search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix for missing "reply" links for guests doh! MDL-7393
[moodle.git] / user / edit.php
blob918532854823c8c0ff3215750619d986275e138f
1 <?php // $Id$
2
3 require_once("../config.php");
4 require_once("$CFG->libdir/gdlib.php");
5
6 $id = optional_param('id', 0, PARAM_INT); // user id
7 $course = optional_param('course', SITEID, PARAM_INT); // course id (defaults to Site)
8
9 if (empty($id)) { // See your own profile by default
10 require_login();
11 $id = $USER->id;
12 }
13
14 if (! $user = get_record("user", "id", $id)) {
15 error("User ID was incorrect");
16 }
17
18 if (! $course = get_record("course", "id", $course)) {
19 error("Course ID was incorrect");
20 }
21
22 if ($user->confirmed and user_not_fully_set_up($user)) {
23 // Special case which can only occur when a new account
24 // has just been created by EXTERNAL authentication
25 // This is the only page in Moodle that has the exception
26 // so that users can set up their accounts
27 $newaccount = true;
28
29 if (empty($USER->id)) {
30 error("Sessions don't seem to be working on this server!");
31 }
32
33 } else {
34 $newaccount = false;
35 require_login($course->id);
36 }
37
38 if ($USER->id <> $user->id) { // Current user editing someone else's profile
39 if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) { // Current user can update user profiles
40 if ($mainadmin = get_admin()) {
41 if ($user->id == $mainadmin->id) { // Can't edit primary admin
42 print_error('adminprimarynoedit');
43 }
44 }
45 } else {
46 print_error('onlyeditown');
47 }
48 }
49
50 if (isguest()) {
51 print_error('guestnoeditprofile');
52 }
53
54 if (isguest($user->id)) {
55 print_error('guestnoeditprofileother');
56 }
57
58
59 // load the relevant auth libraries
60 if (!empty($user->auth)) {
61 $auth = $user->auth;
62 if (!file_exists("$CFG->dirroot/auth/$auth/lib.php")) {
63 trigger_error("Can't find auth module $auth , default to internal.");
64 $auth = "manual"; // Can't find auth module, default to internal
65 }
66 require_once("$CFG->dirroot/auth/$auth/lib.php");
67 }
68
69
70 /// If data submitted, then process and store.
71
72 if ($usernew = data_submitted()) {
73
74 $context = get_context_instance(CONTEXT_SYSTEM, SITEID);
75 // if userid = x and name = changeme then we are adding 1
76 // else we are editting one
77 $dummyuser = get_record('user','id', $id);
78
79 if ($dummyuser->username == 'changeme') { // check for add user
80 require_capability('moodle/user:create', $context);
81 } else {
82 if ($USER->id <> $usernew->id and !has_capability('moodle/user:update', $context)) { // check for edit
83 print_error('onlyeditown');
84 }
85 }
86
87 if (isset($usernew->password)) {
88 unset($usernew->password);
89 }
90
91 // data cleanup
92 // username is validated in find_form_errors
93 $usernew->country = clean_param($usernew->country, PARAM_ALPHA);
94 $usernew->lang = clean_param($usernew->lang, PARAM_FILE);
95 $usernew->url = clean_param($usernew->url, PARAM_URL);
96 $usernew->icq = clean_param($usernew->icq, PARAM_INT);
97 if (!$usernew->icq) {
98 $usernew->icq = '';
99 }
100 $usernew->skype = clean_param($usernew->skype, PARAM_CLEAN);
101 $usernew->yahoo = clean_param($usernew->yahoo, PARAM_CLEAN);
102 $usernew->aim = clean_param($usernew->aim, PARAM_CLEAN);
103 $usernew->msn = clean_param($usernew->msn, PARAM_CLEAN);
104
105 $usernew->maildisplay = clean_param($usernew->maildisplay, PARAM_INT);
106 $usernew->mailformat = clean_param($usernew->mailformat, PARAM_INT);
107 if (!empty($CFG->unicodedb) && $CFG->allowusermailcharset) {
108 $usernew->mailcharset = clean_param($usernew->mailcharset, PARAM_CLEAN);
109 if (!empty($usernew->mailcharset)) {
110 set_user_preference('mailcharset', $usernew->mailcharset, $user->id);
111 } else {
112 unset_user_preference('mailcharset', $user->id);
113 }
114 } else {
115 unset_user_preference('mailcharset', $user->id);
116 }
117 if (empty($CFG->enableajax)) {
118 unset($usernew->ajax);
119 }
120
121 $usernew->maildigest = clean_param($usernew->maildigest, PARAM_INT);
122 $usernew->autosubscribe = clean_param($usernew->autosubscribe, PARAM_INT);
123 if (!empty($CFG->htmleditor)) {
124 $usernew->htmleditor = clean_param($usernew->htmleditor, PARAM_INT);
125 }
126 else {
127 unset( $usernew->htmleditor );
128 }
129 $usernew->emailstop = clean_param($usernew->emailstop, PARAM_INT);
130
131 if (isset($usernew->timezone)) {
132 if ($CFG->forcetimezone != 99) { // Don't allow changing this in any way
133 unset($usernew->timezone);
134 } else { // Clean up the data a bit, just in case of injections
135 $usernew->timezone = clean_param($usernew->timezone, PARAM_PATH); //not a path, but it looks like it anyway
136 }
137 }
138
139 foreach ($usernew as $key => $data) {
140 $usernew->$key = addslashes(clean_text(stripslashes(trim($usernew->$key)), FORMAT_MOODLE));
141 }
142
143 $usernew->firstname = strip_tags($usernew->firstname);
144 $usernew->lastname = strip_tags($usernew->lastname);
145
146 if (isset($usernew->username)) {
147 $usernew->username = moodle_strtolower($usernew->username);
148 }
149
150 if (!empty($_FILES) and !(empty($CFG->disableuserimages) or has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID)))) {
151 error('Users can not update profile images!');
152 }
153
154 require_once($CFG->dirroot.'/lib/uploadlib.php');
155 $um = new upload_manager('imagefile',false,false,null,false,0,true,true);
156
157 // override locked values
158 if (!has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
159 $fields = get_user_fieldnames();
160 $authconfig = get_config( 'auth/' . $user->auth );
161 foreach ($fields as $field) {
162 $configvariable = 'field_lock_' . $field;
163 if ( empty($authconfig->{$configvariable}) ) {
164 continue; //no locking set
165 }
166 if ( $authconfig->{$configvariable} === 'locked'
167 || ($authconfig->{$configvariable} === 'unlockedifempty' && !empty($user->$field)) ) {
168 if (!empty( $user->$field)) {
169 $usernew->$field = $user->$field;
170 }
171 }
172 }
173 unset($fields);
174 unset($field);
175 unset($configvariable);
176 }
177 if (find_form_errors($user, $usernew, $err, $um)) {
178 if (empty($err['imagefile']) && $usernew->picture = save_profile_image($user->id, $um,'users')) {
179 set_field('user', 'picture', $usernew->picture, 'id', $user->id); /// Note picture in DB
180 } else {
181 if (!empty($usernew->deletepicture)) {
182 set_field('user', 'picture', 0, 'id', $user->id); /// Delete picture
183 $usernew->picture = 0;
184 }
185 }
186
187 $usernew->auth = $user->auth;
188 $user = $usernew;
189
190 } else {
191 $timenow = time();
192
193 if (!$usernew->picture = save_profile_image($user->id,$um,'users')) {
194 if (!empty($usernew->deletepicture)) {
195 set_field('user', 'picture', 0, 'id', $user->id); /// Delete picture
196 $usernew->picture = 0;
197 } else {
198 $usernew->picture = $user->picture;
199 }
200 }
201
202 $usernew->timemodified = time();
203
204 if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
205 if (!empty($usernew->newpassword)) {
206 $usernew->password = hash_internal_user_password($usernew->newpassword);
207 // update external passwords
208 if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) {
209 if (function_exists('auth_user_update_password')){
210 if (!auth_user_update_password($user->username, $usernew->newpassword)){
211 error('Failed to update password on external auth: ' . $user->auth .
212 '. See the server logs for more details.');
213 }
214 } else {
215 error('Your external authentication module is misconfigued!');
216 }
217 }
218 }
219 // store forcepasswordchange in user's preferences
220 if (!empty($usernew->forcepasswordchange)){
221 set_user_preference('auth_forcepasswordchange', 1, $user->id);
222 } else {
223 unset_user_preference('auth_forcepasswordchange', $user->id);
224 }
225 } else {
226 if (isset($usernew->newpassword)) {
227 error("You can not change the password like that");
228 }
229 }
230 if ($usernew->url and !(substr($usernew->url, 0, 4) == "http")) {
231 $usernew->url = "http://".$usernew->url;
232 }
233
234 $userold = get_record('user','id',$usernew->id);
235 if (update_record("user", $usernew)) {
236 if (function_exists("auth_user_update")){
237 // pass a true $userold here
238 if (!auth_user_update($userold, $usernew)) {
239 // auth update failed, rollback for moodle
240 update_record("user", $userold);
241 error('Failed to update user data on external auth: '.$user->auth.
242 '. See the server logs for more details.');
243 }
244 };
245
246 if ($userold->email != $usernew->email) {
247 set_bounce_count($usernew,true);
248 set_send_count($usernew,true);
249 }
250
251 /// Update forum track preference.
252 if (($usernew->trackforums != $userold->trackforums) && !$usernew->trackforums) {
253 require_once($CFG->dirroot.'/mod/forum/lib.php');
254 forum_tp_delete_read_records($usernew->id);
255 }
256
257 add_to_log($course->id, "user", "update", "view.php?id=$user->id&course=$course->id", "");
258
259 if ($user->id == $USER->id) {
260 // Copy data into $USER session variable
261 $usernew = (array)$usernew;
262 foreach ($usernew as $variable => $value) {
263 $USER->$variable = stripslashes($value);
264 }
265 if (isset($USER->newadminuser)) {
266 unset($USER->newadminuser);
267 // redirect to admin/ to continue with installation
268 redirect("$CFG->wwwroot/$CFG->admin/");
269 }
270 if (!empty($SESSION->wantsurl)) { // User may have been forced to edit account, so let's
271 // send them to where they wanted to go originally
272 $wantsurl = $SESSION->wantsurl;
273 $SESSION->wantsurl = ''; // In case unset doesn't work as expected
274 unset($SESSION->wantsurl);
275 redirect($wantsurl);
276 } else {
277 redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id");
278 }
279 } else {
280 redirect("$CFG->wwwroot/$CFG->admin/user.php");
281 }
282 } else {
283 error("Could not update the user record ($user->id)");
284 }
285 }
286 }
287
288 /// Otherwise fill and print the form.
289
290 $usehtmleditor = can_use_html_editor();
291
292 //temporary hack to disable htmleditor in IE when loginhttps on and wwwroot starts with http://
293 //see bug #5534
294 if (!empty($CFG->loginhttps) and check_browser_version('MSIE', 5.5) and (strpos($CFG->wwwroot, 'http://') === 0)) {
295 $usehtmleditor = false;
296 }
297
298 $streditmyprofile = get_string("editmyprofile");
299 $strparticipants = get_string("participants");
300 $strnewuser = get_string("newuser");
301
302 if (over_bounce_threshold($user) && empty($err['email'])) {
303 $err['email'] = get_string('toomanybounces');
304 }
305
306 if (($user->firstname and $user->lastname) or $newaccount) {
307 if ($newaccount) {
308 $userfullname = $strnewuser;
309 } else {
310 $userfullname = fullname($user, has_capability('moodle/site:viewfullnames', get_context_instance(CONTEXT_COURSE, $course->id)));
311 }
312 if ($course->category) {
313 print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile",
314 "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a>
315 -> <a href=\"index.php?id=$course->id\">$strparticipants</a>
316 -> <a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a>
317 -> $streditmyprofile", "");
318 } else {
319 if (isset($USER->newadminuser)) {
320 print_header();
321 } else {
322 print_header("$course->shortname: $streditmyprofile", "$course->fullname",
323 "<a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a>
324 -> $streditmyprofile", "");
325 }
326 }
327 } else {
328 $userfullname = $strnewuser;
329 $straddnewuser = get_string("addnewuser");
330
331 $stradministration = get_string("administration");
332 print_header("$course->shortname: $streditmyprofile", "$course->fullname",
333 "<a href=\"$CFG->wwwroot/$CFG->admin/\">$stradministration</a> -> $straddnewuser", "");
334 }
335
336
337 if (isset($USER->newadminuser)) {
338 print_simple_box(get_string('configintroadmin', 'admin'), 'center', '50%');
339 echo '<br />';
340 } else {
341 /// Print tabs at top
342 /// This same call is made in:
343 /// /user/view.php
344 /// /user/edit.php
345 /// /course/user.php
346 $showroles = 1;
347 $currenttab = 'editprofile';
348 include('tabs.php');
349 }
350
351 print_simple_box_start("center");
352
353 if (!empty($err)) {
354 echo "<center>";
355 notify(get_string("someerrorswerefound"));
356 echo "</center>";
357 }
358
359 $teacher = $course->teacher;
360 if (!has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
361 $teacheronly = '('.get_string('teacheronly', '', $teacher).')';
362 } else {
363 $teacheronly = '';
364 }
365
366 include("edit.html");
367
368 if (!has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) { /// Lock all the locked fields using Javascript
369 $fields = get_user_fieldnames();
370
371 echo '<script type="text/javascript">'."\n";
372 echo '<!--'."\n";
373
374 $authconfig = get_config( 'auth/' . $user->auth );
375
376 foreach ($fields as $field) {
377 $configvariable = 'field_lock_' . $field;
378 if (isset($authconfig->{$configvariable})) {
379 if ( $authconfig->{$configvariable} === 'locked'
380 || ($authconfig->{$configvariable} === 'unlockedifempty' && !empty($user->$field)) ) {
381 echo "eval('document.form.$field.disabled=true');\n";
382 }
383 }
384 }
385
386 echo '-->'."\n";
387 echo '</script>'."\n";
388 }
389
390 print_simple_box_end();
391
392 if ($usehtmleditor) {
393 use_html_editor("description");
394 }
395
396 if (!isset($USER->newadminuser)) {
397 print_footer($course);
398 }
399
400 exit;
401
402
403
404 /// FUNCTIONS ////////////////////
405
406 function find_form_errors(&$user, &$usernew, &$err, &$um) {
407 global $CFG;
408
409 if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
410 if (empty($usernew->username)) {
411 $err["username"] = get_string("missingusername");
412
413 } else if (record_exists("user", "username", $usernew->username) and $user->username == "changeme") {
414 $err["username"] = get_string("usernameexists");
415
416 } else {
417 if (empty($CFG->extendedusernamechars)) {
418 $string = eregi_replace("[^(-\.[:alnum:])]", "", $usernew->username);
419 if (strcmp($usernew->username, $string)) {
420 $err["username"] = get_string("alphanumerical");
421 }
422 }
423 }
424
425 if (empty($usernew->newpassword) and empty($user->password) and is_internal_auth() )
426 $err["newpassword"] = get_string("missingpassword");
427
428 if (($usernew->newpassword == "admin") or ($user->password == md5("admin") and empty($usernew->newpassword)) ) {
429 $err["newpassword"] = get_string("unsafepassword");
430 }
431 }
432
433 if (empty($usernew->email))
434 $err["email"] = get_string("missingemail");
435
436 if (over_bounce_threshold($user) && $user->email == $usernew->email)
437 $err['email'] = get_string('toomanybounces');
438
439 if (empty($usernew->description) and !has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID)))
440 $err["description"] = get_string("missingdescription");
441
442 if (empty($usernew->city))
443 $err["city"] = get_string("missingcity");
444
445 if (empty($usernew->firstname))
446 $err["firstname"] = get_string("missingfirstname");
447
448 if (empty($usernew->lastname))
449 $err["lastname"] = get_string("missinglastname");
450
451 if (empty($usernew->country))
452 $err["country"] = get_string("missingcountry");
453
454 if (! validate_email($usernew->email)) {
455 $err["email"] = get_string("invalidemail");
456
457 } else if ($otheruser = get_record("user", "email", $usernew->email)) {
458 if ($otheruser->id <> $user->id) {
459 $err["email"] = get_string("emailexists");
460 }
461 }
462
463 if (empty($err["email"]) and !has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM, SITEID))) {
464 if ($error = email_is_not_allowed($usernew->email)) {
465 $err["email"] = $error;
466 }
467 }
468
469 if (!$um->preprocess_files()) {
470 $err['imagefile'] = $um->notify;
471 }
472
473 $user->email = $usernew->email;
474
475 return count($err);
476 }
477
478
479 ?>
Read-only mirror of the Moodle CVS