user/editadvanced_form.php

   1 <?php
   2 // This file is part of Moodle - http://moodle.org/
   3 //
   4 // Moodle is free software: you can redistribute it and/or modify
   5 // it under the terms of the GNU General Public License as published by
   6 // the Free Software Foundation, either version 3 of the License, or
   7 // (at your option) any later version.
   8 //
   9 // Moodle is distributed in the hope that it will be useful,
  10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 // GNU General Public License for more details.
  13 //
  14 // You should have received a copy of the GNU General Public License
  15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * Form for editing a users profile
  19  *
  20  * @copyright 1999 Martin Dougiamas  http://dougiamas.com
  21  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  22  * @package core_user
  23  */
  24
  25 if (!defined('MOODLE_INTERNAL')) {
  26     die('Direct access to this script is forbidden.');    //  It must be included from a Moodle page.
  27 }
  28
  29 require_once($CFG->dirroot.'/lib/formslib.php');
  30
  31 /**
  32  * Class user_editadvanced_form.
  33  *
  34  * @copyright 1999 Martin Dougiamas  http://dougiamas.com
  35  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  36  */
  37 class user_editadvanced_form extends moodleform {
  38
  39     /**
  40      * Define the form.
  41      */
  42     public function definition() {
  43         global $USER, $CFG, $COURSE;
  44
  45         $mform = $this->_form;
  46         $editoroptions = null;
  47         $filemanageroptions = null;
  48
  49         if (!is_array($this->_customdata)) {
  50             throw new coding_exception('invalid custom data for user_edit_form');
  51         }
  52         $editoroptions = $this->_customdata['editoroptions'];
  53         $filemanageroptions = $this->_customdata['filemanageroptions'];
  54         $user = $this->_customdata['user'];
  55         $userid = $user->id;
  56
  57         // Accessibility: "Required" is bad legend text.
  58         $strgeneral  = get_string('general');
  59         $strrequired = get_string('required');
  60
  61         // Add some extra hidden fields.
  62         $mform->addElement('hidden', 'id');
  63         $mform->setType('id', core_user::get_property_type('id'));
  64         $mform->addElement('hidden', 'course', $COURSE->id);
  65         $mform->setType('course', PARAM_INT);
  66
  67         // Print the required moodle fields first.
  68         $mform->addElement('header', 'moodle', $strgeneral);
  69
  70         $auths = core_component::get_plugin_list('auth');
  71         $enabled = get_string('pluginenabled', 'core_plugin');
  72         $disabled = get_string('plugindisabled', 'core_plugin');
  73         $authoptions = array($enabled => array(), $disabled => array());
  74         $cannotchangepass = array();
  75         $cannotchangeusername = array();
  76         foreach ($auths as $auth => $unused) {
  77             $authinst = get_auth_plugin($auth);
  78
  79             if (!$authinst->is_internal()) {
  80                 $cannotchangeusername[] = $auth;
  81             }
  82
  83             $passwordurl = $authinst->change_password_url();
  84             if (!($authinst->can_change_password() && empty($passwordurl))) {
  85                 if ($userid < 1 and $authinst->is_internal()) {
  86                     // This is unlikely but we can not create account without password
  87                     // when plugin uses passwords, we need to set it initially at least.
  88                 } else {
  89                     $cannotchangepass[] = $auth;
  90                 }
  91             }
  92             if (is_enabled_auth($auth)) {
  93                 $authoptions[$enabled][$auth] = get_string('pluginname', "auth_{$auth}");
  94             } else {
  95                 $authoptions[$disabled][$auth] = get_string('pluginname', "auth_{$auth}");
  96             }
  97         }
  98
  99         $mform->addElement('text', 'username', get_string('username'), 'size="20"');
 100         $mform->addHelpButton('username', 'username', 'auth');
 101         $mform->setType('username', PARAM_RAW);
 102
 103         if ($userid !== -1) {
 104             $mform->disabledIf('username', 'auth', 'in', $cannotchangeusername);
 105         }
 106
 107         $mform->addElement('selectgroups', 'auth', get_string('chooseauthmethod', 'auth'), $authoptions);
 108         $mform->addHelpButton('auth', 'chooseauthmethod', 'auth');
 109
 110         $mform->addElement('advcheckbox', 'suspended', get_string('suspended', 'auth'));
 111         $mform->addHelpButton('suspended', 'suspended', 'auth');
 112
 113         $mform->addElement('checkbox', 'createpassword', get_string('createpassword', 'auth'));
 114         $mform->disabledIf('createpassword', 'auth', 'in', $cannotchangepass);
 115
 116         if (!empty($CFG->passwordpolicy)) {
 117             $mform->addElement('static', 'passwordpolicyinfo', '', print_password_policy());
 118         }
 119         $mform->addElement('passwordunmask', 'newpassword', get_string('newpassword'), 'size="20"');
 120         $mform->addHelpButton('newpassword', 'newpassword');
 121         $mform->setType('newpassword', core_user::get_property_type('password'));
 122         $mform->disabledIf('newpassword', 'createpassword', 'checked');
 123
 124         $mform->disabledIf('newpassword', 'auth', 'in', $cannotchangepass);
 125
 126         // Check if the user has active external tokens.
 127         if ($userid and empty($CFG->passwordchangetokendeletion)) {
 128             if ($tokens = webservice::get_active_tokens($userid)) {
 129                 $services = '';
 130                 foreach ($tokens as $token) {
 131                     $services .= format_string($token->servicename) . ',';
 132                 }
 133                 $services = get_string('userservices', 'webservice', rtrim($services, ','));
 134                 $mform->addElement('advcheckbox', 'signoutofotherservices', get_string('signoutofotherservices'), $services);
 135                 $mform->addHelpButton('signoutofotherservices', 'signoutofotherservices');
 136                 $mform->disabledIf('signoutofotherservices', 'newpassword', 'eq', '');
 137                 $mform->setDefault('signoutofotherservices', 1);
 138             }
 139         }
 140
 141         $mform->addElement('advcheckbox', 'preference_auth_forcepasswordchange', get_string('forcepasswordchange'));
 142         $mform->addHelpButton('preference_auth_forcepasswordchange', 'forcepasswordchange');
 143         $mform->disabledIf('preference_auth_forcepasswordchange', 'createpassword', 'checked');
 144
 145         // Shared fields.
 146         useredit_shared_definition($mform, $editoroptions, $filemanageroptions, $user);
 147
 148         // Next the customisable profile fields.
 149         profile_definition($mform, $userid);
 150
 151         if ($userid == -1) {
 152             $btnstring = get_string('createuser');
 153         } else {
 154             $btnstring = get_string('updatemyprofile');
 155         }
 156
 157         $this->add_action_buttons(false, $btnstring);
 158
 159         $this->set_data($user);
 160     }
 161
 162     /**
 163      * Extend the form definition after data has been parsed.
 164      */
 165     public function definition_after_data() {
 166         global $USER, $CFG, $DB, $OUTPUT;
 167
 168         $mform = $this->_form;
 169
 170         // Trim required name fields.
 171         foreach (useredit_get_required_name_fields() as $field) {
 172             $mform->applyFilter($field, 'trim');
 173         }
 174
 175         if ($userid = $mform->getElementValue('id')) {
 176             $user = $DB->get_record('user', array('id' => $userid));
 177         } else {
 178             $user = false;
 179         }
 180
 181         // User can not change own auth method.
 182         if ($userid == $USER->id) {
 183             $mform->hardFreeze('auth');
 184             $mform->hardFreeze('preference_auth_forcepasswordchange');
 185         }
 186
 187         // Admin must choose some password and supply correct email.
 188         if (!empty($USER->newadminuser)) {
 189             $mform->addRule('newpassword', get_string('required'), 'required', null, 'client');
 190             if ($mform->elementExists('suspended')) {
 191                 $mform->removeElement('suspended');
 192             }
 193         }
 194
 195         // Require password for new users.
 196         if ($userid > 0) {
 197             if ($mform->elementExists('createpassword')) {
 198                 $mform->removeElement('createpassword');
 199             }
 200         }
 201
 202         if ($user and is_mnet_remote_user($user)) {
 203             // Only local accounts can be suspended.
 204             if ($mform->elementExists('suspended')) {
 205                 $mform->removeElement('suspended');
 206             }
 207         }
 208         if ($user and ($user->id == $USER->id or is_siteadmin($user))) {
 209             // Prevent self and admin mess ups.
 210             if ($mform->elementExists('suspended')) {
 211                 $mform->hardFreeze('suspended');
 212             }
 213         }
 214
 215         // Print picture.
 216         if (empty($USER->newadminuser)) {
 217             if ($user) {
 218                 $context = context_user::instance($user->id, MUST_EXIST);
 219                 $fs = get_file_storage();
 220                 $hasuploadedpicture = ($fs->file_exists($context->id, 'user', 'icon', 0, '/', 'f2.png') || $fs->file_exists($context->id, 'user', 'icon', 0, '/', 'f2.jpg'));
 221                 if (!empty($user->picture) && $hasuploadedpicture) {
 222                     $imagevalue = $OUTPUT->user_picture($user, array('courseid' => SITEID, 'size' => 64));
 223                 } else {
 224                     $imagevalue = get_string('none');
 225                 }
 226             } else {
 227                 $imagevalue = get_string('none');
 228             }
 229             $imageelement = $mform->getElement('currentpicture');
 230             $imageelement->setValue($imagevalue);
 231
 232             if ($user && $mform->elementExists('deletepicture') && !$hasuploadedpicture) {
 233                 $mform->removeElement('deletepicture');
 234             }
 235         }
 236
 237         // Next the customisable profile fields.
 238         profile_definition_after_data($mform, $userid);
 239     }
 240
 241     /**
 242      * Validate the form data.
 243      * @param array $usernew
 244      * @param array $files
 245      * @return array|bool
 246      */
 247     public function validation($usernew, $files) {
 248         global $CFG, $DB;
 249
 250         $usernew = (object)$usernew;
 251         $usernew->username = trim($usernew->username);
 252
 253         $user = $DB->get_record('user', array('id' => $usernew->id));
 254         $err = array();
 255
 256         if (!$user and !empty($usernew->createpassword)) {
 257             if ($usernew->suspended) {
 258                 // Show some error because we can not mail suspended users.
 259                 $err['suspended'] = get_string('error');
 260             }
 261         } else {
 262             if (!empty($usernew->newpassword)) {
 263                 $errmsg = ''; // Prevent eclipse warning.
 264                 if (!check_password_policy($usernew->newpassword, $errmsg)) {
 265                     $err['newpassword'] = $errmsg;
 266                 }
 267             } else if (!$user) {
 268                 $auth = get_auth_plugin($usernew->auth);
 269                 if ($auth->is_internal()) {
 270                     // Internal accounts require password!
 271                     $err['newpassword'] = get_string('required');
 272                 }
 273             }
 274         }
 275
 276         if (empty($usernew->username)) {
 277             // Might be only whitespace.
 278             $err['username'] = get_string('required');
 279         } else if (!$user or $user->username !== $usernew->username) {
 280             // Check new username does not exist.
 281             if ($DB->record_exists('user', array('username' => $usernew->username, 'mnethostid' => $CFG->mnet_localhost_id))) {
 282                 $err['username'] = get_string('usernameexists');
 283             }
 284             // Check allowed characters.
 285             if ($usernew->username !== core_text::strtolower($usernew->username)) {
 286                 $err['username'] = get_string('usernamelowercase');
 287             } else {
 288                 if ($usernew->username !== core_user::clean_field($usernew->username, 'username')) {
 289                     $err['username'] = get_string('invalidusername');
 290                 }
 291             }
 292         }
 293
 294         if (!$user or (isset($usernew->email) && $user->email !== $usernew->email)) {
 295             if (!validate_email($usernew->email)) {
 296                 $err['email'] = get_string('invalidemail');
 297             } else if (empty($CFG->allowaccountssameemail)
 298                     and $DB->record_exists('user', array('email' => $usernew->email, 'mnethostid' => $CFG->mnet_localhost_id))) {
 299                 $err['email'] = get_string('emailexists');
 300             }
 301         }
 302
 303         // Next the customisable profile fields.
 304         $err += profile_validation($usernew, $files);
 305
 306         if (count($err) == 0) {
 307             return true;
 308         } else {
 309             return $err;
 310         }
 311     }
 312 }
 313
 314