Getting Full HTML for Profile module fields & specific roles

May 14, 2008
- Posted in:
Socialize:
4 Comments Add A Comment

Task

Recently a client asked for a simple yet flexible and scalable solution to modify the user profile output for a particular role (client is using the profile module). The client also wants to grant this role full html privileges with certain profile fields.

By default, the profile.module runs each field through a check_plain() or check_markup() function (see function profile_view_field() inside profile.module).

It is necessary to override the user_profile() theme function to prevent the content from being ran through "Filtered HTML" input filter - initially done through check_plain() and check_markup() functions.

Step 1

To start off with, override the user_profile theme function within template.php (found in your theme directory):

<?php
function phptemplate_user_profile($user, $fields = array()) {
    if ($user->roles['5']) {
        return _phptemplate_callback('profile_special', array('user' => $user, 'fields' => $fields));
    }
    else {
        return theme_user_profile($user, $fields);
    }
  }
?>

Step 2

Create the profile_special.tpl.php in your theme directory.

Step 3

Add the following to your profile_special.tpl.php file:

<?php
  // an example to allow the user's profile content to run through the "Full HTML" instead of "Filtered HTML" input filter:

  $output .= $user->profile_my_field;
  $output .= ''; // customize me to your liking...

  // print '<div class="profile">' . check_markup($output, $format = 3, $check = TRUE) . '</div>';
  print '<div class="profile">' . check_markup($output, 3, FALSE) . '</div>'; // see comment below
?>

$format = 3 is the "Full HTML" filter id for the client's site. If you have removed your default input filters, this $format = 3 will not work.

$check = TRUE tells the function to make sure this visiting user has has permissions to view the filtered output. If FALSE any visiting user can see the filtered content.

Summary

By overriding theme_user_profile() you can serve up many different layouts based on a number of things: $user>fields, $user->profile->fields, roles, your user id vs others. The list goes on. This is a powerful technique to use Drupal core modules and still get the look/behavior/features you desire.

To take this method of overriding the profile page even further, you can easily pull in content from views, cck, or a query of your choice. The options are endless.

Important!

You should always run profile fields (and others like views and cck fields) through a Drupal check_plain() or check_markup() function. Learn more about writing secure code in Drupal.

Special Thanks

Thanks to webchick and heine on IRC for answering questions related to the profile module and check_markup() function.

Guest5869

05.15.2008

<?php
check_markup($output, $format = 3, $check = TRUE)
?>

How Pythonesque; PHP doesn't support named parameters. What you are doing here is assigning values to the variables ($format, $check), and passing the result of the assignment expression to check_markup.

check_markup($output, 3, TRUE) would be more efficient.

elvis

05.15.2008

@Guest5869, thank you for clarifying that.

Wim Mostrey

05.15.2008

You might want to check out the Filter Default module, it does exactly this:

http://drupal.org/project/filter_default

elvis

05.16.2008

@Wim, this is a nice option. This could be good for multiple roles/users types I imagine. To bad it has be in dev for a while...

Name
E-mail (Kept Private)
CAPTCHA
Are you human?
Image CAPTCHA