We can access a few variables from anywhere at anytime in Drupal, and the most important of these variables is $user. The object $user contains (almost) everything you’ll ever need to know about the user that is currently surfing the web site. This user may be logged in (a logged in registered user, hence), or he may be an anonymous user (not quite so anonymous because we can fetch his IP address, from the variable $user).
Whenever we want to access the global-scope $user variable for any purpose, we need to specify the variable’s scope, so we always need at least 2 lines of code to fetch information about the “user” :
// we are to access the content of the global-scope variable $user global $user; // salutation to the user print 'Hello, ' . $user->name;
For the sake of simplicity, we’re now printing words, like Hello how dow you do, without concern for the fact that they won’t be translatable to other languages. To make any text we print translatable, we use Drupal’s function t() — t as in translatable text, not t as in text. In both Drupal 5.x and Drupal 6.x, the placeholder in the t() function (used for dynamic content) is !variable for input that you generated, programmatically or otherwise (like a number, a 'role' name). Also use the !variable placeholder to print an e-mail address. Use the placeholder @variable for user input — anything you want Drupal to sanitize for you.
Using the function t(), the last code snippet becomes :
global $user; // salutation to the “user” print t('Hello, @user.', array('@user' => $user->name));
If we’re curious about the content of this variable, that is, if we want to answer the question what is there to learn from $user, we can use this call, which will print the entire content of the variable in a green box on our web page :
drupal_set_message('<pre>' . print_r($user, TRUE) . ' </pre>');
If we don’t set the second argument of the php function print_r to TRUE, the content will be displayed above the web page’s header. You might actually prefer that.
The only information not provided by the omniscient $user is whatever user profile “info” was added through customizable fields created by the admin, using the Profile module, these fields that were labelled by the admin profile_{something}. We’ll see how to access this information in a bit. We’ll also discover how to answer the question : do I have the right to {do-this} ? where do-this is one of the actions listed on the Permissions page. But first thing first, what does $user provide ? The user unique id, to begin with.
print $user->uid;
The user unique id is 0 for an anonymous visitor, 1 for the Administrator, and a value higher than 1 for a logged in visitor, it really is a unique value for each of the web’s site members (a.k.a users).
print $user->name; print $user->mail;
In the last bit, the property mail provides the e-mail address of the logged in visitor.
Now this :
if(isset($user->signature)) { print $user->signature; }
The signature of the user is specified in his/her profile, it may or may not be shown at the bottom of his comments depending on your default theme, and “admin” settings. Also, it may not have been set at all by the user.
print t('You registered !time ago.', array('!time' => format_interval(time() - $user->created)));
The last bit prints how long ago the user registered. Now, when was the last time the user accessed the web site ? The property login gives us that information.
print t('Last time you logged in was !time ago.', array('!time' => format_interval(time() - $user->login)));
We might want to get an actual date on these things.
print t('You registered on !date.', array('!date' => format_date($user->created, 'small')));
You don’t like how the small, medium and long dates are formatted in Drupal (always including the time in the day) ? Use a custom PHP format :
print t('You registered on !date.', array('!date' => format_date($user->created, 'custom', 'l, j M Y')));
The property hostname gives us the user’s I.P. addy.
print t('Your IP address is !IP.', array('!IP' => $user->hostname));
We can show the user’s picture.The property $user->picture gives us the path to the user’s picture’s file, so we can display his/her picture on the page, like so:
if (isset($user->picture)) { $alt = $title = t('@name’s picture', array('@name' => $user->name)); print theme('image', $user->picture, $alt, $title); }
But we should never do it like that. Why? The path given to the user picture is the actual path. If you're using private download, your user image was uploaded to a private folder, probably not in your web site root. Hence, you need Drupal to get the image for you. Typing the actual path as 'src' attribute for the image won't work. The image will be broken. Unless of course the folder is IN your web site root. Say it is. Now, you've just revealed in your HTML markup where your not-so-private upload folder is. Bad idea.
It is preferable to use the Drupal function theme_user_picture() for the same purpose. It comes with a free gift as well. The user photo will be clickable. It will link to the user’s profile page. Depending on your website settings, visitors may not have access to the members' profile, so the picture may not be clickable for them.
if (isset($user->picture)) { print theme('user_picture', $user); }
Here is your face.
You are not logged in. So you cannot see yourself.
No one will be able to see your face here, but _you_ will. This posting is excecuting PHP code. That code fetches information from the global-scope variable $user, and that $user is yourself. When I view this post, I see my face.
Is there something else we can get from $user ? Certainly!
We can check which roles (possibly plural) the user has :
if (in_array('authenticated user', $user->roles)) { print t('You are an authenticated user.'); }
There is another way to check if a user has a specific role. The $user->roles property is an array of strings, and when a certain indexed key is set, the user has the role associated with that indexed key. Authenticated user goes with index 2, and Anonymous user goes with index 1.
if (isset($user->roles[2])) { print t('You are an authenticated user.'); } if (isset($user->roles[1])) { print t('You are an anonymous user.'); }
If we want to know if the user has the right to, say, 'view uploaded files', then we check for this condition, from anywhere (not only from the module that defines such permission) :
if (user_access('view uploaded files')) { print t('You have the right to download files attachments.'); }
Drupal’s function user_access informs us about the current user’s privileges, and it returns a boolean. If we want to know about another user’s privileges, we have to supply the function with a second argument. We will talk more about this in the next article.
If we want to fetch some user profile information, we first have to know the name of the profile field, that we added as an Administrator. That name begins with profile_. If, for example, the profile field name was profile_about, we would query the database like so :
SELECT column
FROM table1
JOIN table2
ON table1.foreign_key = table2.primary_key
WHERE table1.value = x AND WHERE table2.value = y
$result = db_query("SELECT pv.value FROM {profile_values} pv JOIN {profile_fields} pf ON pf.fid = pv.fid WHERE pv.uid = %d AND pf.name = '%s'", $user->uid, "profile_about"); if($about = db_fetch_object($result)) { print '<p>' . t('About @name : @value.', array( '@name' => $user->name, '@value' => $about->value, ) . '</p>'; }