diff options
| author | Dries Buytaert <dries@buytaert.net> | 2002-10-13 12:00:50 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2002-10-13 12:00:50 +0000 |
| commit | fcae7030cce39357d197d668629399eeb557f5a2 (patch) | |
| tree | 8bb84cfd65abefc81b1bda186a1de669c899ff3c /modules/user/user.module | |
| parent | 30315c40c089ff0cab1abd4916e5d992e48185ae (diff) | |
| download | brdo-fcae7030cce39357d197d668629399eeb557f5a2.tar.gz brdo-fcae7030cce39357d197d668629399eeb557f5a2.tar.bz2 | |
- Committed Jeremy's incarnation of the statistics module. Last minutes
changes include:
* a couple of coding style changes, renamed some "stats" into
"statistics", etc.
* removed the "Who's online" block from the user module.
* added db_affected_rows() to the resp. database abstraction
layers and made the statistics module use db_affected_rows()
instead.
* added update logic to "update.php".
Diffstat (limited to 'modules/user/user.module')
| -rw-r--r-- | modules/user/user.module | 52 |
1 files changed, 14 insertions, 38 deletions
diff --git a/modules/user/user.module b/modules/user/user.module index 1a32043e1..8489958f8 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -89,6 +89,20 @@ function user_load($array = array()) { } function user_save($account, $array = array()) { + + /* + ** Validate input fields to make sure users don't submit + ** invalid form data. + */ + + if (!user_access("administer users")) { + if (array_intersect(array_keys($array), array("rid", "init", "rating", "session"))) { + watchdog("warning", "detected malicious attempt to alter a protected user field"); + } + + unset($array["rid"], $array["init"], $array["rating"], $array["session"]); + } + /* ** Dynamically compose a SQL query: */ @@ -344,32 +358,9 @@ function user_block() { $block[1]["info"] = t("Log in"); $block[1]["link"] = drupal_url(array("mod" => "user"), "module"); - $result = db_query("SELECT uid, name FROM users WHERE timestamp > %d - %d ORDER BY timestamp DESC", time(), 30 * 60); - - if (db_num_rows($result)) { - $output = ""; - while ($account = db_fetch_object($result)) { - $output .= lm((strlen($account->name) > 15 ? substr($account->name, 0, 15) . '...' : $account->name), array("mod" => "user", "op" => "view", "id" => $account->uid)) ."<br />"; - } - $block[2]["content"] = $output; - } - $block[2]["subject"] = t("Who's online"); - $block[2]["info"] = t("Who's online"); - $block[3]["subject"] = t("Who's new"); - $block[3]["info"] = t("Who's new"); - $block[3]["content"] = user_new_users(); - return $block; } -function user_new_users() { - $result = db_query("SELECT uid, name FROM users WHERE status != '0' ORDER BY uid DESC LIMIT 5"); - while ($account = db_fetch_object($result)) { - $output .= lm((strlen($account->name) > 15 ? substr($account->name, 0, 15) . '...' : $account->name), array("mod" =>user, "op" => "view", "id" => $account->uid)) ."<br />"; - } - return $output; -} - function user_link($type) { if ($type == "page") { $links[] = lm(t("user account"), array("mod" => "user"), "", array("title" => t("Create a user account, request a new password or edit your account settings."))); @@ -899,21 +890,6 @@ function user_edit($edit = array()) { } unset($edit["pass1"], $edit["pass2"]); - /* - ** Validate input fields to make sure users don't submit - ** invalid form data. - */ - - if (!user_access("administer users")) { - if (array_intersect(array_keys($edit), array("rid", "init", "rating", "session"))) { - watchdog("warning", "detected malicious attempt to alter a protected database field"); - } - - $edit["rid"] = $user->rid; - $edit["init"] = $user->init; - $edit["rating"] = $user->rating; - $edit["session"] = $user->session; - } if (!$error) { /* |