1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
|
<?php
function account_help() {
?>
<P>The account-module is responsible for maintaining the user database. It automatically handles tasks like registration, authentication, access control, password retrieval, user settings and much more.</P>
<P>The required administration can be accomplished through the "account" interface of the administration section. From here administrators can get a quick overview of all registered users and view/edit specific accounts using the links provided. Some useful operations include blocking specific accounts (e.g. a troublesome user) and giving/taking administration permissions. Note that you should only give these permissions to people you trust!</P>
<P>Check the documentation page for detailed information about user management.</P>
<H3>Regular expressions</H3>
<P>A <I>regular expression</I> (or <I>regexp</I>, or <I>pattern</I>) is a text string that describes some (mathematical) set of strings. A regexp <CODE>R</CODE> "matches" a string <CODE>S</CODE> if <CODE>S</CODE> is in the set of strings described by <CODE>R</CODE>.</P>
<P>Regular expressions are very powerful but often get complicated and nothing in this write-up can change that.
<P>A complete explanation of regular expressions is beyond the scope of this help system. A regular expression may use any of the following special characters/constructs:</P>
<TABLE BORDER="1">
<TR><TD>^</TD><TD>Matches the beginning of a string.</TD></TR>
<TR><TD>$</TD><TD>Matches the end of a string.</TD></TR>
<TR><TD>.</TD><TD>Matches any character (including newline). For example the regular expression a.c would match the strings abc, adb, axb, but not axxc.<TD></TR>
<TR><TD>a*</TD><TD>Matches any sequence of zero or more a characters.</TD></TR>
<TR><TD>a+</TD><TD>Matches any sequence of one or more a characters.</TD></TR>
<TR><TD>a?</TD><TD>Matches either zero or one a character.</TD></TR>
<TR><TD>ab|cd</TD><TD>Matches either of the sequences "ab" or "cd".</TD></TR>
<TR><TD>(abc)*</TD><TD>Matches zero or more instances of the sequence abc.</TD></TR>
<TR><TD>[abc]</TD><TD>Matches any one of the characters between the brackets: a, b or c. Ranges of characters can specified by using a hyphen. For example, the regular expression [0-9] means match any digit. Multiple ranges can be specified as well. The regular expression [A-Za-z] means match any upper or lower case letter. To match any character except those in the range, the complement range, use the caret as the first character after the opening bracket. For example, the expression [^269A-Z] will match any characters except 2, 6, 9, and upper case letters.</TD></TR>
<TR><TD>{num}</TD><TD>Matches the preceding element num times.</TD></TR>
<TR><TD>{min, max}</TD><TD>Matches the preceding element at least min times, but not more than max times.</TD></TR>
</TABLE>
<P><B>Examples:</B></P>
<TABLE BORDER="1">
<TR><TD>apple</TD><TD>Matches any string that has the text "apple" in it.</TD></TR>
<TR><TD>^apple$</TD><TD>Matches the exact string "apple".</TD></TR>
<TR><TD>^apple</TD><TD>Matches any string that starts with "apple".</TD></TR>
<TR><TD>domain\.com$</TD><TD>Matches any string that ends with "domain.com". Note that you have to escape the dot in domain.com.</TD></TR>
</TABLE>
<?php
}
function account_perm() {
return array("administer users");
}
function account_link($type) {
if ($type == "admin" && user_access("administer users")) {
$links[] = "<a href=\"admin.php?mod=account\">user accounts</a>";
}
return $links ? $links : array();
}
function account_conf_options() {
$output .= form_select(t("Public accounts"), "account_register", variable_get("account_register", 1), array("Disabled", "Enabled"), "If enabled, everyone can create a new user account. If disabled, new user accounts can only be created by site administrators.");
return $output;
}
function account_search($keys) {
$result = db_query("SELECT * FROM users WHERE name LIKE '%$keys%' LIMIT 20");
while ($account = db_fetch_object($result)) {
$find[$i++] = array("title" => $account->name, "link" => (user_access("administer users") ? "admin.php?mod=account&op=view&name=". urlencode($account->name) : "account.php?op=view&name=". urlencode($account->name)), "user" => $account->name);
}
return $find;
}
function account_ac_add($edit) {
db_query("INSERT INTO access (mask, type, reason) VALUES ('". check_input($edit[mask]) ."', '". check_input($edit[type]) ."', '". check_input($edit[reason]) ."')");
}
function account_ac_del($id) {
db_query("DELETE FROM access WHERE id = '$id'");
}
function account_ac_check($edit) {
return "\"$edit[text]\" ". (($rule = user_ban($edit[text], $edit[category])) ? "matched with access rule '$rule->mask'" : "did not match any of the existing access rules") .".";
}
function account_ac() {
$access = array("e-mail address", "hostname", "username");
$result = db_query("SELECT * FROM access");
foreach ($access as $value) $type .= " <OPTION VALUE=\"$value\">$value</OPTION>\n";
$output .= "<FORM ACTION=\"admin.php?mod=account&op=access\" METHOD=\"post\">\n";
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
$output .= " <TR><TH>mask</TH><TH>type</TH><TH>reason</TH><TH>operations</TH></TR>\n";
while ($rule = db_fetch_object($result)) {
$output .= " <TR><TD>$rule->mask</TD><TD ALIGN=\"center\">$rule->type</TD><TD>". check_output($rule->reason) ."</TD><TD><A HREF=\"admin.php?mod=account&op=delete&id=$rule->id\">delete rule</A></TD></TR>\n";
}
$output .= " <TR><TD><INPUT TYPE=\"text\" NAME=\"edit[mask]\"></TD><TD><SELECT NAME=\"edit[type]\">\n$type</SELECT></TD><TD><INPUT TYPE=\"text\" NAME=\"edit[reason]\"></TD><TD><INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Add rule\"></TD></TR>\n";
$output .= " <TR><TD COLSPAN=\"4\"><SMALL><I>Use <A HREF=\"admin.php?mod=account&op=help\">regular expressions</A> (regexs) to specify the mask pattern.</I></SMALL></TD></TR>\n";
$output .= "</TABLE>\n";
$output .= "<BR><BR>\n";
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
$output .= " <TR><TH COLSPAN=\"3\">check access rules</TH></TR>\n";
$output .= " <TR><TD><INPUT TYPE=\"text\" NAME=\"edit[text]\"></TD><TD><SELECT NAME=\"edit[category]\">\n$type</SELECT></TD><TD><INPUT NAME=\"op\" TYPE=\"submit\" VALUE=\"Check\"></TD></TR>\n";
$output .= "</TABLE>\n";
$output .= "</FORM>\n";
return $output;
}
function account_overview($query = array()) {
$result = db_query("SELECT id, name, last_access FROM users $query[1] LIMIT 50");
$output .= status($query[0]);
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
$output .= " <TR><TH>username</TH><TH>last access</TH><TH COLSPAN=\"2\">operations</TH></TR>\n";
while ($account = db_fetch_object($result)) {
$output .= " <TR><TD>". format_name($account->name) ."</TD><TD>". format_date($account->last_access) ."</TD><TD ALIGN=\"center\"><A HREF=\"admin.php?mod=account&op=view&name=". urlencode($account->name) ."\">view account</A></TD><TD ALIGN=\"center\"><A HREF=\"admin.php?mod=account&op=edit&name=". urlencode($account->name) ."\">edit account</A></TD></TR>\n";
}
$output .= "</TABLE>\n";
return $output;
}
function account_blocks($id) {
$result = db_query("SELECT * FROM layout WHERE user = '$id'");
while ($layout = db_fetch_object($result)) {
$output .= "<LI>$layout->block</LI>\n";
}
return $output;
}
function account_nodes($id) {
$result = db_query("SELECT * FROM node WHERE author = $id ORDER BY timestamp DESC LIMIT 30");
while ($node = db_fetch_object($result)) {
$output .= "<LI><A HREF=\"node.php?id=$node->nid\">$node->title</A> ($node->type)</LI>\n";
}
return $output;
}
function account_comments($id) {
$result = db_query("SELECT * FROM comments WHERE author = '$id' ORDER BY timestamp DESC LIMIT 30");
while ($comment = db_fetch_object($result)) {
$output .= "<LI><A HREF=\"node.php?id=$comment->lid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">$comment->subject</A></LI>\n";
}
return $output;
}
function account_delete($name) {
$result = db_query("SELECT * FROM users WHERE name = '$name' AND status = 0 AND id > 1");
if ($account = db_fetch_object($result)) {
db_query("DELETE FROM users WHERE id = '$account->id'");
}
else {
return "failed to delete account '". format_name($name) ."': the account must be blocked first.";
}
}
function account_form($account = 0) {
$form .= $account->id ? form_item("ID", $account->id) . form_hidden("id", $account->id) : "";
$form .= form_item(t("Name"), check_output($account->name) ." (". check_output($account->userid) .")");
$form .= form_select(t("Status"), "status", $account->status, array("blocked", "not confirmed", "open"));
$form .= form_select(t("Role"), "role", $account->role, access_get_roles());
$form .= form_textfield(t("Real e-mail address"), "real_email", $account->real_email, 30, 55);
$form .= form_textfield(t("Fake e-mail address"), "fake_email", $account->fake_email, 30, 55);
$form .= form_textfield(t("Homepage"), "url", $account->url, 30, 55);
$form .= form_textarea(t("Bio"), "bio", $account->bio, 35, 5);
$form .= form_textarea(t("Signature"), "signature", $account->signature, 35, 5);
$form .= form_hidden("userid", $account->userid);
$form .= form_hidden("name", $account->name);
if ($account) {
$form .= form_submit("View account");
}
$form .= form_submit("Save account");
return form("admin.php?mod=account", $form);
}
function account_save($edit) {
if ($edit[id]) {
// Updating existing account
foreach ($edit as $key=>$value) {
$query[] = "$key = '". addslashes($value) ."'";
}
db_query("UPDATE users SET ". implode(", ", $query) ." WHERE id = $edit[id]");
watchdog("account", "account: modified user '$edit[name]'");
return $edit[name];
}
else {
if ($error = account_validate($edit)) {
print status($error);
return 0;
}
else {
$edit[passwd] = user_password();
$edit[hash] = substr(md5("$edit[userid]. ". time()), 0, 12);
$user = user_save("", array("name" => $edit[userid], "userid" => $edit[userid], "role" => $edit[role], "real_email" => $edit[real_email], "passwd" => $edit[passwd], "status" => $edit[status], "hash" => $edit[hash]));
$link = path_uri() ."account.php?op=confirm&name=". urlencode($edit[userid]) ."&hash=$edit[hash]";
$subject = strtr(t("Account details for %a"), array("%a" => variable_get(site_name, "drupal")));
$message = strtr(t("%a,\n\n\nsomeone signed up for a user account on %b and supplied this e-mail address as their contact. If it wasn't you, don't get your panties in a knot and simply ignore this mail. If this was you, you will have to confirm your account first or you will not be able to login. To confirm your account visit the URL below:\n\n %c\n\nOnce confirmed you can login using the following username and password:\n\n username: %a\n password: %d\n\n\n-- %b team\n"), array("%a" => $edit[userid], "%b" => variable_get(site_name, "drupal"), "%c" => $link, "%d" => $edit[passwd]));
watchdog("account", "new account: `$edit[userid]' <$edit[real_email]>");
if ($edit[status] == 1) mail($edit[real_email], $subject, $message, "From: noreply");
return $edit[userid];
}
}
}
function account_edit($name) {
$result = db_query("SELECT * FROM users WHERE name = '$name'");
if ($account = db_fetch_object($result)) {
return account_form($account);
}
}
function account_add() {
global $REQUEST_URI;
$form .= form_textfield("Username", "name", "", 30, 55);
$form .= form_textfield("E-mail address", "mail", "", 30, 55);
$form .= form_textfield("Password", "pass", "", 30, 55);
$form .= form_submit("Create account");
return form($REQUEST_URI, $form);
}
function account_create($edit) {
if ($error = user_validate_name($edit[name])) {
return $error;
}
else if ($error = user_validate_mail($edit[mail])) {
return $error;
}
else if (empty($edit[pass])) {
return "password should be non-empty.";
}
else if (db_num_rows(db_query("SELECT userid FROM users WHERE (LOWER(userid) = LOWER('$edit[name]') OR LOWER(name) = LOWER('$edit[name]'))")) > 0) {
return "the username '$edit[name]' is already taken.";
}
else if (db_num_rows(db_query("SELECT real_email FROM users WHERE LOWER(real_email) = LOWER('$edit[mail]')")) > 0) {
return "the e-mail address '$edit[mail]' is already in use by another account.";
}
else {
$user = user_save("", array("userid" => $edit[name], "name" => $edit[name], "real_email" => $edit[mail], "passwd" => $edit[pass], "role" => "authenticated user", "status" => 2));
}
}
function account_view($name) {
$status = array(0 => "blocked", 1 => "not confirmed", 2 => "open");
$result = db_query("SELECT * FROM users WHERE name = '$name'");
if ($account = db_fetch_object($result)) {
$form .= form_hidden("name", $account->name);
$form .= form_submit("Edit account");
$form .= form_submit("Delete account");
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
$output .= " <TR><TH>ID:</TH><TD>$account->id</TD></TR>\n";
$output .= " <TR><TH>Name:</TH><TD>". check_output($account->name) ." (". check_output($account->userid) .")</TD></TR>\n";
$output .= " <TR><TH>Status:</TH><TD>". $status[$account->status] ."</TD></TR>\n";
$output .= " <TR><TH>Role:</TH><TD>". check_output($account->role) ."</TD></TR>\n";
$output .= " <TR><TH>Real e-mail address:</TH><TD>". format_email($account->real_email) ."</TD></TR>\n";
$output .= " <TR><TH>Fake e-mail address:</TH><TD>". check_output($account->fake_email) ."</TD></TR>\n";
$output .= " <TR><TH>Homepage:</TH><TD>". format_url($account->url) ."</TD></TR>\n";
$output .= " <TR><TH>Last access:</TH><TD>". format_date($account->last_access) ." from ". check_output($account->last_host) ."</TD></TR>\n";
$output .= " <TR><TH>User rating:</TH><TD>". check_output($account->rating) ."</TD></TR>\n";
$output .= " <TR><TH>Bio:</TH><TD>". check_output($account->bio) ."</TD></TR>\n";
$output .= " <TR><TH>Signature:</TH><TD>". check_output($account->signature) ."</TD></TR>\n";
$output .= " <TR><TH>Theme:</TH><TD>". check_output($account->theme) ."</TD></TR>\n";
$output .= " <TR><TH>Timezone:</TH><TD>". check_output($account->timezone / 3600) ."</TD></TR>\n";
$output .= " <TR><TH>Selected blocks:</TH><TD>". check_output(account_blocks($account->id)) ."</TD></TR>\n";
$output .= " <TR><TH>Recent nodes:</TH><TD>". check_output(account_nodes($account->id)) ."</TD></TR>\n";
$output .= " <TR><TH>Recent comments:</TH><TD>". check_output(account_comments($account->id)) ."</TD></TR>\n";
$output .= " <TR><TD ALIGN=\"center\" COLSPAN=\"2\">". form("admin.php?mod=account", $form) ."</TD></TR>\n";
$output .= "</TABLE>\n";
return $output;
}
}
function account_query($type = "") {
$queries = array(array("users recently visiting", "ORDER BY last_access DESC"), array("users recently joining", "ORDER BY id DESC"), array("users with pending accounts", "WHERE status = 1 ORDER BY last_access DESC"), array("users with blocked accounts", "WHERE status = 0 ORDER BY last_access DESC"));
return ($queries[$type] ? $queries[$type] : $queries);
}
function account_validate($user) {
if ($error = user_validate_name($user[userid])) return $error;
// Verify e-mail address:
if ($error = user_validate_mail($user[real_email])) return $error;
// Check to see whether the username or e-mail address are banned:
if ($ban = user_ban($user[userid], "username")) return t("the username '$user[userid]' is banned") .": <I>$ban->reason</I>.";
if ($ban = user_ban($user[real_email], "e-mail address")) return t("the e-mail address '$user[real_email]' is banned") .": <I>$ban->reason</I>.";
// Verify whether username and e-mail address are unique:
if (db_num_rows(db_query("SELECT userid FROM users WHERE LOWER(userid) = LOWER('$user[userid]')")) > 0) return t("the username '$user[userid]' is already taken.");
if (db_num_rows(db_query("SELECT real_email FROM users WHERE LOWER(real_email) = LOWER('$user[real_email]')")) > 0) return t("the e-mail address '$user[real_email]' is already in use by another account.");
}
function account_admin() {
global $op, $edit, $id, $mod, $keys, $order, $name, $query;
if (user_access("administer users")) {
print "<SMALL><A HREF=\"admin.php?mod=account&op=access\">access control</A> | <A HREF=\"admin.php?mod=account&op=add\">add new account</A> | <A HREF=\"admin.php?mod=account&op=listing\">account listings</A> | <A HREF=\"admin.php?mod=account&op=search\">search account</A> | <A HREF=\"admin.php?mod=account\">overview</A> | <A HREF=\"admin.php?mod=account&op=help\">help</A></SMALL><HR>";
$query = $query ? $query : 0;
$name = $name ? $name : $edit[name];
switch ($op) {
case "access":
print account_ac();
break;
case "Add rule":
print status(account_ac_add($edit));
print account_ac();
break;
case "Check":
print status(account_ac_check($edit));
print account_ac();
break;
case "delete":
print status(account_ac_del($id));
print account_ac();
break;
case "Delete account":
print status(account_delete($name));
print account_overview(account_query($query));
break;
case "Create account":
if ($error = account_create($edit)) {
print status($error);
print account_add($edit);
}
else {
print account_edit($edit[name]);
}
break;
case "add":
print account_add();
break;
case "Edit account":
case "edit":
print account_edit($name);
break;
case "help":
print account_help();
break;
case "listing":
print node_listing(account_query());
break;
case "search":
print search_form($keys);
print search_data($keys, $mod);
break;
case "Save account":
$name = account_save($edit);
if ($name)
print account_view($name);
else {
foreach ($edit as $key=>$value) {
$account->$key = $value;
}
print account_form($account);
}
break;
case "View account":
case "view":
print account_view($name);
break;
default:
print account_overview(account_query($query));
}
}
else {
print message_access();
}
}
?>
|
