diff options
| author | Dries Buytaert <dries@buytaert.net> | 2002-08-08 18:52:55 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2002-08-08 18:52:55 +0000 |
| commit | f5173ef23304b6c243eaf69fd193f60e8d2f3a46 (patch) | |
| tree | 57cc28017815f8bcf2ae9282d303d8960114ef67 /modules/user.module | |
| parent | b8c815d24593b32a6731f51a10476753f25af474 (diff) | |
| download | brdo-f5173ef23304b6c243eaf69fd193f60e8d2f3a46.tar.gz brdo-f5173ef23304b6c243eaf69fd193f60e8d2f3a46.tar.bz2 | |
- Applied user.module patch from Marco's sandbox.
- Added profile.module written by Marco.
Diffstat (limited to 'modules/user.module')
| -rw-r--r-- | modules/user.module | 34 |
1 files changed, 13 insertions, 21 deletions
diff --git a/modules/user.module b/modules/user.module index 46ea845b9..6108dd47d 100644 --- a/modules/user.module +++ b/modules/user.module @@ -47,7 +47,7 @@ function sess_gc($lifetime) { /*** Common functions ******************************************************/ function user_external_load($authname) { - $arr_uid = db_query("SELECT uid FROM authmap WHERE authname = '$authname'"); + $arr_uid = db_query("SELECT uid FROM authmap WHERE authname = '%s'", $authname); if (db_fetch_object($arr_uid)) { $uid = db_result($arr_uid); @@ -71,7 +71,7 @@ function user_load($array = array()) { $query .= "u.$key = '". md5($value) ."' AND "; } else { - $query .= "u.$key = '". addslashes($value) ."' AND "; + $query .= "u.$key = '". check_query($value) ."' AND "; } } $result = db_query("SELECT u.*, r.name AS role FROM users u LEFT JOIN role r ON u.rid = r.rid WHERE $query u.status < 3 LIMIT 1"); @@ -135,7 +135,7 @@ function user_save($account, $array = array()) { } $fields[] = "data"; - $values[] = "'". serialize($data) ."'"; + $values[] = "'". check_query(serialize($data)) ."'"; db_query("INSERT INTO users (". implode(", ", $fields) .") VALUES (". implode(", ", $values) .")"); @@ -187,13 +187,13 @@ function user_validate_mail($mail) { ** allowed. */ - if ($mail && !eregi("^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$")) { + if ($mail && !eregi("^[a-z0-9]+([_.-][a-z0-9]+)*@([a-z0-9]+([.-][a-z0-9]+)*)+\\.[a-z]{2,4}$", $mail)) { return t("The e-mail address '$mail' is not valid."); } } function user_validate_authmap($account, $authname, $module) { - $result = db_query("SELECT COUNT(*) from authmap WHERE uid != '$account->uid' && authname = '$authname'"); + $result = db_query("SELECT COUNT(*) from authmap WHERE uid != '$account->uid' && authname = '%s'", $authname); if (db_result($result) > 0) { $name = module_invoke($module, "info", "name"); return t("The %u ID %s is already taken.", array("%u" => ucfirst($name), "%s" => "<i>$authname</i>")); @@ -260,9 +260,9 @@ function user_mail($mail, $subject, $message, $header) { function user_deny($type, $mask) { - $allow = db_fetch_object(db_query("SELECT * FROM access WHERE status = '1' AND type = '$type' AND LOWER('$mask') LIKE LOWER(mask)")); + $allow = db_fetch_object(db_query("SELECT * FROM access WHERE status = '1' AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask)); - $deny = db_fetch_object(db_query("SELECT * FROM access WHERE status = '0' AND type = '$type' AND LOWER('$mask') LIKE LOWER(mask)")); + $deny = db_fetch_object(db_query("SELECT * FROM access WHERE status = '0' AND type = '%s' AND LOWER('%s') LIKE LOWER(mask)", $type, $mask)); if ($deny && !$allow) { return 1; @@ -437,7 +437,7 @@ function user_get_authmaps($authname = NULL) { ** associtive array of modules and DA names. Called at external login. */ - $result = db_query("SELECT authname, module FROM authmap WHERE authname = '$authname'"); + $result = db_query("SELECT authname, module FROM authmap WHERE authname = '%s'", $authname); if (db_num_rows($result) > 0) { while ($authmap = db_fetch_object($result)) { $authmaps[$authmap->module] = $authmap->authname; @@ -458,7 +458,7 @@ function user_set_authmaps($account, $authmaps) { $result = db_query("INSERT INTO authmap (authname, uid, module) VALUES ('%s', '%s', '%s')", $value, $account->uid, $module[1]); } else { - $result = db_query("UPDATE authmap SET authname = '$value' WHERE uid = '$account->uid' && module = '$module[1]'"); + $result = db_query("UPDATE authmap SET authname = '%s' WHERE uid = '$account->uid' && module = '$module[1]'", $value); } } else { @@ -929,7 +929,6 @@ function user_edit($edit = array()) { } } - $output .= form_textfield(t("Homepage"), "homepage", $edit["homepage"], 30, 55, t("Optional") .". ". t("Make sure you enter a fully qualified URL: remember to include \"http://\".")); $options = "<option value=\"\"". (("" == $key) ? " selected=\"selected\"" : "") .">". t("Default theme") ."</option>\n"; foreach (theme_list() as $key => $value) { $options .= "<option value=\"$key\"". (($edit["theme"] == $key) ? " selected=\"selected\"" : "") .">$key - $value->description</option>\n"; @@ -938,11 +937,10 @@ function user_edit($edit = array()) { for ($zone = -43200; $zone <= 46800; $zone += 3600) $zones[$zone] = date("l, F dS, Y - h:i A", time() - date("Z") + $zone) ." (GMT ". $zone / 3600 .")"; $output .= form_select(t("Timezone"), "timezone", $edit["timezone"], $zones, t("Select what time you currently have and your timezone settings will be set appropriate.")); $output .= form_select(t("Language"), "language", $edit["language"], $languages, t("Selecting a different language will change the language of the site.")); - $output .= form_textarea(t("Signature"), "signature", $edit["signature"], 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))); $output .= form_item(t("Password"), "<input type=\"password\" name=\"edit[pass1]\" size=\"12\" maxlength=\"24\" /> <input type=\"password\" name=\"edit[pass2]\" size=\"12\" maxlength=\"24\" />", t("Enter your new password twice if you want to change your current password or leave it blank if you are happy with your current password.")); $output .= form_submit(t("Save user information")); - $output = form($output); + $output = form($output, "post", 0, "enctype=\"multipart/form-data\""); } else { $output = user_login(); @@ -976,9 +974,6 @@ function user_view($uid = 0) { } } - $output .= form_item(t("Homepage"), "<a href=\"$user->homepage\">$user->homepage</a>"); - $output .= form_item(t("Signature"), check_output($user->signature, 1)); - $theme->header(); $theme->box(t("User account"), user_menu()); $theme->box(t("View user information"), $output); @@ -986,7 +981,6 @@ function user_view($uid = 0) { } else if ($uid && $account = user_load(array("uid" => $uid, "status" => 1))) { $output .= form_item(t("Name"), check_output($account->name)); - $output .= form_item(t("Homepage"), "<a href=\"$account->homepage\">$account->homepage</a>"); foreach (module_list() as $module) { if (module_hook($module, "user")) { @@ -1180,7 +1174,7 @@ function user_admin_access($edit = array()) { } } else if ($id) { - db_query("DELETE FROM access WHERE aid = '$id'"); + db_query("DELETE FROM access WHERE aid = '%s'", $id); } $output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">"; @@ -1239,10 +1233,10 @@ function user_admin_perm($edit = array()) { while ($role = db_fetch_object($result)) { // delete, so if we clear every checkbox we reset that role; // otherwise permissions are active and denied everywhere - db_query("DELETE FROM permission WHERE rid = '%s' AND tid = '$tid'", $role->rid); + db_query("DELETE FROM permission WHERE rid = '%s' AND tid = '%s'", $role->rid, $tid); $perm = $edit[$role->rid] ? implode(", ", array_keys($edit[$role->rid])) : ""; if ($perm) { - db_query("INSERT INTO permission (rid, perm, tid) VALUES ('%s', '$perm', '$tid')", $role->rid); + db_query("INSERT INTO permission (rid, perm, tid) VALUES ('%s', '%s', %s'')", $role->rid, $perm, $tid); } } @@ -1426,7 +1420,6 @@ function user_admin_edit($edit = array()) { } } - $output .= form_textfield(t("Homepage"), "homepage", $account->homepage, 30, 55, t("Optional") .". ". t("Make sure you enter a fully qualified URL: remember to include \"http://\".")); foreach (theme_list() as $key => $value) { $options .= "$value[type]<option value=\"$key\"". (($account->theme == $key) ? " selected=\"selected\"" : "") .">$key - $value->description</option>\n"; } @@ -1434,7 +1427,6 @@ function user_admin_edit($edit = array()) { for ($zone = -43200; $zone <= 46800; $zone += 3600) $zones[$zone] = date("l, F dS, Y - h:i A", time() - date("Z") + $zone) ." (GMT ". $zone / 3600 .")"; $output .= form_select(t("Timezone"), "timezone", $account->timezone, $zones, t("Select what time you currently have and your timezone settings will be set appropriate.")); $output .= form_select(t("Language"), "language", $account->language, $languages, t("Selecting a different language will change the language of the site.")); - $output .= form_textarea(t("Signature"), "signature", $account->signature, 70, 3, t("Your signature will be publicly displayed at the end of your comments.") ."<br />". t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", ""))); $output .= form_item(t("Password"), "<input type=\"password\" name=\"edit[pass1]\" size=\"12\" maxlength=\"24\" /> <input type=\"password\" name=\"edit[pass2]\" size=\"12\" maxlength=\"24\" />", t("Enter a new password twice if you want to change the current password for this user or leave it blank if you are happy with the current password.")); $output .= form_select("Status", "status", $account->status, array("blocked", "active")); $output .= form_select("Role", "rid", $account->rid, user_roles(1)); |