = user_load_multiple(array($account->uid), array('status' => '1')); @@ -1680,7 +1697,10 @@ function user_authenticate_finalize(&$edit) { // Update the user table timestamp noting user has logged in. // This is also used to invalidate one-time login links. $user->login = REQUEST_TIME; - db_query("UPDATE {users} SET login = %d WHERE uid = %d", $user->login, $user->uid); + db_update('users') + ->fields(array('login' => $user->login)) + ->condition('uid', $user->uid) + ->execute(); // Regenerate the session ID to prevent against session fixation attacks. // This is called before hook_user in case one of those functions fails // or incorrectly does a redirect which would leave the old session in place. @@ -2112,13 +2132,13 @@ function user_roles($membersonly = FALSE, $permission = NULL) { ); if (!empty($permission)) { - $result = db_query("SELECT r.* FROM {role} r INNER JOIN {role_permission} p ON r.rid = p.rid WHERE p.permission = '%s' ORDER BY r.name", $permission); + $result = db_query("SELECT r.* FROM {role} r INNER JOIN {role_permission} p ON r.rid = p.rid WHERE p.permission = :permission ORDER BY r.name", array(':permission' => $permission)); } else { $result = db_query('SELECT * FROM {role} ORDER BY name'); } - while ($role = db_fetch_object($result)) { + foreach ($result as $role) { switch ($role->rid) { // We only translate the built in role names case DRUPAL_ANONYMOUS_RID: @@ -2239,7 +2259,7 @@ function user_user_operations_block($accounts) { function user_multiple_role_edit($accounts, $operation, $rid) { // The role name is not necessary as user_save() will reload the user // object, but some modules' hook_user() may look at this first. - $role_name = db_result(db_query('SELECT name FROM {role} WHERE rid = %d', $rid)); + $role_name = db_query('SELECT name FROM {role} WHERE rid = :rid', array(':rid' => $rid))->fetchField(); switch ($operation) { case 'add_role': @@ -2271,7 +2291,7 @@ function user_multiple_cancel_confirm(&$form_state) { $form['accounts'] = array('#prefix' => '<ul>', '#suffix' => '</ul>', '#tree' => TRUE); // array_filter() returns only elements with TRUE values. foreach (array_filter($edit['accounts']) as $uid => $value) { - $user = db_result(db_query('SELECT name FROM {users} WHERE uid = %d', $uid)); + $user = db_query('SELECT name FROM {users} WHERE uid = :uid', array(':uid' => $uid))->fetchField(); $form['accounts'][$uid] = array('#type' => 'hidden', '#value' => $uid, '#prefix' => '<li>', '#suffix' => check_plain($user) . "</li>\n"); } @@ -2697,7 +2717,7 @@ function user_block_user_action(&$object, $context = array()) { global $user; $uid = $user->uid; } - db_query("UPDATE {users} SET status = 0 WHERE uid = %d", $uid); + db_update('users')->fields(array('status' => 0))->condition('uid', $uid)->execute(); drupal_session_destroy_uid($uid); watchdog('action', 'Blocked user %name.', array('%name' => $user->name)); } diff --git a/modules/user/user.pages.inc b/modules/user/user.pages.inc index 7a055eb97..a4909f846 100644 --- a/modules/user/user.pages.inc +++ b/modules/user/user.pages.inc @@ -13,7 +13,7 @@ function user_autocomplete($string = '') { $matches = array(); if ($string) { $result = db_query_range("SELECT name FROM {users} WHERE LOWER(name) LIKE LOWER(:name)", array(':name' => $string .'%'), 0, 10); - while ($user = db_fetch_object($result)) { + foreach ($result as $user) { $matches[$user->name] = check_plain($user->name); } } |