Merge branch 'MDL-54890-30' of git://github.com/danpoltawski/moodle into MOODLE_30_STABLE
[moodle.git] / user / lib.php
blob243db86c702bc68e32090694e734297584cab16d
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17 /**
18 * External user API
20 * @package core_user
21 * @copyright 2009 Moodle Pty Ltd (http://moodle.com)
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
26 /**
27 * Creates a user
29 * @throws moodle_exception
30 * @param stdClass $user user to create
31 * @param bool $updatepassword if true, authentication plugin will update password.
32 * @param bool $triggerevent set false if user_created event should not be triggred.
33 * This will not affect user_password_updated event triggering.
34 * @return int id of the newly created user
36 function user_create_user($user, $updatepassword = true, $triggerevent = true) {
37 global $CFG, $DB;
39 // Set the timecreate field to the current time.
40 if (!is_object($user)) {
41 $user = (object) $user;
44 // Check username.
45 if ($user->username !== core_text::strtolower($user->username)) {
46 throw new moodle_exception('usernamelowercase');
47 } else {
48 if ($user->username !== clean_param($user->username, PARAM_USERNAME)) {
49 throw new moodle_exception('invalidusername');
53 // Save the password in a temp value for later.
54 if ($updatepassword && isset($user->password)) {
56 // Check password toward the password policy.
57 if (!check_password_policy($user->password, $errmsg)) {
58 throw new moodle_exception($errmsg);
61 $userpassword = $user->password;
62 unset($user->password);
65 // Make sure calendartype, if set, is valid.
66 if (!empty($user->calendartype)) {
67 $availablecalendartypes = \core_calendar\type_factory::get_list_of_calendar_types();
68 if (empty($availablecalendartypes[$user->calendartype])) {
69 $user->calendartype = $CFG->calendartype;
71 } else {
72 $user->calendartype = $CFG->calendartype;
75 // Apply default values for user preferences that are stored in users table.
76 if (!isset($user->maildisplay)) {
77 $user->maildisplay = $CFG->defaultpreference_maildisplay;
79 if (!isset($user->mailformat)) {
80 $user->mailformat = $CFG->defaultpreference_mailformat;
82 if (!isset($user->maildigest)) {
83 $user->maildigest = $CFG->defaultpreference_maildigest;
85 if (!isset($user->autosubscribe)) {
86 $user->autosubscribe = $CFG->defaultpreference_autosubscribe;
88 if (!isset($user->trackforums)) {
89 $user->trackforums = $CFG->defaultpreference_trackforums;
91 if (!isset($user->lang)) {
92 $user->lang = $CFG->lang;
95 $user->timecreated = time();
96 $user->timemodified = $user->timecreated;
98 // Insert the user into the database.
99 $newuserid = $DB->insert_record('user', $user);
101 // Create USER context for this user.
102 $usercontext = context_user::instance($newuserid);
104 // Update user password if necessary.
105 if (isset($userpassword)) {
106 // Get full database user row, in case auth is default.
107 $newuser = $DB->get_record('user', array('id' => $newuserid));
108 $authplugin = get_auth_plugin($newuser->auth);
109 $authplugin->user_update_password($newuser, $userpassword);
112 // Trigger event If required.
113 if ($triggerevent) {
114 \core\event\user_created::create_from_userid($newuserid)->trigger();
117 return $newuserid;
121 * Update a user with a user object (will compare against the ID)
123 * @throws moodle_exception
124 * @param stdClass $user the user to update
125 * @param bool $updatepassword if true, authentication plugin will update password.
126 * @param bool $triggerevent set false if user_updated event should not be triggred.
127 * This will not affect user_password_updated event triggering.
129 function user_update_user($user, $updatepassword = true, $triggerevent = true) {
130 global $DB;
132 // Set the timecreate field to the current time.
133 if (!is_object($user)) {
134 $user = (object) $user;
137 // Check username.
138 if (isset($user->username)) {
139 if ($user->username !== core_text::strtolower($user->username)) {
140 throw new moodle_exception('usernamelowercase');
141 } else {
142 if ($user->username !== clean_param($user->username, PARAM_USERNAME)) {
143 throw new moodle_exception('invalidusername');
148 // Unset password here, for updating later, if password update is required.
149 if ($updatepassword && isset($user->password)) {
151 // Check password toward the password policy.
152 if (!check_password_policy($user->password, $errmsg)) {
153 throw new moodle_exception($errmsg);
156 $passwd = $user->password;
157 unset($user->password);
160 // Make sure calendartype, if set, is valid.
161 if (!empty($user->calendartype)) {
162 $availablecalendartypes = \core_calendar\type_factory::get_list_of_calendar_types();
163 // If it doesn't exist, then unset this value, we do not want to update the user's value.
164 if (empty($availablecalendartypes[$user->calendartype])) {
165 unset($user->calendartype);
167 } else {
168 // Unset this variable, must be an empty string, which we do not want to update the calendartype to.
169 unset($user->calendartype);
172 $user->timemodified = time();
173 $DB->update_record('user', $user);
175 if ($updatepassword) {
176 // Get full user record.
177 $updateduser = $DB->get_record('user', array('id' => $user->id));
179 // If password was set, then update its hash.
180 if (isset($passwd)) {
181 $authplugin = get_auth_plugin($updateduser->auth);
182 if ($authplugin->can_change_password()) {
183 $authplugin->user_update_password($updateduser, $passwd);
187 // Trigger event if required.
188 if ($triggerevent) {
189 \core\event\user_updated::create_from_userid($user->id)->trigger();
194 * Marks user deleted in internal user database and notifies the auth plugin.
195 * Also unenrols user from all roles and does other cleanup.
197 * @todo Decide if this transaction is really needed (look for internal TODO:)
198 * @param object $user Userobject before delete (without system magic quotes)
199 * @return boolean success
201 function user_delete_user($user) {
202 return delete_user($user);
206 * Get users by id
208 * @param array $userids id of users to retrieve
209 * @return array
211 function user_get_users_by_id($userids) {
212 global $DB;
213 return $DB->get_records_list('user', 'id', $userids);
217 * Returns the list of default 'displayable' fields
219 * Contains database field names but also names used to generate information, such as enrolledcourses
221 * @return array of user fields
223 function user_get_default_fields() {
224 return array( 'id', 'username', 'fullname', 'firstname', 'lastname', 'email',
225 'address', 'phone1', 'phone2', 'icq', 'skype', 'yahoo', 'aim', 'msn', 'department',
226 'institution', 'interests', 'firstaccess', 'lastaccess', 'auth', 'confirmed',
227 'idnumber', 'lang', 'theme', 'timezone', 'mailformat', 'description', 'descriptionformat',
228 'city', 'url', 'country', 'profileimageurlsmall', 'profileimageurl', 'customfields',
229 'groups', 'roles', 'preferences', 'enrolledcourses'
235 * Give user record from mdl_user, build an array contains all user details.
237 * Warning: description file urls are 'webservice/pluginfile.php' is use.
238 * it can be changed with $CFG->moodlewstextformatlinkstoimagesfile
240 * @throws moodle_exception
241 * @param stdClass $user user record from mdl_user
242 * @param stdClass $course moodle course
243 * @param array $userfields required fields
244 * @return array|null
246 function user_get_user_details($user, $course = null, array $userfields = array()) {
247 global $USER, $DB, $CFG, $PAGE;
248 require_once($CFG->dirroot . "/user/profile/lib.php"); // Custom field library.
249 require_once($CFG->dirroot . "/lib/filelib.php"); // File handling on description and friends.
251 $defaultfields = user_get_default_fields();
253 if (empty($userfields)) {
254 $userfields = $defaultfields;
257 foreach ($userfields as $thefield) {
258 if (!in_array($thefield, $defaultfields)) {
259 throw new moodle_exception('invaliduserfield', 'error', '', $thefield);
263 // Make sure id and fullname are included.
264 if (!in_array('id', $userfields)) {
265 $userfields[] = 'id';
268 if (!in_array('fullname', $userfields)) {
269 $userfields[] = 'fullname';
272 if (!empty($course)) {
273 $context = context_course::instance($course->id);
274 $usercontext = context_user::instance($user->id);
275 $canviewdetailscap = (has_capability('moodle/user:viewdetails', $context) || has_capability('moodle/user:viewdetails', $usercontext));
276 } else {
277 $context = context_user::instance($user->id);
278 $usercontext = $context;
279 $canviewdetailscap = has_capability('moodle/user:viewdetails', $usercontext);
282 $currentuser = ($user->id == $USER->id);
283 $isadmin = is_siteadmin($USER);
285 $showuseridentityfields = get_extra_user_fields($context);
287 if (!empty($course)) {
288 $canviewhiddenuserfields = has_capability('moodle/course:viewhiddenuserfields', $context);
289 } else {
290 $canviewhiddenuserfields = has_capability('moodle/user:viewhiddendetails', $context);
292 $canviewfullnames = has_capability('moodle/site:viewfullnames', $context);
293 if (!empty($course)) {
294 $canviewuseremail = has_capability('moodle/course:useremail', $context);
295 } else {
296 $canviewuseremail = false;
298 $cannotviewdescription = !empty($CFG->profilesforenrolledusersonly) && !$currentuser && !$DB->record_exists('role_assignments', array('userid' => $user->id));
299 if (!empty($course)) {
300 $canaccessallgroups = has_capability('moodle/site:accessallgroups', $context);
301 } else {
302 $canaccessallgroups = false;
305 if (!$currentuser && !$canviewdetailscap && !has_coursecontact_role($user->id)) {
306 // Skip this user details.
307 return null;
310 $userdetails = array();
311 $userdetails['id'] = $user->id;
313 if (in_array('username', $userfields)) {
314 if ($currentuser or has_capability('moodle/user:viewalldetails', $context)) {
315 $userdetails['username'] = $user->username;
318 if ($isadmin or $canviewfullnames) {
319 if (in_array('firstname', $userfields)) {
320 $userdetails['firstname'] = $user->firstname;
322 if (in_array('lastname', $userfields)) {
323 $userdetails['lastname'] = $user->lastname;
326 $userdetails['fullname'] = fullname($user);
328 if (in_array('customfields', $userfields)) {
329 $fields = $DB->get_recordset_sql("SELECT f.*
330 FROM {user_info_field} f
331 JOIN {user_info_category} c
332 ON f.categoryid=c.id
333 ORDER BY c.sortorder ASC, f.sortorder ASC");
334 $userdetails['customfields'] = array();
335 foreach ($fields as $field) {
336 require_once($CFG->dirroot.'/user/profile/field/'.$field->datatype.'/field.class.php');
337 $newfield = 'profile_field_'.$field->datatype;
338 $formfield = new $newfield($field->id, $user->id);
339 if ($formfield->is_visible() and !$formfield->is_empty()) {
341 // TODO: Part of MDL-50728, this conditional coding must be moved to
342 // proper profile fields API so they are self-contained.
343 // We only use display_data in fields that require text formatting.
344 if ($field->datatype == 'text' or $field->datatype == 'textarea') {
345 $fieldvalue = $formfield->display_data();
346 } else {
347 // Cases: datetime, checkbox and menu.
348 $fieldvalue = $formfield->data;
351 $userdetails['customfields'][] =
352 array('name' => $formfield->field->name, 'value' => $fieldvalue,
353 'type' => $field->datatype, 'shortname' => $formfield->field->shortname);
356 $fields->close();
357 // Unset customfields if it's empty.
358 if (empty($userdetails['customfields'])) {
359 unset($userdetails['customfields']);
363 // Profile image.
364 if (in_array('profileimageurl', $userfields)) {
365 $userpicture = new user_picture($user);
366 $userpicture->size = 1; // Size f1.
367 $userdetails['profileimageurl'] = $userpicture->get_url($PAGE)->out(false);
369 if (in_array('profileimageurlsmall', $userfields)) {
370 if (!isset($userpicture)) {
371 $userpicture = new user_picture($user);
373 $userpicture->size = 0; // Size f2.
374 $userdetails['profileimageurlsmall'] = $userpicture->get_url($PAGE)->out(false);
377 // Hidden user field.
378 if ($canviewhiddenuserfields) {
379 $hiddenfields = array();
380 // Address, phone1 and phone2 not appears in hidden fields list but require viewhiddenfields capability
381 // according to user/profile.php.
382 if ($user->address && in_array('address', $userfields)) {
383 $userdetails['address'] = $user->address;
385 } else {
386 $hiddenfields = array_flip(explode(',', $CFG->hiddenuserfields));
389 if ($user->phone1 && in_array('phone1', $userfields) &&
390 (in_array('phone1', $showuseridentityfields) or $canviewhiddenuserfields)) {
391 $userdetails['phone1'] = $user->phone1;
393 if ($user->phone2 && in_array('phone2', $userfields) &&
394 (in_array('phone2', $showuseridentityfields) or $canviewhiddenuserfields)) {
395 $userdetails['phone2'] = $user->phone2;
398 if (isset($user->description) &&
399 ((!isset($hiddenfields['description']) && !$cannotviewdescription) or $isadmin)) {
400 if (in_array('description', $userfields)) {
401 // Always return the descriptionformat if description is requested.
402 list($userdetails['description'], $userdetails['descriptionformat']) =
403 external_format_text($user->description, $user->descriptionformat,
404 $usercontext->id, 'user', 'profile', null);
408 if (in_array('country', $userfields) && (!isset($hiddenfields['country']) or $isadmin) && $user->country) {
409 $userdetails['country'] = $user->country;
412 if (in_array('city', $userfields) && (!isset($hiddenfields['city']) or $isadmin) && $user->city) {
413 $userdetails['city'] = $user->city;
416 if (in_array('url', $userfields) && $user->url && (!isset($hiddenfields['webpage']) or $isadmin)) {
417 $url = $user->url;
418 if (strpos($user->url, '://') === false) {
419 $url = 'http://'. $url;
421 $user->url = clean_param($user->url, PARAM_URL);
422 $userdetails['url'] = $user->url;
425 if (in_array('icq', $userfields) && $user->icq && (!isset($hiddenfields['icqnumber']) or $isadmin)) {
426 $userdetails['icq'] = $user->icq;
429 if (in_array('skype', $userfields) && $user->skype && (!isset($hiddenfields['skypeid']) or $isadmin)) {
430 $userdetails['skype'] = $user->skype;
432 if (in_array('yahoo', $userfields) && $user->yahoo && (!isset($hiddenfields['yahooid']) or $isadmin)) {
433 $userdetails['yahoo'] = $user->yahoo;
435 if (in_array('aim', $userfields) && $user->aim && (!isset($hiddenfields['aimid']) or $isadmin)) {
436 $userdetails['aim'] = $user->aim;
438 if (in_array('msn', $userfields) && $user->msn && (!isset($hiddenfields['msnid']) or $isadmin)) {
439 $userdetails['msn'] = $user->msn;
442 if (in_array('firstaccess', $userfields) && (!isset($hiddenfields['firstaccess']) or $isadmin)) {
443 if ($user->firstaccess) {
444 $userdetails['firstaccess'] = $user->firstaccess;
445 } else {
446 $userdetails['firstaccess'] = 0;
449 if (in_array('lastaccess', $userfields) && (!isset($hiddenfields['lastaccess']) or $isadmin)) {
450 if ($user->lastaccess) {
451 $userdetails['lastaccess'] = $user->lastaccess;
452 } else {
453 $userdetails['lastaccess'] = 0;
457 if (in_array('email', $userfields) && ($isadmin // The admin is allowed the users email.
458 or $currentuser // Of course the current user is as well.
459 or $canviewuseremail // This is a capability in course context, it will be false in usercontext.
460 or in_array('email', $showuseridentityfields)
461 or $user->maildisplay == 1
462 or ($user->maildisplay == 2 and enrol_sharing_course($user, $USER)))) {
463 $userdetails['email'] = $user->email;
466 if (in_array('interests', $userfields) && !empty($CFG->usetags)) {
467 require_once($CFG->dirroot . '/tag/lib.php');
468 if ($interests = tag_get_tags_csv('user', $user->id, TAG_RETURN_TEXT) ) {
469 $userdetails['interests'] = $interests;
473 // Departement/Institution/Idnumber are not displayed on any profile, however you can get them from editing profile.
474 if (in_array('idnumber', $userfields) && $user->idnumber) {
475 if (in_array('idnumber', $showuseridentityfields) or $currentuser or
476 has_capability('moodle/user:viewalldetails', $context)) {
477 $userdetails['idnumber'] = $user->idnumber;
480 if (in_array('institution', $userfields) && $user->institution) {
481 if (in_array('institution', $showuseridentityfields) or $currentuser or
482 has_capability('moodle/user:viewalldetails', $context)) {
483 $userdetails['institution'] = $user->institution;
486 // Isset because it's ok to have department 0.
487 if (in_array('department', $userfields) && isset($user->department)) {
488 if (in_array('department', $showuseridentityfields) or $currentuser or
489 has_capability('moodle/user:viewalldetails', $context)) {
490 $userdetails['department'] = $user->department;
494 if (in_array('roles', $userfields) && !empty($course)) {
495 // Not a big secret.
496 $roles = get_user_roles($context, $user->id, false);
497 $userdetails['roles'] = array();
498 foreach ($roles as $role) {
499 $userdetails['roles'][] = array(
500 'roleid' => $role->roleid,
501 'name' => $role->name,
502 'shortname' => $role->shortname,
503 'sortorder' => $role->sortorder
508 // If groups are in use and enforced throughout the course, then make sure we can meet in at least one course level group.
509 if (in_array('groups', $userfields) && !empty($course) && $canaccessallgroups) {
510 $usergroups = groups_get_all_groups($course->id, $user->id, $course->defaultgroupingid,
511 'g.id, g.name,g.description,g.descriptionformat');
512 $userdetails['groups'] = array();
513 foreach ($usergroups as $group) {
514 list($group->description, $group->descriptionformat) =
515 external_format_text($group->description, $group->descriptionformat,
516 $context->id, 'group', 'description', $group->id);
517 $userdetails['groups'][] = array('id' => $group->id, 'name' => $group->name,
518 'description' => $group->description, 'descriptionformat' => $group->descriptionformat);
521 // List of courses where the user is enrolled.
522 if (in_array('enrolledcourses', $userfields) && !isset($hiddenfields['mycourses'])) {
523 $enrolledcourses = array();
524 if ($mycourses = enrol_get_users_courses($user->id, true)) {
525 foreach ($mycourses as $mycourse) {
526 if ($mycourse->category) {
527 $coursecontext = context_course::instance($mycourse->id);
528 $enrolledcourse = array();
529 $enrolledcourse['id'] = $mycourse->id;
530 $enrolledcourse['fullname'] = format_string($mycourse->fullname, true, array('context' => $coursecontext));
531 $enrolledcourse['shortname'] = format_string($mycourse->shortname, true, array('context' => $coursecontext));
532 $enrolledcourses[] = $enrolledcourse;
535 $userdetails['enrolledcourses'] = $enrolledcourses;
539 // User preferences.
540 if (in_array('preferences', $userfields) && $currentuser) {
541 $preferences = array();
542 $userpreferences = get_user_preferences();
543 foreach ($userpreferences as $prefname => $prefvalue) {
544 $preferences[] = array('name' => $prefname, 'value' => $prefvalue);
546 $userdetails['preferences'] = $preferences;
549 return $userdetails;
553 * Tries to obtain user details, either recurring directly to the user's system profile
554 * or through one of the user's course enrollments (course profile).
556 * @param stdClass $user The user.
557 * @return array if unsuccessful or the allowed user details.
559 function user_get_user_details_courses($user) {
560 global $USER;
561 $userdetails = null;
563 // Get the courses that the user is enrolled in (only active).
564 $courses = enrol_get_users_courses($user->id, true);
566 $systemprofile = false;
567 if (can_view_user_details_cap($user) || ($user->id == $USER->id) || has_coursecontact_role($user->id)) {
568 $systemprofile = true;
571 // Try using system profile.
572 if ($systemprofile) {
573 $userdetails = user_get_user_details($user, null);
574 } else {
575 // Try through course profile.
576 foreach ($courses as $course) {
577 if (can_view_user_details_cap($user, $course) || ($user->id == $USER->id) || has_coursecontact_role($user->id)) {
578 $userdetails = user_get_user_details($user, $course);
583 return $userdetails;
587 * Check if $USER have the necessary capabilities to obtain user details.
589 * @param stdClass $user
590 * @param stdClass $course if null then only consider system profile otherwise also consider the course's profile.
591 * @return bool true if $USER can view user details.
593 function can_view_user_details_cap($user, $course = null) {
594 // Check $USER has the capability to view the user details at user context.
595 $usercontext = context_user::instance($user->id);
596 $result = has_capability('moodle/user:viewdetails', $usercontext);
597 // Otherwise can $USER see them at course context.
598 if (!$result && !empty($course)) {
599 $context = context_course::instance($course->id);
600 $result = has_capability('moodle/user:viewdetails', $context);
602 return $result;
606 * Return a list of page types
607 * @param string $pagetype current page type
608 * @param stdClass $parentcontext Block's parent context
609 * @param stdClass $currentcontext Current context of block
610 * @return array
612 function user_page_type_list($pagetype, $parentcontext, $currentcontext) {
613 return array('user-profile' => get_string('page-user-profile', 'pagetype'));
617 * Count the number of failed login attempts for the given user, since last successful login.
619 * @param int|stdclass $user user id or object.
620 * @param bool $reset Resets failed login count, if set to true.
622 * @return int number of failed login attempts since the last successful login.
624 function user_count_login_failures($user, $reset = true) {
625 global $DB;
627 if (!is_object($user)) {
628 $user = $DB->get_record('user', array('id' => $user), '*', MUST_EXIST);
630 if ($user->deleted) {
631 // Deleted user, nothing to do.
632 return 0;
634 $count = get_user_preferences('login_failed_count_since_success', 0, $user);
635 if ($reset) {
636 set_user_preference('login_failed_count_since_success', 0, $user);
638 return $count;
642 * Converts a string into a flat array of menu items, where each menu items is a
643 * stdClass with fields type, url, title, pix, and imgsrc.
645 * @param string $text the menu items definition
646 * @param moodle_page $page the current page
647 * @return array
649 function user_convert_text_to_menu_items($text, $page) {
650 global $OUTPUT, $CFG;
652 $lines = explode("\n", $text);
653 $items = array();
654 $lastchild = null;
655 $lastdepth = null;
656 $lastsort = 0;
657 $children = array();
658 foreach ($lines as $line) {
659 $line = trim($line);
660 $bits = explode('|', $line, 3);
661 $itemtype = 'link';
662 if (preg_match("/^#+$/", $line)) {
663 $itemtype = 'divider';
664 } else if (!array_key_exists(0, $bits) or empty($bits[0])) {
665 // Every item must have a name to be valid.
666 continue;
667 } else {
668 $bits[0] = ltrim($bits[0], '-');
671 // Create the child.
672 $child = new stdClass();
673 $child->itemtype = $itemtype;
674 if ($itemtype === 'divider') {
675 // Add the divider to the list of children and skip link
676 // processing.
677 $children[] = $child;
678 continue;
681 // Name processing.
682 $namebits = explode(',', $bits[0], 2);
683 if (count($namebits) == 2) {
684 // Check the validity of the identifier part of the string.
685 if (clean_param($namebits[0], PARAM_STRINGID) !== '') {
686 // Treat this as a language string.
687 $child->title = get_string($namebits[0], $namebits[1]);
690 if (empty($child->title)) {
691 // Use it as is, don't even clean it.
692 $child->title = $bits[0];
695 // URL processing.
696 if (!array_key_exists(1, $bits) or empty($bits[1])) {
697 // Set the url to null, and set the itemtype to invalid.
698 $bits[1] = null;
699 $child->itemtype = "invalid";
700 } else {
701 // Nasty hack to replace the grades with the direct url.
702 if (strpos($bits[1], '/grade/report/mygrades.php') !== false) {
703 $bits[1] = user_mygrades_url();
706 // Make sure the url is a moodle url.
707 $bits[1] = new moodle_url(trim($bits[1]));
709 $child->url = $bits[1];
711 // PIX processing.
712 $pixpath = "t/edit";
713 if (!array_key_exists(2, $bits) or empty($bits[2])) {
714 // Use the default.
715 $child->pix = $pixpath;
716 } else {
717 // Check for the specified image existing.
718 $pixpath = "t/" . $bits[2];
719 if ($page->theme->resolve_image_location($pixpath, 'moodle', true)) {
720 // Use the image.
721 $child->pix = $pixpath;
722 } else {
723 // Treat it like a URL.
724 $child->pix = null;
725 $child->imgsrc = $bits[2];
729 // Add this child to the list of children.
730 $children[] = $child;
732 return $children;
736 * Get a list of essential user navigation items.
738 * @param stdclass $user user object.
739 * @param moodle_page $page page object.
740 * @param array $options associative array.
741 * options are:
742 * - avatarsize=35 (size of avatar image)
743 * @return stdClass $returnobj navigation information object, where:
745 * $returnobj->navitems array array of links where each link is a
746 * stdClass with fields url, title, and
747 * pix
748 * $returnobj->metadata array array of useful user metadata to be
749 * used when constructing navigation;
750 * fields include:
752 * ROLE FIELDS
753 * asotherrole bool whether viewing as another role
754 * rolename string name of the role
756 * USER FIELDS
757 * These fields are for the currently-logged in user, or for
758 * the user that the real user is currently logged in as.
760 * userid int the id of the user in question
761 * userfullname string the user's full name
762 * userprofileurl moodle_url the url of the user's profile
763 * useravatar string a HTML fragment - the rendered
764 * user_picture for this user
765 * userloginfail string an error string denoting the number
766 * of login failures since last login
768 * "REAL USER" FIELDS
769 * These fields are for when asotheruser is true, and
770 * correspond to the underlying "real user".
772 * asotheruser bool whether viewing as another user
773 * realuserid int the id of the user in question
774 * realuserfullname string the user's full name
775 * realuserprofileurl moodle_url the url of the user's profile
776 * realuseravatar string a HTML fragment - the rendered
777 * user_picture for this user
779 * MNET PROVIDER FIELDS
780 * asmnetuser bool whether viewing as a user from an
781 * MNet provider
782 * mnetidprovidername string name of the MNet provider
783 * mnetidproviderwwwroot string URL of the MNet provider
785 function user_get_user_navigation_info($user, $page, $options = array()) {
786 global $OUTPUT, $DB, $SESSION, $CFG;
788 $returnobject = new stdClass();
789 $returnobject->navitems = array();
790 $returnobject->metadata = array();
792 $course = $page->course;
794 // Query the environment.
795 $context = context_course::instance($course->id);
797 // Get basic user metadata.
798 $returnobject->metadata['userid'] = $user->id;
799 $returnobject->metadata['userfullname'] = fullname($user, true);
800 $returnobject->metadata['userprofileurl'] = new moodle_url('/user/profile.php', array(
801 'id' => $user->id
804 $avataroptions = array('link' => false, 'visibletoscreenreaders' => false);
805 if (!empty($options['avatarsize'])) {
806 $avataroptions['size'] = $options['avatarsize'];
808 $returnobject->metadata['useravatar'] = $OUTPUT->user_picture (
809 $user, $avataroptions
811 // Build a list of items for a regular user.
813 // Query MNet status.
814 if ($returnobject->metadata['asmnetuser'] = is_mnet_remote_user($user)) {
815 $mnetidprovider = $DB->get_record('mnet_host', array('id' => $user->mnethostid));
816 $returnobject->metadata['mnetidprovidername'] = $mnetidprovider->name;
817 $returnobject->metadata['mnetidproviderwwwroot'] = $mnetidprovider->wwwroot;
820 // Did the user just log in?
821 if (isset($SESSION->justloggedin)) {
822 // Don't unset this flag as login_info still needs it.
823 if (!empty($CFG->displayloginfailures)) {
824 // We're already in /user/lib.php, so we don't need to include.
825 if ($count = user_count_login_failures($user)) {
827 // Get login failures string.
828 $a = new stdClass();
829 $a->attempts = html_writer::tag('span', $count, array('class' => 'value'));
830 $returnobject->metadata['userloginfail'] =
831 get_string('failedloginattempts', '', $a);
837 // Links: Dashboard.
838 $myhome = new stdClass();
839 $myhome->itemtype = 'link';
840 $myhome->url = new moodle_url('/my/');
841 $myhome->title = get_string('mymoodle', 'admin');
842 $myhome->pix = "i/course";
843 $returnobject->navitems[] = $myhome;
845 // Links: My Profile.
846 $myprofile = new stdClass();
847 $myprofile->itemtype = 'link';
848 $myprofile->url = new moodle_url('/user/profile.php', array('id' => $user->id));
849 $myprofile->title = get_string('profile');
850 $myprofile->pix = "i/user";
851 $returnobject->navitems[] = $myprofile;
853 // Links: Role-return or logout link.
854 $lastobj = null;
855 $buildlogout = true;
856 $returnobject->metadata['asotherrole'] = false;
857 if (is_role_switched($course->id)) {
858 if ($role = $DB->get_record('role', array('id' => $user->access['rsw'][$context->path]))) {
859 // Build role-return link instead of logout link.
860 $rolereturn = new stdClass();
861 $rolereturn->itemtype = 'link';
862 $rolereturn->url = new moodle_url('/course/switchrole.php', array(
863 'id' => $course->id,
864 'sesskey' => sesskey(),
865 'switchrole' => 0,
866 'returnurl' => $page->url->out_as_local_url(false)
868 $rolereturn->pix = "a/logout";
869 $rolereturn->title = get_string('switchrolereturn');
870 $lastobj = $rolereturn;
872 $returnobject->metadata['asotherrole'] = true;
873 $returnobject->metadata['rolename'] = role_get_name($role, $context);
875 $buildlogout = false;
879 if ($returnobject->metadata['asotheruser'] = \core\session\manager::is_loggedinas()) {
880 $realuser = \core\session\manager::get_realuser();
882 // Save values for the real user, as $user will be full of data for the
883 // user the user is disguised as.
884 $returnobject->metadata['realuserid'] = $realuser->id;
885 $returnobject->metadata['realuserfullname'] = fullname($realuser, true);
886 $returnobject->metadata['realuserprofileurl'] = new moodle_url('/user/profile.php', array(
887 'id' => $realuser->id
889 $returnobject->metadata['realuseravatar'] = $OUTPUT->user_picture($realuser, $avataroptions);
891 // Build a user-revert link.
892 $userrevert = new stdClass();
893 $userrevert->itemtype = 'link';
894 $userrevert->url = new moodle_url('/course/loginas.php', array(
895 'id' => $course->id,
896 'sesskey' => sesskey()
898 $userrevert->pix = "a/logout";
899 $userrevert->title = get_string('logout');
900 $lastobj = $userrevert;
902 $buildlogout = false;
905 if ($buildlogout) {
906 // Build a logout link.
907 $logout = new stdClass();
908 $logout->itemtype = 'link';
909 $logout->url = new moodle_url('/login/logout.php', array('sesskey' => sesskey()));
910 $logout->pix = "a/logout";
911 $logout->title = get_string('logout');
912 $lastobj = $logout;
915 // Before we add the last item (usually a logout link), add any
916 // custom-defined items.
917 $customitems = user_convert_text_to_menu_items($CFG->customusermenuitems, $page);
918 foreach ($customitems as $item) {
919 $returnobject->navitems[] = $item;
922 // Add the last item to the list.
923 if (!is_null($lastobj)) {
924 $returnobject->navitems[] = $lastobj;
927 return $returnobject;
931 * Add password to the list of used hashes for this user.
933 * This is supposed to be used from:
934 * 1/ change own password form
935 * 2/ password reset process
936 * 3/ user signup in auth plugins if password changing supported
938 * @param int $userid user id
939 * @param string $password plaintext password
940 * @return void
942 function user_add_password_history($userid, $password) {
943 global $CFG, $DB;
944 require_once($CFG->libdir.'/password_compat/lib/password.php');
946 if (empty($CFG->passwordreuselimit) or $CFG->passwordreuselimit < 0) {
947 return;
950 // Note: this is using separate code form normal password hashing because
951 // we need to have this under control in the future. Also the auth
952 // plugin might not store the passwords locally at all.
954 $record = new stdClass();
955 $record->userid = $userid;
956 $record->hash = password_hash($password, PASSWORD_DEFAULT);
957 $record->timecreated = time();
958 $DB->insert_record('user_password_history', $record);
960 $i = 0;
961 $records = $DB->get_records('user_password_history', array('userid' => $userid), 'timecreated DESC, id DESC');
962 foreach ($records as $record) {
963 $i++;
964 if ($i > $CFG->passwordreuselimit) {
965 $DB->delete_records('user_password_history', array('id' => $record->id));
971 * Was this password used before on change or reset password page?
973 * The $CFG->passwordreuselimit setting determines
974 * how many times different password needs to be used
975 * before allowing previously used password again.
977 * @param int $userid user id
978 * @param string $password plaintext password
979 * @return bool true if password reused
981 function user_is_previously_used_password($userid, $password) {
982 global $CFG, $DB;
983 require_once($CFG->libdir.'/password_compat/lib/password.php');
985 if (empty($CFG->passwordreuselimit) or $CFG->passwordreuselimit < 0) {
986 return false;
989 $reused = false;
991 $i = 0;
992 $records = $DB->get_records('user_password_history', array('userid' => $userid), 'timecreated DESC, id DESC');
993 foreach ($records as $record) {
994 $i++;
995 if ($i > $CFG->passwordreuselimit) {
996 $DB->delete_records('user_password_history', array('id' => $record->id));
997 continue;
999 // NOTE: this is slow but we cannot compare the hashes directly any more.
1000 if (password_verify($password, $record->hash)) {
1001 $reused = true;
1005 return $reused;
1009 * Remove a user device from the Moodle database (for PUSH notifications usually).
1011 * @param string $uuid The device UUID.
1012 * @param string $appid The app id. If empty all the devices matching the UUID for the user will be removed.
1013 * @return bool true if removed, false if the device didn't exists in the database
1014 * @since Moodle 2.9
1016 function user_remove_user_device($uuid, $appid = "") {
1017 global $DB, $USER;
1019 $conditions = array('uuid' => $uuid, 'userid' => $USER->id);
1020 if (!empty($appid)) {
1021 $conditions['appid'] = $appid;
1024 if (!$DB->count_records('user_devices', $conditions)) {
1025 return false;
1028 $DB->delete_records('user_devices', $conditions);
1030 return true;
1034 * Trigger user_list_viewed event.
1036 * @param stdClass $course course object
1037 * @param stdClass $context course context object
1038 * @since Moodle 2.9
1040 function user_list_view($course, $context) {
1042 $event = \core\event\user_list_viewed::create(array(
1043 'objectid' => $course->id,
1044 'courseid' => $course->id,
1045 'context' => $context,
1046 'other' => array(
1047 'courseshortname' => $course->shortname,
1048 'coursefullname' => $course->fullname
1051 $event->trigger();
1055 * Returns the url to use for the "Grades" link in the user navigation.
1057 * @param int $userid The user's ID.
1058 * @param int $courseid The course ID if available.
1059 * @return mixed A URL to be directed to for "Grades".
1061 function user_mygrades_url($userid = null, $courseid = SITEID) {
1062 global $CFG, $USER;
1063 $url = null;
1064 if (isset($CFG->grade_mygrades_report) && $CFG->grade_mygrades_report != 'external') {
1065 if (isset($userid) && $USER->id != $userid) {
1066 // Send to the gradebook report.
1067 $url = new moodle_url('/grade/report/' . $CFG->grade_mygrades_report . '/index.php',
1068 array('id' => $courseid, 'userid' => $userid));
1069 } else {
1070 $url = new moodle_url('/grade/report/' . $CFG->grade_mygrades_report . '/index.php');
1072 } else if (isset($CFG->grade_mygrades_report) && $CFG->grade_mygrades_report == 'external'
1073 && !empty($CFG->gradereport_mygradeurl)) {
1074 $url = $CFG->gradereport_mygradeurl;
1075 } else {
1076 $url = $CFG->wwwroot;
1078 return $url;
1082 * Check if a user has the permission to viewdetails in a shared course's context.
1084 * @param object $user The other user's details.
1085 * @param object $course Use this course to see if we have permission to see this user's profile.
1086 * @param context $usercontext The user context if available.
1087 * @return bool true for ability to view this user, else false.
1089 function user_can_view_profile($user, $course = null, $usercontext = null) {
1090 global $USER, $CFG;
1092 if ($user->deleted) {
1093 return false;
1096 // If any of these four things, return true.
1097 // Number 1.
1098 if ($USER->id == $user->id) {
1099 return true;
1102 // Number 2.
1103 if (empty($CFG->forceloginforprofiles)) {
1104 return true;
1107 if (empty($usercontext)) {
1108 $usercontext = context_user::instance($user->id);
1110 // Number 3.
1111 if (has_capability('moodle/user:viewdetails', $usercontext)) {
1112 return true;
1115 // Number 4.
1116 if (has_coursecontact_role($user->id)) {
1117 return true;
1120 if (isset($course)) {
1121 $sharedcourses = array($course);
1122 } else {
1123 $sharedcourses = enrol_get_shared_courses($USER->id, $user->id, true);
1125 foreach ($sharedcourses as $sharedcourse) {
1126 $coursecontext = context_course::instance($sharedcourse->id);
1127 if (has_capability('moodle/user:viewdetails', $coursecontext)) {
1128 if (!groups_user_groups_visible($sharedcourse, $user->id)) {
1129 // Not a member of the same group.
1130 continue;
1132 return true;
1135 return false;