source: sipes/cord/modules/user/user.pages.inc @ 8a8efa8

stableversion-3.0
Last change on this file since 8a8efa8 was 52861f4, checked in by José Gregorio Puentes <jpuentes@…>, 8 años ago

se actualizo el cord
  • Propiedad mode establecida a 100755
File size: 14.3 KB
Línea 
1<?php
2
3/**
4 * @file
5 * User page callback file for the user module.
6 */
7
8/**
9 * Menu callback; Retrieve a JSON object containing autocomplete suggestions for existing users.
10 */
11function user_autocomplete($string = '') {
12  $matches = array();
13  if ($string) {
14    $result = db_query_range("SELECT name FROM {users} WHERE LOWER(name) LIKE LOWER('%s%%')", $string, 0, 10);
15    while ($user = db_fetch_object($result)) {
16      $matches[$user->name] = check_plain($user->name);
17    }
18  }
19
20  drupal_json($matches);
21}
22
23/**
24 * Form builder; Request a password reset.
25 *
26 * @ingroup forms
27 * @see user_pass_validate()
28 * @see user_pass_submit()
29 */
30function user_pass() {
31  $form['name'] = array(
32    '#type' => 'textfield',
33    '#title' => t('Username or e-mail address'),
34    '#size' => 60,
35    '#maxlength' => max(USERNAME_MAX_LENGTH, EMAIL_MAX_LENGTH),
36    '#required' => TRUE,
37  );
38  $form['submit'] = array('#type' => 'submit', '#value' => t('E-mail new password'));
39
40  return $form;
41}
42
43function user_pass_validate($form, &$form_state) {
44  $name = trim($form_state['values']['name']);
45 
46
47  // Try to load by email.
48  $account = user_load(array('mail' => $name, 'status' => 1));
49  if (!$account) {
50    // No success, try to load by name.
51    $account = user_load(array('name' => $name, 'status' => 1));
52  }
53  if ($account) {
54    // Blocked accounts cannot request a new password,
55    // check provided username and email against access rules.
56    if (drupal_is_denied('user', $account->name) || drupal_is_denied('mail', $account->mail)) {
57      form_set_error('name', t('%name is not allowed to request a new password.', array('%name' => $name)));
58    }
59  }
60  if (isset($account->uid)) {
61    form_set_value(array('#parents' => array('account')), $account, $form_state);
62  }
63  else {
64    form_set_error('name', t('Sorry, %name is not recognized as a user name or an e-mail address.', array('%name' => $name)));
65  }
66}
67
68function user_pass_submit($form, &$form_state) {
69  global $language;
70
71  $account = $form_state['values']['account'];
72  // Mail one time login URL and instructions using current language.
73  _user_mail_notify('password_reset', $account, $language);
74  watchdog('user', 'Password reset instructions mailed to %name at %email.', array('%name' => $account->name, '%email' => $account->mail));
75  drupal_set_message(t('Further instructions have been sent to your e-mail address.'));
76
77  $form_state['redirect'] = 'user';
78  return;
79}
80
81/**
82 * Menu callback; process one time login link and redirects to the user page on success.
83 */
84function user_pass_reset(&$form_state, $uid, $timestamp, $hashed_pass, $action = NULL) {
85  global $user;
86
87  // Check if the user is already logged in. The back button is often the culprit here.
88  if ($user->uid) {
89    drupal_set_message(t('You have already used this one-time login link. It is not necessary to use this link to login anymore. You are already logged in.'));
90    drupal_goto();
91  }
92  else {
93    // Time out, in seconds, until login URL expires. 24 hours = 86400 seconds.
94    $timeout = 86400;
95    $current = time();
96    // Some redundant checks for extra security ?
97    if ($timestamp < $current && $account = user_load(array('uid' => $uid, 'status' => 1)) ) {
98      // Deny one-time login to blocked accounts.
99      if (drupal_is_denied('user', $account->name) || drupal_is_denied('mail', $account->mail)) {
100        drupal_set_message(t('You have tried to use a one-time login for an account which has been blocked.'), 'error');
101        drupal_goto();
102      }
103
104      // No time out for first time login.
105      if ($account->login && $current - $timestamp > $timeout) {
106        drupal_set_message(t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'));
107        drupal_goto('user/password');
108      }
109      else if ($account->uid && $timestamp > $account->login && $timestamp < $current && $hashed_pass == user_pass_rehash($account->pass, $timestamp, $account->login, $account->uid)) {
110        // First stage is a confirmation form, then login
111        if ($action == 'login') {
112          watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp));
113          // Set the new user.
114          $user = $account;
115          // user_authenticate_finalize() also updates the login timestamp of the
116          // user, which invalidates further use of the one-time login link.
117          user_authenticate_finalize($form_state['values']);
118          drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to login. Please change your password.'));
119          drupal_goto('user/'. $user->uid .'/edit');
120        }
121        else {
122          $form['message'] = array('#value' => t('<p>This is a one-time login for %user_name and will expire on %expiration_date.</p><p>Click on this button to login to the site and change your password.</p>', array('%user_name' => $account->name, '%expiration_date' => format_date($timestamp + $timeout))));
123          $form['help'] = array('#value' => '<p>'. t('This login can be used only once.') .'</p>');
124          $form['submit'] = array('#type' => 'submit', '#value' => t('Log in'));
125          $form['#action'] = url("user/reset/$uid/$timestamp/$hashed_pass/login");
126          return $form;
127        }
128      }
129      else {
130        drupal_set_message(t('You have tried to use a one-time login link which has either been used or is no longer valid. Please request a new one using the form below.'));
131        drupal_goto('user/password');
132      }
133    }
134    else {
135      // Deny access, no more clues.
136      // Everything will be in the watchdog's URL for the administrator to check.
137      drupal_access_denied();
138    }
139  }
140}
141
142/**
143 * Menu callback; logs the current user out, and redirects to the home page.
144 */
145function user_logout() {
146  global $user;
147
148  watchdog('user', 'Session closed for %name.', array('%name' => $user->name));
149
150  // Destroy the current session:
151  session_destroy();
152  // Only variables can be passed by reference workaround.
153  $null = NULL;
154  user_module_invoke('logout', $null, $user);
155
156  // Load the anonymous user
157  $user = drupal_anonymous_user();
158
159  drupal_goto();
160}
161
162/**
163 * Menu callback; Displays a user or user profile page.
164 */
165function user_view($account) {
166  drupal_set_title(check_plain($account->name));
167  // Retrieve all profile fields and attach to $account->content.
168  user_build_content($account);
169
170  // To theme user profiles, copy modules/user/user_profile.tpl.php
171  // to your theme directory, and edit it as instructed in that file's comments.
172  return theme('user_profile', $account);
173}
174
175/**
176 * Process variables for user-profile.tpl.php.
177 *
178 * The $variables array contains the following arguments:
179 * - $account
180 *
181 * @see user-picture.tpl.php
182 */
183function template_preprocess_user_profile(&$variables) {
184  $variables['profile'] = array();
185  // Sort sections by weight
186  uasort($variables['account']->content, 'element_sort');
187  // Provide keyed variables so themers can print each section independantly.
188  foreach (element_children($variables['account']->content) as $key) {
189    $variables['profile'][$key] = drupal_render($variables['account']->content[$key]);
190  }
191  // Collect all profiles to make it easier to print all items at once.
192  $variables['user_profile'] = implode($variables['profile']);
193}
194
195/**
196 * Process variables for user-profile-item.tpl.php.
197 *
198 * The $variables array contains the following arguments:
199 * - $element
200 *
201 * @see user-profile-item.tpl.php
202 */
203function template_preprocess_user_profile_item(&$variables) {
204  $variables['title'] = $variables['element']['#title'];
205  $variables['value'] = $variables['element']['#value'];
206  $variables['attributes'] = '';
207  if (isset($variables['element']['#attributes'])) {
208    $variables['attributes'] = drupal_attributes($variables['element']['#attributes']);
209  }
210}
211
212/**
213 * Process variables for user-profile-category.tpl.php.
214 *
215 * The $variables array contains the following arguments:
216 * - $element
217 *
218 * @see user-profile-category.tpl.php
219 */
220function template_preprocess_user_profile_category(&$variables) {
221  $variables['title'] = check_plain($variables['element']['#title']);
222  $variables['profile_items'] = $variables['element']['#children'];
223  $variables['attributes'] = '';
224  if (isset($variables['element']['#attributes'])) {
225    $variables['attributes'] = drupal_attributes($variables['element']['#attributes']);
226  }
227}
228
229/**
230 * Form builder; Present the form to edit a given user or profile category.
231 *
232 * @ingroup forms
233 * @see user_edit_validate()
234 * @see user_edit_submit()
235 */
236function user_edit($account, $category = 'account') {
237  drupal_set_title(check_plain($account->name));
238  return drupal_get_form('user_profile_form', $account, $category);
239}
240
241/**
242 * Form builder; edit a user account or one of their profile categories.
243 *
244 * @ingroup forms
245 * @see user_profile_form_validate()
246 * @see user_profile_form_submit()
247 * @see user_edit_delete_submit()
248 */
249function user_profile_form($form_state, $account, $category = 'account') {
250
251  $edit = (empty($form_state['values'])) ? (array)$account : $form_state['values'];
252
253  $form = _user_forms($edit, $account, $category);
254  $form['_category'] = array('#type' => 'value', '#value' => $category);
255  $form['_account'] = array('#type' => 'value', '#value' => $account);
256  $form['submit'] = array('#type' => 'submit', '#value' => t('Save'), '#weight' => 30);
257  if (user_access('administer users')) {
258    $form['delete'] = array(
259      '#type' => 'submit',
260      '#value' => t('Delete'),
261      '#weight' => 31,
262      '#submit' => array('user_edit_delete_submit'),
263    );
264  }
265  $form['#attributes']['enctype'] = 'multipart/form-data';
266
267  return $form;
268}
269
270/**
271 * Validation function for the user account and profile editing form.
272 */
273function user_profile_form_validate($form, &$form_state) {
274  user_module_invoke('validate', $form_state['values'], $form_state['values']['_account'], $form_state['values']['_category']);
275  // Validate input to ensure that non-privileged users can't alter protected data.
276  if ((!user_access('administer users') && array_intersect(array_keys($form_state['values']), array('uid', 'init', 'session'))) || (!user_access('administer permissions') && isset($form_state['values']['roles']))) {
277    watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING);
278    // set this to a value type field
279    form_set_error('category', t('Detected malicious attempt to alter protected user fields.'));
280  }
281}
282
283/**
284 * Submit function for the user account and profile editing form.
285 */
286function user_profile_form_submit($form, &$form_state) {
287  $account = $form_state['values']['_account'];
288  $category = $form_state['values']['_category'];
289  unset($form_state['values']['_account'], $form_state['values']['op'], $form_state['values']['submit'], $form_state['values']['delete'], $form_state['values']['form_token'], $form_state['values']['form_id'], $form_state['values']['_category']);
290  user_module_invoke('submit', $form_state['values'], $account, $category);
291  user_save($account, $form_state['values'], $category);
292
293  // Clear the page cache because pages can contain usernames and/or profile information:
294  cache_clear_all();
295
296  drupal_set_message(t('The changes have been saved.'));
297  return;
298}
299
300/**
301 * Submit function for the 'Delete' button on the user edit form.
302 */
303function user_edit_delete_submit($form, &$form_state) {
304  $destination = '';
305  if (isset($_REQUEST['destination'])) {
306    $destination = drupal_get_destination();
307    unset($_REQUEST['destination']);
308  }
309  // Note: We redirect from user/uid/edit to user/uid/delete to make the tabs disappear.
310  $form_state['redirect'] = array("user/". $form_state['values']['_account']->uid ."/delete", $destination);
311}
312
313/**
314 * Form builder; confirm form for user deletion.
315 *
316 * @ingroup forms
317 * @see user_confirm_delete_submit()
318 */
319function user_confirm_delete(&$form_state, $account) {
320
321  $form['_account'] = array('#type' => 'value', '#value' => $account);
322
323  return confirm_form($form,
324    t('Are you sure you want to delete the account %name?', array('%name' => $account->name)),
325    'user/'. $account->uid,
326    t('All submissions made by this user will be attributed to the anonymous account. This action cannot be undone.'),
327    t('Delete'), t('Cancel'));
328}
329
330/**
331 * Submit function for the confirm form for user deletion.
332 */
333function user_confirm_delete_submit($form, &$form_state) {
334  user_delete($form_state['values'], $form_state['values']['_account']->uid);
335  drupal_set_message(t('%name has been deleted.', array('%name' => $form_state['values']['_account']->name)));
336
337  if (!isset($_REQUEST['destination'])) {
338    $form_state['redirect'] = 'admin/user/user';
339  }
340}
341
342function user_edit_validate($form, &$form_state) {
343  user_module_invoke('validate', $form_state['values'], $form_state['values']['_account'], $form_state['values']['_category']);
344  // Validate input to ensure that non-privileged users can't alter protected data.
345  if ((!user_access('administer users') && array_intersect(array_keys($form_state['values']), array('uid', 'init', 'session'))) || (!user_access('administer permissions') && isset($form_state['values']['roles']))) {
346    watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING);
347    // set this to a value type field
348    form_set_error('category', t('Detected malicious attempt to alter protected user fields.'));
349  }
350}
351
352function user_edit_submit($form, &$form_state) {
353  $account = $form_state['values']['_account'];
354  $category = $form_state['values']['_category'];
355  unset($form_state['values']['_account'], $form_state['values']['op'], $form_state['values']['submit'], $form_state['values']['delete'], $form_state['values']['form_token'], $form_state['values']['form_id'], $form_state['values']['_category']);
356  user_module_invoke('submit', $form_state['values'], $account, $category);
357  user_save($account, $form_state['values'], $category);
358
359  // Clear the page cache because pages can contain usernames and/or profile information:
360  cache_clear_all();
361
362  drupal_set_message(t('The changes have been saved.'));
363  return;
364}
365
366/**
367 * Access callback for path /user.
368 *
369 * Displays user profile if user is logged in, or login form for anonymous
370 * users.
371 */
372function user_page() {
373  global $user;
374  if ($user->uid) {
375    menu_set_active_item('user/'. $user->uid);
376    return menu_execute_active_handler();
377  }
378  else {
379    return drupal_get_form('user_login');
380  }
381}
Nota: Vea TracBrowser para ayuda de uso del navegador del repositorio.