Same name and namespace in other branches
  1. 4.6.x modules/user.module \user_save()
  2. 4.7.x modules/user.module \user_save()
  3. 5.x modules/user/user.module \user_save()
  4. 7.x modules/user/user.module \user_save()

Save changes to a user account or add a new user.

Parameters

$account: The user object for to modify or add. If you want to modify an existing user account, you will need to ensure that (a) $account is an object, and (b) you have set $account->uid to the numeric user ID of the user account you wish to modify. Pass in NULL or any non-object to add a new user.

$array: (optional) An array of fields and values to save. For example, array('name' => 'My name'); Keys that do not belong to columns in the user-related tables are added to the a serialized array in the 'data' column and will be loaded in the $user->data array by user_load(). Setting a field to NULL deletes it from the data column, if you are modifying an existing user account.

$category: (optional) The category for storing profile information in.

Return value

A fully-loaded $user object upon successful save or FALSE if the save failed.

8 calls to user_save()
comment_controls_submit in modules/comment/comment.module
Process comment_controls form submissions.
install_configure_form_submit in ./install.php
Form API submit for the site configuration form.
system_admin_compact_page in modules/system/system.admin.inc
Menu callback; Sets whether the admin menu is in compact mode or not.
user_edit_submit in modules/user/user.pages.inc
user_profile_form_submit in modules/user/user.pages.inc
Submit function for the user account and profile editing form.

... See full list

File

modules/user/user.module, line 225
Enables the user registration and login system.

Code

function user_save($account, $array = array(), $category = 'account') {

  // Dynamically compose a SQL query:
  $user_fields = user_fields();
  if (is_object($account) && $account->uid) {
    user_module_invoke('update', $array, $account, $category);
    $query = '';
    $data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid)));

    // Consider users edited by an administrator as logged in, if they haven't
    // already, so anonymous users can view the profile (if allowed).
    if (empty($array['access']) && empty($account->access) && user_access('administer users')) {
      $array['access'] = time();
    }
    foreach ($array as $key => $value) {
      if ($key == 'pass' && !empty($value)) {
        $query .= "{$key} = '%s', ";
        $v[] = md5($value);
      }
      else {
        if (substr($key, 0, 4) !== 'auth' && $key != 'pass') {
          if (in_array($key, $user_fields)) {

            // Save standard fields.
            $query .= "{$key} = '%s', ";
            $v[] = $value;
          }
          else {
            if ($key != 'roles') {

              // Roles is a special case: it used below.
              if ($value === NULL) {
                unset($data[$key]);
              }
              elseif (!empty($key)) {
                $data[$key] = $value;
              }
            }
          }
        }
      }
    }
    $query .= "data = '%s' ";
    $v[] = serialize($data);
    $success = db_query("UPDATE {users} SET {$query} WHERE uid = %d", array_merge($v, array(
      $account->uid,
    )));
    if (!$success) {

      // The query failed - better to abort the save than risk further data loss.
      return FALSE;
    }

    // Reload user roles if provided.
    if (isset($array['roles']) && is_array($array['roles'])) {
      db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
      foreach (array_keys($array['roles']) as $rid) {
        if (!in_array($rid, array(
          DRUPAL_ANONYMOUS_RID,
          DRUPAL_AUTHENTICATED_RID,
        ))) {
          db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $account->uid, $rid);
        }
      }
    }

    // Delete a blocked user's sessions to kick them if they are online.
    if (isset($array['status']) && $array['status'] == 0) {
      sess_destroy_uid($account->uid);
    }

    // If the password changed, delete all open sessions and recreate
    // the current one.
    if (!empty($array['pass'])) {
      sess_destroy_uid($account->uid);
      if ($account->uid == $GLOBALS['user']->uid) {
        sess_regenerate();
      }
    }

    // Refresh user object.
    $user = user_load(array(
      'uid' => $account->uid,
    ));

    // Send emails after we have the new user object.
    if (isset($array['status']) && $array['status'] != $account->status) {

      // The user's status is changing; conditionally send notification email.
      $op = $array['status'] == 1 ? 'status_activated' : 'status_blocked';
      _user_mail_notify($op, $user);
    }
    user_module_invoke('after_update', $array, $user, $category);
  }
  else {

    // Allow 'created' to be set by the caller.
    if (!isset($array['created'])) {
      $array['created'] = time();
    }

    // Consider users created by an administrator as already logged in, so
    // anonymous users can view the profile (if allowed).
    if (empty($array['access']) && user_access('administer users')) {
      $array['access'] = time();
    }

    // Note: we wait to save the data column to prevent module-handled
    // fields from being saved there. We cannot invoke hook_user('insert') here
    // because we don't have a fully initialized user object yet.
    foreach ($array as $key => $value) {
      switch ($key) {
        case 'pass':
          $fields[] = $key;
          $values[] = md5($value);
          $s[] = "'%s'";
          break;
        case 'mode':
        case 'sort':
        case 'timezone':
        case 'threshold':
        case 'created':
        case 'access':
        case 'login':
        case 'status':
          $fields[] = $key;
          $values[] = $value;
          $s[] = "%d";
          break;
        default:
          if (substr($key, 0, 4) !== 'auth' && in_array($key, $user_fields)) {
            $fields[] = $key;
            $values[] = $value;
            $s[] = "'%s'";
          }
          break;
      }
    }
    $success = db_query('INSERT INTO {users} (' . implode(', ', $fields) . ') VALUES (' . implode(', ', $s) . ')', $values);
    if (!$success) {

      // On a failed INSERT some other existing user's uid may be returned.
      // We must abort to avoid overwriting their account.
      return FALSE;
    }

    // Build the initial user object.
    $array['uid'] = db_last_insert_id('users', 'uid');
    $user = user_load(array(
      'uid' => $array['uid'],
    ));
    user_module_invoke('insert', $array, $user, $category);

    // Build and save the serialized data field now.
    $data = array();
    foreach ($array as $key => $value) {
      if (substr($key, 0, 4) !== 'auth' && $key != 'roles' && !in_array($key, $user_fields) && $value !== NULL) {
        $data[$key] = $value;
      }
    }
    db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid);

    // Save user roles (delete just to be safe).
    if (isset($array['roles']) && is_array($array['roles'])) {
      db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
      foreach (array_keys($array['roles']) as $rid) {
        if (!in_array($rid, array(
          DRUPAL_ANONYMOUS_RID,
          DRUPAL_AUTHENTICATED_RID,
        ))) {
          db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
        }
      }
    }

    // Build the finished user object.
    $user = user_load(array(
      'uid' => $array['uid'],
    ));
  }

  // Save distributed authentication mappings.
  $authmaps = array();
  foreach ($array as $key => $value) {
    if (substr($key, 0, 4) == 'auth') {
      $authmaps[$key] = $value;
    }
  }
  if (sizeof($authmaps) > 0) {
    user_set_authmaps($user, $authmaps);
  }
  return $user;
}