3 require_once("../config.php");
4 require_once("$CFG->libdir/gdlib.php");
6 $id = optional_param('id', 0, PARAM_INT
); // user id
7 $course = optional_param('course', SITEID
, PARAM_INT
); // course id (defaults to Site)
9 if (empty($id)) { // See your own profile by default
14 if (! $user = get_record("user", "id", $id)) {
15 error("User ID was incorrect");
18 if (! $course = get_record("course", "id", $course)) {
19 error("Course ID was incorrect");
22 if ($user->confirmed
and user_not_fully_set_up($user)) {
23 // Special case which can only occur when a new account
24 // has just been created by EXTERNAL authentication
25 // This is the only page in Moodle that has the exception
26 // so that users can set up their accounts
29 if (empty($USER->id
)) {
30 error("Sessions don't seem to be working on this server!");
35 require_login($course->id
);
38 if ($USER->id
<> $user->id
) { // Current user editing someone else's profile
39 if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM
, SITEID
))) { // Current user can update user profiles
40 if ($mainadmin = get_admin()) {
41 if ($user->id
== $mainadmin->id
) { // Can't edit primary admin
42 print_error('adminprimarynoedit');
46 print_error('onlyeditown');
51 print_error('guestnoeditprofile');
54 if (isguest($user->id
)) {
55 print_error('guestnoeditprofileother');
59 // load the relevant auth libraries
60 if (!empty($user->auth
)) {
62 if (!file_exists("$CFG->dirroot/auth/$auth/lib.php")) {
63 trigger_error("Can't find auth module $auth , default to internal.");
64 $auth = "manual"; // Can't find auth module, default to internal
66 require_once("$CFG->dirroot/auth/$auth/lib.php");
70 /// If data submitted, then process and store.
72 if ($usernew = data_submitted()) {
74 $context = get_context_instance(CONTEXT_SYSTEM
, SITEID
);
75 // if userid = x and name = changeme then we are adding 1
76 // else we are editting one
77 $dummyuser = get_record('user','id', $id);
79 if ($dummyuser->username
== 'changeme') { // check for add user
80 require_capability('moodle/user:create', $context);
82 if ($USER->id
<> $usernew->id
and !has_capability('moodle/user:update', $context)) { // check for edit
83 print_error('onlyeditown');
87 if (isset($usernew->password
)) {
88 unset($usernew->password
);
92 // username is validated in find_form_errors
93 $usernew->country
= clean_param($usernew->country
, PARAM_ALPHA
);
94 $usernew->lang
= clean_param($usernew->lang
, PARAM_FILE
);
95 $usernew->url
= clean_param($usernew->url
, PARAM_URL
);
96 $usernew->icq
= clean_param($usernew->icq
, PARAM_INT
);
100 $usernew->skype
= clean_param($usernew->skype
, PARAM_CLEAN
);
101 $usernew->yahoo
= clean_param($usernew->yahoo
, PARAM_CLEAN
);
102 $usernew->aim
= clean_param($usernew->aim
, PARAM_CLEAN
);
103 $usernew->msn
= clean_param($usernew->msn
, PARAM_CLEAN
);
105 $usernew->maildisplay
= clean_param($usernew->maildisplay
, PARAM_INT
);
106 $usernew->mailformat
= clean_param($usernew->mailformat
, PARAM_INT
);
107 if (!empty($CFG->unicodedb
) && $CFG->allowusermailcharset
) {
108 $usernew->mailcharset
= clean_param($usernew->mailcharset
, PARAM_CLEAN
);
109 if (!empty($usernew->mailcharset
)) {
110 set_user_preference('mailcharset', $usernew->mailcharset
, $user->id
);
112 unset_user_preference('mailcharset', $user->id
);
115 unset_user_preference('mailcharset', $user->id
);
117 if (empty($CFG->enableajax
)) {
118 unset($usernew->ajax
);
121 $usernew->maildigest
= clean_param($usernew->maildigest
, PARAM_INT
);
122 $usernew->autosubscribe
= clean_param($usernew->autosubscribe
, PARAM_INT
);
123 if (!empty($CFG->htmleditor
)) {
124 $usernew->htmleditor
= clean_param($usernew->htmleditor
, PARAM_INT
);
127 unset( $usernew->htmleditor
);
129 $usernew->emailstop
= clean_param($usernew->emailstop
, PARAM_INT
);
131 if (isset($usernew->timezone
)) {
132 if ($CFG->forcetimezone
!= 99) { // Don't allow changing this in any way
133 unset($usernew->timezone
);
134 } else { // Clean up the data a bit, just in case of injections
135 $usernew->timezone
= clean_param($usernew->timezone
, PARAM_PATH
); //not a path, but it looks like it anyway
139 foreach ($usernew as $key => $data) {
140 $usernew->$key = addslashes(clean_text(stripslashes(trim($usernew->$key)), FORMAT_MOODLE
));
143 $usernew->firstname
= strip_tags($usernew->firstname
);
144 $usernew->lastname
= strip_tags($usernew->lastname
);
146 if (isset($usernew->username
)) {
147 $usernew->username
= moodle_strtolower($usernew->username
);
150 if (!empty($_FILES) and !(empty($CFG->disableuserimages
) or has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM
, SITEID
)))) {
151 error('Users can not update profile images!');
154 require_once($CFG->dirroot
.'/lib/uploadlib.php');
155 $um = new upload_manager('imagefile',false,false,null,false,0,true,true);
157 // override locked values
158 if (!has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM
, SITEID
))) {
159 $fields = get_user_fieldnames();
160 $authconfig = get_config( 'auth/' . $user->auth
);
161 foreach ($fields as $field) {
162 $configvariable = 'field_lock_' . $field;
163 if ( empty($authconfig->{$configvariable}) ) {
164 continue; //no locking set
166 if ( $authconfig->{$configvariable} === 'locked'
167 ||
($authconfig->{$configvariable} === 'unlockedifempty' && !empty($user->$field)) ) {
168 if (!empty( $user->$field)) {
169 $usernew->$field = $user->$field;
175 unset($configvariable);
177 if (find_form_errors($user, $usernew, $err, $um)) {
178 if (empty($err['imagefile']) && $usernew->picture
= save_profile_image($user->id
, $um,'users')) {
179 set_field('user', 'picture', $usernew->picture
, 'id', $user->id
); /// Note picture in DB
181 if (!empty($usernew->deletepicture
)) {
182 set_field('user', 'picture', 0, 'id', $user->id
); /// Delete picture
183 $usernew->picture
= 0;
187 $usernew->auth
= $user->auth
;
193 if (!$usernew->picture
= save_profile_image($user->id
,$um,'users')) {
194 if (!empty($usernew->deletepicture
)) {
195 set_field('user', 'picture', 0, 'id', $user->id
); /// Delete picture
196 $usernew->picture
= 0;
198 $usernew->picture
= $user->picture
;
202 $usernew->timemodified
= time();
204 if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM
, SITEID
))) {
205 if (!empty($usernew->newpassword
)) {
206 $usernew->password
= hash_internal_user_password($usernew->newpassword
);
207 // update external passwords
208 if (!empty($CFG->{'auth_'. $user->auth
.'_stdchangepassword'})) {
209 if (function_exists('auth_user_update_password')){
210 if (!auth_user_update_password($user->username
, $usernew->newpassword
)){
211 error('Failed to update password on external auth: ' . $user->auth
.
212 '. See the server logs for more details.');
215 error('Your external authentication module is misconfigued!');
219 // store forcepasswordchange in user's preferences
220 if (!empty($usernew->forcepasswordchange
)){
221 set_user_preference('auth_forcepasswordchange', 1, $user->id
);
223 unset_user_preference('auth_forcepasswordchange', $user->id
);
226 if (isset($usernew->newpassword
)) {
227 error("You can not change the password like that");
230 if ($usernew->url
and !(substr($usernew->url
, 0, 4) == "http")) {
231 $usernew->url
= "http://".$usernew->url
;
234 $userold = get_record('user','id',$usernew->id
);
235 if (update_record("user", $usernew)) {
236 if (function_exists("auth_user_update")){
237 // pass a true $userold here
238 if (!auth_user_update($userold, $usernew)) {
239 // auth update failed, rollback for moodle
240 update_record("user", $userold);
241 error('Failed to update user data on external auth: '.$user->auth
.
242 '. See the server logs for more details.');
246 if ($userold->email
!= $usernew->email
) {
247 set_bounce_count($usernew,true);
248 set_send_count($usernew,true);
251 /// Update forum track preference.
252 if (($usernew->trackforums
!= $userold->trackforums
) && !$usernew->trackforums
) {
253 require_once($CFG->dirroot
.'/mod/forum/lib.php');
254 forum_tp_delete_read_records($usernew->id
);
257 add_to_log($course->id
, "user", "update", "view.php?id=$user->id&course=$course->id", "");
259 if ($user->id
== $USER->id
) {
260 // Copy data into $USER session variable
261 $usernew = (array)$usernew;
262 foreach ($usernew as $variable => $value) {
263 $USER->$variable = stripslashes($value);
265 if (isset($USER->newadminuser
)) {
266 unset($USER->newadminuser
);
267 // redirect to admin/ to continue with installation
268 redirect("$CFG->wwwroot/$CFG->admin/");
270 if (!empty($SESSION->wantsurl
)) { // User may have been forced to edit account, so let's
271 // send them to where they wanted to go originally
272 $wantsurl = $SESSION->wantsurl
;
273 $SESSION->wantsurl
= ''; // In case unset doesn't work as expected
274 unset($SESSION->wantsurl
);
277 redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id");
280 redirect("$CFG->wwwroot/$CFG->admin/user.php");
283 error("Could not update the user record ($user->id)");
288 /// Otherwise fill and print the form.
290 $usehtmleditor = can_use_html_editor();
292 //temporary hack to disable htmleditor in IE when loginhttps on and wwwroot starts with http://
294 if (!empty($CFG->loginhttps
) and check_browser_version('MSIE', 5.5) and (strpos($CFG->wwwroot
, 'http://') === 0)) {
295 $usehtmleditor = false;
298 $streditmyprofile = get_string("editmyprofile");
299 $strparticipants = get_string("participants");
300 $strnewuser = get_string("newuser");
302 if (over_bounce_threshold($user) && empty($err['email'])) {
303 $err['email'] = get_string('toomanybounces');
306 if (($user->firstname
and $user->lastname
) or $newaccount) {
308 $userfullname = $strnewuser;
310 $userfullname = fullname($user, has_capability('moodle/site:viewfullnames', get_context_instance(CONTEXT_COURSE
, $course->id
)));
312 if ($course->category
) {
313 print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile",
314 "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a>
315 -> <a href=\"index.php?id=$course->id\">$strparticipants</a>
316 -> <a href=\"view.php?id=$user->id&course=$course->id\">$userfullname</a>
317 -> $streditmyprofile", "");
319 if (isset($USER->newadminuser
)) {
322 print_header("$course->shortname: $streditmyprofile", "$course->fullname",
323 "<a href=\"view.php?id=$user->id&course=$course->id\">$userfullname</a>
324 -> $streditmyprofile", "");
328 $userfullname = $strnewuser;
329 $straddnewuser = get_string("addnewuser");
331 $stradministration = get_string("administration");
332 print_header("$course->shortname: $streditmyprofile", "$course->fullname",
333 "<a href=\"$CFG->wwwroot/$CFG->admin/\">$stradministration</a> -> $straddnewuser", "");
337 if (isset($USER->newadminuser
)) {
338 print_simple_box(get_string('configintroadmin', 'admin'), 'center', '50%');
341 /// Print tabs at top
342 /// This same call is made in:
347 $currenttab = 'editprofile';
351 print_simple_box_start("center");
355 notify(get_string("someerrorswerefound"));
359 $teacher = $course->teacher
;
360 if (!has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM
, SITEID
))) {
361 $teacheronly = '('.get_string('teacheronly', '', $teacher).')';
366 include("edit.html");
368 if (!has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM
, SITEID
))) { /// Lock all the locked fields using Javascript
369 $fields = get_user_fieldnames();
371 echo '<script type="text/javascript">'."\n";
374 $authconfig = get_config( 'auth/' . $user->auth
);
376 foreach ($fields as $field) {
377 $configvariable = 'field_lock_' . $field;
378 if (isset($authconfig->{$configvariable})) {
379 if ( $authconfig->{$configvariable} === 'locked'
380 ||
($authconfig->{$configvariable} === 'unlockedifempty' && !empty($user->$field)) ) {
381 echo "eval('document.form.$field.disabled=true');\n";
387 echo '</script>'."\n";
390 print_simple_box_end();
392 if ($usehtmleditor) {
393 use_html_editor("description");
396 if (!isset($USER->newadminuser
)) {
397 print_footer($course);
404 /// FUNCTIONS ////////////////////
406 function find_form_errors(&$user, &$usernew, &$err, &$um) {
409 if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM
, SITEID
))) {
410 if (empty($usernew->username
)) {
411 $err["username"] = get_string("missingusername");
413 } else if (record_exists("user", "username", $usernew->username
) and $user->username
== "changeme") {
414 $err["username"] = get_string("usernameexists");
417 if (empty($CFG->extendedusernamechars
)) {
418 $string = eregi_replace("[^(-\.[:alnum:])]", "", $usernew->username
);
419 if (strcmp($usernew->username
, $string)) {
420 $err["username"] = get_string("alphanumerical");
425 if (empty($usernew->newpassword
) and empty($user->password
) and is_internal_auth() )
426 $err["newpassword"] = get_string("missingpassword");
428 if (($usernew->newpassword
== "admin") or ($user->password
== md5("admin") and empty($usernew->newpassword
)) ) {
429 $err["newpassword"] = get_string("unsafepassword");
433 if (empty($usernew->email
))
434 $err["email"] = get_string("missingemail");
436 if (over_bounce_threshold($user) && $user->email
== $usernew->email
)
437 $err['email'] = get_string('toomanybounces');
439 if (empty($usernew->description
) and !has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM
, SITEID
)))
440 $err["description"] = get_string("missingdescription");
442 if (empty($usernew->city
))
443 $err["city"] = get_string("missingcity");
445 if (empty($usernew->firstname
))
446 $err["firstname"] = get_string("missingfirstname");
448 if (empty($usernew->lastname
))
449 $err["lastname"] = get_string("missinglastname");
451 if (empty($usernew->country
))
452 $err["country"] = get_string("missingcountry");
454 if (! validate_email($usernew->email
)) {
455 $err["email"] = get_string("invalidemail");
457 } else if ($otheruser = get_record("user", "email", $usernew->email
)) {
458 if ($otheruser->id
<> $user->id
) {
459 $err["email"] = get_string("emailexists");
463 if (empty($err["email"]) and !has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM
, SITEID
))) {
464 if ($error = email_is_not_allowed($usernew->email
)) {
465 $err["email"] = $error;
469 if (!$um->preprocess_files()) {
470 $err['imagefile'] = $um->notify
;
473 $user->email
= $usernew->email
;