diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/user.module | 41 | ||||
| -rw-r--r-- | modules/user/user.module | 41 |
2 files changed, 54 insertions, 28 deletions
diff --git a/modules/user.module b/modules/user.module index 8489958f8..d2c4d1734 100644 --- a/modules/user.module +++ b/modules/user.module @@ -89,20 +89,6 @@ function user_load($array = array()) { } function user_save($account, $array = array()) { - - /* - ** Validate input fields to make sure users don't submit - ** invalid form data. - */ - - if (!user_access("administer users")) { - if (array_intersect(array_keys($array), array("rid", "init", "rating", "session"))) { - watchdog("warning", "detected malicious attempt to alter a protected user field"); - } - - unset($array["rid"], $array["init"], $array["rating"], $array["session"]); - } - /* ** Dynamically compose a SQL query: */ @@ -358,9 +344,21 @@ function user_block() { $block[1]["info"] = t("Log in"); $block[1]["link"] = drupal_url(array("mod" => "user"), "module"); + $block[2]["subject"] = t("Who's new"); + $block[2]["info"] = t("Who's new"); + $block[2]["content"] = user_new_users(); + return $block; } +function user_new_users() { + $result = db_query("SELECT uid, name FROM users WHERE status != '0' ORDER BY uid DESC LIMIT 5"); + while ($account = db_fetch_object($result)) { + $output .= lm((strlen($account->name) > 15 ? substr($account->name, 0, 15) . '...' : $account->name), array("mod" =>user, "op" => "view", "id" => $account->uid)) ."<br />"; + } + return $output; +} + function user_link($type) { if ($type == "page") { $links[] = lm(t("user account"), array("mod" => "user"), "", array("title" => t("Create a user account, request a new password or edit your account settings."))); @@ -890,6 +888,21 @@ function user_edit($edit = array()) { } unset($edit["pass1"], $edit["pass2"]); + /* + ** Validate input fields to make sure users don't submit + ** invalid form data. + */ + + if (!user_access("administer users")) { + if (array_intersect(array_keys($edit), array("rid", "init", "rating", "session"))) { + watchdog("warning", "detected malicious attempt to alter a protected database field"); + } + + $edit["rid"] = $user->rid; + $edit["init"] = $user->init; + $edit["rating"] = $user->rating; + $edit["session"] = $user->session; + } if (!$error) { /* diff --git a/modules/user/user.module b/modules/user/user.module index 8489958f8..d2c4d1734 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -89,20 +89,6 @@ function user_load($array = array()) { } function user_save($account, $array = array()) { - - /* - ** Validate input fields to make sure users don't submit - ** invalid form data. - */ - - if (!user_access("administer users")) { - if (array_intersect(array_keys($array), array("rid", "init", "rating", "session"))) { - watchdog("warning", "detected malicious attempt to alter a protected user field"); - } - - unset($array["rid"], $array["init"], $array["rating"], $array["session"]); - } - /* ** Dynamically compose a SQL query: */ @@ -358,9 +344,21 @@ function user_block() { $block[1]["info"] = t("Log in"); $block[1]["link"] = drupal_url(array("mod" => "user"), "module"); + $block[2]["subject"] = t("Who's new"); + $block[2]["info"] = t("Who's new"); + $block[2]["content"] = user_new_users(); + return $block; } +function user_new_users() { + $result = db_query("SELECT uid, name FROM users WHERE status != '0' ORDER BY uid DESC LIMIT 5"); + while ($account = db_fetch_object($result)) { + $output .= lm((strlen($account->name) > 15 ? substr($account->name, 0, 15) . '...' : $account->name), array("mod" =>user, "op" => "view", "id" => $account->uid)) ."<br />"; + } + return $output; +} + function user_link($type) { if ($type == "page") { $links[] = lm(t("user account"), array("mod" => "user"), "", array("title" => t("Create a user account, request a new password or edit your account settings."))); @@ -890,6 +888,21 @@ function user_edit($edit = array()) { } unset($edit["pass1"], $edit["pass2"]); + /* + ** Validate input fields to make sure users don't submit + ** invalid form data. + */ + + if (!user_access("administer users")) { + if (array_intersect(array_keys($edit), array("rid", "init", "rating", "session"))) { + watchdog("warning", "detected malicious attempt to alter a protected database field"); + } + + $edit["rid"] = $user->rid; + $edit["init"] = $user->init; + $edit["rating"] = $user->rating; + $edit["session"] = $user->session; + } if (!$error) { /* |