summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDries Buytaert <dries@buytaert.net>2002-08-08 18:52:55 +0000
committerDries Buytaert <dries@buytaert.net>2002-08-08 18:52:55 +0000
commitf5173ef23304b6c243eaf69fd193f60e8d2f3a46 (patch)
tree57cc28017815f8bcf2ae9282d303d8960114ef67
parentb8c815d24593b32a6731f51a10476753f25af474 (diff)
downloadbrdo-f5173ef23304b6c243eaf69fd193f60e8d2f3a46.tar.gz
brdo-f5173ef23304b6c243eaf69fd193f60e8d2f3a46.tar.bz2
- Applied user.module patch from Marco's sandbox.
- Added profile.module written by Marco.
Diffstat
-rw-r--r--modules/profile.module281
-rw-r--r--modules/profile/profile.module281
-rw-r--r--modules/user.module34
-rw-r--r--modules/user/user.module34
4 files changed, 588 insertions, 42 deletions
diff --git a/modules/profile.module b/modules/profile.module
new file mode 100644
index 000000000..5503d7ee9
--- /dev/null
+++ b/modules/profile.module
@@ -0,0 +1,281 @@
+<?php
+
+function _profile_init() {
+ /*
+ ** Add here any field you might need. Leave array[0] blank if you
+ ** need a special tool (like birthday or avatar).
+ ** TODO: add a clear description/explanation.
+ */
+
+ $GLOBALS["profile_fields"] = array(
+ "address" => array("textfield", t("Address"), "", 64, 64, t("Your address: street and number.")),
+ "city" => array("textfield", t("City"), "", 64, 64, t("Your city.")),
+ "state" => array("textfield", t("State"), "", 4, 2, t("Your state as a two letter code.")),
+ "zip" => array("textfield", t("Zip"), "", 7, 5, t("Your ZIP code.")),
+ "birthday" => array("", t("Birthday"), ""),
+ "gender" => array("select", t("Gender"), "", array(0 => "-", "m" => t("male"), "f" => t("female")), "", 0, 0),
+ "job" => array("textfield", t("Job title"), "", 64, 64, t("Your job title or position.")),
+ "icq" => array("textfield", t("ICQ messenger ID"), "", 12, 12, ""),
+ "msn" => array("textfield", t("MSN messenger ID"), "", 64, 64, ""),
+ "yahoo" => array("textfield", t("Yahoo messenger ID"), "", 64, 64, ""),
+ "aim" => array("textfield", t("AIM messenger ID"), "", 64, 64, ""),
+ "homepage" => array("textfield", t("URL of homepage"), "", 64, 64, t("Make sure you enter a fully qualified URL: remember to include \"http://\".")),
+ "biography" => array("textarea", t("Biography"), "", 64, 4, ""),
+ "interests" => array("textarea", t("Interests"), "", 64, 4, t("What you like.")),
+ "publickey" => array("textarea", t("Public key"), "", 64, 4, ""),
+ "avatar" => array("", t("Avatar or picture"), t("Your virtual face or picture."))
+ );
+
+ $GLOBALS["profile_days"][0] = t("day");
+ for ($n=1; $n<=31; $n++) {
+ $GLOBALS["profile_days"][$n] = $n;
+ }
+
+ $GLOBALS["profile_months"] = array(0 => t("month"), 1 => t("January"), 2 => t("February"), 3 => t("March"), 4 => t("April"), 5 => t("May"), 6 => t("June"), 7 => t("July"), 8 => t("August"), 9 => t("September"), 10 => t("October"), 11 => t("November"), 12 => t("December"));
+}
+
+function profile_system($field){
+ $system["description"] = t("Support for configurable user profiles.");
+ return $system[$field];
+}
+
+function profile_conf_options() {
+ global $profile_fields;
+ if (!$profile_fields) {
+ _profile_init();
+ }
+
+ foreach ($profile_fields as $key => $field) {
+ $fields[$key] = $field[1];
+ }
+
+ $output .= form_select(t("Registration time fields"), "profile_register_fields", variable_get("profile_register_fields", array()), $fields, t("The fields users will be able to set at registration time. Any required fields (see below) must appear here too."), "size=\"6\"", 1);
+ $output .= form_select(t("Required fields"), "profile_required_fields", variable_get("profile_required_fields", array()), $fields, t("The fields users that are required to be set."), "size=\"6\"", 1);
+ $output .= form_select(t("Publicly accessible fields"), "profile_public_fields", variable_get("profile_public_fields", array()), $fields, t("The fields users will be able to set and that will be publicly visible."), "size=\"6\"", 1);
+ $output .= form_select(t("Private fields"), "profile_private_fields", variable_get("profile_private_fields", array()), $fields, t("The fields users will be able to set, but which are kept private."), "size=\"6\"", 1);
+
+ $output .= form_textfield(t("Avatar image path"), "profile_avatar_path", variable_get("profile_avatar_path", "misc/avatars/"), 30, 255, t("Path for avatar directory; it must be writeable and visible from the web."));
+ $output .= form_textfield(t("Avatar max size"), "profile_avatar_size", variable_get("profile_avatar_size", "85x85"), 10, 10, t("Maximum size for avatars."));
+ $output .= form_textfield(t("Avatar max filesize"), "profile_avatar_filesize", variable_get("profile_avatar_filesize", "30"), 10, 10, t("Maximum filesize for avatars, in kb."));
+
+ return $output;
+}
+
+function profile_user($type, $edit, &$user) {
+ global $profile_fields;
+ if (!$profile_fields) {
+ _profile_init();
+ }
+
+ switch ($type) {
+ case "register_form":
+ // first registration form (to add something to just email and nick)
+ return _profile_form($edit, "register");
+ case "register_validate":
+ // validate first registration form
+ return _profile_validate($edit, "required");
+ case "edit_form":
+ // when user tries to edit his own data
+ return _profile_form(object2array($user), "private");
+ case "edit_validate":
+ // validate user data editing
+ return _profile_validate($edit, "private");
+ case "view_public":
+ // when others look at user data
+ return _profile_user_view($user, "public");
+ case "view_private":
+ // when user looks at his own data
+ return _profile_user_view($user, "private");
+ }
+}
+
+function profile_required($title) {
+ // this pleads "theme_invoke, theme_invoke" ;)
+ return $title ." <span style=\"color: red;\">*</span>";
+}
+
+function _profile_form($edit, $mode) {
+ global $profile_fields, $user;
+
+ $reg_fields = _profile_active_fields($mode);
+ $required_fields = _profile_active_fields("required");
+
+ foreach ($profile_fields as $name => $field) {
+ if ($field[0] && in_array($name, $reg_fields)) {
+ $f = "form_".$field[0];
+ $t = "profile_".$name;
+ $output .= $f((in_array($name, $required_fields) ? profile_required($field[1]) : $field[1]), $t, $edit[$t], $field[3], $field[4], $field[5], $field[6]);
+ }
+ }
+
+ if (in_array("birthday", $reg_fields)) {
+ $output .= form_item((in_array("birthday", $required_fields) ? profile_required($profile_fields["birthday"][1]) : $profile_fields["birthday"][1]), _profile_edit_birth(array2object($edit)), $profile_fields["birthday"][2]);
+ }
+
+ if (in_array("avatar", $reg_fields)) {
+ if ($edit["profile_avatar"] && $edit["uid"]) {
+ $file = profile_avatar_path($edit["uid"], $edit["profile_avatar"]);
+ if ($file) {
+ $output .= "<img src=\"$file\"><br />";
+ }
+ }
+ $output .= form_file($profile_fields["avatar"][1], "profile_avatar", 64, $profile_fields["avatar"][2]);
+ }
+
+ return $output;
+}
+
+function _profile_validate($edit, $mode) {
+ global $profile_fields, $user, $HTTP_POST_VARS;
+
+ $req_fields = _profile_active_fields($mode);
+
+ if (in_array("birthday", $req_fields) && ($birth_error = _profile_validate_birth($edit))) {
+ $error .= $birth_error."<br />";
+ }
+
+ if (in_array("avatar", $req_fields) && ($avatar_error = _profile_validate_avatar($edit))) {
+ $error .= $avatar_error."<br />";
+ }
+
+ foreach (array_keys($profile_fields) as $field) {
+ // replicate any key which was saved during registration but is not in this form
+ if (!$edit[$field] && $user->$field) {
+ $edit[$field] = $user->$field;
+ }
+ }
+
+ // now check for required fields
+ foreach(_profile_active_fields("required") as $required) {
+ if (in_array($required, $req_fields)) {
+ if (!$edit["profile_".$required]) {
+ $error .= t("This required field is missing: %a", array("%a" => $profile_fields[$required][1]))."<br />";
+ }
+ }
+ }
+
+ if ($error) {
+ return $error;
+ }
+ else {
+ return $edit;
+ }
+}
+
+function _profile_user_view(&$user, $mode) {
+ global $profile_fields;
+
+ foreach (_profile_active_fields($mode) as $name) {
+ $field = $profile_fields[$name];
+ $t = "profile_".$name;
+ switch ($field[0]) {
+ case "textfield":
+ case "textarea":
+ case "checkbox":
+ if (isset($user->$t)) {
+ $output .= form_item($field[1], check_output($user->$t));
+ }
+ break;
+ case "select":
+ if (isset($user->$t)) {
+ $output .= form_item($field[1], check_output($profile_fields[$name][3][$user->$t]));
+ }
+ break;
+ case "":
+ // special
+ if ($t == "profile_avatar") {
+ if (isset($user->$t)) {
+ $file = profile_avatar_path($user->uid, $user->profile_avatar);
+ if (file_exists($file)) {
+ $output .= form_item(t("Avatar"), "<img src=\"$file\" />");
+ }
+ }
+ }
+
+ if ($t == "profile_birthday") {
+ if (isset($user->profile_birthday) && isset($user->profile_birthmonth) && isset($user->profile_birthyear)) {
+ // this is very european-centric, can we use format_date?
+ $output .= form_item(t("Birthday"), $user->profile_birthday."/".$user->profile_birthmonth."/".$user->profile_birthyear);
+ }
+ }
+ }
+ }
+ return $output;
+}
+
+function _profile_validate_avatar(&$edit) {
+ global $HTTP_POST_FILES, $user;
+ // check that uploaded file is an image, with a max file size and max height/width
+
+ unset($edit["profile_avatar"]);
+
+ if ($HTTP_POST_FILES["edit"]["name"]["profile_avatar"] == "") {
+ $edit["profile_avatar"] = $user->profile_avatar;
+ return "";
+ }
+
+ $image_file = $HTTP_POST_FILES["edit"]["tmp_name"]["profile_avatar"];
+ if (is_uploaded_file($image_file)) {
+ $extension = strtolower(strrchr($HTTP_POST_FILES["edit"]["name"]["profile_avatar"], "."));
+ $size = getimagesize($image_file);
+ list($maxwidth, $maxheight) = explode("x", variable_get("profile_avatar_size", "85x85"));
+ if ((!in_array($size[2], array(1,2,3))) || (!in_array($extension, array(".gif", ".jpg", ".png", ".jpeg")))) {
+ $error = t("uploaded file was not an image.");
+ } else if (filesize($image_file) > (variable_get("profile_avatar_filesize", "30")*1000)) {
+ $error = t("uploaded image is too large, max %a kb.", array("%a" => variable_get("profile_avatar_filesize", "30")));
+ } else if ($size[0] > $maxwidth || $size[1] > $maxheight) {
+ $error = t("uploaded image is too large, max %a.", array("%a" => variable_get("profile_avatar_size", "85x85")));
+ }
+ else if (!copy($image_file, variable_get("profile_avatar_path", "misc/avatars/").md5($user->uid).$extension)) {
+ $error = t("error in file upload");
+ }
+ else {
+ $edit["profile_avatar"] = $extension;
+ }
+ }
+
+ return $error ? $error."<br />" : "";
+}
+
+function profile_avatar_path($uid, $extension) {
+ return $extension ? variable_get("profile_avatar_path", "misc/avatars/").md5($uid).$extension : "";
+}
+
+function _profile_active_fields($mode) {
+ return variable_get("profile_".$mode."_fields", array());
+}
+
+function _profile_edit_birth($edit = "") {
+ global $profile_months, $profile_days;
+ $output .= _profile_select("profile_birthday", $edit->profile_birthday, $profile_days);
+ $output .= "&nbsp;";
+ $output .= _profile_select("profile_birthmonth", $edit->profile_birthmonth, $profile_months);
+ $output .= "&nbsp;";
+ $output .= "<input maxlength=\"4\" name=\"edit[profile_birthyear]\" size=\"5\" value=\"$edit->profile_birthyear\" />";
+ return $output;
+}
+
+function _profile_validate_birth(&$edit) {
+ if (!$edit["profile_birthday"] && !$edit["profile_birthmonth"] && !$edit["profile_birthyear"]) {
+ // change this if you want required birth
+ return;
+ }
+
+ if ($edit["profile_birthyear"] > 1900 && checkdate($edit["profile_birthmonth"], $edit["profile_birthday"], $edit["profile_birthyear"])) {
+ return;
+ }
+ else {
+ return t("The specified birthday is not valid.")."<br />";
+ }
+}
+
+function _profile_select($name, $value, $options, $extra = 0, $multiple = 0) {
+ if (count($options) > 0) {
+ foreach ($options as $key=>$choice) {
+ $select .= "<option value=\"$key\"". (is_array($value) ? (in_array($key, $value) ? " selected=\"selected\"" : "") : ($key == $value ? " selected=\"selected\"" : "")) .">". check_form($choice) ."</option>";
+ }
+ return "<select name=\"edit[$name]". ($multiple ? "[]" : "") ."\"". ($multiple ? " multiple " : "") . ($extra ? " $extra" : "") .">$select</select>";
+ }
+}
+
+?>
diff --git a/modules/profile/profile.module b/modules/profile/profile.module
new file mode 100644
index 000000000..5503d7ee9
--- /dev/null
+++ b/modules/profile/profile.module
@@ -0,0 +1,281 @@
+<?php
+
+function _profile_init() {
+ /*
+ ** Add here any field you might need. Leave array[0] blank if you
+ ** need a special tool (like birthday or avatar).
+ ** TODO: add a clear description/explanation.
+ */
+
+ $GLOBALS["profile_fields"] = array(
+ "address" => array("textfield", t("Address"), "", 64, 64, t("Your address: street and number.")),
+ "city" => array("textfield", t("City"), "", 64, 64, t("Your city.")),
+ "state" => array("textfield", t("State"), "", 4, 2, t("Your state as a two letter code.")),
+ "zip" => array("textfield", t("Zip"), "", 7, 5, t("Your ZIP code.")),
+ "birthday" => array("", t("Birthday"), ""),
+ "gender" => array("select", t("Gender"), "", array(0 => "-", "m" => t("male"), "f" => t("female")), "", 0, 0),
+ "job" => array("textfield", t("Job title"), "", 64, 64, t("Your job title or position.")),
+ "icq" => array("textfield", t("ICQ messenger ID"), "", 12, 12, ""),
+ "msn" => array("textfield", t("MSN messenger ID"), "", 64, 64, ""),
+ "yahoo" => array("textfield", t("Yahoo messenger ID"), "", 64, 64, ""),
+ "aim" => array("textfield", t("AIM messenger ID"), "", 64, 64, ""),
+ "homepage" => array("textfield", t("URL of homepage"), "", 64, 64, t("Make sure you enter a fully qualified URL: remember to include \"http://\".")),
+ "biography" => array("textarea", t("Biography"), "", 64, 4, ""),
+ "interests" => array("textarea", t("Interests"), "", 64, 4, t("What you like.")),
+ "publickey" => array("textarea", t("Public key"), "", 64, 4, ""),
+ "avatar" => array("", t("Avatar or picture"), t("Your virtual face or picture."))
+ );
+
+ $GLOBALS["profile_days"][0] = t("day");
+ for ($n=1; $n<=31; $n++) {
+ $GLOBALS["profile_days"][$n] = $n;
+ }
+
+ $GLOBALS["profile_months"] = array(0 => t("month"), 1 => t("January"), 2 => t("February"), 3 => t("March"), 4 => t("April"), 5 => t("May"), 6 => t("June"), 7 => t("July"), 8 => t("August"), 9 => t("September"), 10 => t("October"), 11 => t("November"), 12 => t("December"));
+}
+
+function profile_system($field){
+ $system["description"] = t("Support for configurable user profiles.");
+ return $system[$field];
+}
+
+function profile_conf_options() {
+ global $profile_fields;
+ if (!$profile_fields) {
+ _profile_init();
+ }
+
+ foreach ($profile_fields as $key => $field) {
+ $fields[$key] = $field[1];
+ }
+
+ $output .= form_select(t("Registration time fields"), "profile_register_fields", variable_get("profile_register_fields", array()), $fields, t("The fields users will be able to set at registration time. Any required fields (see below) must appear here too."), "size=\"6\"", 1);
+ $output .= form_select(t("Required fields"), "profile_required_fields", variable_get("profile_required_fields", array()), $fields, t("The fields users that are required to be set."), "size=\"6\"", 1);
+ $output .= form_select(t("Publicly accessible fields"), "profile_public_fields", variable_get("profile_public_fields", array()), $fields, t("The fields users will be able to set and that will be publicly visible."), "size=\"6\"", 1);
+ $output .= form_select(t("Private fields"), "profile_private_fields", variable_get("profile_private_fields", array()), $fields, t("The fields users will be able to set, but which are kept private."), "size=\"6\"", 1);
+
+ $output .= form_textfield(t("Avatar image path"), "profile_avatar_path", variable_get("profile_avatar_path", "misc/avatars/"), 30, 255, t("Path for avatar directory; it must be writeable and visible from the web."));
+ $output .= form_textfield(t("Avatar max size"), "profile_avatar_size", variable_get("profile_avatar_size", "85x85"), 10, 10, t("Maximum size for avatars."));
+ $output .= form_textfield(t("Avatar max filesize"), "profile_avatar_filesize", variable_get("profile_avatar_filesize", "30"), 10, 10, t("Maximum filesize for avatars, in kb."));
+
+ return $output;
+}
+
+function profile_user($type, $edit, &$user) {
+ global $profile_fields;
+ if (!$profile_fields) {
+ _profile_init();
+ }
+
+ switch ($type) {
+ case "register_form":
+ // first registration form (to add something to just email and nick)
+ return _profile_form($edit, "register");
+ case "register_validate":
+ // validate first registration form
+ return _profile_validate($edit, "required");
+ case "edit_form":
+ // when user tries to edit his own data
+ return _profile_form(object2array($user), "private");
+ case "edit_validate":
+ // validate user data editing
+ return _profile_validate($edit, "private");
+ case "view_public":
+ // when others look at user data
+ return _profile_user_view($user, "public");
+ case "view_private":
+ // when user looks at his own data
+ return _profile_user_view($user, "private");
+ }
+}
+
+function profile_required($title) {
+ // this pleads "theme_invoke, theme_invoke" ;)
+ return $title ." <span style=\"color: red;\">*</span>";
+}
+
+function _profile_form($edit, $mode) {
+ global $profile_fields, $user;
+
+ $reg_fields = _profile_active_fields($mode);
+ $required_fields = _profile_active_fields("required");
+
+ foreach ($profile_fields as $name => $field) {
+ if ($field[0] && in_array($name, $reg_fields)) {
+ $f = "form_".$field[0];
+ $t = "profile_".$name;
+ $output .= $f((in_array($name, $required_fields) ? profile_required($field[1]) : $field[1]), $t, $edit[$t], $field[3], $field[4], $field[5], $field[6]);
+ }
+ }
+
+ if (in_array("birthday", $reg_fields)) {
+ $output .= form_item((in_array("birthday", $required_fields) ? profile_required($profile_fields["birthday"][1]) : $profile_fields["birthday"][1]), _profile_edit_birth(array2object($edit)), $profile_fields["birthday"][2]);
+ }
+
+ if (in_array("avatar", $reg_fields)) {
+ if ($edit["profile_avatar"] && $edit["uid"]) {
+ $file = profile_avatar_path($edit["uid"], $edit["profile_avatar"]);
+ if ($file) {
+ $output .= "<img src=\"$file\"><br />";
+ }
+ }
+ $output .= form_file($profile_fields["avatar"][1], "profile_avatar", 64, $profile_fields["avatar"][2]);
+ }
+
+ return $output;
+}
+
+function _profile_validate($edit, $mode) {
+ global $profile_fields, $user, $HTTP_POST_VARS;
+
+ $req_fields = _profile_active_fields($mode);
+
+ if (in_array("birthday", $req_fields) && ($birth_error = _profile_validate_birth($edit))) {
+ $error .= $birth_error."<br />";
+ }
+
+ if (in_array("avatar", $req_fields) && ($avatar_error = _profile_validate_avatar($edit))) {
+ $error .= $avatar_error."<br />";
+ }
+
+ foreach (array_keys($profile_fields) as $field) {
+ // replicate any key which was saved during registration but is not in this form
+ if (!$edit[$field] && $user->$field) {
+ $edit[$field] = $user->$field;
+ }
+ }
+
+ // now check for required fields
+ foreach(_profile_active_fields("required") as $required) {
+ if (in_array($required, $req_fields)) {
+ if (!$edit["profile_".$required]) {
+ $error .= t("This required field is missing: %a", array("%a" => $profile_fields[$required][1]))."<br />";
+ }
+ }
+ }
+
+ if ($error) {
+ return $error;
+ }
+ else {
+ return $edit;
+ }
+}
+
+function _profile_user_view(&$user, $mode) {
+ global $profile_fields;
+
+ foreach (_profile_active_fields($mode) as $name) {
+ $field = $profile_fields[$name];
+ $t = "profile_".$name;
+ switch ($field[0]) {
+ case "textfield":
+ case "textarea":
+ case "checkbox":
+ if (isset($user->$t)) {
+ $output .= form_item($field[1], check_output($user->$t));
+ }
+ break;
+ case "select":
+ if (isset($user->$t)) {
+ $output .= form_item($field[1], check_output($profile_fields[$name][3][$user->$t]));
+ }
+ break;
+ case "":
+ // special
+ if ($t == "profile_avatar") {
+ if (isset($user->$t)) {
+ $file = profile_avatar_path($user->uid, $user->profile_avatar);
+ if (file_exists($file)) {
+ $output .= form_item(t("Avatar"), "<img src=\"$file\" />");
+ }
+ }
+ }
+
+ if ($t == "profile_birthday") {
+ if (isset($user->profile_birthday) && isset($user->profile_birthmonth) && isset($user->profile_birthyear)) {
+ // this is very european-centric, can we use format_date?
+ $output .= form_item(t("Birthday"), $user->profile_birthday."/".$user->profile_birthmonth."/".$user->profile_birthyear);
+ }
+ }
+ }
+ }
+ return $output;
+}
+
+function _profile_validate_avatar(&$edit) {
+ global $HTTP_POST_FILES, $user;
+ // check that uploaded file is an image, with a max file size and max height/width
+
+ unset($edit["profile_avatar"]);
+
+ if ($HTTP_POST_FILES["edit"]["name"]["profile_avatar"] == "") {
+ $edit["profile_avatar"] = $user->profile_avatar;
+ return "";
+ }
+
+ $image_file = $HTTP_POST_FILES["edit"]["tmp_name"]["profile_avatar"];
+ if (is_uploaded_file($image_file)) {
+ $extension = strtolower(strrchr($HTTP_POST_FILES["edit"]["name"]["profile_avatar"], "."));
+ $size = getimagesize($image_file);
+ list($maxwidth, $maxheight) = explode("x", variable_get("profile_avatar_size", "85x85"));
+ if ((!in_array($size[2], array(1,2,3))) || (!in_array($extension, array(".gif", ".jpg", ".png", ".jpeg")))) {
+ $error = t("uploaded file was not an image.");
+ } else if (filesize($image_file) > (variable_get("profile_avatar_filesize", "30")*1000)) {
+ $error = t("uploaded image is too large, max %a kb.", array("%a" => variable_get("profile_avatar_filesize", "30")));
+ } else if ($size[0] > $maxwidth || $size[1] > $maxheight) {
+ $error = t("uploaded image is too large, max %a.", array("%a" => variable_get("profile_avatar_size", "85x85")));
+ }
+ else if (!copy($image_file, variable_get("profile_avatar_path", "misc/avatars/").md5($user->uid).$extension)) {
+ $error = t("error in file upload");
+ }
+ else {
+ $edit["profile_avatar"] = $extension;
+ }
+ }
+
+ return $error ? $error."<br />" : "";
+}
+
+function profile_avatar_path($uid, $extension) {
+ return $extension ? variable_get("profile_avatar_path", "misc/avatars/").md5($uid).$extension : "";
+}
+
+function _profile_active_fields($mode) {
+ return variable_get("profile_".$mode."_fields", array());
+}
+
+function _profile_edit_birth($edit = "") {
+ global $profile_months, $profile_days;
+ $output .= _profile_select("profile_birthday", $edit->profile_birthday, $profile_days);
+ $output .= "&nbsp;";
+ $output .= _profile_select("profile_birthmonth", $edit->profile_birthmonth, $profile_months);
+ $output .= "&nbsp;";
+ $output .= "<input maxlength=\"4\" name=\"edit[profile_birthyear]\" size=\"5\" value=\"$edit->profile_birthyear\" />";
+ return $output;
+}
+
+function _profile_validate_birth(&$edit) {
+ if (!$edit["profile_birthday"] && !$edit["profile_birthmonth"] && !$edit["profile_birthyear"]) {
+ // change this if you want required birth
+ return;
+ }
+
+ if ($edit["profile_birthyear"] > 1900 && checkdate($edit["profile_birthmonth"], $edit["profile_birthday"], $edit["profile_birthyear"])) {
+ return;
+ }
+ else {
+ return t("The specified birthday is not valid.")."<br />";
+ }
+}
+
+function _profile_select($name, $value, $options, $extra = 0, $multiple = 0) {
+ if (count($options) > 0) {
+ foreach ($options as $key=>$choice) {
+ $select .= "<option value=\"$key\"". (is_array($value) ? (in_array($key, $value) ? " selected=\"selected\"" : "") : ($key == $value ? " selected=\"selected\"" : "")) .">". check_form($choice) ."</option>";
+ }
+ return "<select name=\"edit[$name]". ($multiple ? "[]" : "") ."\"". ($multiple ? " multiple " : "") . ($extra ? " $extra" : "") .">$select</select>";
+ }
+}
+
+?>
diff --git a/modules/user.module b/modules/user.module
index 46ea845b9..6108dd47d 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -47,7 +47,7 @@ function sess_gc($lifetime) {
/*** Common functions ******************************************************/
function user_external_load($authname) {
- $arr_uid = db_query("SELECT uid FROM authmap WHERE authname = '$authname'");
+ $arr_uid = db_query("SELECT uid FROM authmap WHERE authname = '%s'", $authname);
if (db_fetch_object($arr_uid)) {
$uid = db_result($arr_uid);
@@ -71,7 +71,7 @@ function user_load($array = array()) {
$query .= "u.$key = '". md5($value) ."' AND ";
}
else {
- $query .= "u.$key = '". addslashes($value) ."' AND ";
+ $query .= "u.$key = '". check_query($value) ."' AND ";
}
}
$result = db_query("SELECT u.*, r.name AS role FROM users u LEFT JOIN role r ON u.rid = r.rid WHERE $query u.status < 3 LIMIT 1");
@@ -135,7 +135,7 @@ function user_save($account, $array = array()) {
}
$fields[] = "data";
- $values[] = "'". serialize($data) ."'";
+ $values[] = "'". check_query(serialize($data)) ."'";
db_query("INSERT INTO users (". implode(", ", $fields) .") VALUES (". implode(", ", $values) .")");
@@ -187,13 +187,13 @@ function user_validate_mail($mail) {
** allowed.
*/
- if ($mail && !eregi("^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$")) {
+ if ($mail && !eregi("^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$", $mail)) {
return t("The e-mail address '$mail' is not valid.");
}
}
function user_validate_authmap($account, $authname, $module) {
- $result = db_query("SELECT COUNT(*) from authmap WHERE uid != '$account->uid' && authname = '$authname'");
+ $result = db_query("SELECT COUNT(*) from authmap WHERE uid != '$account->uid' && authname = '%s'", $authname);
if (db_result($result) > 0) {
$name = module_invoke($module, "info", "name");
return t("The %u ID %s is already taken.", array("%u" => ucfirst($name), "%s" => "<i>$authname</i>"));
@@ -260,9 +260,9 @@ function user_mail($mail, $subject, $message, $header) {
function user_deny($type, $mask) {
- $allow = db_fetch_object(db_query("SELECT * FROM access WHERE status = '1' AND type = '$type' AND LOWER('$mask') LIKE LOWER(mask)"));
+ $allow = db_fetch_object(db_query("SELECT * FROM access WHERE status = '1' AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask));
- $deny = db_fetch_object(db_query("SELECT * FROM access WHERE status = '0' AND type = '$type' AND LOWER('$mask') LIKE LOWER(mask)"));
+ $deny = db_fetch_object(db_query("SELECT * FROM access WHERE status = '0' AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask));
if ($deny && !$allow) {
return 1;
@@ -437,7 +437,7 @@ function user_get_authmaps($authname = NULL) {
** associtive array of modules and DA names. Called at external login.
*/
- $result = db_query("SELECT authname, module FROM authmap WHERE authname = '$authname'");
+ $result = db_query("SELECT authname, module FROM authmap WHERE authname = '%s'", $authname);
if (db_num_rows($result) > 0) {
while ($authmap = db_fetch_object($result)) {
$authmaps[$authmap->module] = $authmap->authname;
@@ -458,7 +458,7 @@ function user_set_authmaps($account, $authmaps) {
$result = db_query("INSERT INTO authmap (authname, uid, module) VALUES ('%s', '%s', '%s')", $value, $account->uid, $module[1]);
}
else {
- $result = db_query("UPDATE authmap SET authname = '$value' WHERE uid = '$account->uid' && module = '$module[1]'");
+ $result = db_query("UPDATE authmap SET authname = '%s' WHERE uid = '$account->uid' && module = '$module[1]'", $value);
}
}
else {
@@ -929,7 +929,6 @@ function user_edit($edit = array()) {
}
}
- $output .= form_textfield(t("Homepage"), "homepage", $edit["homepage"], 30, 55, t("Optional") .". ". t("Make sure you enter a fully qualified URL: remember to include \"http://\"."));
$options = "<option value=\"\"". (("" == $key) ? " selected=\"selected\"" : "") .">". t("Default theme") ."</option>\n";
foreach (theme_list() as $key => $value) {
$options .= "<option value=\"$key\"". (($edit["theme"] == $key) ? " selected=\"selected\"" : "") .">$key - $value->description</option>\n";
@@ -938,11 +937,10 @@ function user_edit($edit = array()) {
for ($zone = -43200; $zone <= 46800; $zone += 3600) $zones[$zone] = date("l, F dS, Y - h:i A", time() - date("Z") + $zone) ." (GMT ". $zone / 3600 .")";
$output .= form_select(t("Timezone"), "timezone", $edit["timezone"], $zones, t("Select what time you currently have and your timezone settings will be set appropriate."));
$output .= form_select(t("Language"), "language", $edit["language"], $languages, t("Selecting a different language will change the language of the site."));
- $output .= form_textarea(t("Signature"), "signature", $edit["signature"], 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$output .= form_item(t("Password"), "<input type=\"password\" name=\"edit[pass1]\" size=\"12\" maxlength=\"24\" /> <input type=\"password\" name=\"edit[pass2]\" size=\"12\" maxlength=\"24\" />", t("Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password."));
$output .= form_submit(t("Save user information"));
- $output = form($output);
+ $output = form($output, "post", 0, "enctype=\"multipart/form-data\"");
}
else {
$output = user_login();
@@ -976,9 +974,6 @@ function user_view($uid = 0) {
}
}
- $output .= form_item(t("Homepage"), "<a href=\"$user->homepage\">$user->homepage</a>");
- $output .= form_item(t("Signature"), check_output($user->signature, 1));
-
$theme->header();
$theme->box(t("User account"), user_menu());
$theme->box(t("View user information"), $output);
@@ -986,7 +981,6 @@ function user_view($uid = 0) {
}
else if ($uid && $account = user_load(array("uid" => $uid, "status" => 1))) {
$output .= form_item(t("Name"), check_output($account->name));
- $output .= form_item(t("Homepage"), "<a href=\"$account->homepage\">$account->homepage</a>");
foreach (module_list() as $module) {
if (module_hook($module, "user")) {
@@ -1180,7 +1174,7 @@ function user_admin_access($edit = array()) {
}
}
else if ($id) {
- db_query("DELETE FROM access WHERE aid = '$id'");
+ db_query("DELETE FROM access WHERE aid = '%s'", $id);
}
$output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">";
@@ -1239,10 +1233,10 @@ function user_admin_perm($edit = array()) {
while ($role = db_fetch_object($result)) {
// delete, so if we clear every checkbox we reset that role;
// otherwise permissions are active and denied everywhere
- db_query("DELETE FROM permission WHERE rid = '%s' AND tid = '$tid'", $role->rid);
+ db_query("DELETE FROM permission WHERE rid = '%s' AND tid = '%s'", $role->rid, $tid);
$perm = $edit[$role->rid] ? implode(", ", array_keys($edit[$role->rid])) : "";
if ($perm) {
- db_query("INSERT INTO permission (rid, perm, tid) VALUES ('%s', '$perm', '$tid')", $role->rid);
+ db_query("INSERT INTO permission (rid, perm, tid) VALUES ('%s', '%s', %s'')", $role->rid, $perm, $tid);
}
}
@@ -1426,7 +1420,6 @@ function user_admin_edit($edit = array()) {
}
}
- $output .= form_textfield(t("Homepage"), "homepage", $account->homepage, 30, 55, t("Optional") .". ". t("Make sure you enter a fully qualified URL: remember to include \"http://\"."));
foreach (theme_list() as $key => $value) {
$options .= "$value[type]<option value=\"$key\"". (($account->theme == $key) ? " selected=\"selected\"" : "") .">$key - $value->description</option>\n";
}
@@ -1434,7 +1427,6 @@ function user_admin_edit($edit = array()) {
for ($zone = -43200; $zone <= 46800; $zone += 3600) $zones[$zone] = date("l, F dS, Y - h:i A", time() - date("Z") + $zone) ." (GMT ". $zone / 3600 .")";
$output .= form_select(t("Timezone"), "timezone", $account->timezone, $zones, t("Select what time you currently have and your timezone settings will be set appropriate."));
$output .= form_select(t("Language"), "language", $account->language, $languages, t("Selecting a different language will change the language of the site."));
- $output .= form_textarea(t("Signature"), "signature", $account->signature, 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$output .= form_item(t("Password"), "<input type=\"password\" name=\"edit[pass1]\" size=\"12\" maxlength=\"24\" /> <input type=\"password\" name=\"edit[pass2]\" size=\"12\" maxlength=\"24\" />", t("Enter a new password twice if you want to change the current password for this user or leave it blank if you are happy with the current password."));
$output .= form_select("Status", "status", $account->status, array("blocked", "active"));
$output .= form_select("Role", "rid", $account->rid, user_roles(1));
diff --git a/modules/user/user.module b/modules/user/user.module
index 46ea845b9..6108dd47d 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -47,7 +47,7 @@ function sess_gc($lifetime) {
/*** Common functions ******************************************************/
function user_external_load($authname) {
- $arr_uid = db_query("SELECT uid FROM authmap WHERE authname = '$authname'");
+ $arr_uid = db_query("SELECT uid FROM authmap WHERE authname = '%s'", $authname);
if (db_fetch_object($arr_uid)) {
$uid = db_result($arr_uid);
@@ -71,7 +71,7 @@ function user_load($array = array()) {
$query .= "u.$key = '". md5($value) ."' AND ";
}
else {
- $query .= "u.$key = '". addslashes($value) ."' AND ";
+ $query .= "u.$key = '". check_query($value) ."' AND ";
}
}
$result = db_query("SELECT u.*, r.name AS role FROM users u LEFT JOIN role r ON u.rid = r.rid WHERE $query u.status < 3 LIMIT 1");
@@ -135,7 +135,7 @@ function user_save($account, $array = array()) {
}
$fields[] = "data";
- $values[] = "'". serialize($data) ."'";
+ $values[] = "'". check_query(serialize($data)) ."'";
db_query("INSERT INTO users (". implode(", ", $fields) .") VALUES (". implode(", ", $values) .")");
@@ -187,13 +187,13 @@ function user_validate_mail($mail) {
** allowed.
*/
- if ($mail && !eregi("^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$")) {
+ if ($mail && !eregi("^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$", $mail)) {
return t("The e-mail address '$mail' is not valid.");
}
}
function user_validate_authmap($account, $authname, $module) {
- $result = db_query("SELECT COUNT(*) from authmap WHERE uid != '$account->uid' && authname = '$authname'");
+ $result = db_query("SELECT COUNT(*) from authmap WHERE uid != '$account->uid' && authname = '%s'", $authname);
if (db_result($result) > 0) {
$name = module_invoke($module, "info", "name");
return t("The %u ID %s is already taken.", array("%u" => ucfirst($name), "%s" => "<i>$authname</i>"));
@@ -260,9 +260,9 @@ function user_mail($mail, $subject, $message, $header) {
function user_deny($type, $mask) {
- $allow = db_fetch_object(db_query("SELECT * FROM access WHERE status = '1' AND type = '$type' AND LOWER('$mask') LIKE LOWER(mask)"));
+ $allow = db_fetch_object(db_query("SELECT * FROM access WHERE status = '1' AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask));
- $deny = db_fetch_object(db_query("SELECT * FROM access WHERE status = '0' AND type = '$type' AND LOWER('$mask') LIKE LOWER(mask)"));
+ $deny = db_fetch_object(db_query("SELECT * FROM access WHERE status = '0' AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask));
if ($deny && !$allow) {
return 1;
@@ -437,7 +437,7 @@ function user_get_authmaps($authname = NULL) {
** associtive array of modules and DA names. Called at external login.
*/
- $result = db_query("SELECT authname, module FROM authmap WHERE authname = '$authname'");
+ $result = db_query("SELECT authname, module FROM authmap WHERE authname = '%s'", $authname);
if (db_num_rows($result) > 0) {
while ($authmap = db_fetch_object($result)) {
$authmaps[$authmap->module] = $authmap->authname;
@@ -458,7 +458,7 @@ function user_set_authmaps($account, $authmaps) {
$result = db_query("INSERT INTO authmap (authname, uid, module) VALUES ('%s', '%s', '%s')", $value, $account->uid, $module[1]);
}
else {
- $result = db_query("UPDATE authmap SET authname = '$value' WHERE uid = '$account->uid' && module = '$module[1]'");
+ $result = db_query("UPDATE authmap SET authname = '%s' WHERE uid = '$account->uid' && module = '$module[1]'", $value);
}
}
else {
@@ -929,7 +929,6 @@ function user_edit($edit = array()) {
}
}
- $output .= form_textfield(t("Homepage"), "homepage", $edit["homepage"], 30, 55, t("Optional") .". ". t("Make sure you enter a fully qualified URL: remember to include \"http://\"."));
$options = "<option value=\"\"". (("" == $key) ? " selected=\"selected\"" : "") .">". t("Default theme") ."</option>\n";
foreach (theme_list() as $key => $value) {
$options .= "<option value=\"$key\"". (($edit["theme"] == $key) ? " selected=\"selected\"" : "") .">$key - $value->description</option>\n";
@@ -938,11 +937,10 @@ function user_edit($edit = array()) {
for ($zone = -43200; $zone <= 46800; $zone += 3600) $zones[$zone] = date("l, F dS, Y - h:i A", time() - date("Z") + $zone) ." (GMT ". $zone / 3600 .")";
$output .= form_select(t("Timezone"), "timezone", $edit["timezone"], $zones, t("Select what time you currently have and your timezone settings will be set appropriate."));
$output .= form_select(t("Language"), "language", $edit["language"], $languages, t("Selecting a different language will change the language of the site."));
- $output .= form_textarea(t("Signature"), "signature", $edit["signature"], 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$output .= form_item(t("Password"), "<input type=\"password\" name=\"edit[pass1]\" size=\"12\" maxlength=\"24\" /> <input type=\"password\" name=\"edit[pass2]\" size=\"12\" maxlength=\"24\" />", t("Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password."));
$output .= form_submit(t("Save user information"));
- $output = form($output);
+ $output = form($output, "post", 0, "enctype=\"multipart/form-data\"");
}
else {
$output = user_login();
@@ -976,9 +974,6 @@ function user_view($uid = 0) {
}
}
- $output .= form_item(t("Homepage"), "<a href=\"$user->homepage\">$user->homepage</a>");
- $output .= form_item(t("Signature"), check_output($user->signature, 1));
-
$theme->header();
$theme->box(t("User account"), user_menu());
$theme->box(t("View user information"), $output);
@@ -986,7 +981,6 @@ function user_view($uid = 0) {
}
else if ($uid && $account = user_load(array("uid" => $uid, "status" => 1))) {
$output .= form_item(t("Name"), check_output($account->name));
- $output .= form_item(t("Homepage"), "<a href=\"$account->homepage\">$account->homepage</a>");
foreach (module_list() as $module) {
if (module_hook($module, "user")) {
@@ -1180,7 +1174,7 @@ function user_admin_access($edit = array()) {
}
}
else if ($id) {
- db_query("DELETE FROM access WHERE aid = '$id'");
+ db_query("DELETE FROM access WHERE aid = '%s'", $id);
}
$output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">";
@@ -1239,10 +1233,10 @@ function user_admin_perm($edit = array()) {
while ($role = db_fetch_object($result)) {
// delete, so if we clear every checkbox we reset that role;
// otherwise permissions are active and denied everywhere
- db_query("DELETE FROM permission WHERE rid = '%s' AND tid = '$tid'", $role->rid);
+ db_query("DELETE FROM permission WHERE rid = '%s' AND tid = '%s'", $role->rid, $tid);
$perm = $edit[$role->rid] ? implode(", ", array_keys($edit[$role->rid])) : "";
if ($perm) {
- db_query("INSERT INTO permission (rid, perm, tid) VALUES ('%s', '$perm', '$tid')", $role->rid);
+ db_query("INSERT INTO permission (rid, perm, tid) VALUES ('%s', '%s', %s'')", $role->rid, $perm, $tid);
}
}
@@ -1426,7 +1420,6 @@ function user_admin_edit($edit = array()) {
}
}
- $output .= form_textfield(t("Homepage"), "homepage", $account->homepage, 30, 55, t("Optional") .". ". t("Make sure you enter a fully qualified URL: remember to include \"http://\"."));
foreach (theme_list() as $key => $value) {
$options .= "$value[type]<option value=\"$key\"". (($account->theme == $key) ? " selected=\"selected\"" : "") .">$key - $value->description</option>\n";
}
@@ -1434,7 +1427,6 @@ function user_admin_edit($edit = array()) {
for ($zone = -43200; $zone <= 46800; $zone += 3600) $zones[$zone] = date("l, F dS, Y - h:i A", time() - date("Z") + $zone) ." (GMT ". $zone / 3600 .")";
$output .= form_select(t("Timezone"), "timezone", $account->timezone, $zones, t("Select what time you currently have and your timezone settings will be set appropriate."));
$output .= form_select(t("Language"), "language", $account->language, $languages, t("Selecting a different language will change the language of the site."));
- $output .= form_textarea(t("Signature"), "signature", $account->signature, 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
$output .= form_item(t("Password"), "<input type=\"password\" name=\"edit[pass1]\" size=\"12\" maxlength=\"24\" /> <input type=\"password\" name=\"edit[pass2]\" size=\"12\" maxlength=\"24\" />", t("Enter a new password twice if you want to change the current password for this user or leave it blank if you are happy with the current password."));
$output .= form_select("Status", "status", $account->status, array("blocked", "active"));
$output .= form_select("Role", "rid", $account->rid, user_roles(1));
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 07:42:58 +0000