diff options
Diffstat (limited to 'modules/user.module')
| -rw-r--r-- | modules/user.module | 168 |
1 files changed, 84 insertions, 84 deletions
diff --git a/modules/user.module b/modules/user.module index f8e38a655..1169898c8 100644 --- a/modules/user.module +++ b/modules/user.module @@ -24,7 +24,7 @@ function sess_read($key) { function sess_write($key, $value) { global $HTTP_SERVER_VARS; - db_query("UPDATE users SET hostname = '". check_input($HTTP_SERVER_VARS["REMOTE_ADDR"]) ."', session = '". check_query($value) ."', timestamp = '". time() ."' WHERE sid = '$key'"); + db_query("UPDATE users SET hostname = '%s', session = '%s', timestamp = '%s' WHERE sid = '$key'", $HTTP_SERVER_VARS["REMOTE_ADDR"], $value, time()); return ''; } @@ -32,7 +32,7 @@ function sess_write($key, $value) { function sess_destroy($key) { global $HTTP_SERVER_VARS; - db_query("UPDATE users SET hostname = '". check_input($HTTP_SERVER_VARS["REMOTE_ADDR"]) ."', timestamp = '". time() ."', sid = '' WHERE sid = '$key'"); + db_query("UPDATE users SET hostname = '%s', timestamp = '%s', sid = '' WHERE sid = '$key'", $HTTP_SERVER_VARS["REMOTE_ADDR"], time()); } function sess_gc($lifetime) { @@ -107,7 +107,7 @@ function user_save($account, $array = array()) { } $query .= "data = '". check_query(serialize($data)) ."', "; - db_query("UPDATE users SET $query timestamp = '". time() ."' WHERE uid = '$account->uid'"); + db_query("UPDATE users SET $query timestamp = '%s' WHERE uid = '$account->uid'", time()); $user = user_load(array("uid" => $account->uid)); } @@ -192,7 +192,7 @@ function user_validate_authmap($account, $authname, $module) { $result = db_query("SELECT COUNT(*) from authmap WHERE uid != '$account->uid' && authname = '$authname'"); if (db_result($result) > 0) { $name = module_invoke($module, "info", "name"); - return strtr(t("The %u ID %s is already taken."), array("%u" => ucfirst($name), "%s" => "<i>$authname</i>")); + return t("The %u ID %s is already taken.", array("%u" => ucfirst($name), "%s" => "<i>$authname</i>")); } } @@ -447,7 +447,7 @@ function user_search($keys) { global $PHP_SELF; $result = db_query("SELECT * FROM users WHERE name LIKE '%$keys%' LIMIT 20"); while ($account = db_fetch_object($result)) { - $find[$i++] = array("title" => $account->name, "link" => (strstr($PHP_SELF, "admin.php") ? "admin.php?mod=user&op=edit&id=$account->uid" : "module.php?mod=user&op=view&id=$account->uid"), "user" => $account->name); + $find[$i++] = array("title" => $account->name, "link" => (strstr($PHP_SELF, "admin.php") ? drupal_url(array("mod" => "user", "op" => "edit", "id" => $account->uid), "admin") : drupal_url(array("mod" => "user", "op" => "view", "id" => $account->uid), "module")), "user" => $account->name); } return $find; } @@ -471,26 +471,26 @@ function user_block() { $block[1]["subject"] = t("Log in"); $output .= "<div align=\"center\">\n"; - $output .= "<form action=\"module.php?mod=user&op=login\" method=\"post\">\n"; + $output .= "<form action=\"".drupal_url(array("mod" => "user", "op" => "login"), "module")."\" method=\"post\">\n"; $output .= "<b>". t("Username") .":</b><br /><input name=\"edit[name]\" size=\"15\" /><br />\n"; $output .= "<b>". t("Password") .":</b><br /><input name=\"edit[pass]\" size=\"15\" type=\"password\" /><br />\n"; $output .= "<input name=\"edit[remember_me]\" type=\"checkbox\" />". t("Remember me") ."<br />\n"; $output .= "<input type=\"submit\" value=\"". t("Log in") ."\" /><br />\n"; $output .= "</div>\n"; if (variable_get("account_register", 1)) { - $output .= "» <a href=\"module.php?mod=user&op=register\" title=\"". t("Create a new user account.") ."\">". t("Register") ."</a>\n"; + $output .= "» ".lm(t("Register"), array("mod" => "user", "op" => "register"), t("Create a new user account."))."\n"; } - $output .= "<br \>» <a href=\"module.php?mod=user&op=password\" title=\"". t("Request new password via e-mail") . "\">" . t("New password") . "</a><br />"; + $output .= "<br \>» ".lm(t("New password"), array("mod" => "user", "op" => "password"), t("Request new password via e-mail"))."</a><br />"; $output .= "</form>\n"; $block[1]["content"] = $output; } $block[0]["info"] = t("User information"); - $block[0]["link"] = "module.php?mod=user"; + $block[0]["link"] = drupal_url(array("mod" => "user"), "module"); $block[1]["info"] = t("Log in"); - $block[1]["link"] = "module.php?mod=user"; + $block[1]["link"] = drupal_url(array("mod" => "user"), "module"); // Who's online block $time = 60 * 60; // minutes * seconds @@ -501,7 +501,7 @@ function user_block() { if (db_num_rows($result)) { $output = "<ol>"; while ($account = db_fetch_object($result)) { - $output .= '<li><a href="module.php?mod=user&op=view&id='. $account->uid .'">'. (strlen($account->name) > 10 ? substr($account->name, 0, 10) . '...' : $account->name) .'</a></li>'; + $output .= '<li>'.lm((strlen($account->name) > 10 ? substr($account->name, 0, 10) . '...' : $account->name), array("mod" => "user", "op" => "view", "id" => $account->uid)).'</li>'; } $output .= "</ol>"; $block[2]["content"] = $output; @@ -514,23 +514,23 @@ function user_block() { function user_link($type) { if ($type == "page") { - $links[] = "<a href=\"module.php?mod=user\" title=\"". t("Create a user account, request a new password or edit your account settings.") ."\">". t("user account") ."</a>"; + $links[] = lm(t("user account"), array("mod" => "user"), t("Create a user account, request a new password or edit your account settings.")); } if ($type == "menu.settings") { - $links[] = "<a href=\"module.php?mod=user&op=edit\" title=\"". t("View and edit your account information.") ."\">". t("edit account") ."</a>"; + $links[] = lm(t("edit account"), array("mod" => "user", "op" => "edit"), t("View and edit your account information.")); } if ($type == "menu.misc") { if (user_access("access administration pages")) { - $links[] = "<a href=\"admin.php\">". strtr(t("administer %a"), array("%a" => variable_get("site_name", "drupal"))) ."</a>"; + $links[] = la(t("administer %a", array("%a" => variable_get("site_name", "drupal")))); } - $links[] = "<a href=\"module.php?mod=user&op=logout\" title=\"". t("Logout.") ."\">". t("logout") ."</a>"; + $links[] = lm(t("logout"), array("mod" => "user", "op" => "logout"), t("Logout.")); } if ($type == "admin" && user_access("administer users")) { - $links[] = "<a href=\"admin.php?mod=user\">user management</a>"; + $links[] = la(t("user management"), array("mod" => "user")); } return $links ? $links : array(); @@ -594,7 +594,7 @@ function user_set_authmaps($account, $authmaps) { if ($value) { $result = db_query("SELECT COUNT(*) from authmap WHERE uid = '$account->uid' && module = '$module[1]'"); if (db_result($result) == 0) { - $result = db_query("INSERT INTO authmap (authname, uid, module) VALUES ('" . check_query($value) . "', '" . check_query($account->uid) . "', '" . check_query($module[1]) . "')"); + $result = db_query("INSERT INTO authmap (authname, uid, module) VALUES ('%s', '%s', '%s')", $value, $account->uid, $module[1]); } else { $result = db_query("UPDATE authmap SET authname = '$value' WHERE uid = '$account->uid' && module = '$module[1]'"); @@ -634,7 +634,7 @@ function user_help_da() { on logging into %s in the same manner, and he will always be logged into the same account.</p>"; - $output = strtr(t($output), array("%s" => $site)); + $output = t($output, array("%s" => $site)); foreach (module_list() as $module) { if (module_hook($module, "auth")) { @@ -649,7 +649,7 @@ function user_help_da() { function user_auth_help_links() { foreach (module_list() as $module) { if (module_hook($module, "auth_help")) { - $links[] = "<a href=\"module.php?mod=user&op=help#$module\">". module_invoke($module, "info", "name") ."</a>"; + $links[] = lm(module_invoke($module, "info", "name"), array("mod" => "user", "op" => "help#$module")); } } return $links; @@ -665,11 +665,11 @@ function user_login($edit = array()) { */ if ($user->uid) { - drupal_goto("module.php?mod=user"); + drupal_goto(drupal_url(array("mod" => "user"), "module")); } if (user_deny("user", $edit["name"])) { - $error = strtr(t("The name '%s' has been denied access."), array("%s" => $edit["name"])); + $error = t("The name '%s' has been denied access.", array("%s" => $edit["name"])); } else if ($edit["name"] && $edit["pass"]) { @@ -703,7 +703,7 @@ function user_login($edit = array()) { watchdog("user", "external load: $name@$server, module: " . key($result)); } else { - $error = strtr(t("Invalid password for %s."), array("%s" => "<i>$name@$server</i>")); + $error = t("Invalid password for %s.", array("%s" => "<i>$name@$server</i>")); } } @@ -751,12 +751,12 @@ function user_login($edit = array()) { ** information page if we can detect the referer page: */ - $url = $HTTP_REFERER ? $HTTP_REFERER : "module.php?mod=user&op=view"; + $url = $HTTP_REFERER ? $HTTP_REFERER : drupal_url(array("mod" => "user", "op" => "view"), "module"); drupal_goto($url); } else { if (!$error) { - $error = sprintf(t("Sorry. Unrecognized username or password. Have you %sforgotten your password%s?"), "<a href=\"module.php?mod=user&op=password\">", "</a>"); + $error = t("Sorry. Unrecognized username or password.")." ".lm(t("Have you forgotten your password?"), array("mod" => "user", "op" => "password")); } if ($server) { watchdog("user", "failed login for '$name@$server': $error"); @@ -779,12 +779,12 @@ function user_login($edit = array()) { ** Display login form: */ - $output .= form_textfield(t("Username"), "name", $edit["name"], 20, 64, strtr(t("Enter your %s username, or an ID from one of our affiliates: %a."), array("%s" => variable_get("site_name", "local"), "%a" => implode(", ", user_auth_help_links())))); + $output .= form_textfield(t("Username"), "name", $edit["name"], 20, 64, t("Enter your %s username, or an ID from one of our affiliates: %a.", array("%s" => variable_get("site_name", "local"), "%a" => implode(", ", user_auth_help_links())))); $output .= form_password(t("Password"), "pass", $pass, 20, 64, t("Enter the password that accompanies your username.")); $output .= form_checkbox(t("Remember me"), "remember_me", 1, 0, 0); $output .= form_submit(t("Log in")); - $output .= "<p>» <a href=\"module.php?mod=user&op=password\">" . t("E-mail new password") . "</a><br />"; - $output .= "» <a href=\"module.php?mod=user&op=register\">" . t("Create new account") . "</a></p>"; + $output .= "<p>» ".lm(t("E-mail new password"), array("mod" => "user", "op" => "password")). "<br />"; + $output .= "» " .lm(t("Create new account"), array("mod" => "user", "op" => "register")). "</p>"; return form($output); } @@ -814,12 +814,12 @@ function user_logout() { function user_pass($edit = array()) { if ($edit["name"]) { - $account = db_fetch_object(db_query("SELECT uid, name, mail FROM users WHERE name = '". check_input($edit["name"]) . "'")); - if (!$account) $error = strtr(t("Sorry. The username <i>%s</i> is not recognized."), array("%s" => $edit["name"])); + $account = db_fetch_object(db_query("SELECT uid, name, mail FROM users WHERE name = '%s'", $edit["name"])); + if (!$account) $error = t("Sorry. The username <i>%s</i> is not recognized.", array("%s" => $edit["name"])); } else if ($edit["mail"]) { - $account = db_fetch_object(db_query("SELECT uid, name, mail FROM users WHERE mail = '". check_input($edit["mail"]) ."'")); - if (!$account) $error = strtr(t("Sorry. The e-mail address <i>%s</i> is not recognized."), array("%s" => $edit["mail"])); + $account = db_fetch_object(db_query("SELECT uid, name, mail FROM users WHERE mail = '%s'", $edit["mail"])); + if (!$account) $error = t("Sorry. The e-mail address <i>%s</i> is not recognized.", array("%s" => $edit["mail"])); } if ($account) { @@ -839,7 +839,7 @@ function user_pass($edit = array()) { global $HTTP_HOST; $variables = array("%username" => $account->name, "%site" => variable_get("site_name", "drupal"), "%password" => $pass, "%uri" => path_uri(), "%uri_brief" => $HTTP_HOST, "%mailto" => $account->mail); $subject = strtr(variable_get("user_mail_pass_subject", t("Replacement login information for %username at %site")), $variables); - $body = strtr(variable_get("user_mail_pass_body", t("%username,\n\nHere is your new password for %site. You may now login to %urimodule.php?mod=login using the following username and password:\n\nusername: %username\npassword: %password\n\nAfter logging in, you may wish to change your password at %urimodule.php?mod=user&op=edit\n\nYour new %site membership also enables to you to login to other Drupal powered web sites (e.g. http://www.drop.org) without registering. Just use the following Drupal ID and password:\n\nDrupal ID: %username@%uri_brief\npassword: %password\n\n\n-- %site team")), $variables); + $body = strtr(variable_get("user_mail_pass_body", t("%username,\n\nHere is your new password for %site. You may now login to %uri".drupal_url(array("mod" => "login"), "module")." using the following username and password:\n\nusername: %username\npassword: %password\n\nAfter logging in, you may wish to change your password at %uri".drupal_url(array("mod" => "user", "op" => "edit"), "module")."\n\nYour new %site membership also enables to you to login to other Drupal powered web sites (e.g. http://www.drop.org) without registering. Just use the following Drupal ID and password:\n\nDrupal ID: %username@%uri_brief\npassword: %password\n\n\n-- %site team")), $variables); $headers = "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"; user_mail($account->mail, $subject, $body, $headers); @@ -862,8 +862,8 @@ function user_pass($edit = array()) { $output .= form_textfield(t("Username"), "name", $edit["name"], 30, 64); $output .= form_textfield(t("E-mail address"), "mail", $edit["mail"], 30, 64); $output .= form_submit(t("E-mail new password")); - $output .= "<p>» <a href=\"module.php?mod=user&op=login\">" . t("Log in") . "</a><br />"; - $output .= "» <a href=\"module.php?mod=user&op=register\">" . t("Create new account") . "</a></p>"; + $output .= "<p>» ".lm(t("Log in"), array("mod" =>user, "op" => "login"))."<br />"; + $output .= "» ".lm(t("Create new account"), array("mod" => "user", "op" => "register"))."</p>"; return form($output); } @@ -877,7 +877,7 @@ function user_register($edit = array()) { */ if ($user->uid) { - drupal_goto("module.php?mod=user&op=edit"); + drupal_goto(drupal_url(array("mod" => "user", "op" => "edit"), "module")); } if ($edit["name"] && $edit["mail"]) { @@ -888,16 +888,16 @@ function user_register($edit = array()) { // do nothing } else if (user_deny("user", $edit["name"])) { - $error = strtr(t("The name '%s' has been denied access."), array("%s" => $edit["name"])); + $error = t("The name '%s' has been denied access.", array("%s" => $edit["name"])); } else if (user_deny("mail", $edit["mail"])) { - $error = strtr(t("The e-mail address '%s' has been denied access."), array("%s" => $edit["mail"])); + $error = t("The e-mail address '%s' has been denied access.", array("%s" => $edit["mail"])); } - else if (db_num_rows(db_query("SELECT name FROM users WHERE LOWER(name) = LOWER('". $edit["name"] ."')")) > 0) { - $error = strtr(t("The name '%s' is already taken."), array("%s" => $edit["name"])); + else if (db_num_rows(db_query("SELECT name FROM users WHERE LOWER(name) = LOWER('%s')", $edit["name"])) > 0) { + $error = t("The name '%s' is already taken.", array("%s" => $edit["name"])); } - else if (db_num_rows(db_query("SELECT mail FROM users WHERE LOWER(mail) = LOWER('". $edit["mail"] ."')")) > 0) { - $error = strtr(t("The e-mail address '%s' is already taken."), array("%s" => $edit["mail"])); + else if (db_num_rows(db_query("SELECT mail FROM users WHERE LOWER(mail) = LOWER('%s')", $edit["mail"])) > 0) { + $error = t("The e-mail address '%s' is already taken.", array("%s" => $edit["mail"])); } else if (variable_get("user_register", 1) == 0) { $error = t("Public registrations have been disabled by the site administrator."); @@ -940,7 +940,7 @@ function user_register($edit = array()) { //the first user may login immediately, and receives a customized welcome email. if ($user->uid == 1) { - user_mail($edit["mail"], strtr(t("drupal user account details for %s"), array("%s" => $edit["name"])), strtr(t("%username,\n\nYou may now login to %uri using the following username and password:\n\n username: %username\n password: %password\n\nAfter logging in, you may wish to visit the following pages:\n\nAdministration: %uriadmin.php\nEdit user account: %utimodule.php?mod=user&op=edit\n\n--drupal"), $variables), "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); + user_mail($edit["mail"], t("drupal user account details for %s", array("%s" => $edit["name"])), t("%username,\n\nYou may now login to %uri using the following username and password:\n\n username: %username\n password: %password\n\nAfter logging in, you may wish to visit the following pages:\n\nAdministration: %uriadmin.php\nEdit user account: %uri".drupal_url(array("mod" => "user", "op" => "edit"), "module")."\n\n--drupal"), $variables, "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); // This should not be t()'ed. No point as its only shown once in the sites lifetime, and it would be bad to store the password $output .= "<p>Welcome to Drupal. You are user #1, which gives you full and immediate access. All future registrants will receive their passwords via email, so please configure your email settings using the Administration pages.</p><p> Your password is <b>$pass</b>. You may change your password on the next page.</p><p>Please login below.</p>"; $output .= form_hidden("name", $user->name); @@ -951,7 +951,7 @@ function user_register($edit = array()) { else { global $HTTP_HOST; $subject = strtr(variable_get("user_mail_welcome_subject", t("User account details for %username at %site")), $variables); - $body = strtr(variable_get("user_mail_welcome_body", t("%username,\n\nThank you for registering at %site. You may now login to %urimodule.php?mod=login using the following username and password:\n\nusername: %username\npassword: %password\n\nAfter logging in, you may wish to change your password at %urimodule.php?mod=user&op=edit\n\nYour new %site membership also enables to you to login to other Drupal powered web sites (e.g. http://www.drop.org) without registering. Just use the following Drupal ID and password:\n\nDrupal ID: %username@%uri_brief\npassword: %password\n\n\n-- %site team")), $variables); + $body = strtr(variable_get("user_mail_welcome_body", t("%username,\n\nThank you for registering at %site. You may now login to %uri".drupal_url(array("mod" => "login"), "module")." using the following username and password:\n\nusername: %username\npassword: %password\n\nAfter logging in, you may wish to change your password at %urimodule.php?mod=user&op=edit\n\nYour new %site membership also enables to you to login to other Drupal powered web sites (e.g. http://www.drop.org) without registering. Just use the following Drupal ID and password:\n\nDrupal ID: %username@%uri_brief\npassword: %password\n\n\n-- %site team")), $variables); user_mail($edit["mail"], $subject, $body, "From: $from\nReply-to: $from\nX-Mailer: Drupal\nReturn-path: $from\nErrors-to: $from"); return t("Your password and further instructions have been sent to your e-mail address."); } @@ -966,7 +966,7 @@ function user_register($edit = array()) { $affiliates = user_auth_help_links(); if (array_count_values($affiliates) > 1) { $affiliates = implode(", ", $affiliates); - $output .= "<p>" . strtr(t("Note: If you have an account with one of our affiliates (%s), you may <a href=\"\module.php?mod=user&op=login\">login now</a> instead of registering."), array("%s" => $affiliates)) ."</p>"; + $output .= "<p>" . t("Note: If you have an account with one of our affiliates (%s), you may ".lm("login now", array("mod" => "user", "op" => "login"))." instead of registering.", array("%s" => $affiliates)) ."</p>"; } $output .= form_textfield(t("Username"), "name", $edit["name"], 30, 64, t("Your full name or your prefered username: only letters, numbers and spaces are allowed.")); $output .= form_textfield(t("E-mail address"), "mail", $edit["mail"], 30, 64, t("A password and instructions will be sent to this e-mail address, so make sure it is accurate.")); @@ -1009,11 +1009,11 @@ function user_edit($edit = array()) { else if ($error = user_validate_mail($edit["mail"])) { // do nothing } - else if (db_num_rows(db_query("SELECT uid FROM users WHERE uid != '$user->uid' AND LOWER(name) = LOWER('". $edit["name"] ."')")) > 0) { - $error = strtr(t("The name '%s' is already taken."), array("%s" => $edit["name"])); + else if (db_num_rows(db_query("SELECT uid FROM users WHERE uid != '$user->uid' AND LOWER(name) = LOWER('%s')", $edit["name"])) > 0) { + $error = t("The name '%s' is already taken.", array("%s" => $edit["name"])); } - else if ($edit["mail"] && db_num_rows(db_query("SELECT uid FROM users WHERE uid != '$user->uid' AND LOWER(mail) = LOWER('". $edit["mail"] ."')")) > 0) { - $error = strtr(t("The e-mail address '%s' is already taken."), array("%s" => $edit["mail"])); + else if ($edit["mail"] && db_num_rows(db_query("SELECT uid FROM users WHERE uid != '$user->uid' AND LOWER(mail) = LOWER('%s')", $edit["mail"])) > 0) { + $error = t("The e-mail address '%s' is already taken.", array("%s" => $edit["mail"])); } else if ($user->uid) { foreach (module_list() as $module) { @@ -1089,9 +1089,9 @@ function user_edit($edit = array()) { } function user_menu() { - $links[] = "<a href=\"module.php?mod=user&op=view\">". t("view user information") ."</a>"; - $links[] = "<a href=\"module.php?mod=user&op=edit\">". t("edit user information") ."</a>"; - $links[] = "<a href=\"module.php?mod=user&op=delete\">". t("delete account") ."</a>"; + $links[] = lm(t("view user information"), array("mod" => "user", "op" => "view")); + $links[] = lm(t("edit user information"), array("mod" => "user", "op" => "edit")); + $links[] = lm(t("delete account"), array("mod" => "user", "op" => "delete")); return "<div align=\"center\">". implode(" · ", $links) ."</div>"; } @@ -1208,9 +1208,9 @@ function user_conf_options() { $output .= form_select("Public registrations", "user_register", variable_get("user_register", 1), array("Only site administrators can create new user accounts.", "Visitors can create accounts and no administrator approval is required.", "Visitors can create accounts but administrator approval is required.")); $output .= form_textfield("Password words", "user_password", variable_get("user_password", "foo,bar,guy,neo,tux,moo,sun,asm,dot,god,axe,geek,nerd,fish,hack,star,mice,warp,moon,hero,cola,girl,fish,java,perl,boss,dark,sith,jedi,drop,mojo"), 55, 256, "A comma separated list of short words that can be concatenated to generate human-readable passwords."); $output .= form_textfield("Welcome e-mail subject", "user_mail_welcome_subject", variable_get("user_mail_welcome_subject", t("User account details for %username at %site")), 80, 180, "Customize the Subject of your welcome email, which is sent to new members upon registering. Available variables are: %username, %site, %password, %uri, %uri_brief, %mailto"); - $output .= form_textarea("Welcome e-mail body", "user_mail_welcome_body", variable_get("user_mail_welcome_body", t("%username,\n\nThank you for registering at %site. You may now login to %urimodule.php?mod=login using the following username and password:\n\nusername: %username\npassword: %password\n\nAfter logging in, you may wish to change your password at %urimodule.php?mod=user&op=edit\n\nYour new %site membership also enables to you to login to other Drupal powered web sites (e.g. http://www.drop.org) without registering. Just use the following Drupal ID and password:\n\nDrupal ID: %username@%uri_brief\npassword: %password\n\n\n-- %site team")), 70, 10, "Customize the Body of the welcome email, which is sent to new members upon registering. Available variables are: %username, %site, %password, %uri, %uri_brief, %mailto"); + $output .= form_textarea("Welcome e-mail body", "user_mail_welcome_body", variable_get("user_mail_welcome_body", t("%username,\n\nThank you for registering at %site. You may now login to %uri".drupal_url(array("mod" => "login"), "module")." using the following username and password:\n\nusername: %username\npassword: %password\n\nAfter logging in, you may wish to change your password at %uri".drupal_url(array("mod" => "user", "op" => "edit"), "module")."\n\nYour new %site membership also enables to you to login to other Drupal powered web sites (e.g. http://www.drop.org) without registering. Just use the following Drupal ID and password:\n\nDrupal ID: %username@%uri_brief\npassword: %password\n\n\n-- %site team")), 70, 10, "Customize the Body of the welcome email, which is sent to new members upon registering. Available variables are: %username, %site, %password, %uri, %uri_brief, %mailto"); $output .= form_textfield("Forgotten password e-mail subject", "user_mail_pass_subject", variable_get("user_mail_pass_subject", t("Replacement login information for %username at %site")), 80, 180, "Customize the Subject of your Forgotten Password email. Available variables are: %username, %site, %password, %uri, %uri_brief, %mailto"); - $output .= form_textarea("Forgotten password e-mail body", "user_mail_pass_body", variable_get("user_mail_pass_body", t("%username,\n\nHere is your new password for %site. You may now login to %urimodule.php?mod=login using the following username and password:\n\nusername: %username\npassword: %password\n\nAfter logging in, you may wish to change your password at %urimodule.php?mod=user&op=edit\n\nYour new %site membership also enables to you to login to other Drupal powered web sites (e.g. http://www.drop.org) without registering. Just use the following Drupal ID and password:\n\nDrupal ID: %username@%uri_brief\npassword: %password\n\n\n-- %site team")), 70, 10, "Customize the Body of the Forgotten Password email. Available variables are: %username, %site, %password, %uri, %uri_brief, %mailto"); + $output .= form_textarea("Forgotten password e-mail body", "user_mail_pass_body", variable_get("user_mail_pass_body", t("%username,\n\nHere is your new password for %site. You may now login to %uri".drupal_url(array("mod" => "login"), "module")." using the following username and password:\n\nusername: %username\npassword: %password\n\nAfter logging in, you may wish to change your password at %uri".drupal_url(array("mod" => "user", "op" => "edit"), "module")."\n\nYour new %site membership also enables to you to login to other Drupal powered web sites (e.g. http://www.drop.org) without registering. Just use the following Drupal ID and password:\n\nDrupal ID: %username@%uri_brief\npassword: %password\n\n\n-- %site team")), 70, 10, "Customize the Body of the Forgotten Password email. Available variables are: %username, %site, %password, %uri, %uri_brief, %mailto"); return $output; } @@ -1250,11 +1250,11 @@ function user_admin_create($edit = array()) { else if ($error = user_validate_mail($edit["mail"])) { // do nothing } - else if (db_num_rows(db_query("SELECT name FROM users WHERE LOWER(name) = LOWER('". $edit["name"] ."')")) > 0) { - $error = strtr(t("The name '%s' is already taken."), array("%s" => $edit["name"])); + else if (db_num_rows(db_query("SELECT name FROM users WHERE LOWER(name) = LOWER('%s')", $edit["name"])) > 0) { + $error = t("The name '%s' is already taken.", array("%s" => $edit["name"])); } - else if (db_num_rows(db_query("SELECT mail FROM users WHERE LOWER(mail) = LOWER('". $edit["mail"] ."')")) > 0) { - $error = strtr(t("The e-mail address '%s' is already taken."), array("%s" => $edit["mail"])); + else if (db_num_rows(db_query("SELECT mail FROM users WHERE LOWER(mail) = LOWER('%s')", $edit["mail"])) > 0) { + $error = t("The e-mail address '%s' is already taken.", array("%s" => $edit["mail"])); } else { $success = 1; @@ -1287,7 +1287,7 @@ function user_admin_create($edit = array()) { function user_admin_access($edit = array()) { global $op, $id, $type; - $output .= "<small><a href=\"admin.php?mod=user&op=access&type=mail\">e-mail rules</a> :: <a href=\"admin.php?mod=user&op=access&type=user\">username rules</a></small><hr />"; + $output .= "<small>".la(t("e-mail rules"), array("mod" => "user", "op" => "access", "type" => "mail"))." :: ".la(t("username rules"), array("mod" => "user", "op" => "access", "type" => "user"))."</small><hr />"; // irc rules, too! if ($type != "user") { $output .= "<h3>E-mail rules</h3>"; @@ -1298,7 +1298,7 @@ function user_admin_access($edit = array()) { } if ($op == "Add rule") { - db_query("INSERT INTO access (mask, type, status) VALUES ('". check_input($edit["mask"]) ."', '". check_input($type) ."', '". check_input($edit["status"]) ."')"); + db_query("INSERT INTO access (mask, type, status) VALUES ('%s', '%s', '%s')", $edit["mask"], $type, $edit["status"]); } else if ($op == "Check") { if (user_deny($type, $edit["test"])) { @@ -1315,16 +1315,16 @@ function user_admin_access($edit = array()) { $output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">"; $output .= " <tr><th>type</th><th>mask</th><th>operations</th></tr>"; - $result = db_query("SELECT * FROM access WHERE type = '". check_input($type) ."' AND status = '1' ORDER BY mask"); + $result = db_query("SELECT * FROM access WHERE type = '%s' AND status = '1' ORDER BY mask", $type); while ($rule = db_fetch_object($result)) { - $output .= "<tr><td align=\"center\">allow</td><td>". check_output($rule->mask) ."</td><td><a href=\"admin.php?mod=user&op=access&type=$type&id=$rule->aid\">delete rule</a></td></tr>"; + $output .= "<tr><td align=\"center\">allow</td><td>". check_output($rule->mask) ."</td><td>".la(t("delete rule"), array("mod" => "user", "op" => "access", "type" => $type, "id" => $rule->aid))."</td></tr>"; } - $result = db_query("SELECT * FROM access WHERE type = '". check_input($type) ."' AND status = '0' ORDER BY mask"); + $result = db_query("SELECT * FROM access WHERE type = '%s' AND status = '0' ORDER BY mask", $type); while ($rule = db_fetch_object($result)) { - $output .= "<tr><td align=\"center\">deny</td><td>". check_output($rule->mask) ."</td><td><a href=\"admin.php?mod=user&op=access&type=$type&id=$rule->aid\">delete rule</a></td></tr>"; + $output .= "<tr><td align=\"center\">deny</td><td>". check_output($rule->mask) ."</td><td>". la(t("delete rule"), array("mod" => "user", "op" => "access", "type" => $type, "id" => $rule->aid)). "</td></tr>"; } $output .= " <tr><td><select name=\"edit[status]\"><option value=\"1\">allow</option><option value=\"0\">deny</option></select></td><td><input size=\"32\" maxlength=\"64\" name=\"edit[mask]\" /></td><td><input type=\"submit\" name=\"op\" value=\"Add rule\" /></td></tr>"; @@ -1365,7 +1365,7 @@ function user_admin_perm($edit = array()) { $result = db_query("SELECT * FROM role"); while ($role = db_fetch_object($result)) { $perm = $edit[$role->name] ? implode(", ", array_keys($edit[$role->name])) : ""; - db_query("UPDATE role SET perm = '$perm' WHERE name = '$role->name'"); + db_query("UPDATE role SET perm = '%s' WHERE name = '$role->name'", $perm); } } @@ -1415,13 +1415,13 @@ function user_admin_role($edit = array()) { global $op, $id; if ($op == "Save role") { - db_query("UPDATE role SET name = '". $edit["name"] ."' WHERE rid = '$id'"); + db_query("UPDATE role SET name = '%s' WHERE rid = '%s'", $edit["name"], $id); } else if ($op == "Delete role") { - db_query("DELETE FROM role WHERE rid = '$id'"); + db_query("DELETE FROM role WHERE rid = '%s'", $id); } else if ($op == "Add role") { - db_query("INSERT INTO role (name) VALUES ('". $edit["name"] ."')"); + db_query("INSERT INTO role (name) VALUES ('%s')", $edit["name"]); } else if ($id) { @@ -1429,7 +1429,7 @@ function user_admin_role($edit = array()) { ** Display role form: */ - $role = db_fetch_object(db_query("SELECT * FROM role WHERE rid = '$id'")); + $role = db_fetch_object(db_query("SELECT * FROM role WHERE rid = '%s'", $id)); $output .= form_textfield("Role name", "name", $role->name, 32, 64, "The name for this role. Example: 'moderator', 'editorial board', 'site architect'."); $output .= form_submit("Save role"); @@ -1448,7 +1448,7 @@ function user_admin_role($edit = array()) { $output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">"; $output .= " <tr><th>name</th><th>operations</th></tr>"; while ($role = db_fetch_object($result)) { - $output .= "<tr><td>". check_output($role->name) ."</td><td><a href=\"admin.php?mod=user&op=role&id=$role->rid\">edit role</a></td></tr>"; + $output .= "<tr><td>". check_output($role->name) ."</td><td>".la(t("edit role"), array("mod" => "user", "op" => "role", "id" => $role->rid))."</td></tr>"; } $output .= " <tr><td><input size=\"32\" maxlength=\"64\" name=\"edit[name]\" /></td><td><input type=\"submit\" name=\"op\" value=\"Add role\" /></td></tr>"; $output .= "</table>"; @@ -1484,11 +1484,11 @@ function user_admin_edit($edit = array()) { else if ($error = user_validate_mail($edit["mail"])) { // do nothing } - else if (db_num_rows(db_query("SELECT uid FROM users WHERE uid != '$account->uid' AND LOWER(name) = LOWER('". $edit["name"] ."')")) > 0) { - $error = strtr(t("The name '%s' is already taken."), array("%s" => $edit["name"])); + else if (db_num_rows(db_query("SELECT uid FROM users WHERE uid != '$account->uid' AND LOWER(name) = LOWER('%s')", $edit["name"])) > 0) { + $error = t("The name '%s' is already taken.", array("%s" => $edit["name"])); } - else if ($edit["mail"] && db_num_rows(db_query("SELECT uid FROM users WHERE uid != '$account->uid' AND LOWER(mail) = LOWER('". $edit["mail"] ."')")) > 0) { - $error = strtr(t("The e-mail address '%s' is already taken."), array("%s" => $edit["mail"])); + else if ($edit["mail"] && db_num_rows(db_query("SELECT uid FROM users WHERE uid != '$account->uid' AND LOWER(mail) = LOWER('%s')", $edit["mail"])) > 0) { + $error = t("The e-mail address '%s' is already taken.", array("%s" => $edit["mail"])); } if (!$error) { $account = user_save($account, $edit); @@ -1560,7 +1560,7 @@ function user_admin_account() { $result = db_query("SELECT uid, name, timestamp FROM users ". $queries[$query ? $query : 0][0] ." LIMIT 50"); foreach ($queries as $key => $value) { - $links[] = "<a href=\"admin.php?mod=user&op=account&query=$key\">$value[1]</a>"; + $links[] = la($value[1], array("mod" => "user", "op" => "account", "query" => $key)); } $output .= "<small>". implode(" :: ", $links) ."</small><hr />"; @@ -1568,7 +1568,7 @@ function user_admin_account() { $output .= "<table border=\"1\" cellpadding=\"2\" cellspacing=\"2\">"; $output .= " <tr><th>username</th><th>last access</th><th>operations</th></tr>"; while ($account = db_fetch_object($result)) { - $output .= " <tr><td>". format_name($account) ."</td><td>". format_date($account->timestamp, "small") ."</td><td align=\"center\"><a href=\"admin.php?mod=user&op=edit&id=$account->uid\">edit account</a></td></tr>"; + $output .= " <tr><td>". format_name($account) ."</td><td>". format_date($account->timestamp, "small") ."</td><td align=\"center\">".la(t("edit account"), array("mod" => "user", "op" => "edit", "id" =>$account->uid))."</td></tr>"; } $output .= "</table>"; @@ -1599,14 +1599,14 @@ function user_admin() { ** Compile a list of the administrative links: */ - $links[] = "<a href=\"admin.php?mod=user&op=create\">add new user</a>"; - $links[] = "<a href=\"admin.php?mod=user&op=access\">access rules</a>"; - $links[] = "<a href=\"admin.php?mod=user&op=account\">user accounts</a>"; - $links[] = "<a href=\"admin.php?mod=user&op=role\">user roles</a>"; - $links[] = "<a href=\"admin.php?mod=user&op=permission\">user permissions</a>"; - $links[] = "<a href=\"admin.php?mod=user&op=search\">search account</a>"; - $links[] = "<a href=\"admin.php?mod=user&op=settings\">settings</a>"; - $links[] = "<a href=\"admin.php?mod=user&op=help\">help</a>"; + $links[] = la(t("add new user"), array("mod" => "user", "op" => "create")); + $links[] = la(t("access rules"), array("mod" => "user", "op" => "access")); + $links[] = la(t("user accounts"), array("mod" => "user", "op" => "account")); + $links[] = la(t("user roles"), array("mod" => "user", "op" => "role")); + $links[] = la(t("user permissions"), array("mod" => "user", "op" => "permission")); + $links[] = la(t("search account"), array("mod" => "user", "op" => "search")); + $links[] = la(t("settings"), array("mod" => "user", "op" => "settings")); + $links[] = la(t("help"), array("mod" => "user", "op" => "help")); print "<small>". implode(" · ", $links) ."</small><hr />"; @@ -1615,7 +1615,7 @@ function user_admin() { print user_help(); break; case "search": - print search_type("user", "admin.php?mod=user&op=search"); + print search_type("user", drupal_url(array("mod" => "user", "op" => "search"), "admin")); break; case "Save configuration": case "Reset to defaults": |