search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
weekly release 3.5.5+
[moodle.git] / user / lib.php
blob26d14d5190f1919b448a2da09258393ca5e57208
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * External user API
19 *
20 * @package core_user
21 * @copyright 2009 Moodle Pty Ltd (http://moodle.com)
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 */
24
25 define('USER_FILTER_ENROLMENT', 1);
26 define('USER_FILTER_GROUP', 2);
27 define('USER_FILTER_LAST_ACCESS', 3);
28 define('USER_FILTER_ROLE', 4);
29 define('USER_FILTER_STATUS', 5);
30 define('USER_FILTER_STRING', 6);
31
32 /**
33 * Creates a user
34 *
35 * @throws moodle_exception
36 * @param stdClass $user user to create
37 * @param bool $updatepassword if true, authentication plugin will update password.
38 * @param bool $triggerevent set false if user_created event should not be triggred.
39 * This will not affect user_password_updated event triggering.
40 * @return int id of the newly created user
41 */
42 function user_create_user($user, $updatepassword = true, $triggerevent = true) {
43 global $DB;
44
45 // Set the timecreate field to the current time.
46 if (!is_object($user)) {
47 $user = (object) $user;
48 }
49
50 // Check username.
51 if (trim($user->username) === '') {
52 throw new moodle_exception('invalidusernameblank');
53 }
54
55 if ($user->username !== core_text::strtolower($user->username)) {
56 throw new moodle_exception('usernamelowercase');
57 }
58
59 if ($user->username !== core_user::clean_field($user->username, 'username')) {
60 throw new moodle_exception('invalidusername');
61 }
62
63 // Save the password in a temp value for later.
64 if ($updatepassword && isset($user->password)) {
65
66 // Check password toward the password policy.
67 if (!check_password_policy($user->password, $errmsg)) {
68 throw new moodle_exception($errmsg);
69 }
70
71 $userpassword = $user->password;
72 unset($user->password);
73 }
74
75 // Apply default values for user preferences that are stored in users table.
76 if (!isset($user->calendartype)) {
77 $user->calendartype = core_user::get_property_default('calendartype');
78 }
79 if (!isset($user->maildisplay)) {
80 $user->maildisplay = core_user::get_property_default('maildisplay');
81 }
82 if (!isset($user->mailformat)) {
83 $user->mailformat = core_user::get_property_default('mailformat');
84 }
85 if (!isset($user->maildigest)) {
86 $user->maildigest = core_user::get_property_default('maildigest');
87 }
88 if (!isset($user->autosubscribe)) {
89 $user->autosubscribe = core_user::get_property_default('autosubscribe');
90 }
91 if (!isset($user->trackforums)) {
92 $user->trackforums = core_user::get_property_default('trackforums');
93 }
94 if (!isset($user->lang)) {
95 $user->lang = core_user::get_property_default('lang');
96 }
97
98 $user->timecreated = time();
99 $user->timemodified = $user->timecreated;
100
101 // Validate user data object.
102 $uservalidation = core_user::validate($user);
103 if ($uservalidation !== true) {
104 foreach ($uservalidation as $field => $message) {
105 debugging("The property '$field' has invalid data and has been cleaned.", DEBUG_DEVELOPER);
106 $user->$field = core_user::clean_field($user->$field, $field);
107 }
108 }
109
110 // Insert the user into the database.
111 $newuserid = $DB->insert_record('user', $user);
112
113 // Create USER context for this user.
114 $usercontext = context_user::instance($newuserid);
115
116 // Update user password if necessary.
117 if (isset($userpassword)) {
118 // Get full database user row, in case auth is default.
119 $newuser = $DB->get_record('user', array('id' => $newuserid));
120 $authplugin = get_auth_plugin($newuser->auth);
121 $authplugin->user_update_password($newuser, $userpassword);
122 }
123
124 // Trigger event If required.
125 if ($triggerevent) {
126 \core\event\user_created::create_from_userid($newuserid)->trigger();
127 }
128
129 // Purge the associated caches for the current user only.
130 $presignupcache = \cache::make('core', 'presignup');
131 $presignupcache->purge_current_user();
132
133 return $newuserid;
134 }
135
136 /**
137 * Update a user with a user object (will compare against the ID)
138 *
139 * @throws moodle_exception
140 * @param stdClass $user the user to update
141 * @param bool $updatepassword if true, authentication plugin will update password.
142 * @param bool $triggerevent set false if user_updated event should not be triggred.
143 * This will not affect user_password_updated event triggering.
144 */
145 function user_update_user($user, $updatepassword = true, $triggerevent = true) {
146 global $DB;
147
148 // Set the timecreate field to the current time.
149 if (!is_object($user)) {
150 $user = (object) $user;
151 }
152
153 // Check username.
154 if (isset($user->username)) {
155 if ($user->username !== core_text::strtolower($user->username)) {
156 throw new moodle_exception('usernamelowercase');
157 } else {
158 if ($user->username !== core_user::clean_field($user->username, 'username')) {
159 throw new moodle_exception('invalidusername');
160 }
161 }
162 }
163
164 // Unset password here, for updating later, if password update is required.
165 if ($updatepassword && isset($user->password)) {
166
167 // Check password toward the password policy.
168 if (!check_password_policy($user->password, $errmsg)) {
169 throw new moodle_exception($errmsg);
170 }
171
172 $passwd = $user->password;
173 unset($user->password);
174 }
175
176 // Make sure calendartype, if set, is valid.
177 if (empty($user->calendartype)) {
178 // Unset this variable, must be an empty string, which we do not want to update the calendartype to.
179 unset($user->calendartype);
180 }
181
182 $user->timemodified = time();
183
184 // Validate user data object.
185 $uservalidation = core_user::validate($user);
186 if ($uservalidation !== true) {
187 foreach ($uservalidation as $field => $message) {
188 debugging("The property '$field' has invalid data and has been cleaned.", DEBUG_DEVELOPER);
189 $user->$field = core_user::clean_field($user->$field, $field);
190 }
191 }
192
193 $DB->update_record('user', $user);
194
195 if ($updatepassword) {
196 // Get full user record.
197 $updateduser = $DB->get_record('user', array('id' => $user->id));
198
199 // If password was set, then update its hash.
200 if (isset($passwd)) {
201 $authplugin = get_auth_plugin($updateduser->auth);
202 if ($authplugin->can_change_password()) {
203 $authplugin->user_update_password($updateduser, $passwd);
204 }
205 }
206 }
207 // Trigger event if required.
208 if ($triggerevent) {
209 \core\event\user_updated::create_from_userid($user->id)->trigger();
210 }
211 }
212
213 /**
214 * Marks user deleted in internal user database and notifies the auth plugin.
215 * Also unenrols user from all roles and does other cleanup.
216 *
217 * @todo Decide if this transaction is really needed (look for internal TODO:)
218 * @param object $user Userobject before delete (without system magic quotes)
219 * @return boolean success
220 */
221 function user_delete_user($user) {
222 return delete_user($user);
223 }
224
225 /**
226 * Get users by id
227 *
228 * @param array $userids id of users to retrieve
229 * @return array
230 */
231 function user_get_users_by_id($userids) {
232 global $DB;
233 return $DB->get_records_list('user', 'id', $userids);
234 }
235
236 /**
237 * Returns the list of default 'displayable' fields
238 *
239 * Contains database field names but also names used to generate information, such as enrolledcourses
240 *
241 * @return array of user fields
242 */
243 function user_get_default_fields() {
244 return array( 'id', 'username', 'fullname', 'firstname', 'lastname', 'email',
245 'address', 'phone1', 'phone2', 'icq', 'skype', 'yahoo', 'aim', 'msn', 'department',
246 'institution', 'interests', 'firstaccess', 'lastaccess', 'auth', 'confirmed',
247 'idnumber', 'lang', 'theme', 'timezone', 'mailformat', 'description', 'descriptionformat',
248 'city', 'url', 'country', 'profileimageurlsmall', 'profileimageurl', 'customfields',
249 'groups', 'roles', 'preferences', 'enrolledcourses', 'suspended'
250 );
251 }
252
253 /**
254 *
255 * Give user record from mdl_user, build an array contains all user details.
256 *
257 * Warning: description file urls are 'webservice/pluginfile.php' is use.
258 * it can be changed with $CFG->moodlewstextformatlinkstoimagesfile
259 *
260 * @throws moodle_exception
261 * @param stdClass $user user record from mdl_user
262 * @param stdClass $course moodle course
263 * @param array $userfields required fields
264 * @return array|null
265 */
266 function user_get_user_details($user, $course = null, array $userfields = array()) {
267 global $USER, $DB, $CFG, $PAGE;
268 require_once($CFG->dirroot . "/user/profile/lib.php"); // Custom field library.
269 require_once($CFG->dirroot . "/lib/filelib.php"); // File handling on description and friends.
270
271 $defaultfields = user_get_default_fields();
272
273 if (empty($userfields)) {
274 $userfields = $defaultfields;
275 }
276
277 foreach ($userfields as $thefield) {
278 if (!in_array($thefield, $defaultfields)) {
279 throw new moodle_exception('invaliduserfield', 'error', '', $thefield);
280 }
281 }
282
283 // Make sure id and fullname are included.
284 if (!in_array('id', $userfields)) {
285 $userfields[] = 'id';
286 }
287
288 if (!in_array('fullname', $userfields)) {
289 $userfields[] = 'fullname';
290 }
291
292 if (!empty($course)) {
293 $context = context_course::instance($course->id);
294 $usercontext = context_user::instance($user->id);
295 $canviewdetailscap = (has_capability('moodle/user:viewdetails', $context) || has_capability('moodle/user:viewdetails', $usercontext));
296 } else {
297 $context = context_user::instance($user->id);
298 $usercontext = $context;
299 $canviewdetailscap = has_capability('moodle/user:viewdetails', $usercontext);
300 }
301
302 $currentuser = ($user->id == $USER->id);
303 $isadmin = is_siteadmin($USER);
304
305 $showuseridentityfields = get_extra_user_fields($context);
306
307 if (!empty($course)) {
308 $canviewhiddenuserfields = has_capability('moodle/course:viewhiddenuserfields', $context);
309 } else {
310 $canviewhiddenuserfields = has_capability('moodle/user:viewhiddendetails', $context);
311 }
312 $canviewfullnames = has_capability('moodle/site:viewfullnames', $context);
313 if (!empty($course)) {
314 $canviewuseremail = has_capability('moodle/course:useremail', $context);
315 } else {
316 $canviewuseremail = false;
317 }
318 $cannotviewdescription = !empty($CFG->profilesforenrolledusersonly) && !$currentuser && !$DB->record_exists('role_assignments', array('userid' => $user->id));
319 if (!empty($course)) {
320 $canaccessallgroups = has_capability('moodle/site:accessallgroups', $context);
321 } else {
322 $canaccessallgroups = false;
323 }
324
325 if (!$currentuser && !$canviewdetailscap && !has_coursecontact_role($user->id)) {
326 // Skip this user details.
327 return null;
328 }
329
330 $userdetails = array();
331 $userdetails['id'] = $user->id;
332
333 if (in_array('username', $userfields)) {
334 if ($currentuser or has_capability('moodle/user:viewalldetails', $context)) {
335 $userdetails['username'] = $user->username;
336 }
337 }
338 if ($isadmin or $canviewfullnames) {
339 if (in_array('firstname', $userfields)) {
340 $userdetails['firstname'] = $user->firstname;
341 }
342 if (in_array('lastname', $userfields)) {
343 $userdetails['lastname'] = $user->lastname;
344 }
345 }
346 $userdetails['fullname'] = fullname($user, $canviewfullnames);
347
348 if (in_array('customfields', $userfields)) {
349 $categories = profile_get_user_fields_with_data_by_category($user->id);
350 $userdetails['customfields'] = array();
351 foreach ($categories as $categoryid => $fields) {
352 foreach ($fields as $formfield) {
353 if ($formfield->is_visible() and !$formfield->is_empty()) {
354
355 // TODO: Part of MDL-50728, this conditional coding must be moved to
356 // proper profile fields API so they are self-contained.
357 // We only use display_data in fields that require text formatting.
358 if ($formfield->field->datatype == 'text' or $formfield->field->datatype == 'textarea') {
359 $fieldvalue = $formfield->display_data();
360 } else {
361 // Cases: datetime, checkbox and menu.
362 $fieldvalue = $formfield->data;
363 }
364
365 $userdetails['customfields'][] =
366 array('name' => $formfield->field->name, 'value' => $fieldvalue,
367 'type' => $formfield->field->datatype, 'shortname' => $formfield->field->shortname);
368 }
369 }
370 }
371 // Unset customfields if it's empty.
372 if (empty($userdetails['customfields'])) {
373 unset($userdetails['customfields']);
374 }
375 }
376
377 // Profile image.
378 if (in_array('profileimageurl', $userfields)) {
379 $userpicture = new user_picture($user);
380 $userpicture->size = 1; // Size f1.
381 $userdetails['profileimageurl'] = $userpicture->get_url($PAGE)->out(false);
382 }
383 if (in_array('profileimageurlsmall', $userfields)) {
384 if (!isset($userpicture)) {
385 $userpicture = new user_picture($user);
386 }
387 $userpicture->size = 0; // Size f2.
388 $userdetails['profileimageurlsmall'] = $userpicture->get_url($PAGE)->out(false);
389 }
390
391 // Hidden user field.
392 if ($canviewhiddenuserfields) {
393 $hiddenfields = array();
394 // Address, phone1 and phone2 not appears in hidden fields list but require viewhiddenfields capability
395 // according to user/profile.php.
396 if (!empty($user->address) && in_array('address', $userfields)) {
397 $userdetails['address'] = $user->address;
398 }
399 } else {
400 $hiddenfields = array_flip(explode(',', $CFG->hiddenuserfields));
401 }
402
403 if (!empty($user->phone1) && in_array('phone1', $userfields) &&
404 (in_array('phone1', $showuseridentityfields) or $canviewhiddenuserfields)) {
405 $userdetails['phone1'] = $user->phone1;
406 }
407 if (!empty($user->phone2) && in_array('phone2', $userfields) &&
408 (in_array('phone2', $showuseridentityfields) or $canviewhiddenuserfields)) {
409 $userdetails['phone2'] = $user->phone2;
410 }
411
412 if (isset($user->description) &&
413 ((!isset($hiddenfields['description']) && !$cannotviewdescription) or $isadmin)) {
414 if (in_array('description', $userfields)) {
415 // Always return the descriptionformat if description is requested.
416 list($userdetails['description'], $userdetails['descriptionformat']) =
417 external_format_text($user->description, $user->descriptionformat,
418 $usercontext->id, 'user', 'profile', null);
419 }
420 }
421
422 if (in_array('country', $userfields) && (!isset($hiddenfields['country']) or $isadmin) && $user->country) {
423 $userdetails['country'] = $user->country;
424 }
425
426 if (in_array('city', $userfields) && (!isset($hiddenfields['city']) or $isadmin) && $user->city) {
427 $userdetails['city'] = $user->city;
428 }
429
430 if (in_array('url', $userfields) && $user->url && (!isset($hiddenfields['webpage']) or $isadmin)) {
431 $url = $user->url;
432 if (strpos($user->url, '://') === false) {
433 $url = 'http://'. $url;
434 }
435 $user->url = clean_param($user->url, PARAM_URL);
436 $userdetails['url'] = $user->url;
437 }
438
439 if (in_array('icq', $userfields) && $user->icq && (!isset($hiddenfields['icqnumber']) or $isadmin)) {
440 $userdetails['icq'] = $user->icq;
441 }
442
443 if (in_array('skype', $userfields) && $user->skype && (!isset($hiddenfields['skypeid']) or $isadmin)) {
444 $userdetails['skype'] = $user->skype;
445 }
446 if (in_array('yahoo', $userfields) && $user->yahoo && (!isset($hiddenfields['yahooid']) or $isadmin)) {
447 $userdetails['yahoo'] = $user->yahoo;
448 }
449 if (in_array('aim', $userfields) && $user->aim && (!isset($hiddenfields['aimid']) or $isadmin)) {
450 $userdetails['aim'] = $user->aim;
451 }
452 if (in_array('msn', $userfields) && $user->msn && (!isset($hiddenfields['msnid']) or $isadmin)) {
453 $userdetails['msn'] = $user->msn;
454 }
455 if (in_array('suspended', $userfields) && (!isset($hiddenfields['suspended']) or $isadmin)) {
456 $userdetails['suspended'] = (bool)$user->suspended;
457 }
458
459 if (in_array('firstaccess', $userfields) && (!isset($hiddenfields['firstaccess']) or $isadmin)) {
460 if ($user->firstaccess) {
461 $userdetails['firstaccess'] = $user->firstaccess;
462 } else {
463 $userdetails['firstaccess'] = 0;
464 }
465 }
466 if (in_array('lastaccess', $userfields) && (!isset($hiddenfields['lastaccess']) or $isadmin)) {
467 if ($user->lastaccess) {
468 $userdetails['lastaccess'] = $user->lastaccess;
469 } else {
470 $userdetails['lastaccess'] = 0;
471 }
472 }
473
474 if (in_array('email', $userfields) && (
475 $currentuser
476 or (!isset($hiddenfields['email']) and (
477 $user->maildisplay == core_user::MAILDISPLAY_EVERYONE
478 or ($user->maildisplay == core_user::MAILDISPLAY_COURSE_MEMBERS_ONLY and enrol_sharing_course($user, $USER))
479 or $canviewuseremail // TODO: Deprecate/remove for MDL-37479.
480 ))
481 or in_array('email', $showuseridentityfields)
482 )) {
483 $userdetails['email'] = $user->email;
484 }
485
486 if (in_array('interests', $userfields)) {
487 $interests = core_tag_tag::get_item_tags_array('core', 'user', $user->id, core_tag_tag::BOTH_STANDARD_AND_NOT, 0, false);
488 if ($interests) {
489 $userdetails['interests'] = join(', ', $interests);
490 }
491 }
492
493 // Departement/Institution/Idnumber are not displayed on any profile, however you can get them from editing profile.
494 if (in_array('idnumber', $userfields) && $user->idnumber) {
495 if (in_array('idnumber', $showuseridentityfields) or $currentuser or
496 has_capability('moodle/user:viewalldetails', $context)) {
497 $userdetails['idnumber'] = $user->idnumber;
498 }
499 }
500 if (in_array('institution', $userfields) && $user->institution) {
501 if (in_array('institution', $showuseridentityfields) or $currentuser or
502 has_capability('moodle/user:viewalldetails', $context)) {
503 $userdetails['institution'] = $user->institution;
504 }
505 }
506 // Isset because it's ok to have department 0.
507 if (in_array('department', $userfields) && isset($user->department)) {
508 if (in_array('department', $showuseridentityfields) or $currentuser or
509 has_capability('moodle/user:viewalldetails', $context)) {
510 $userdetails['department'] = $user->department;
511 }
512 }
513
514 if (in_array('roles', $userfields) && !empty($course)) {
515 // Not a big secret.
516 $roles = get_user_roles($context, $user->id, false);
517 $userdetails['roles'] = array();
518 foreach ($roles as $role) {
519 $userdetails['roles'][] = array(
520 'roleid' => $role->roleid,
521 'name' => $role->name,
522 'shortname' => $role->shortname,
523 'sortorder' => $role->sortorder
524 );
525 }
526 }
527
528 // If groups are in use and enforced throughout the course, then make sure we can meet in at least one course level group.
529 if (in_array('groups', $userfields) && !empty($course) && $canaccessallgroups) {
530 $usergroups = groups_get_all_groups($course->id, $user->id, $course->defaultgroupingid,
531 'g.id, g.name,g.description,g.descriptionformat');
532 $userdetails['groups'] = array();
533 foreach ($usergroups as $group) {
534 list($group->description, $group->descriptionformat) =
535 external_format_text($group->description, $group->descriptionformat,
536 $context->id, 'group', 'description', $group->id);
537 $userdetails['groups'][] = array('id' => $group->id, 'name' => $group->name,
538 'description' => $group->description, 'descriptionformat' => $group->descriptionformat);
539 }
540 }
541 // List of courses where the user is enrolled.
542 if (in_array('enrolledcourses', $userfields) && !isset($hiddenfields['mycourses'])) {
543 $enrolledcourses = array();
544 if ($mycourses = enrol_get_users_courses($user->id, true)) {
545 foreach ($mycourses as $mycourse) {
546 if ($mycourse->category) {
547 $coursecontext = context_course::instance($mycourse->id);
548 $enrolledcourse = array();
549 $enrolledcourse['id'] = $mycourse->id;
550 $enrolledcourse['fullname'] = format_string($mycourse->fullname, true, array('context' => $coursecontext));
551 $enrolledcourse['shortname'] = format_string($mycourse->shortname, true, array('context' => $coursecontext));
552 $enrolledcourses[] = $enrolledcourse;
553 }
554 }
555 $userdetails['enrolledcourses'] = $enrolledcourses;
556 }
557 }
558
559 // User preferences.
560 if (in_array('preferences', $userfields) && $currentuser) {
561 $preferences = array();
562 $userpreferences = get_user_preferences();
563 foreach ($userpreferences as $prefname => $prefvalue) {
564 $preferences[] = array('name' => $prefname, 'value' => $prefvalue);
565 }
566 $userdetails['preferences'] = $preferences;
567 }
568
569 if ($currentuser or has_capability('moodle/user:viewalldetails', $context)) {
570 $extrafields = ['auth', 'confirmed', 'lang', 'theme', 'timezone', 'mailformat'];
571 foreach ($extrafields as $extrafield) {
572 if (in_array($extrafield, $userfields) && isset($user->$extrafield)) {
573 $userdetails[$extrafield] = $user->$extrafield;
574 }
575 }
576 }
577
578 // Clean lang and auth fields for external functions (it may content uninstalled themes or language packs).
579 if (isset($userdetails['lang'])) {
580 $userdetails['lang'] = clean_param($userdetails['lang'], PARAM_LANG);
581 }
582 if (isset($userdetails['theme'])) {
583 $userdetails['theme'] = clean_param($userdetails['theme'], PARAM_THEME);
584 }
585
586 return $userdetails;
587 }
588
589 /**
590 * Tries to obtain user details, either recurring directly to the user's system profile
591 * or through one of the user's course enrollments (course profile).
592 *
593 * @param stdClass $user The user.
594 * @return array if unsuccessful or the allowed user details.
595 */
596 function user_get_user_details_courses($user) {
597 global $USER;
598 $userdetails = null;
599
600 $systemprofile = false;
601 if (can_view_user_details_cap($user) || ($user->id == $USER->id) || has_coursecontact_role($user->id)) {
602 $systemprofile = true;
603 }
604
605 // Try using system profile.
606 if ($systemprofile) {
607 $userdetails = user_get_user_details($user, null);
608 } else {
609 // Try through course profile.
610 // Get the courses that the user is enrolled in (only active).
611 $courses = enrol_get_users_courses($user->id, true);
612 foreach ($courses as $course) {
613 if (user_can_view_profile($user, $course)) {
614 $userdetails = user_get_user_details($user, $course);
615 }
616 }
617 }
618
619 return $userdetails;
620 }
621
622 /**
623 * Check if $USER have the necessary capabilities to obtain user details.
624 *
625 * @param stdClass $user
626 * @param stdClass $course if null then only consider system profile otherwise also consider the course's profile.
627 * @return bool true if $USER can view user details.
628 */
629 function can_view_user_details_cap($user, $course = null) {
630 // Check $USER has the capability to view the user details at user context.
631 $usercontext = context_user::instance($user->id);
632 $result = has_capability('moodle/user:viewdetails', $usercontext);
633 // Otherwise can $USER see them at course context.
634 if (!$result && !empty($course)) {
635 $context = context_course::instance($course->id);
636 $result = has_capability('moodle/user:viewdetails', $context);
637 }
638 return $result;
639 }
640
641 /**
642 * Return a list of page types
643 * @param string $pagetype current page type
644 * @param stdClass $parentcontext Block's parent context
645 * @param stdClass $currentcontext Current context of block
646 * @return array
647 */
648 function user_page_type_list($pagetype, $parentcontext, $currentcontext) {
649 return array('user-profile' => get_string('page-user-profile', 'pagetype'));
650 }
651
652 /**
653 * Count the number of failed login attempts for the given user, since last successful login.
654 *
655 * @param int|stdclass $user user id or object.
656 * @param bool $reset Resets failed login count, if set to true.
657 *
658 * @return int number of failed login attempts since the last successful login.
659 */
660 function user_count_login_failures($user, $reset = true) {
661 global $DB;
662
663 if (!is_object($user)) {
664 $user = $DB->get_record('user', array('id' => $user), '*', MUST_EXIST);
665 }
666 if ($user->deleted) {
667 // Deleted user, nothing to do.
668 return 0;
669 }
670 $count = get_user_preferences('login_failed_count_since_success', 0, $user);
671 if ($reset) {
672 set_user_preference('login_failed_count_since_success', 0, $user);
673 }
674 return $count;
675 }
676
677 /**
678 * Converts a string into a flat array of menu items, where each menu items is a
679 * stdClass with fields type, url, title, pix, and imgsrc.
680 *
681 * @param string $text the menu items definition
682 * @param moodle_page $page the current page
683 * @return array
684 */
685 function user_convert_text_to_menu_items($text, $page) {
686 global $OUTPUT, $CFG;
687
688 $lines = explode("\n", $text);
689 $items = array();
690 $lastchild = null;
691 $lastdepth = null;
692 $lastsort = 0;
693 $children = array();
694 foreach ($lines as $line) {
695 $line = trim($line);
696 $bits = explode('|', $line, 3);
697 $itemtype = 'link';
698 if (preg_match("/^#+$/", $line)) {
699 $itemtype = 'divider';
700 } else if (!array_key_exists(0, $bits) or empty($bits[0])) {
701 // Every item must have a name to be valid.
702 continue;
703 } else {
704 $bits[0] = ltrim($bits[0], '-');
705 }
706
707 // Create the child.
708 $child = new stdClass();
709 $child->itemtype = $itemtype;
710 if ($itemtype === 'divider') {
711 // Add the divider to the list of children and skip link
712 // processing.
713 $children[] = $child;
714 continue;
715 }
716
717 // Name processing.
718 $namebits = explode(',', $bits[0], 2);
719 if (count($namebits) == 2) {
720 // Check the validity of the identifier part of the string.
721 if (clean_param($namebits[0], PARAM_STRINGID) !== '') {
722 // Treat this as a language string.
723 $child->title = get_string($namebits[0], $namebits[1]);
724 $child->titleidentifier = implode(',', $namebits);
725 }
726 }
727 if (empty($child->title)) {
728 // Use it as is, don't even clean it.
729 $child->title = $bits[0];
730 $child->titleidentifier = str_replace(" ", "-", $bits[0]);
731 }
732
733 // URL processing.
734 if (!array_key_exists(1, $bits) or empty($bits[1])) {
735 // Set the url to null, and set the itemtype to invalid.
736 $bits[1] = null;
737 $child->itemtype = "invalid";
738 } else {
739 // Nasty hack to replace the grades with the direct url.
740 if (strpos($bits[1], '/grade/report/mygrades.php') !== false) {
741 $bits[1] = user_mygrades_url();
742 }
743
744 // Make sure the url is a moodle url.
745 $bits[1] = new moodle_url(trim($bits[1]));
746 }
747 $child->url = $bits[1];
748
749 // PIX processing.
750 $pixpath = "t/edit";
751 if (!array_key_exists(2, $bits) or empty($bits[2])) {
752 // Use the default.
753 $child->pix = $pixpath;
754 } else {
755 // Check for the specified image existing.
756 $pixpath = "t/" . $bits[2];
757 if ($page->theme->resolve_image_location($pixpath, 'moodle', true)) {
758 // Use the image.
759 $child->pix = $pixpath;
760 } else {
761 // Treat it like a URL.
762 $child->pix = null;
763 $child->imgsrc = $bits[2];
764 }
765 }
766
767 // Add this child to the list of children.
768 $children[] = $child;
769 }
770 return $children;
771 }
772
773 /**
774 * Get a list of essential user navigation items.
775 *
776 * @param stdclass $user user object.
777 * @param moodle_page $page page object.
778 * @param array $options associative array.
779 * options are:
780 * - avatarsize=35 (size of avatar image)
781 * @return stdClass $returnobj navigation information object, where:
782 *
783 * $returnobj->navitems array array of links where each link is a
784 * stdClass with fields url, title, and
785 * pix
786 * $returnobj->metadata array array of useful user metadata to be
787 * used when constructing navigation;
788 * fields include:
789 *
790 * ROLE FIELDS
791 * asotherrole bool whether viewing as another role
792 * rolename string name of the role
793 *
794 * USER FIELDS
795 * These fields are for the currently-logged in user, or for
796 * the user that the real user is currently logged in as.
797 *
798 * userid int the id of the user in question
799 * userfullname string the user's full name
800 * userprofileurl moodle_url the url of the user's profile
801 * useravatar string a HTML fragment - the rendered
802 * user_picture for this user
803 * userloginfail string an error string denoting the number
804 * of login failures since last login
805 *
806 * "REAL USER" FIELDS
807 * These fields are for when asotheruser is true, and
808 * correspond to the underlying "real user".
809 *
810 * asotheruser bool whether viewing as another user
811 * realuserid int the id of the user in question
812 * realuserfullname string the user's full name
813 * realuserprofileurl moodle_url the url of the user's profile
814 * realuseravatar string a HTML fragment - the rendered
815 * user_picture for this user
816 *
817 * MNET PROVIDER FIELDS
818 * asmnetuser bool whether viewing as a user from an
819 * MNet provider
820 * mnetidprovidername string name of the MNet provider
821 * mnetidproviderwwwroot string URL of the MNet provider
822 */
823 function user_get_user_navigation_info($user, $page, $options = array()) {
824 global $OUTPUT, $DB, $SESSION, $CFG;
825
826 $returnobject = new stdClass();
827 $returnobject->navitems = array();
828 $returnobject->metadata = array();
829
830 $course = $page->course;
831
832 // Query the environment.
833 $context = context_course::instance($course->id);
834
835 // Get basic user metadata.
836 $returnobject->metadata['userid'] = $user->id;
837 $returnobject->metadata['userfullname'] = fullname($user, true);
838 $returnobject->metadata['userprofileurl'] = new moodle_url('/user/profile.php', array(
839 'id' => $user->id
840 ));
841
842 $avataroptions = array('link' => false, 'visibletoscreenreaders' => false);
843 if (!empty($options['avatarsize'])) {
844 $avataroptions['size'] = $options['avatarsize'];
845 }
846 $returnobject->metadata['useravatar'] = $OUTPUT->user_picture (
847 $user, $avataroptions
848 );
849 // Build a list of items for a regular user.
850
851 // Query MNet status.
852 if ($returnobject->metadata['asmnetuser'] = is_mnet_remote_user($user)) {
853 $mnetidprovider = $DB->get_record('mnet_host', array('id' => $user->mnethostid));
854 $returnobject->metadata['mnetidprovidername'] = $mnetidprovider->name;
855 $returnobject->metadata['mnetidproviderwwwroot'] = $mnetidprovider->wwwroot;
856 }
857
858 // Did the user just log in?
859 if (isset($SESSION->justloggedin)) {
860 // Don't unset this flag as login_info still needs it.
861 if (!empty($CFG->displayloginfailures)) {
862 // Don't reset the count either, as login_info() still needs it too.
863 if ($count = user_count_login_failures($user, false)) {
864
865 // Get login failures string.
866 $a = new stdClass();
867 $a->attempts = html_writer::tag('span', $count, array('class' => 'value'));
868 $returnobject->metadata['userloginfail'] =
869 get_string('failedloginattempts', '', $a);
870
871 }
872 }
873 }
874
875 // Links: Dashboard.
876 $myhome = new stdClass();
877 $myhome->itemtype = 'link';
878 $myhome->url = new moodle_url('/my/');
879 $myhome->title = get_string('mymoodle', 'admin');
880 $myhome->titleidentifier = 'mymoodle,admin';
881 $myhome->pix = "i/dashboard";
882 $returnobject->navitems[] = $myhome;
883
884 // Links: My Profile.
885 $myprofile = new stdClass();
886 $myprofile->itemtype = 'link';
887 $myprofile->url = new moodle_url('/user/profile.php', array('id' => $user->id));
888 $myprofile->title = get_string('profile');
889 $myprofile->titleidentifier = 'profile,moodle';
890 $myprofile->pix = "i/user";
891 $returnobject->navitems[] = $myprofile;
892
893 $returnobject->metadata['asotherrole'] = false;
894
895 // Before we add the last items (usually a logout + switch role link), add any
896 // custom-defined items.
897 $customitems = user_convert_text_to_menu_items($CFG->customusermenuitems, $page);
898 foreach ($customitems as $item) {
899 $returnobject->navitems[] = $item;
900 }
901
902
903 if ($returnobject->metadata['asotheruser'] = \core\session\manager::is_loggedinas()) {
904 $realuser = \core\session\manager::get_realuser();
905
906 // Save values for the real user, as $user will be full of data for the
907 // user the user is disguised as.
908 $returnobject->metadata['realuserid'] = $realuser->id;
909 $returnobject->metadata['realuserfullname'] = fullname($realuser, true);
910 $returnobject->metadata['realuserprofileurl'] = new moodle_url('/user/profile.php', array(
911 'id' => $realuser->id
912 ));
913 $returnobject->metadata['realuseravatar'] = $OUTPUT->user_picture($realuser, $avataroptions);
914
915 // Build a user-revert link.
916 $userrevert = new stdClass();
917 $userrevert->itemtype = 'link';
918 $userrevert->url = new moodle_url('/course/loginas.php', array(
919 'id' => $course->id,
920 'sesskey' => sesskey()
921 ));
922 $userrevert->pix = "a/logout";
923 $userrevert->title = get_string('logout');
924 $userrevert->titleidentifier = 'logout,moodle';
925 $returnobject->navitems[] = $userrevert;
926
927 } else {
928
929 // Build a logout link.
930 $logout = new stdClass();
931 $logout->itemtype = 'link';
932 $logout->url = new moodle_url('/login/logout.php', array('sesskey' => sesskey()));
933 $logout->pix = "a/logout";
934 $logout->title = get_string('logout');
935 $logout->titleidentifier = 'logout,moodle';
936 $returnobject->navitems[] = $logout;
937 }
938
939 if (is_role_switched($course->id)) {
940 if ($role = $DB->get_record('role', array('id' => $user->access['rsw'][$context->path]))) {
941 // Build role-return link instead of logout link.
942 $rolereturn = new stdClass();
943 $rolereturn->itemtype = 'link';
944 $rolereturn->url = new moodle_url('/course/switchrole.php', array(
945 'id' => $course->id,
946 'sesskey' => sesskey(),
947 'switchrole' => 0,
948 'returnurl' => $page->url->out_as_local_url(false)
949 ));
950 $rolereturn->pix = "a/logout";
951 $rolereturn->title = get_string('switchrolereturn');
952 $rolereturn->titleidentifier = 'switchrolereturn,moodle';
953 $returnobject->navitems[] = $rolereturn;
954
955 $returnobject->metadata['asotherrole'] = true;
956 $returnobject->metadata['rolename'] = role_get_name($role, $context);
957
958 }
959 } else {
960 // Build switch role link.
961 $roles = get_switchable_roles($context);
962 if (is_array($roles) && (count($roles) > 0)) {
963 $switchrole = new stdClass();
964 $switchrole->itemtype = 'link';
965 $switchrole->url = new moodle_url('/course/switchrole.php', array(
966 'id' => $course->id,
967 'switchrole' => -1,
968 'returnurl' => $page->url->out_as_local_url(false)
969 ));
970 $switchrole->pix = "i/switchrole";
971 $switchrole->title = get_string('switchroleto');
972 $switchrole->titleidentifier = 'switchroleto,moodle';
973 $returnobject->navitems[] = $switchrole;
974 }
975 }
976
977 return $returnobject;
978 }
979
980 /**
981 * Add password to the list of used hashes for this user.
982 *
983 * This is supposed to be used from:
984 * 1/ change own password form
985 * 2/ password reset process
986 * 3/ user signup in auth plugins if password changing supported
987 *
988 * @param int $userid user id
989 * @param string $password plaintext password
990 * @return void
991 */
992 function user_add_password_history($userid, $password) {
993 global $CFG, $DB;
994
995 if (empty($CFG->passwordreuselimit) or $CFG->passwordreuselimit < 0) {
996 return;
997 }
998
999 // Note: this is using separate code form normal password hashing because
1000 // we need to have this under control in the future. Also the auth
1001 // plugin might not store the passwords locally at all.
1002
1003 $record = new stdClass();
1004 $record->userid = $userid;
1005 $record->hash = password_hash($password, PASSWORD_DEFAULT);
1006 $record->timecreated = time();
1007 $DB->insert_record('user_password_history', $record);
1008
1009 $i = 0;
1010 $records = $DB->get_records('user_password_history', array('userid' => $userid), 'timecreated DESC, id DESC');
1011 foreach ($records as $record) {
1012 $i++;
1013 if ($i > $CFG->passwordreuselimit) {
1014 $DB->delete_records('user_password_history', array('id' => $record->id));
1015 }
1016 }
1017 }
1018
1019 /**
1020 * Was this password used before on change or reset password page?
1021 *
1022 * The $CFG->passwordreuselimit setting determines
1023 * how many times different password needs to be used
1024 * before allowing previously used password again.
1025 *
1026 * @param int $userid user id
1027 * @param string $password plaintext password
1028 * @return bool true if password reused
1029 */
1030 function user_is_previously_used_password($userid, $password) {
1031 global $CFG, $DB;
1032
1033 if (empty($CFG->passwordreuselimit) or $CFG->passwordreuselimit < 0) {
1034 return false;
1035 }
1036
1037 $reused = false;
1038
1039 $i = 0;
1040 $records = $DB->get_records('user_password_history', array('userid' => $userid), 'timecreated DESC, id DESC');
1041 foreach ($records as $record) {
1042 $i++;
1043 if ($i > $CFG->passwordreuselimit) {
1044 $DB->delete_records('user_password_history', array('id' => $record->id));
1045 continue;
1046 }
1047 // NOTE: this is slow but we cannot compare the hashes directly any more.
1048 if (password_verify($password, $record->hash)) {
1049 $reused = true;
1050 }
1051 }
1052
1053 return $reused;
1054 }
1055
1056 /**
1057 * Remove a user device from the Moodle database (for PUSH notifications usually).
1058 *
1059 * @param string $uuid The device UUID.
1060 * @param string $appid The app id. If empty all the devices matching the UUID for the user will be removed.
1061 * @return bool true if removed, false if the device didn't exists in the database
1062 * @since Moodle 2.9
1063 */
1064 function user_remove_user_device($uuid, $appid = "") {
1065 global $DB, $USER;
1066
1067 $conditions = array('uuid' => $uuid, 'userid' => $USER->id);
1068 if (!empty($appid)) {
1069 $conditions['appid'] = $appid;
1070 }
1071
1072 if (!$DB->count_records('user_devices', $conditions)) {
1073 return false;
1074 }
1075
1076 $DB->delete_records('user_devices', $conditions);
1077
1078 return true;
1079 }
1080
1081 /**
1082 * Trigger user_list_viewed event.
1083 *
1084 * @param stdClass $course course object
1085 * @param stdClass $context course context object
1086 * @since Moodle 2.9
1087 */
1088 function user_list_view($course, $context) {
1089
1090 $event = \core\event\user_list_viewed::create(array(
1091 'objectid' => $course->id,
1092 'courseid' => $course->id,
1093 'context' => $context,
1094 'other' => array(
1095 'courseshortname' => $course->shortname,
1096 'coursefullname' => $course->fullname
1097 )
1098 ));
1099 $event->trigger();
1100 }
1101
1102 /**
1103 * Returns the url to use for the "Grades" link in the user navigation.
1104 *
1105 * @param int $userid The user's ID.
1106 * @param int $courseid The course ID if available.
1107 * @return mixed A URL to be directed to for "Grades".
1108 */
1109 function user_mygrades_url($userid = null, $courseid = SITEID) {
1110 global $CFG, $USER;
1111 $url = null;
1112 if (isset($CFG->grade_mygrades_report) && $CFG->grade_mygrades_report != 'external') {
1113 if (isset($userid) && $USER->id != $userid) {
1114 // Send to the gradebook report.
1115 $url = new moodle_url('/grade/report/' . $CFG->grade_mygrades_report . '/index.php',
1116 array('id' => $courseid, 'userid' => $userid));
1117 } else {
1118 $url = new moodle_url('/grade/report/' . $CFG->grade_mygrades_report . '/index.php');
1119 }
1120 } else if (isset($CFG->grade_mygrades_report) && $CFG->grade_mygrades_report == 'external'
1121 && !empty($CFG->gradereport_mygradeurl)) {
1122 $url = $CFG->gradereport_mygradeurl;
1123 } else {
1124 $url = $CFG->wwwroot;
1125 }
1126 return $url;
1127 }
1128
1129 /**
1130 * Check if the current user has permission to view details of the supplied user.
1131 *
1132 * This function supports two modes:
1133 * If the optional $course param is omitted, then this function finds all shared courses and checks whether the current user has
1134 * permission in any of them, returning true if so.
1135 * If the $course param is provided, then this function checks permissions in ONLY that course.
1136 *
1137 * @param object $user The other user's details.
1138 * @param object $course if provided, only check permissions in this course.
1139 * @param context $usercontext The user context if available.
1140 * @return bool true for ability to view this user, else false.
1141 */
1142 function user_can_view_profile($user, $course = null, $usercontext = null) {
1143 global $USER, $CFG;
1144
1145 if ($user->deleted) {
1146 return false;
1147 }
1148
1149 // Do we need to be logged in?
1150 if (empty($CFG->forceloginforprofiles)) {
1151 return true;
1152 } else {
1153 if (!isloggedin() || isguestuser()) {
1154 // User is not logged in and forceloginforprofile is set, we need to return now.
1155 return false;
1156 }
1157 }
1158
1159 // Current user can always view their profile.
1160 if ($USER->id == $user->id) {
1161 return true;
1162 }
1163
1164 // Course contacts have visible profiles always.
1165 if (has_coursecontact_role($user->id)) {
1166 return true;
1167 }
1168
1169 // If we're only checking the capabilities in the single provided course.
1170 if (isset($course)) {
1171 // Confirm that $user is enrolled in the $course we're checking.
1172 if (is_enrolled(context_course::instance($course->id), $user)) {
1173 $userscourses = array($course);
1174 }
1175 } else {
1176 // Else we're checking whether the current user can view $user's profile anywhere, so check user context first.
1177 if (empty($usercontext)) {
1178 $usercontext = context_user::instance($user->id);
1179 }
1180 if (has_capability('moodle/user:viewdetails', $usercontext) || has_capability('moodle/user:viewalldetails', $usercontext)) {
1181 return true;
1182 }
1183 // This returns context information, so we can preload below.
1184 $userscourses = enrol_get_all_users_courses($user->id);
1185 }
1186
1187 if (empty($userscourses)) {
1188 return false;
1189 }
1190
1191 foreach ($userscourses as $userscourse) {
1192 context_helper::preload_from_record($userscourse);
1193 $coursecontext = context_course::instance($userscourse->id);
1194 if (has_capability('moodle/user:viewdetails', $coursecontext) ||
1195 has_capability('moodle/user:viewalldetails', $coursecontext)) {
1196 if (!groups_user_groups_visible($userscourse, $user->id)) {
1197 // Not a member of the same group.
1198 continue;
1199 }
1200 return true;
1201 }
1202 }
1203 return false;
1204 }
1205
1206 /**
1207 * Returns users tagged with a specified tag.
1208 *
1209 * @param core_tag_tag $tag
1210 * @param bool $exclusivemode if set to true it means that no other entities tagged with this tag
1211 * are displayed on the page and the per-page limit may be bigger
1212 * @param int $fromctx context id where the link was displayed, may be used by callbacks
1213 * to display items in the same context first
1214 * @param int $ctx context id where to search for records
1215 * @param bool $rec search in subcontexts as well
1216 * @param int $page 0-based number of page being displayed
1217 * @return \core_tag\output\tagindex
1218 */
1219 function user_get_tagged_users($tag, $exclusivemode = false, $fromctx = 0, $ctx = 0, $rec = 1, $page = 0) {
1220 global $PAGE;
1221
1222 if ($ctx && $ctx != context_system::instance()->id) {
1223 $usercount = 0;
1224 } else {
1225 // Users can only be displayed in system context.
1226 $usercount = $tag->count_tagged_items('core', 'user',
1227 'it.deleted=:notdeleted', array('notdeleted' => 0));
1228 }
1229 $perpage = $exclusivemode ? 24 : 5;
1230 $content = '';
1231 $totalpages = ceil($usercount / $perpage);
1232
1233 if ($usercount) {
1234 $userlist = $tag->get_tagged_items('core', 'user', $page * $perpage, $perpage,
1235 'it.deleted=:notdeleted', array('notdeleted' => 0));
1236 $renderer = $PAGE->get_renderer('core', 'user');
1237 $content .= $renderer->user_list($userlist, $exclusivemode);
1238 }
1239
1240 return new core_tag\output\tagindex($tag, 'core', 'user', $content,
1241 $exclusivemode, $fromctx, $ctx, $rec, $page, $totalpages);
1242 }
1243
1244 /**
1245 * Returns the SQL used by the participants table.
1246 *
1247 * @param int $courseid The course id
1248 * @param int $groupid The groupid, 0 means all groups and USERSWITHOUTGROUP no group
1249 * @param int $accesssince The time since last access, 0 means any time
1250 * @param int $roleid The role id, 0 means all roles
1251 * @param int $enrolid The enrolment id, 0 means all enrolment methods will be returned.
1252 * @param int $statusid The user enrolment status, -1 means all enrolments regardless of the status will be returned, if allowed.
1253 * @param string|array $search The search that was performed, empty means perform no search
1254 * @param string $additionalwhere Any additional SQL to add to where
1255 * @param array $additionalparams The additional params
1256 * @return array
1257 */
1258 function user_get_participants_sql($courseid, $groupid = 0, $accesssince = 0, $roleid = 0, $enrolid = 0, $statusid = -1,
1259 $search = '', $additionalwhere = '', $additionalparams = array()) {
1260 global $DB, $USER;
1261
1262 // Get the context.
1263 $context = \context_course::instance($courseid, MUST_EXIST);
1264
1265 $isfrontpage = ($courseid == SITEID);
1266
1267 // Default filter settings. We only show active by default, especially if the user has no capability to review enrolments.
1268 $onlyactive = true;
1269 $onlysuspended = false;
1270 if (has_capability('moodle/course:enrolreview', $context)) {
1271 switch ($statusid) {
1272 case ENROL_USER_ACTIVE:
1273 // Nothing to do here.
1274 break;
1275 case ENROL_USER_SUSPENDED:
1276 $onlyactive = false;
1277 $onlysuspended = true;
1278 break;
1279 default:
1280 // If the user has capability to review user enrolments, but statusid is set to -1, set $onlyactive to false.
1281 $onlyactive = false;
1282 break;
1283 }
1284 }
1285
1286 list($esql, $params) = get_enrolled_sql($context, null, $groupid, $onlyactive, $onlysuspended, $enrolid);
1287
1288 $joins = array('FROM {user} u');
1289 $wheres = array();
1290
1291 $userfields = get_extra_user_fields($context);
1292 $userfieldssql = user_picture::fields('u', $userfields);
1293
1294 if ($isfrontpage) {
1295 $select = "SELECT $userfieldssql, u.lastaccess";
1296 $joins[] = "JOIN ($esql) e ON e.id = u.id"; // Everybody on the frontpage usually.
1297 if ($accesssince) {
1298 $wheres[] = user_get_user_lastaccess_sql($accesssince);
1299 }
1300 } else {
1301 $select = "SELECT $userfieldssql, COALESCE(ul.timeaccess, 0) AS lastaccess";
1302 $joins[] = "JOIN ($esql) e ON e.id = u.id"; // Course enrolled users only.
1303 // Not everybody has accessed the course yet.
1304 $joins[] = 'LEFT JOIN {user_lastaccess} ul ON (ul.userid = u.id AND ul.courseid = :courseid)';
1305 $params['courseid'] = $courseid;
1306 if ($accesssince) {
1307 $wheres[] = user_get_course_lastaccess_sql($accesssince);
1308 }
1309 }
1310
1311 // Performance hacks - we preload user contexts together with accounts.
1312 $ccselect = ', ' . context_helper::get_preload_record_columns_sql('ctx');
1313 $ccjoin = 'LEFT JOIN {context} ctx ON (ctx.instanceid = u.id AND ctx.contextlevel = :contextlevel)';
1314 $params['contextlevel'] = CONTEXT_USER;
1315 $select .= $ccselect;
1316 $joins[] = $ccjoin;
1317
1318 // Limit list to users with some role only.
1319 if ($roleid) {
1320 // We want to query both the current context and parent contexts.
1321 list($relatedctxsql, $relatedctxparams) = $DB->get_in_or_equal($context->get_parent_context_ids(true),
1322 SQL_PARAMS_NAMED, 'relatedctx');
1323
1324 $wheres[] = "u.id IN (SELECT userid FROM {role_assignments} WHERE roleid = :roleid AND contextid $relatedctxsql)";
1325 $params = array_merge($params, array('roleid' => $roleid), $relatedctxparams);
1326 }
1327
1328 if (!empty($search)) {
1329 if (!is_array($search)) {
1330 $search = [$search];
1331 }
1332 foreach ($search as $index => $keyword) {
1333 $searchkey1 = 'search' . $index . '1';
1334 $searchkey2 = 'search' . $index . '2';
1335 $searchkey3 = 'search' . $index . '3';
1336 $searchkey4 = 'search' . $index . '4';
1337 $searchkey5 = 'search' . $index . '5';
1338 $searchkey6 = 'search' . $index . '6';
1339 $searchkey7 = 'search' . $index . '7';
1340
1341 $conditions = array();
1342 // Search by fullname.
1343 $fullname = $DB->sql_fullname('u.firstname', 'u.lastname');
1344 $conditions[] = $DB->sql_like($fullname, ':' . $searchkey1, false, false);
1345
1346 // Search by email.
1347 $email = $DB->sql_like('email', ':' . $searchkey2, false, false);
1348 if (!in_array('email', $userfields)) {
1349 $maildisplay = 'maildisplay' . $index;
1350 $userid1 = 'userid' . $index . '1';
1351 // Prevent users who hide their email address from being found by others
1352 // who aren't allowed to see hidden email addresses.
1353 $email = "(". $email ." AND (" .
1354 "u.maildisplay <> :$maildisplay " .
1355 "OR u.id = :$userid1". // User can always find himself.
1356 "))";
1357 $params[$maildisplay] = core_user::MAILDISPLAY_HIDE;
1358 $params[$userid1] = $USER->id;
1359 }
1360 $conditions[] = $email;
1361
1362 // Search by idnumber.
1363 $idnumber = $DB->sql_like('idnumber', ':' . $searchkey3, false, false);
1364 if (!in_array('idnumber', $userfields)) {
1365 $userid2 = 'userid' . $index . '2';
1366 // Users who aren't allowed to see idnumbers should at most find themselves
1367 // when searching for an idnumber.
1368 $idnumber = "(". $idnumber . " AND u.id = :$userid2)";
1369 $params[$userid2] = $USER->id;
1370 }
1371 $conditions[] = $idnumber;
1372
1373 // Search by middlename.
1374 $middlename = $DB->sql_like('middlename', ':' . $searchkey4, false, false);
1375 $conditions[] = $middlename;
1376
1377 // Search by alternatename.
1378 $alternatename = $DB->sql_like('alternatename', ':' . $searchkey5, false, false);
1379 $conditions[] = $alternatename;
1380
1381 // Search by firstnamephonetic.
1382 $firstnamephonetic = $DB->sql_like('firstnamephonetic', ':' . $searchkey6, false, false);
1383 $conditions[] = $firstnamephonetic;
1384
1385 // Search by lastnamephonetic.
1386 $lastnamephonetic = $DB->sql_like('lastnamephonetic', ':' . $searchkey7, false, false);
1387 $conditions[] = $lastnamephonetic;
1388
1389 $wheres[] = "(". implode(" OR ", $conditions) .") ";
1390 $params[$searchkey1] = "%$keyword%";
1391 $params[$searchkey2] = "%$keyword%";
1392 $params[$searchkey3] = "%$keyword%";
1393 $params[$searchkey4] = "%$keyword%";
1394 $params[$searchkey5] = "%$keyword%";
1395 $params[$searchkey6] = "%$keyword%";
1396 $params[$searchkey7] = "%$keyword%";
1397 }
1398 }
1399
1400 if (!empty($additionalwhere)) {
1401 $wheres[] = $additionalwhere;
1402 $params = array_merge($params, $additionalparams);
1403 }
1404
1405 $from = implode("\n", $joins);
1406 if ($wheres) {
1407 $where = 'WHERE ' . implode(' AND ', $wheres);
1408 } else {
1409 $where = '';
1410 }
1411
1412 return array($select, $from, $where, $params);
1413 }
1414
1415 /**
1416 * Returns the total number of participants for a given course.
1417 *
1418 * @param int $courseid The course id
1419 * @param int $groupid The groupid, 0 means all groups and USERSWITHOUTGROUP no group
1420 * @param int $accesssince The time since last access, 0 means any time
1421 * @param int $roleid The role id, 0 means all roles
1422 * @param int $enrolid The applied filter for the user enrolment ID.
1423 * @param int $status The applied filter for the user's enrolment status.
1424 * @param string|array $search The search that was performed, empty means perform no search
1425 * @param string $additionalwhere Any additional SQL to add to where
1426 * @param array $additionalparams The additional params
1427 * @return int
1428 */
1429 function user_get_total_participants($courseid, $groupid = 0, $accesssince = 0, $roleid = 0, $enrolid = 0, $statusid = -1,
1430 $search = '', $additionalwhere = '', $additionalparams = array()) {
1431 global $DB;
1432
1433 list($select, $from, $where, $params) = user_get_participants_sql($courseid, $groupid, $accesssince, $roleid, $enrolid,
1434 $statusid, $search, $additionalwhere, $additionalparams);
1435
1436 return $DB->count_records_sql("SELECT COUNT(u.id) $from $where", $params);
1437 }
1438
1439 /**
1440 * Returns the participants for a given course.
1441 *
1442 * @param int $courseid The course id
1443 * @param int $groupid The groupid, 0 means all groups and USERSWITHOUTGROUP no group
1444 * @param int $accesssince The time since last access
1445 * @param int $roleid The role id
1446 * @param int $enrolid The applied filter for the user enrolment ID.
1447 * @param int $status The applied filter for the user's enrolment status.
1448 * @param string $search The search that was performed
1449 * @param string $additionalwhere Any additional SQL to add to where
1450 * @param array $additionalparams The additional params
1451 * @param string $sort The SQL sort
1452 * @param int $limitfrom return a subset of records, starting at this point (optional).
1453 * @param int $limitnum return a subset comprising this many records (optional, required if $limitfrom is set).
1454 * @return moodle_recordset
1455 */
1456 function user_get_participants($courseid, $groupid = 0, $accesssince, $roleid, $enrolid = 0, $statusid, $search,
1457 $additionalwhere = '', $additionalparams = array(), $sort = '', $limitfrom = 0, $limitnum = 0) {
1458 global $DB;
1459
1460 list($select, $from, $where, $params) = user_get_participants_sql($courseid, $groupid, $accesssince, $roleid, $enrolid,
1461 $statusid, $search, $additionalwhere, $additionalparams);
1462
1463 return $DB->get_recordset_sql("$select $from $where $sort", $params, $limitfrom, $limitnum);
1464 }
1465
1466 /**
1467 * Returns SQL that can be used to limit a query to a period where the user last accessed a course.
1468 *
1469 * @param int $accesssince The time since last access
1470 * @param string $tableprefix
1471 * @return string
1472 */
1473 function user_get_course_lastaccess_sql($accesssince = null, $tableprefix = 'ul') {
1474 if (empty($accesssince)) {
1475 return '';
1476 }
1477
1478 if ($accesssince == -1) { // Never.
1479 return $tableprefix . '.timeaccess = 0';
1480 } else {
1481 return $tableprefix . '.timeaccess != 0 AND ' . $tableprefix . '.timeaccess < ' . $accesssince;
1482 }
1483 }
1484
1485 /**
1486 * Returns SQL that can be used to limit a query to a period where the user last accessed the system.
1487 *
1488 * @param int $accesssince The time since last access
1489 * @param string $tableprefix
1490 * @return string
1491 */
1492 function user_get_user_lastaccess_sql($accesssince = null, $tableprefix = 'u') {
1493 if (empty($accesssince)) {
1494 return '';
1495 }
1496
1497 if ($accesssince == -1) { // Never.
1498 return $tableprefix . '.lastaccess = 0';
1499 } else {
1500 return $tableprefix . '.lastaccess != 0 AND ' . $tableprefix . '.lastaccess < ' . $accesssince;
1501 }
1502 }
1503
1504 /**
1505 * Callback for inplace editable API.
1506 *
1507 * @param string $itemtype - Only user_roles is supported.
1508 * @param string $itemid - Courseid and userid separated by a :
1509 * @param string $newvalue - json encoded list of roleids.
1510 * @return \core\output\inplace_editable
1511 */
1512 function core_user_inplace_editable($itemtype, $itemid, $newvalue) {
1513 if ($itemtype === 'user_roles') {
1514 return \core_user\output\user_roles_editable::update($itemid, $newvalue);
1515 }
1516 }
1517
1518 /**
1519 * Map an internal field name to a valid purpose from: "https://www.w3.org/TR/WCAG21/#input-purposes"
1520 *
1521 * @param integer $userid
1522 * @param string $fieldname
1523 * @return string $purpose (empty string if there is no mapping).
1524 */
1525 function user_edit_map_field_purpose($userid, $fieldname) {
1526 global $USER;
1527
1528 $currentuser = ($userid == $USER->id) && !\core\session\manager::is_loggedinas();
1529 // These are the fields considered valid to map and auto fill from a browser.
1530 // We do not include fields that are in a collapsed section by default because
1531 // the browser could auto-fill the field and cause a new value to be saved when
1532 // that field was never visible.
1533 $validmappings = array(
1534 'username' => 'username',
1535 'password' => 'current-password',
1536 'firstname' => 'given-name',
1537 'lastname' => 'family-name',
1538 'middlename' => 'additional-name',
1539 'email' => 'email',
1540 'country' => 'country',
1541 'lang' => 'language'
1542 );
1543
1544 $purpose = '';
1545 // Only set a purpose when editing your own user details.
1546 if ($currentuser && isset($validmappings[$fieldname])) {
1547 $purpose = ' autocomplete="' . $validmappings[$fieldname] . '" ';
1548 }
1549
1550 return $purpose;
1551 }
Read-only mirror of the Moodle CVS