modules/temporary_invitation/temporary_invitation.module

<?php
// $Id: temporary_invitation.module,v 1.26 2009/02/11 21:34:56 jpetso Exp $
/**
 * @file
 * Temporary Invitation - Invite guests for a limited timespan.
 *
 * Copyright 2007, 2009 by Jakob Petsovits ("jpetso", http://drupal.org/user/56020)
 * Copyright 2006 by D R Pratten <http://www.davidpratten.com>
 */
include_once(drupal_get_path('module', 'temporary_invitation') .'/temporary_invitation_api.inc');
include_once(drupal_get_path('module', 'temporary_invitation') .'/temporary_invitation_rules.inc');


/**
 * Implementation of hook_menu().
 */
function temporary_invitation_menu($may_cache) {
  global $user;
  $items = array();

  if ($may_cache) {
    $items[] = array(
      'path' => 'admin/user/temporary-invitation',
      'title' => t('Temporary invitation'),
      'description' => t('Custom configuration options for temporary invitations.'),
      'callback' => 'drupal_get_form',
      'callback arguments' => array('temporary_invitation_admin'),
      'access' => user_access('manage temporary invitations'),
    );
    $items[] = array(
      'path' => 'temporary-invitation-login',
      'title' => t('User login'),
      'callback' => 'temporary_invitation_login',
      'access' => TRUE,
      'type' => MENU_CALLBACK,
    );
    if ($user->uid && _temporary_invitation_get_show_menu('standard_item')) {
      $items[] = array(
        'path' => 'temporary-invitation',
        'title' => t('My invitations'),
        'callback' => 'drupal_get_form',
        'callback arguments' => array('temporary_invitation_manage', $user->uid),
        'access' => user_access('manage own temporary invitations')
                    || user_access('manage temporary invitations'),
      );
    }
  }
  else {
    // Direct login path - only handle the alias, as the original path
    // is already caught by the cached login path item.
    $login_path = drupal_get_path_alias('temporary-invitation-login');

    if ($login_path != 'temporary-invitation-login' // so it's an alias
        && strpos($_GET['q'], $login_path) === 0) // starts with the login path
    {
      $arg_offset = substr_count($login_path, '/');
      $items[] = array(
        'path' => $login_path .'/'. arg($arg_offset + 1),
        'title' => t('User login'),
        'callback' => 'temporary_invitation_direct_login',
        'callback arguments' => array(arg(1)),
        'access' => TRUE,
        'type' => MENU_CALLBACK,
      );
    }

    // "Delete invitation" path. Aliases are not used here.
    if (arg(0) == 'temporary-invitation' && arg(3) == 'delete' && is_numeric(arg(1))) {
      $host_uid = arg(1);
      $passcode_md5 = arg(2);
      $items[] = array(
        'path' => 'temporary-invitation/'. $host_uid .'/'. $passcode_md5 .'/delete',
        'callback' => 'temporary_invitation_delete',
        'callback arguments' => array($passcode_md5, TRUE),
        'access' => TRUE, // access checks are done inside the delete function
        'type' => MENU_CALLBACK,
      );
    }

    $temporary_invitation_path = drupal_get_path_alias('temporary-invitation');

    // "My account" tab
    if (arg(0) == 'user' && is_numeric(arg(1)) && _temporary_invitation_get_show_menu('my_account')) {
      $host_user = temporary_invitation_fast_user_load(arg(1));
      $host_uid = $host_user->uid;

      $items[] = array(
        'path' => 'user/'. $host_uid .'/'. $temporary_invitation_path,
        'title' => t('Invitations'),
        'callback' => 'drupal_get_form',
        'callback arguments' => array('temporary_invitation_manage', $host_uid),
        'access' => ($user->uid == $host_uid && user_access('manage own temporary invitations'))
                    || user_access('manage temporary invitations'),
        'type' => MENU_LOCAL_TASK,
      );
    }

    // standard menu path
    if (_temporary_invitation_get_show_menu('standard_item')
        && strpos($_GET['q'], $temporary_invitation_path) === 0) {
      // The path may be something like 'bla/invitations', so count the slashes
      // in order to determine the arg() number of the host uid.
      $arg_offset = substr_count($temporary_invitation_path, '/');
      $host_uid = arg($arg_offset + 1);

      if (is_numeric($host_uid)) {
        $host_user = temporary_invitation_fast_user_load($host_uid);

        if ($host_user !== FALSE) {
          $host_uid = $host_user->uid;

          $items[] = array(
            'path' => $temporary_invitation_path .'/'. $host_uid,
            'title' => ($user->uid == $host_uid)
                        ? t('My invitations')
                        : t('@user\'s invitations', array('@user' => $host_user->name)),
            'callback' => 'drupal_get_form',
            'callback arguments' => array('temporary_invitation_manage', $host_uid),
            'access' => ($user->uid == $host_uid && user_access('manage own temporary invitations'))
                        || user_access('manage temporary invitations'),
            'type' => MENU_CALLBACK,
          );
        }
      }
    } // end of standard menu path handling
  } // end of ($may_cache == FALSE)
  return $items;
}

/**
 * Implementation of hook_perm().
 */
function temporary_invitation_perm() {
  return array('manage temporary invitations', 'manage own temporary invitations');
}


/**
 * Load the corresponding user, but if the @p $uid is the one of
 * the current user then return the global $user object instead.
 *
 * @return
 *   The user object corresponding to @p $uid or FALSE if there is no such user.
 */
function temporary_invitation_fast_user_load($uid) {
  global $user;

  if (is_numeric($uid)) {
    switch ($uid) {
      case 0:
        return FALSE;
      case $user->uid:
        return drupal_clone($user);
      default:
        return user_load(array('uid' => $uid));
    }
  }
}


/**
 * The admin settings form.
 */
function temporary_invitation_admin() {
  $form = array();

  // Fetch all roles except anonymous and authenticated user
  $roles = user_roles(TRUE);
  unset($roles[DRUPAL_AUTHENTICATED_RID]);

  $form['temporary_invitation_show_menu'] = array(
    '#type' => 'checkboxes',
    '#title' => t('Show the invitation management page'),
    '#options' => _temporary_invitation_get_show_menu('all'),
    '#default_value' => _temporary_invitation_get_show_menu(),
  );

  $form['temporary_invitation_user_roles_default'] = array(
    '#type' => 'checkboxes',
    '#title' => t('Roles assigned to invited users'),
    '#options' => $roles,
    '#default_value' => _temporary_invitation_get_user_roles_default(),
    '#description' => t('Every invited user is automatically assigned the \'authenticated user\' role plus the ones specified here.'),
  );
  $form['temporary_invitation_no_roles_for_existing_user'] = array(
    '#type' => 'checkbox',
    '#title' => t('Don\'t assign these roles to existing users'),
    '#default_value' => !_temporary_invitation_existing_user_gets_roles(),
    '#description' => t('If this option is enabled, the roles specified above are only assigned to users that are newly created from an invitation and didn\'t exist on this site before. Subsequently, users with an existing account are not assigned any additional roles.'),
  );

  $default_duration = _temporary_invitation_get_default_duration();
  $form['default_duration'] = array(
    '#type' => 'duration',
    '#name' => 'temporary_invitation_default_duration',
    '#title' => t('Default timespan until invitation expiry'),
    '#description' => t('Specify how long an invitation will be valid by default. The host user can customize this timespan for each invited user.'),
    '#default_metric' => $default_duration['metric'],
    '#default_value' => $default_duration['value'],
    '#required' => TRUE,
  );

  $form['temporary_invitation_flood_threshold'] = array(
    '#type' => 'textfield',
    '#title' => t('Maximum number of invitations per hour'),
    '#default_value' => variable_get('temporary_invitation_flood_threshold', 20),
    '#description' => t('In order to prevent spam abuse with invitation mails, you can define a limit on how many invitations may be sent per hour. Enter a positive number to enable that check, or 0 if there should be no limit.'),
    '#required' => TRUE,
    '#size' => 3,
  );

  $form['temporary_invitation_delete_action'] = array(
    '#type' => 'select',
    '#title' => t('When an invitation is deleted'),
    '#options' => _temporary_invitation_get_delete_action('all'),
    '#default_value' => _temporary_invitation_get_delete_action(),
    '#description' => t('Determine what happens with the user that belongs to an invitation if the invitation is removed.'),
    '#required' => TRUE,
  );

  // Login target path form elements.
  $form['target'] = array(
    '#type' => 'fieldset',
    '#title' => t('Login target path'),
    '#collapsible' => TRUE,
    '#collapsed' => TRUE,
  );
  if (module_exists('token')) {
    $replacement_description = t('Use the following replacement patterns for dynamically inserting text fragments into the login target path.');
  }
  else { // backwards compatibility
    $replacement_description = t('Available variables: [invited-user:uid], [host-user:uid].');
  }
  $form['target']['temporary_invitation_login_target'] = array(
    '#type' => 'textfield',
    '#title' => t('Login target path'),
    '#default_value' => _temporary_invitation_get_login_target(),
    '#description' => t('The path where users are redirected to when they log in with their login codes. Enter \'&lt;front&gt;\' for the front page. !replacements', array('!replacements' => $replacement_description)),
    '#required' => TRUE,
  );
  if (module_exists('token')) {
    $form['target']['invitation_replacements'] = array(
      '#type' => 'fieldset',
      '#title' => t('Replacement patterns for invitation properties'),
      '#collapsible' => TRUE,
      '#collapsed' => TRUE,
    );
    $form['target']['invitation_replacements']['content'] = array(
      '#value' => theme('token_help', 'temporary_invitation_with_passcode', '[invitation:', ']'),
    );
    $form['target']['invited_user_replacements'] = array(
      '#type' => 'fieldset',
      '#title' => t('Replacement patterns for invited user properties'),
      '#collapsible' => TRUE,
      '#collapsed' => TRUE,
    );
    $form['target']['invited_user_replacements']['content'] = array(
      '#value' => theme('token_help', 'user', '[invited-user:', ']'),
    );
    $form['target']['host_user_replacements'] = array(
      '#type' => 'fieldset',
      '#title' => t('Replacement patterns for host user properties'),
      '#collapsible' => TRUE,
      '#collapsed' => TRUE,
    );
    $form['target']['host_user_replacements']['content'] = array(
      '#value' => theme('token_help', 'user', '[host-user:', ']'),
    );
  }

  // Construct the description text for the email body template.
  if (module_exists('token')) {
    $replacement_description = t('Use the following replacement patterns for dynamically inserting text fragments into invitation mails.');
  }
  else { // backwards compatibility
    $mail_replacement_keys = array(
      '[mail:subject]', '[mail:body]', '[host-user:mail]', '[host-user:user-raw]',
      '[invitation:login-code]', '[invitation:direct-login-url]',
      '[invitation:login-form-url]', '[invitation:expiration-date]',
      '[invitation:site-name]', '[invitation:site-url]', '[invitation:site-date]'
    );
    $replacement_description = t('Available variables: !vars.',
      array('!vars' => implode(', ', $mail_replacement_keys))
    );
  }

  // Email template form elements.
  $form['email'] = array(
    '#type' => 'fieldset',
    '#title' => t('Invitation e-mail'),
    '#description' => t('When a user creates an invitation, the user-supplied mail body can (and should) be amended with additional information, including either the direct login URL or the login form URL and login code. How this e-mail looks like is defined by this template.'),
    '#collapsible' => TRUE,
    '#collapsed' => FALSE,
  );
  $form['email']['temporary_invitation_email_body'] = array(
    '#type' => 'textarea',
    '#title' => t('E-mail body'),
    '#description' => t(
      'The body of the invitation e-mail. !replacements',
      array('!replacements' => $replacement_description)
    ),
    '#default_value' => _temporary_invitation_get_message_template('temporary_invitation_email_body'),
    '#rows' => 15,
    '#required' => TRUE,
  );
  if (module_exists('token')) {
    $form['email']['invitation_replacements'] = array(
      '#type' => 'fieldset',
      '#title' => t('Replacement patterns for invitation properties'),
      '#collapsible' => TRUE,
      '#collapsed' => TRUE,
    );
    $form['email']['invitation_replacements']['content'] = array(
      '#value' => theme('token_help', 'temporary_invitation_with_passcode', '[invitation:', ']'),
    );
    $form['email']['mail_replacements'] = array(
      '#type' => 'fieldset',
      '#title' => t('Replacement patterns for user-supplied mail properties'),
      '#collapsible' => TRUE,
      '#collapsed' => TRUE,
    );
    $form['email']['mail_replacements']['content'] = array(
      '#value' => theme('token_help', 'temporary_invitation_mail', '[mail:', ']'),
    );
    $form['email']['host_user_replacements'] = array(
      '#type' => 'fieldset',
      '#title' => t('Replacement patterns for host user properties'),
      '#collapsible' => TRUE,
      '#collapsed' => TRUE,
    );
    $form['email']['host_user_replacements']['content'] = array(
      '#value' => theme('token_help', 'user', '[host-user:', ']'),
    );
  }

  return system_settings_form($form);
}

function temporary_invitation_admin_validate($form_id, $form_values) {
  if (!is_numeric($form_values['temporary_invitation_flood_threshold'])
      || $form_values['temporary_invitation_flood_threshold'] < 0) {
    form_set_error('temporary_invitation_flood_threshold', t('Please set the per-hour limit of invitations to a positive number.'));
  }
}

/**
 * Admin form submit hook:
 * Store settings with system_settings_form_submit(), assign user roles,
 * and clear the menu cache so that possible changes in the menu are respected.
 */
function temporary_invitation_admin_submit($form_id, $form_values) {
  // Store current user roles, so we can compare them to the new ones later
  $old_roles = _temporary_invitation_get_user_roles_default();
  $old_existing_user_gets_roles = _temporary_invitation_existing_user_gets_roles();

  // automatically stores the form values
  $form_values['array_filter'] = TRUE; // only store checked checkbox keys
  system_settings_form_submit($form_id, $form_values);

  // assign the new roles to all invited users, but only if they have changed
  $new_roles = _temporary_invitation_get_user_roles_default();
  $new_existing_user_gets_roles = _temporary_invitation_existing_user_gets_roles();

  if ($old_roles !== $new_roles
      || $old_existing_user_gets_roles !== $new_existing_user_gets_roles) {
    temporary_invitation_update_user_roles($old_roles, $new_roles);
    drupal_set_message('The roles of all temporary users have been updated.');
  }

  // The management page can be a tab on "My account" and/or a standard menu
  // item. And this is configurable by the admin, thus, clear the menu cache.
  cache_clear_all('*', 'cache_menu', TRUE);
}


/**
 * The user's own temporary invitation management form.
 *
 * @param $host_uid
 *   User ID of the user whose invitations shall be retrieved.
 */
function temporary_invitation_manage($host_uid, $form_values = NULL) {
  if (!is_array($form_values)) { // in case of more arg()s than there should be
    unset($form_values);
  }
  if (isset($form_values)) {
    if ($form_values['op'] == t('Send invitation e-mail')) {
      unset($form_values); // Has been sent, clear all the values.
    }
    else if ($form_values['op'] == t('Preview invitation e-mail')) {
      $preview = TRUE;
    }
  }
  $form = array();

  if ($preview) {
    $host_user = temporary_invitation_fast_user_load($host_uid);

    $invitation = new stdClass();
    $invitation->passcode = t('[login-code]');
    $invitation->created = time();
    $invitation->ticket = new stdClass();
    $invitation->ticket->expires =
      temporary_invitation_duration_widget_add('duration', $form_values);

    // Retrieve the mail object by means of a hook, so that third-party modules
    // can extend it with additional form values if they choose to do so.
    $mail = new stdClass();
    module_invoke_all('temporary_invitation_mail_submit', $mail, $form_values);
    $form['#mail'] = $mail;

    $template = isset($mail->template)
                ? $mail->template
                : 'temporary_invitation_email_body';

    $body = _temporary_invitation_get_message_template($template);
    $body = temporary_invitation_mail_replace($body, $invitation, $mail, $host_user);

    $form['preview'] = array(
      '#type' => 'markup',
      '#value' => '',
      '#prefix' => '<div class="temporary-invitation-preview">',
      '#suffix' => '</div>',
    );
    $form['preview']['name'] = array(
      '#type' => 'hidden',
      '#value' => $form_values['name'],
    );
    $form['preview']['invited_email'] = array(
      '#type' => 'hidden',
      '#value' => $form_values['invited_email'],
    );
    $form['preview']['email_subject'] = array(
      '#type' => 'hidden',
      '#value' => $form_values['email_subject'],
    );
    $form['preview']['email_body'] = array(
      '#type' => 'hidden',
      '#value' => $form_values['email_body'],
    );
    $form['preview']['duration_metric'] = array(
      '#type' => 'hidden',
      '#value' => $form_values['duration_metric'],
    );
    $form['preview']['duration_value'] = array(
      '#type' => 'hidden',
      '#value' => $form_values['duration_value'],
    );

    $form['preview']['description'] = array(
      '#type' => 'markup',
      '#value' => t('Please check the e-mail address, subject and contents of your invitation mail before it is sent to %invited-user.', array('%invited-user' => $form_values['name'])),
      '#required' => TRUE,
    );
    $form['preview']['address'] = array(
      '#type' => 'item',
      '#title' => t('E-mail address of the invited user'),
      '#value' => check_plain($mail->to),
    );
    $form['preview']['subject'] = array(
      '#type' => 'item',
      '#title' => t('E-mail subject'),
      '#value' => check_plain($mail->subject),
    );
    $form['preview']['body'] = array(
      '#type' => 'item',
      '#title' => t('E-mail contents'),
      '#value' => '<pre>'. check_plain($body) .'</pre>',
    );

    $metric_options = _temporary_invitation_duration_metric_options();
    $form['preview']['duration'] = array(
      '#type' => 'item',
      '#title' => t('Invitation expires in'),
      '#value' => t('!number !duration-metric', array(
        '!number' => $form_values['duration_value'],
        '!duration-metric' => $metric_options[$form_values['duration_metric']],
      )),
    );

    $form['preview']['copy_to_self'] = array(
      '#type' => 'checkbox',
      '#title' => t('Send me a copy.'),
      '#default_value' => $mail->copy_to_self,
    );
    $form['preview']['host_uid'] = array(
      '#type' => 'value',
      '#value' => $host_uid,
    );

    $form['preview']['back'] = array(
      '#type' => 'submit',
      '#value' => t('Back'),
      '#weight' => 10,
    );
    $form['preview']['submit'] = array(
      '#type' => 'submit',
      '#value' => t('Send invitation e-mail'),
      '#weight' => 11,
    );
  }
  else { // $preview == FALSE
    $overview_table = temporary_invitation_overview($host_uid);

    $form['add'] = array(
      '#type' => 'fieldset',
      '#title' => t('Create new invitation'),
      '#description' => t('Using this form, you can invite people to this site by sending an invitation e-mail to the specified e-mail address. Login information for the invited user will automatically be added to the contents of this e-mail.'),
      '#collapsible' => TRUE,
      '#collapsed' => !(isset($form_values) || empty($overview_table)),
      '#prefix' => '<div class="temporary-invitation-input">',
      '#suffix' => '</div>',
    );

    $form['add']['name'] = array(
      '#type' => 'textfield',
      '#title' => t('Who to invite'),
      '#description' => t('The name of the person or company that you want to invite. This can be any text you like, its primary purpose is to tell your invitations apart from each other if you have got more of them.'),
      '#required' => TRUE,
    );
    $form['add']['invited_email'] = array(
      '#type' => 'textfield',
      '#title' => t('E-mail address of the invited user'),
      '#description' => t('The invitation e-mail will be sent to this address.'),
      '#required' => TRUE,
    );
    $form['add']['email_subject'] = array(
      '#type' => 'textfield',
      '#title' => t('E-mail subject'),
      '#required' => TRUE,
    );
    $form['add']['email_body'] = array(
      '#type' => 'textarea',
      '#title' => t('E-mail contents'),
      '#rows' => 15,
      '#required' => TRUE,
    );
    $form['add']['copy_to_self'] = array(
      '#type' => 'hidden',
      '#value' => isset($form_values['copy_to_self']) ? $form_values['copy_to_self'] : 1,
    );

    $default_duration = _temporary_invitation_get_default_duration();
    $form['add']['duration'] = array(
      '#type' => 'duration',
      '#name' => 'duration',
      '#title' => t('Invitation expires in'),
      '#description' => t('The invited user will be able to log in as long as you specify here.'),
      '#default_metric' => $default_duration['metric'],
      '#default_value' => $default_duration['value'],
      '#required' => TRUE,
    );

    $form['add']['submit'] = array(
      '#type' => 'submit',
      '#value' => t('Preview invitation e-mail'),
      '#weight' => 11,
    );

    $form['overview'] = array(
      '#value' => $overview_table,
    );
  }

  $form['#multistep'] = TRUE;
  $form['#redirect'] = FALSE;
  return $form;
}

/**
 * Display the given user's existing temporary invitations in a table.
 *
 * @param $host_uid
 *   User ID of the user whose invitations shall be retrieved.
 * @param $destination_path
 *   The destination path that will be opened when a "Delete" link is followed.
 *   If NULL (which is the default), the current path is used as destination.
 * @param $include_expired
 *   If TRUE (which is the default), the resulting table also includes
 *   invitations that are already expired. Otherwise, only valid invitations
 *   are included in the table.
 */
function temporary_invitation_overview($host_uid, $destination_path = NULL, $include_expired = TRUE) {
  $invitations = temporary_invitation_load_array($host_uid, $include_expired);

  if (count($invitations) == 0) {
    return '';
  }

  $header = array(t('Name'), t('Created on'), t('Valid until'), '');
  $rows = array();
  $rows_expired = array(); // those come at the bottom of the list

  if (isset($destination_path)) {
    $destination = 'destination='. drupal_urlencode($destination_path);
  }
  else {
    $destination = drupal_get_destination();
  }
  foreach($invitations as $invitation) {
    $delete_link = l(t('delete'),
      'temporary-invitation/'. $host_uid .'/'. $invitation->ticket->passcode_md5 .'/delete',
      array(), $destination
    );
    $created_date = empty($invitation->created)
      ? t('(unknown)')
      : format_date($invitation->created);

    if (time() < $invitation->ticket->expires) {
      $expires_text = format_date($invitation->ticket->expires);
      $rows[] = array(
        check_plain($invitation->name), $created_date, $expires_text, $delete_link,
      );
    }
    else {
      $expires_text = t('expired');
      $rows_expired[] = array(
        check_plain($invitation->name), $created_date, $expires_text, $delete_link,
      );
    }
  }
  foreach ($rows_expired as $row) {
    $rows[] = $row;
  }

  return theme('table', $header, $rows, array('class' => 'temporary-invitation'));
}

/**
 * Invitation management form validation hook:
 * Don't let invalid mail addresses or empty mail subjects/bodies through.
 */
function temporary_invitation_manage_validate($form_id, $form_values) {
  // If something is entered at all, validate the e-mail address.
  // (Otherwise, the '#required' property takes care of this.)
  $invited_email = $form_values['invited_email'];

  if (!empty($invited_email)) {
    // Check for a valid mail address.
    if ($error = user_validate_mail($invited_email)) {
      form_set_error('invited_email', $error);
    }
  }

  // If defined by the admin, restrict the number of invitations per hour.
  $threshold = variable_get('temporary_invitation_flood_threshold', 20);

  if ($threshold != 0 && !flood_is_allowed('temporary_invitation', $threshold)) {
    form_set_error('email_body', t('You have exceeded the allowed number of invitations per hour. Please wait some time before sending out more invitations.'));
  }
}

/**
 * Invitation management form submit hook:
 * Evaluate the expiration time, and create a new invitation for the user.
 */
function temporary_invitation_manage_submit($form_id, $form_values) {
  if ($form_values['op'] != t('Send invitation e-mail')) {
    return;
  }
  $expiration_time = temporary_invitation_duration_widget_add('duration', $form_values);
  $host_user = user_load(array('uid' => $form_values['host_uid']));

  $mail = new stdClass();
  module_invoke_all('temporary_invitation_mail_submit', $mail, $form_values);

  temporary_invitation_create($host_user, $form_values['name'], $mail, $expiration_time);
  flood_register_event('temporary_invitation');

  // Go to the destination path if it has been passed in the request.
  if (isset($_REQUEST['destination'])) {
    drupal_goto();
  }
}

/**
 * Implementation of hook_temporary_invitation_mail_submit():
 * Extend the given @p $mail object with form values of the manage/send form
 * if the "Preview" or "Send" buttons have been pressed.
 */
function temporary_invitation_temporary_invitation_mail_submit(&$mail, $form_values) {
  $mail->to = $form_values['invited_email'];
  $mail->subject = $form_values['email_subject'];
  $mail->body = $form_values['email_body'];
  $mail->copy_to_self = $form_values['copy_to_self'];
}


/**
 * Implementation of hook_block():
 * Provide a login block for entering passcodes.
 */
function temporary_invitation_block($op = 'list', $delta = 0, $edit = array()) {
  global $user;

  if ($op == 'list') {
    $blocks[0] = array('info' => t('Temporary invitation user login'));
    return $blocks;
  }
  else if ($op == 'view') {
    $block = array();

    switch ($delta) {
      case 0:
        // Provide a login block for anonymous users only, and don't show
        // the block if the current page is already the login form.
        if (!$user->uid && !(arg(0) == 'temporary-invitation-login')) {
          $block['subject'] = t('User login');
          $block['weight'] = -1;
          $block['content'] = drupal_get_form('temporary_invitation_login_form');
        }
        return $block;
    }
  }
}

/**
 * Implementation of hook_form_alter():
 * Hide the user login block when the temporary invitation login form is shown.
 */
function temporary_invitation_form_alter($form_id, &$form) {
  switch ($form_id) {
    case 'user_login_block':
      if ($_GET['q'] == 'temporary-invitation-login') {
        $form = array();
      }
      return;
  }
}

/**
 * Page callback for "temporary-invitation-login":
 * The user login form that accepts passcodes as a means of authentication.
 */
function temporary_invitation_login($passcode = NULL) {
  if (isset($passcode)) {
    return temporary_invitation_direct_login($passcode);
  }
  else {
    return drupal_get_form('temporary_invitation_login_form');
  }
}

function temporary_invitation_login_form() {
  global $user;
  $form = array();

  if ($user->uid) {
    $form['warning'] = array(
      '#value' => t('You are already logged in. Note that by entering a valid login code, you will be logged out and assigned another user identity instead.'),
    );
  }
  $form['passcode'] = array(
    '#type' => 'textfield',
    '#title' => t('Login code'),
    '#maxlength' => 60,
    '#size' => 15,
    '#required' => TRUE,
  );
  $form['submit'] = array(
    '#type' => 'submit',
    '#value' => t('Log in'),
  );
  return $form;
}

/**
 * Validate handler for the login form:
 * Try to log the user with the related passcode in.
 * If the login fails, issue a form error.
 */
function temporary_invitation_login_form_validate($form_id, $form_values) {
  $user = loginticket_login('temporary_invitation', $form_values['passcode']);
  if ($user === FALSE) {
    form_set_error('login', t('Sorry, the entered login code is not valid or has already expired.'));
  }
}

/**
 * Submit handler for the login form:
 * Determine the login target path and redirect there.
 */
function temporary_invitation_login_form_submit($form_id, $form_values) {
  unset($_REQUEST['destination']); // don't let anyone disturb us.
  return _temporary_invitation_get_login_target($form_values['passcode']);
}

/**
 * Page callback for "temporary-invitation-login/$passcode":
 * Log in with the passcode directly in the URL, bypassing the login form.
 */
function temporary_invitation_direct_login($passcode) {
  $success = loginticket_login('temporary_invitation', $passcode);
  if (!$success) {
    return t('Sorry, the entered login code is not valid or has already expired.');
  }

  // Write the target path directly to $_REQUEST['destination']
  // so that possible previous destination assignments (e.g. in hook_user())
  // are disregarded.
  $_REQUEST['destination'] = _temporary_invitation_get_login_target($passcode);
  drupal_goto();
}


/**
 * Determine if the menu item is shown in the specified location.
 *
 * @param $location
 *   If set to 'all', an associative array consisting of all available
 *   menu location keys and descriptions is returned.
 *   If set to 'selected', the function returns an array that contains
 *   the currently selected keys.
 *   If set to 'my_account' or 'standard_item', the function returns a boolean
 *   value which specifies if the given location is visible/accessible or not.
 */
function _temporary_invitation_get_show_menu($which = 'selected') {
  if ($which == 'all') {
    return array(
      'my_account' => t('As a tab in "My account"'),
      'standard_item' => t('As a standard menu item'),
    );
  }

  $selected = variable_get('temporary_invitation_show_menu', array('my_account'));

  if ($which == 'selected') {
    return $selected;
  }
  else {
    return in_array($which, $selected);
  }
}

/**
 * Retrieve the login path for invited users who are logging in with their
 * passcode.
 *
 * @param $passcode
 *   Optional parameter: if given, the returned menu path will enable
 *   Token replacement for the login target path, using the invitation
 *   and its related users as replacement patterns.
 */
function _temporary_invitation_get_login_target($passcode = NULL) {
  $target = variable_get('temporary_invitation_login_target', '<front>');

  if (isset($passcode)) {
    if (module_exists('token')) {
      $invitation = temporary_invitation_load(md5($passcode));
      $invitation->passcode = $passcode;
      $host_user = temporary_invitation_get_host_user($invitation);
      $invited_user = temporary_invitation_get_invited_user($invitation);

      $target = token_replace($target, 'temporary_invitation_with_passcode', $invitation, '[invitation:', ']');
      $target = token_replace($target, 'user', $host_user, '[host-user:', ']');
      $target = token_replace($target, 'user', $invited_user, '[invited-user:', ']');
    }
    else { // backwards compatibility
      $replacements = array(
        '[invited-user:uid]' => $invitation->invited_uid,
        '[host-user:uid]' => $invitation->host_uid,
      );
      $target = strtr($target, $replacements);
    }
  }
  return $target;
}

/**
 * Retrieve the default timespan for valid invitations.
 *
 * @return  An associative array with keys 'metric' and 'value'.
 */
function _temporary_invitation_get_default_duration() {
  return array(
    'metric' => variable_get('temporary_invitation_default_duration_metric', 'mon'),
    'value' => variable_get('temporary_invitation_default_duration_value', 1),
  );
}

/**
 * Implementation of hook_temporary_invitation():
 * Notify the host and/or invited user about the newly created invitation
 * by means of a notification email and a short Drupal message.
 */
function temporary_invitation_temporary_invitation($op, $invitation, $passcode = NULL, $mail = NULL) {
  switch ($op) {
    case 'insert':
      global $user;
      $host_user = drupal_clone($user);

      drupal_set_message(
        t('Your invitation has been registered, and the notification email will be mailed out shortly.')
      );

      $invitation->passcode = $passcode;
      $template = isset($mail->template)
                  ? $mail->template
                  : 'temporary_invitation_email_body';

      $body = _temporary_invitation_get_message_template($template);
      $body = temporary_invitation_mail_replace($body, $invitation, $mail, $host_user);

      // Send a notification email to the invited and host users.
      drupal_mail(
        'temporary-invitation-created',
        $mail->to, $mail->subject, $body, $host_user->mail
      );
      if ($mail->copy_to_self) {
        drupal_mail(
          'temporary-invitation-created',
          $host_user->mail, $mail->subject, $body, $host_user->mail
        );
      }

      if (module_exists('workflow_ng')) {
        workflow_ng_invoke_event(
          'temporary_invitation_insert', $invitation, $mail
        );
      }
      return;

    case 'login':
      $invitation->passcode = $passcode;
      if (module_exists('workflow_ng')) {
        workflow_ng_invoke_event(
          'temporary_invitation_login', $invitation
        );
      }
      return;

    case 'delete':
      if (module_exists('workflow_ng')) {
        workflow_ng_invoke_event(
          'temporary_invitation_delete', $invitation
        );
      }
      return;

    default:
      return;
  }
}

/**
 * Replace tokens of an invitation mail text with actual properties of the
 * given invitation object.
 *
 * @param $body
 *   The mail body string, probably including replacement tokens.
 * @param $invitation
 *   The invitation object, including the properties "passcode", "created"
 *   and "ticket", the latter being a (login ticket) object of which only the
 *   "expires" property is being used.
 * @param $mail
 *   The user-supplied mail text (which will be fed into the mail template),
 *   including the properties "to", "subject" and "body".
 * @param $host_user
 *   A Drupal user object holding the properties of the host user.
 *
 * @return
 *   The @p $body string after token replacement.
 */
function temporary_invitation_mail_replace($body, $invitation, $mail, $host_user) {
  global $base_url;

  if (module_exists('token')) {
    $body = token_replace($body,
      'temporary_invitation_with_passcode', $invitation, '[invitation:', ']'
    );
    $body = token_replace($body, 'user', $host_user, '[host-user:', ']');
    $body = token_replace($body, 'temporary_invitation_mail', $mail, '[mail:', ']');
  }
  else { // backwards compatibility
    $login_form_url = url('temporary-invitation-login', NULL, NULL, TRUE);
    $direct_login_url = $login_form_url .'/'. drupal_urlencode($invitation->passcode);

    $mail_replacements = array(
      '[invitation:login-code]' => $invitation->passcode,
      '[invitation:direct-login-url]' => $direct_login_url,
      '[invitation:login-form-url]' => $login_form_url,
      '[invitation:creation-date]' => format_date($invitation->created, 'short'),
      '[invitation:expiration-date]' => format_date($invitation->ticket->expires, 'short'),
      '[invitation:site-name]' => variable_get('site_name', 'Drupal'),
      '[invitation:site-url]' => $base_url,
      '[invitation:site-date]' => format_date(time(), 'short', '', variable_get('date_default_timezone', 0)),
      '[host-user:mail]' => $host_user->mail,
      '[host-user:user-raw]' => $host_user->name,
      '[mail:to]' => $mail->to,
      '[mail:subject]' => $mail->subject,
      '[mail:body]' => $mail->body,
    );
    $body = strtr($body, $mail_replacements);
  }
  foreach (module_implements('temporary_invitation_mail_body_alter') as $module) {
    $function = $module .'_temporary_invitation_mail_body_alter';
    $body = $function($body, $invitation, $mail, $host_user);
  }
  return $body;
}

/**
 * Implementation of hook_token_list().
 */
function temporary_invitation_token_list($type = 'all') {
  $tokens = array();

  if ($type == 'temporary_invitation' || $type == 'temporary_invitation_with_passcode' || $type == 'all') {
    $login_form_url = url('temporary-invitation-login', NULL, NULL, TRUE);
    $login_form_link = l($login_form_url, $login_form_url);
    $current_date = format_date(time(), 'short');

    $creation_tokens = array(
      'login-code' => t('Login code, e.g. "!code"', array('!code' => 'EbN2F3')),
      'direct-login-url' => t('URL for direct user login, including the login code, e.g. !url',
                              array('!url' => $login_form_url .'/EbN2F3')),
    );
    $general_tokens = array(
      'login-form-url' => t('URL of the login form, which is !link.',
                            array('!link' => $login_form_link)),
      'creation-date' => t('Creation date/time of the invitation, e.g. "@time"',
                             array('@time' => $current_date)),
      'expiration-date' => t('Expiration date/time of the invitation, e.g. "@time"',
                             array('@time' => $current_date)),
    );
    $tokens['temporary invitation'] = ($type == 'temporary_invitation_with_passcode')
                                      ? $creation_tokens + $general_tokens
                                      : $general_tokens;
  }
  if ($type == 'temporary_invitation_mail' || $type == 'all') {
    $tokens['temporary invitation mail'] = array(
      'to' => t('E-mail address of the invited user.'),
      'subject' => t('E-mail subject, as plaintext. WARNING - raw user input.'),
      'subject-filtered' => t('E-mail subject, as filtered plaintext (not recommoned for usage in e-mails)'),
      'body' => t('E-mail body, as plaintext. WARNING - raw user input.'),
      'body-filtered' => t('E-mail body, as filtered plaintext (not recommoned for usage in e-mails)'),
    );
  }
  return $tokens;
}

/**
 * Implementation of hook_token_values().
 */
function temporary_invitation_token_values($type, $object = NULL) {
  $tokens = array();

  if ($type == 'temporary_invitation' || $type == 'temporary_invitation_with_passcode') {
    $invitation = $object;
    $login_form_url = url('temporary-invitation-login', NULL, NULL, TRUE);

    if (isset($invitation->passcode)) {
      $tokens['login-code'] = $invitation->passcode;
      $tokens['direct-login-url'] = $login_form_url .'/'. $invitation->passcode;
    }
    $timezone = variable_get('date_default_timezone', 0);

    $tokens['login-form-url'] = $login_form_url;
    $tokens['expiration-date'] = format_date($invitation->ticket->expires, 'short', '', $timezone);
    $tokens['creation-date'] = empty($invitation->created)
      ? t('(unknown)')
      : format_date($invitation->created, 'short', '', $timezone);
  }
  if ($type == 'temporary_invitation_mail') {
    $mail = $object;
    $tokens['to'] = $mail->to;
    $tokens['subject'] = $mail->subject;
    $tokens['subject-filtered'] = check_plain($mail->subject);
    $tokens['body'] = $mail->body;
    $tokens['body-filtered'] = check_plain($mail->body);
  }
  return $tokens;
}

/**
 * Retrieve the currently set message.
 */
function _temporary_invitation_get_message_template($which) {
  // Check if an admin setting overrides the default string.
  if ($admin_setting = variable_get($which, FALSE)) {
    return $admin_setting;
  }
  $function = $which .'_default_template';

  if (function_exists($function)) {
    return $function();
  }
  else {
    drupal_set_message('Error in temporary_invitation.module:
      No such message template ("'. $which .'")!', 'warning'
    );
  }
}

/**
 * Implementation of temporary_invitation's [variable]_default_template() callback.
 */
function temporary_invitation_email_body_default_template() {
  return t(
'[mail:body]

----
[host-user:user-raw] has invited you to the [invitation:site-name] web site.
You can now log in until [invitation:expiration-date] by following this link:
[invitation:direct-login-url]

Keep in mind that you will not be able to log in anymore when
your invitation has expired, or if it is revoked by user [host-user:user-raw].

--  [invitation:site-name] team'
  );
}