search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
weekly release 4.5dev
[moodle.git] / lib / classes / user.php
blob77ab9304f544d9de57cd00f3b79e1dd0fb605f05
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * User class
19 *
20 * @package core
21 * @copyright 2013 Rajesh Taneja <rajesh@moodle.com>
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 */
24
25 defined('MOODLE_INTERNAL') || die();
26
27 /**
28 * User class to access user details.
29 *
30 * @todo move api's from user/lib.php and deprecate old ones.
31 * @package core
32 * @copyright 2013 Rajesh Taneja <rajesh@moodle.com>
33 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
34 */
35 class core_user {
36 /**
37 * No reply user id.
38 */
39 const NOREPLY_USER = -10;
40
41 /**
42 * Support user id.
43 */
44 const SUPPORT_USER = -20;
45
46 /**
47 * Hide email address from everyone.
48 */
49 const MAILDISPLAY_HIDE = 0;
50
51 /**
52 * Display email address to everyone.
53 */
54 const MAILDISPLAY_EVERYONE = 1;
55
56 /**
57 * Display email address to course members only.
58 */
59 const MAILDISPLAY_COURSE_MEMBERS_ONLY = 2;
60
61 /**
62 * List of fields that can be synched/locked during authentication.
63 */
64 const AUTHSYNCFIELDS = [
65 'firstname',
66 'lastname',
67 'email',
68 'city',
69 'country',
70 'lang',
71 'description',
72 'idnumber',
73 'institution',
74 'department',
75 'phone1',
76 'phone2',
77 'address',
78 'firstnamephonetic',
79 'lastnamephonetic',
80 'middlename',
81 'alternatename'
82 ];
83
84 /** @var int Indicates that user profile view should be prevented */
85 const VIEWPROFILE_PREVENT = -1;
86 /** @var int Indicates that user profile view should not be prevented */
87 const VIEWPROFILE_DO_NOT_PREVENT = 0;
88 /** @var int Indicates that user profile view should be allowed even if Moodle would prevent it */
89 const VIEWPROFILE_FORCE_ALLOW = 1;
90
91 /** @var stdClass keep record of noreply user */
92 public static $noreplyuser = false;
93
94 /** @var stdClass keep record of support user */
95 public static $supportuser = false;
96
97 /** @var array store user fields properties cache. */
98 protected static $propertiescache = null;
99
100 /** @var array store user preferences cache. */
101 protected static $preferencescache = null;
102
103 /**
104 * Return user object from db or create noreply or support user,
105 * if userid matches corse_user::NOREPLY_USER or corse_user::SUPPORT_USER
106 * respectively. If userid is not found, then return false.
107 *
108 * @param int $userid user id
109 * @param string $fields A comma separated list of user fields to be returned, support and noreply user
110 * will not be filtered by this.
111 * @param int $strictness IGNORE_MISSING means compatible mode, false returned if user not found, debug message if more found;
112 * IGNORE_MULTIPLE means return first user, ignore multiple user records found(not recommended);
113 * MUST_EXIST means throw an exception if no user record or multiple records found.
114 * @return stdClass|bool user record if found, else false.
115 * @throws dml_exception if user record not found and respective $strictness is set.
116 */
117 public static function get_user($userid, $fields = '*', $strictness = IGNORE_MISSING) {
118 global $DB;
119
120 // If noreply user then create fake record and return.
121 switch ($userid) {
122 case self::NOREPLY_USER:
123 return self::get_noreply_user();
124 break;
125 case self::SUPPORT_USER:
126 return self::get_support_user();
127 break;
128 default:
129 return $DB->get_record('user', array('id' => $userid), $fields, $strictness);
130 }
131 }
132
133 /**
134 * Return user object from db based on their email.
135 *
136 * @param string $email The email of the user searched.
137 * @param string $fields A comma separated list of user fields to be returned, support and noreply user.
138 * @param int $mnethostid The id of the remote host.
139 * @param int $strictness IGNORE_MISSING means compatible mode, false returned if user not found, debug message if more found;
140 * IGNORE_MULTIPLE means return first user, ignore multiple user records found(not recommended);
141 * MUST_EXIST means throw an exception if no user record or multiple records found.
142 * @return stdClass|bool user record if found, else false.
143 * @throws dml_exception if user record not found and respective $strictness is set.
144 */
145 public static function get_user_by_email($email, $fields = '*', $mnethostid = null, $strictness = IGNORE_MISSING) {
146 global $DB, $CFG;
147
148 // Because we use the username as the search criteria, we must also restrict our search based on mnet host.
149 if (empty($mnethostid)) {
150 // If empty, we restrict to local users.
151 $mnethostid = $CFG->mnet_localhost_id;
152 }
153
154 return $DB->get_record('user', array('email' => $email, 'mnethostid' => $mnethostid), $fields, $strictness);
155 }
156
157 /**
158 * Return user object from db based on their username.
159 *
160 * @param string $username The username of the user searched.
161 * @param string $fields A comma separated list of user fields to be returned, support and noreply user.
162 * @param int $mnethostid The id of the remote host.
163 * @param int $strictness IGNORE_MISSING means compatible mode, false returned if user not found, debug message if more found;
164 * IGNORE_MULTIPLE means return first user, ignore multiple user records found(not recommended);
165 * MUST_EXIST means throw an exception if no user record or multiple records found.
166 * @return stdClass|bool user record if found, else false.
167 * @throws dml_exception if user record not found and respective $strictness is set.
168 */
169 public static function get_user_by_username($username, $fields = '*', $mnethostid = null, $strictness = IGNORE_MISSING) {
170 global $DB, $CFG;
171
172 // Because we use the username as the search criteria, we must also restrict our search based on mnet host.
173 if (empty($mnethostid)) {
174 // If empty, we restrict to local users.
175 $mnethostid = $CFG->mnet_localhost_id;
176 }
177
178 return $DB->get_record('user', array('username' => $username, 'mnethostid' => $mnethostid), $fields, $strictness);
179 }
180
181 /**
182 * Searches for users by name, possibly within a specified context, with current user's access.
183 *
184 * Deciding which users to search is complicated because it relies on user permissions;
185 * ideally, we shouldn't show names if you aren't allowed to see their profile. The permissions
186 * for seeing profile are really complicated.
187 *
188 * Even if search is restricted to a course, it's possible that other people might have
189 * been able to contribute within the course (e.g. they were enrolled before and not now;
190 * or people with system-level roles) so if the user has permission we do want to include
191 * everyone. However, if there are multiple results then we prioritise the ones who are
192 * enrolled in the course.
193 *
194 * If you have moodle/user:viewdetails at system level, you can search everyone.
195 * Otherwise we check which courses you *do* have that permission and search everyone who is
196 * enrolled on those courses.
197 *
198 * Normally you can only search the user's name. If you have the moodle/site:viewuseridentity
199 * capability then we also let you search the fields which are listed as identity fields in
200 * the 'showuseridentity' config option. For example, this might include the user's ID number
201 * or email.
202 *
203 * The $max parameter controls the maximum number of users returned. If users are restricted
204 * from view for some reason, multiple runs of the main query might be made; the $querylimit
205 * parameter allows this to be restricted. Both parameters can be zero to remove limits.
206 *
207 * The returned user objects include id, username, all fields required for user pictures, and
208 * user identity fields.
209 *
210 * @param string $query Search query text
211 * @param \context_course|null $coursecontext Course context or null if system-wide
212 * @param int $max Max number of users to return, default 30 (zero = no limit)
213 * @param int $querylimit Max number of database queries, default 5 (zero = no limit)
214 * @return array Array of user objects with limited fields
215 */
216 public static function search($query, \context_course $coursecontext = null,
217 $max = 30, $querylimit = 5) {
218 global $CFG, $DB;
219 require_once($CFG->dirroot . '/user/lib.php');
220
221 // Allow limits to be turned off.
222 if (!$max) {
223 $max = PHP_INT_MAX;
224 }
225 if (!$querylimit) {
226 $querylimit = PHP_INT_MAX;
227 }
228
229 // Check permission to view profiles at each context.
230 $systemcontext = \context_system::instance();
231 $viewsystem = has_capability('moodle/user:viewdetails', $systemcontext);
232 if ($viewsystem) {
233 $userquery = 'SELECT id FROM {user}';
234 $userparams = [];
235 }
236 if (!$viewsystem) {
237 list($userquery, $userparams) = self::get_enrolled_sql_on_courses_with_capability(
238 'moodle/user:viewdetails');
239 if (!$userquery) {
240 // No permissions anywhere, return nothing.
241 return [];
242 }
243 }
244
245 // Start building the WHERE clause based on name.
246 list ($where, $whereparams) = users_search_sql($query, 'u');
247
248 // We allow users to search with extra identity fields (as well as name) but only if they
249 // have the permission to display those identity fields.
250 $extrasql = '';
251 $extraparams = [];
252
253 // TODO Does not support custom user profile fields (MDL-70456).
254 $userfieldsapi = \core_user\fields::for_identity(null, false)->with_userpic()->with_name()
255 ->including('username', 'deleted');
256 $selectfields = $userfieldsapi->get_sql('u', false, '', '', false)->selects;
257 $extra = $userfieldsapi->get_required_fields([\core_user\fields::PURPOSE_IDENTITY]);
258
259 $index = 1;
260 foreach ($extra as $fieldname) {
261 if ($extrasql) {
262 $extrasql .= ' OR ';
263 }
264 $extrasql .= $DB->sql_like('u.' . $fieldname, ':extra' . $index, false);
265 $extraparams['extra' . $index] = $query . '%';
266 $index++;
267 }
268
269 $usingshowidentity = false;
270 // Only do this code if there actually are some identity fields being searched.
271 if ($extrasql) {
272 $identitysystem = has_capability('moodle/site:viewuseridentity', $systemcontext);
273 if ($identitysystem) {
274 // They have permission everywhere so just add the extra query to the normal query.
275 $where .= ' OR ' . $extrasql;
276 $whereparams = array_merge($whereparams, $extraparams);
277 } else {
278 // Get all courses where user can view full user identity.
279 list($sql, $params) = self::get_enrolled_sql_on_courses_with_capability(
280 'moodle/site:viewuseridentity');
281 if ($sql) {
282 // Join that with the user query to get an extra field indicating if we can.
283 $userquery = "
284 SELECT innerusers.id, COUNT(identityusers.id) AS showidentity
285 FROM ($userquery) innerusers
286 LEFT JOIN ($sql) identityusers ON identityusers.id = innerusers.id
287 GROUP BY innerusers.id";
288 $userparams = array_merge($userparams, $params);
289 $usingshowidentity = true;
290
291 // Query on the extra fields only in those places.
292 $where .= ' OR (users.showidentity > 0 AND (' . $extrasql . '))';
293 $whereparams = array_merge($whereparams, $extraparams);
294 }
295 }
296 }
297
298 // Default order is just name order. But if searching within a course then we show users
299 // within the course first.
300 list ($order, $orderparams) = users_order_by_sql('u', $query, $systemcontext);
301 if ($coursecontext) {
302 list ($sql, $params) = get_enrolled_sql($coursecontext);
303 $mainfield = 'innerusers2.id';
304 if ($usingshowidentity) {
305 $mainfield .= ', innerusers2.showidentity';
306 }
307 $userquery = "
308 SELECT $mainfield, COUNT(courseusers.id) AS incourse
309 FROM ($userquery) innerusers2
310 LEFT JOIN ($sql) courseusers ON courseusers.id = innerusers2.id
311 GROUP BY $mainfield";
312 $userparams = array_merge($userparams, $params);
313
314 $order = 'incourse DESC, ' . $order;
315 }
316
317 // Get result (first 30 rows only) from database. Take a couple spare in case we have to
318 // drop some.
319 $result = [];
320 $got = 0;
321 $pos = 0;
322 $readcount = $max + 2;
323 for ($i = 0; $i < $querylimit; $i++) {
324 $rawresult = $DB->get_records_sql("
325 SELECT $selectfields
326 FROM ($userquery) users
327 JOIN {user} u ON u.id = users.id
328 WHERE $where
329 ORDER BY $order", array_merge($userparams, $whereparams, $orderparams),
330 $pos, $readcount);
331 foreach ($rawresult as $user) {
332 // Skip guest.
333 if ($user->username === 'guest') {
334 continue;
335 }
336 // Check user can really view profile (there are per-user cases where this could
337 // be different for some reason, this is the same check used by the profile view pages
338 // to double-check that it is OK).
339 if (!user_can_view_profile($user)) {
340 continue;
341 }
342 $result[] = $user;
343 $got++;
344 if ($got >= $max) {
345 break;
346 }
347 }
348
349 if ($got >= $max) {
350 // All necessary results obtained.
351 break;
352 }
353 if (count($rawresult) < $readcount) {
354 // No more results from database.
355 break;
356 }
357 $pos += $readcount;
358 }
359
360 return $result;
361 }
362
363 /**
364 * Gets an SQL query that lists all enrolled user ids on any course where the current
365 * user has the specified capability. Helper function used for searching users.
366 *
367 * @param string $capability Required capability
368 * @return array Array containing SQL and params, or two nulls if there are no courses
369 */
370 protected static function get_enrolled_sql_on_courses_with_capability($capability) {
371 // Get all courses where user have the capability.
372 $courses = get_user_capability_course($capability, null, true,
373 implode(',', array_values(context_helper::get_preload_record_columns('ctx'))));
374 if (!$courses) {
375 return [null, null];
376 }
377
378 // Loop around all courses getting the SQL for enrolled users. Note: This query could
379 // probably be more efficient (without the union) if get_enrolled_sql had a way to
380 // pass an array of courseids, but it doesn't.
381 $unionsql = '';
382 $unionparams = [];
383 foreach ($courses as $course) {
384 // Get SQL to list user ids enrolled in this course.
385 \context_helper::preload_from_record($course);
386 list ($sql, $params) = get_enrolled_sql(\context_course::instance($course->id));
387
388 // Combine to a big union query.
389 if ($unionsql) {
390 $unionsql .= ' UNION ';
391 }
392 $unionsql .= $sql;
393 $unionparams = array_merge($unionparams, $params);
394 }
395
396 return [$unionsql, $unionparams];
397 }
398
399 /**
400 * Helper function to return dummy noreply user record.
401 *
402 * @return stdClass
403 */
404 protected static function get_dummy_user_record() {
405 global $CFG;
406
407 $dummyuser = new stdClass();
408 $dummyuser->id = self::NOREPLY_USER;
409 $dummyuser->email = $CFG->noreplyaddress;
410 $dummyuser->firstname = get_string('noreplyname');
411 $dummyuser->username = 'noreply';
412 $dummyuser->lastname = '';
413 $dummyuser->confirmed = 1;
414 $dummyuser->suspended = 0;
415 $dummyuser->deleted = 0;
416 $dummyuser->picture = 0;
417 $dummyuser->auth = 'manual';
418 $dummyuser->firstnamephonetic = '';
419 $dummyuser->lastnamephonetic = '';
420 $dummyuser->middlename = '';
421 $dummyuser->alternatename = '';
422 $dummyuser->imagealt = '';
423 return $dummyuser;
424 }
425
426 /**
427 * Return noreply user record, this is currently used in messaging
428 * system only for sending messages from noreply email.
429 * It will return record of $CFG->noreplyuserid if set else return dummy
430 * user object with hard-coded $user->emailstop = 1 so noreply can be sent to user.
431 *
432 * @return stdClass user record.
433 */
434 public static function get_noreply_user() {
435 global $CFG;
436
437 if (!empty(self::$noreplyuser)) {
438 return self::$noreplyuser;
439 }
440
441 // If noreply user is set then use it, else create one.
442 if (!empty($CFG->noreplyuserid)) {
443 self::$noreplyuser = self::get_user($CFG->noreplyuserid);
444 self::$noreplyuser->emailstop = 1; // Force msg stop for this user.
445 return self::$noreplyuser;
446 } else {
447 // Do not cache the dummy user record to avoid language internationalization issues.
448 $noreplyuser = self::get_dummy_user_record();
449 $noreplyuser->maildisplay = '1'; // Show to all.
450 $noreplyuser->emailstop = 1;
451 return $noreplyuser;
452 }
453 }
454
455 /**
456 * Return support user record, this is currently used in messaging
457 * system only for sending messages to support email.
458 * $CFG->supportuserid is set then returns user record
459 * $CFG->supportemail is set then return dummy record with $CFG->supportemail
460 * else return admin user record with hard-coded $user->emailstop = 0, so user
461 * gets support message.
462 *
463 * @return stdClass user record.
464 */
465 public static function get_support_user() {
466 global $CFG;
467
468 if (!empty(self::$supportuser)) {
469 return self::$supportuser;
470 }
471
472 // If custom support user is set then use it, else if supportemail is set then use it, else use noreply.
473 if (!empty($CFG->supportuserid)) {
474 self::$supportuser = self::get_user($CFG->supportuserid, '*', MUST_EXIST);
475 } else if (empty(self::$supportuser) && !empty($CFG->supportemail)) {
476 // Try sending it to support email if support user is not set.
477 $supportuser = self::get_dummy_user_record();
478 $supportuser->id = self::SUPPORT_USER;
479 $supportuser->email = $CFG->supportemail;
480 if ($CFG->supportname) {
481 $supportuser->firstname = $CFG->supportname;
482 }
483 $supportuser->username = 'support';
484 $supportuser->maildisplay = '1'; // Show to all.
485 // Unset emailstop to make sure support message is sent.
486 $supportuser->emailstop = 0;
487 return $supportuser;
488 }
489
490 // Send support msg to admin user if nothing is set above.
491 if (empty(self::$supportuser)) {
492 self::$supportuser = get_admin();
493 }
494
495 // Unset emailstop to make sure support message is sent.
496 self::$supportuser->emailstop = 0;
497 return self::$supportuser;
498 }
499
500 /**
501 * Reset self::$noreplyuser and self::$supportuser.
502 * This is only used by phpunit, and there is no other use case for this function.
503 * Please don't use it outside phpunit.
504 */
505 public static function reset_internal_users() {
506 if (PHPUNIT_TEST) {
507 self::$noreplyuser = false;
508 self::$supportuser = false;
509 } else {
510 debugging('reset_internal_users() should not be used outside phpunit.', DEBUG_DEVELOPER);
511 }
512 }
513
514 /**
515 * Return true if user id is greater than 0 and alternatively check db.
516 *
517 * @param int $userid user id.
518 * @param bool $checkdb if true userid will be checked in db. By default it's false, and
519 * userid is compared with 0 for performance.
520 * @return bool true is real user else false.
521 */
522 public static function is_real_user($userid, $checkdb = false) {
523 global $DB;
524
525 if ($userid <= 0) {
526 return false;
527 }
528 if ($checkdb) {
529 return $DB->record_exists('user', array('id' => $userid));
530 } else {
531 return true;
532 }
533 }
534
535 /**
536 * Determine whether the given user ID is that of the current user. Useful for components implementing permission callbacks
537 * for preferences consumed by {@see fill_preferences_cache}
538 *
539 * @param stdClass $user
540 * @return bool
541 */
542 public static function is_current_user(stdClass $user): bool {
543 global $USER;
544 return $user->id == $USER->id;
545 }
546
547 /**
548 * Check if the given user is an active user in the site.
549 *
550 * @param stdClass $user user object
551 * @param boolean $checksuspended whether to check if the user has the account suspended
552 * @param boolean $checknologin whether to check if the user uses the nologin auth method
553 * @throws moodle_exception
554 * @since Moodle 3.0
555 */
556 public static function require_active_user($user, $checksuspended = false, $checknologin = false) {
557
558 if (!self::is_real_user($user->id)) {
559 throw new moodle_exception('invaliduser', 'error');
560 }
561
562 if ($user->deleted) {
563 throw new moodle_exception('userdeleted');
564 }
565
566 if (empty($user->confirmed)) {
567 throw new moodle_exception('usernotconfirmed', 'moodle', '', $user->username);
568 }
569
570 if (isguestuser($user)) {
571 throw new moodle_exception('guestsarenotallowed', 'error');
572 }
573
574 if ($checksuspended and $user->suspended) {
575 throw new moodle_exception('suspended', 'auth');
576 }
577
578 if ($checknologin and $user->auth == 'nologin') {
579 throw new moodle_exception('suspended', 'auth');
580 }
581 }
582
583 /**
584 * Updates the provided users profile picture based upon the expected fields returned from the edit or edit_advanced forms.
585 *
586 * @param stdClass $usernew An object that contains some information about the user being updated
587 * @param array $filemanageroptions
588 * @return bool True if the user was updated, false if it stayed the same.
589 */
590 public static function update_picture(stdClass $usernew, $filemanageroptions = array()) {
591 global $CFG, $DB;
592 require_once("$CFG->libdir/gdlib.php");
593
594 $context = context_user::instance($usernew->id, MUST_EXIST);
595 $user = core_user::get_user($usernew->id, 'id, picture', MUST_EXIST);
596
597 $newpicture = $user->picture;
598 // Get file_storage to process files.
599 $fs = get_file_storage();
600 if (!empty($usernew->deletepicture)) {
601 // The user has chosen to delete the selected users picture.
602 $fs->delete_area_files($context->id, 'user', 'icon'); // Drop all images in area.
603 $newpicture = 0;
604 }
605
606 // Save newly uploaded file, this will avoid context mismatch for newly created users.
607 if (!isset($usernew->imagefile)) {
608 $usernew->imagefile = 0;
609 }
610 file_save_draft_area_files($usernew->imagefile, $context->id, 'user', 'newicon', 0, $filemanageroptions);
611 if (($iconfiles = $fs->get_area_files($context->id, 'user', 'newicon')) && count($iconfiles) == 2) {
612 // Get file which was uploaded in draft area.
613 foreach ($iconfiles as $file) {
614 if (!$file->is_directory()) {
615 break;
616 }
617 }
618 // Copy file to temporary location and the send it for processing icon.
619 if ($iconfile = $file->copy_content_to_temp()) {
620 // There is a new image that has been uploaded.
621 // Process the new image and set the user to make use of it.
622 // NOTE: Uploaded images always take over Gravatar.
623 $newpicture = (int)process_new_icon($context, 'user', 'icon', 0, $iconfile);
624 // Delete temporary file.
625 @unlink($iconfile);
626 // Remove uploaded file.
627 $fs->delete_area_files($context->id, 'user', 'newicon');
628 } else {
629 // Something went wrong while creating temp file.
630 // Remove uploaded file.
631 $fs->delete_area_files($context->id, 'user', 'newicon');
632 return false;
633 }
634 }
635
636 if ($newpicture != $user->picture) {
637 $DB->set_field('user', 'picture', $newpicture, array('id' => $user->id));
638 return true;
639 } else {
640 return false;
641 }
642 }
643
644
645
646 /**
647 * Definition of user profile fields and the expected parameter type for data validation.
648 *
649 * array(
650 * 'property_name' => array( // The user property to be checked. Should match the field on the user table.
651 * 'null' => NULL_ALLOWED, // Defaults to NULL_NOT_ALLOWED. Takes NULL_NOT_ALLOWED or NULL_ALLOWED.
652 * 'type' => PARAM_TYPE, // Expected parameter type of the user field.
653 * 'choices' => array(1, 2..) // An array of accepted values of the user field.
654 * 'default' => $CFG->setting // An default value for the field.
655 * )
656 * )
657 *
658 * The fields choices and default are optional.
659 *
660 * @return void
661 */
662 protected static function fill_properties_cache() {
663 global $CFG, $SESSION;
664 if (self::$propertiescache !== null) {
665 return;
666 }
667
668 // Array of user fields properties and expected parameters.
669 // Every new field on the user table should be added here otherwise it won't be validated.
670 $fields = array();
671 $fields['id'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED);
672 $fields['auth'] = array('type' => PARAM_AUTH, 'null' => NULL_NOT_ALLOWED);
673 $fields['confirmed'] = array('type' => PARAM_BOOL, 'null' => NULL_NOT_ALLOWED);
674 $fields['policyagreed'] = array('type' => PARAM_BOOL, 'null' => NULL_NOT_ALLOWED);
675 $fields['deleted'] = array('type' => PARAM_BOOL, 'null' => NULL_NOT_ALLOWED);
676 $fields['suspended'] = array('type' => PARAM_BOOL, 'null' => NULL_NOT_ALLOWED);
677 $fields['mnethostid'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED);
678 $fields['username'] = array('type' => PARAM_USERNAME, 'null' => NULL_NOT_ALLOWED);
679 $fields['password'] = array('type' => PARAM_RAW, 'null' => NULL_NOT_ALLOWED);
680 $fields['idnumber'] = array('type' => PARAM_RAW, 'null' => NULL_NOT_ALLOWED);
681 $fields['firstname'] = array('type' => PARAM_NOTAGS, 'null' => NULL_NOT_ALLOWED);
682 $fields['lastname'] = array('type' => PARAM_NOTAGS, 'null' => NULL_NOT_ALLOWED);
683 $fields['surname'] = array('type' => PARAM_NOTAGS, 'null' => NULL_NOT_ALLOWED);
684 $fields['email'] = array('type' => PARAM_RAW_TRIMMED, 'null' => NULL_NOT_ALLOWED);
685 $fields['emailstop'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED, 'default' => 0);
686 $fields['phone1'] = array('type' => PARAM_NOTAGS, 'null' => NULL_NOT_ALLOWED);
687 $fields['phone2'] = array('type' => PARAM_NOTAGS, 'null' => NULL_NOT_ALLOWED);
688 $fields['institution'] = array('type' => PARAM_TEXT, 'null' => NULL_NOT_ALLOWED);
689 $fields['department'] = array('type' => PARAM_TEXT, 'null' => NULL_NOT_ALLOWED);
690 $fields['address'] = array('type' => PARAM_TEXT, 'null' => NULL_NOT_ALLOWED);
691 $fields['city'] = array('type' => PARAM_TEXT, 'null' => NULL_NOT_ALLOWED, 'default' => $CFG->defaultcity);
692 $fields['country'] = array('type' => PARAM_ALPHA, 'null' => NULL_NOT_ALLOWED, 'default' => $CFG->country,
693 'choices' => array_merge(array('' => ''), get_string_manager()->get_list_of_countries(true, true)));
694 $fields['lang'] = array('type' => PARAM_LANG, 'null' => NULL_NOT_ALLOWED,
695 'default' => (!empty($CFG->autolangusercreation) && !empty($SESSION->lang)) ? $SESSION->lang : $CFG->lang,
696 'choices' => array_merge(array('' => ''), get_string_manager()->get_list_of_translations(false)));
697 $fields['calendartype'] = array('type' => PARAM_PLUGIN, 'null' => NULL_NOT_ALLOWED, 'default' => $CFG->calendartype,
698 'choices' => array_merge(array('' => ''), \core_calendar\type_factory::get_list_of_calendar_types()));
699 $fields['theme'] = array('type' => PARAM_THEME, 'null' => NULL_NOT_ALLOWED,
700 'default' => theme_config::DEFAULT_THEME, 'choices' => array_merge(array('' => ''), get_list_of_themes()));
701 $fields['timezone'] = array('type' => PARAM_TIMEZONE, 'null' => NULL_NOT_ALLOWED,
702 'default' => core_date::get_server_timezone()); // Must not use choices here: timezones can come and go.
703 $fields['firstaccess'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED);
704 $fields['lastaccess'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED);
705 $fields['lastlogin'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED);
706 $fields['currentlogin'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED);
707 $fields['lastip'] = array('type' => PARAM_NOTAGS, 'null' => NULL_NOT_ALLOWED);
708 $fields['secret'] = array('type' => PARAM_ALPHANUM, 'null' => NULL_NOT_ALLOWED);
709 $fields['picture'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED);
710 $fields['description'] = array('type' => PARAM_RAW, 'null' => NULL_ALLOWED);
711 $fields['descriptionformat'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED);
712 $fields['mailformat'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED,
713 'default' => $CFG->defaultpreference_mailformat);
714 $fields['maildigest'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED,
715 'default' => $CFG->defaultpreference_maildigest);
716 $fields['maildisplay'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED,
717 'default' => $CFG->defaultpreference_maildisplay);
718 $fields['autosubscribe'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED,
719 'default' => $CFG->defaultpreference_autosubscribe);
720 $fields['trackforums'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED,
721 'default' => $CFG->defaultpreference_trackforums);
722 $fields['timecreated'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED);
723 $fields['timemodified'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED);
724 $fields['trustbitmask'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED);
725 $fields['imagealt'] = array('type' => PARAM_TEXT, 'null' => NULL_ALLOWED);
726 $fields['lastnamephonetic'] = array('type' => PARAM_NOTAGS, 'null' => NULL_ALLOWED);
727 $fields['firstnamephonetic'] = array('type' => PARAM_NOTAGS, 'null' => NULL_ALLOWED);
728 $fields['middlename'] = array('type' => PARAM_NOTAGS, 'null' => NULL_ALLOWED);
729 $fields['alternatename'] = array('type' => PARAM_NOTAGS, 'null' => NULL_ALLOWED);
730
731 self::$propertiescache = $fields;
732 }
733
734 /**
735 * Get properties of a user field.
736 *
737 * @param string $property property name to be retrieved.
738 * @throws coding_exception if the requested property name is invalid.
739 * @return array the property definition.
740 */
741 public static function get_property_definition($property) {
742
743 self::fill_properties_cache();
744
745 if (!array_key_exists($property, self::$propertiescache)) {
746 throw new coding_exception('Invalid property requested.');
747 }
748
749 return self::$propertiescache[$property];
750 }
751
752 /**
753 * Validate user data.
754 *
755 * This method just validates each user field and return an array of errors. It doesn't clean the data,
756 * the methods clean() and clean_field() should be used for this purpose.
757 *
758 * @param stdClass|array $data user data object or array to be validated.
759 * @return array|true $errors array of errors found on the user object, true if the validation passed.
760 */
761 public static function validate($data) {
762 // Get all user profile fields definition.
763 self::fill_properties_cache();
764
765 foreach ($data as $property => $value) {
766 try {
767 if (isset(self::$propertiescache[$property])) {
768 validate_param($value, self::$propertiescache[$property]['type'], self::$propertiescache[$property]['null']);
769 }
770 // Check that the value is part of a list of allowed values.
771 if (!empty(self::$propertiescache[$property]['choices']) &&
772 !isset(self::$propertiescache[$property]['choices'][$value])) {
773 throw new invalid_parameter_exception($value);
774 }
775 } catch (invalid_parameter_exception $e) {
776 $errors[$property] = $e->getMessage();
777 }
778 }
779
780 return empty($errors) ? true : $errors;
781 }
782
783 /**
784 * Clean the properties cache.
785 *
786 * During unit tests we need to be able to reset all caches so that each new test starts in a known state.
787 * Intended for use only for testing, phpunit calls this before every test.
788 */
789 public static function reset_caches() {
790 self::$propertiescache = null;
791 }
792
793 /**
794 * Clean the user data.
795 *
796 * @param stdClass|array $user the user data to be validated against properties definition.
797 * @return stdClass $user the cleaned user data.
798 */
799 public static function clean_data($user) {
800 if (empty($user)) {
801 return $user;
802 }
803
804 foreach ($user as $field => $value) {
805 // Get the property parameter type and do the cleaning.
806 try {
807 $user->$field = core_user::clean_field($value, $field);
808 } catch (coding_exception $e) {
809 debugging("The property '$field' could not be cleaned.", DEBUG_DEVELOPER);
810 }
811 }
812
813 return $user;
814 }
815
816 /**
817 * Clean a specific user field.
818 *
819 * @param string $data the user field data to be cleaned.
820 * @param string $field the user field name on the property definition cache.
821 * @return string the cleaned user data.
822 */
823 public static function clean_field($data, $field) {
824 if (empty($data) || empty($field)) {
825 return $data;
826 }
827
828 try {
829 $type = core_user::get_property_type($field);
830
831 if (isset(self::$propertiescache[$field]['choices'])) {
832 if (!array_key_exists($data, self::$propertiescache[$field]['choices'])) {
833 if (isset(self::$propertiescache[$field]['default'])) {
834 $data = self::$propertiescache[$field]['default'];
835 } else {
836 $data = '';
837 }
838 } else {
839 return $data;
840 }
841 } else {
842 $data = clean_param($data, $type);
843 }
844 } catch (coding_exception $e) {
845 debugging("The property '$field' could not be cleaned.", DEBUG_DEVELOPER);
846 }
847
848 return $data;
849 }
850
851 /**
852 * Get the parameter type of the property.
853 *
854 * @param string $property property name to be retrieved.
855 * @throws coding_exception if the requested property name is invalid.
856 * @return int the property parameter type.
857 */
858 public static function get_property_type($property) {
859
860 self::fill_properties_cache();
861
862 if (!array_key_exists($property, self::$propertiescache)) {
863 throw new coding_exception('Invalid property requested: ' . $property);
864 }
865
866 return self::$propertiescache[$property]['type'];
867 }
868
869 /**
870 * Discover if the property is NULL_ALLOWED or NULL_NOT_ALLOWED.
871 *
872 * @param string $property property name to be retrieved.
873 * @throws coding_exception if the requested property name is invalid.
874 * @return bool true if the property is NULL_ALLOWED, false otherwise.
875 */
876 public static function get_property_null($property) {
877
878 self::fill_properties_cache();
879
880 if (!array_key_exists($property, self::$propertiescache)) {
881 throw new coding_exception('Invalid property requested: ' . $property);
882 }
883
884 return self::$propertiescache[$property]['null'];
885 }
886
887 /**
888 * Get the choices of the property.
889 *
890 * This is a helper method to validate a value against a list of acceptable choices.
891 * For instance: country, language, themes and etc.
892 *
893 * @param string $property property name to be retrieved.
894 * @throws coding_exception if the requested property name is invalid or if it does not has a list of choices.
895 * @return array the property parameter type.
896 */
897 public static function get_property_choices($property) {
898
899 self::fill_properties_cache();
900
901 if (!array_key_exists($property, self::$propertiescache) && !array_key_exists('choices',
902 self::$propertiescache[$property])) {
903
904 throw new coding_exception('Invalid property requested, or the property does not has a list of choices.');
905 }
906
907 return self::$propertiescache[$property]['choices'];
908 }
909
910 /**
911 * Get the property default.
912 *
913 * This method gets the default value of a field (if exists).
914 *
915 * @param string $property property name to be retrieved.
916 * @throws coding_exception if the requested property name is invalid or if it does not has a default value.
917 * @return string the property default value.
918 */
919 public static function get_property_default($property) {
920
921 self::fill_properties_cache();
922
923 if (!array_key_exists($property, self::$propertiescache) || !isset(self::$propertiescache[$property]['default'])) {
924 throw new coding_exception('Invalid property requested, or the property does not has a default value.');
925 }
926
927 return self::$propertiescache[$property]['default'];
928 }
929
930 /**
931 * Definition of updateable user preferences and rules for data and access validation.
932 *
933 * array(
934 * 'preferencename' => array( // Either exact preference name or a regular expression.
935 * 'null' => NULL_ALLOWED, // Defaults to NULL_NOT_ALLOWED. Takes NULL_NOT_ALLOWED or NULL_ALLOWED.
936 * 'type' => PARAM_TYPE, // Expected parameter type of the user field - mandatory
937 * 'choices' => array(1, 2..) // An array of accepted values of the user field - optional
938 * 'default' => $CFG->setting // An default value for the field - optional
939 * 'isregex' => false/true // Whether the name of the preference is a regular expression (default false).
940 * 'permissioncallback' => callable // Function accepting arguments ($user, $preferencename) that checks if current user
941 * // is allowed to modify this preference for given user.
942 * // If not specified core_user::default_preference_permission_check() will be assumed.
943 * 'cleancallback' => callable // Custom callback for cleaning value if something more difficult than just type/choices is needed
944 * // accepts arguments ($value, $preferencename)
945 * )
946 * )
947 *
948 * @return void
949 */
950 protected static function fill_preferences_cache() {
951 global $CFG;
952
953 if (self::$preferencescache !== null) {
954 return;
955 }
956
957 // Array of user preferences and expected types/values.
958 // Every preference that can be updated directly by user should be added here.
959 $preferences = array();
960 $preferences['auth_forcepasswordchange'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED, 'choices' => array(0, 1),
961 'permissioncallback' => function($user, $preferencename) {
962 global $USER;
963 $systemcontext = context_system::instance();
964 return ($USER->id != $user->id && (has_capability('moodle/user:update', $systemcontext) ||
965 ($user->timecreated > time() - 10 && has_capability('moodle/user:create', $systemcontext))));
966 });
967 $preferences['forum_markasreadonnotification'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED, 'default' => 1,
968 'choices' => array(0, 1));
969 $preferences['htmleditor'] = array('type' => PARAM_NOTAGS, 'null' => NULL_ALLOWED,
970 'cleancallback' => function($value, $preferencename) {
971 if (empty($value) || !array_key_exists($value, core_component::get_plugin_list('editor'))) {
972 return null;
973 }
974 return $value;
975 });
976 $preferences['badgeprivacysetting'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED, 'default' => 1,
977 'choices' => array(0, 1), 'permissioncallback' => function($user, $preferencename) {
978 global $CFG;
979 return !empty($CFG->enablebadges) && self::is_current_user($user);
980 });
981 $preferences['blogpagesize'] = array('type' => PARAM_INT, 'null' => NULL_NOT_ALLOWED, 'default' => 10,
982 'permissioncallback' => function($user, $preferencename) {
983 return self::is_current_user($user) && has_capability('moodle/blog:view', context_system::instance());
984 });
985 $preferences['filemanager_recentviewmode'] = [
986 'type' => PARAM_INT,
987 'null' => NULL_NOT_ALLOWED,
988 'default' => 1,
989 'choices' => [1, 2, 3],
990 'permissioncallback' => [static::class, 'is_current_user'],
991 ];
992 $preferences['filepicker_recentrepository'] = [
993 'type' => PARAM_INT,
994 'null' => NULL_NOT_ALLOWED,
995 'permissioncallback' => [static::class, 'is_current_user'],
996 ];
997 $preferences['filepicker_recentlicense'] = [
998 'type' => PARAM_SAFEDIR,
999 'null' => NULL_NOT_ALLOWED,
1000 'permissioncallback' => [static::class, 'is_current_user'],
1001 ];
1002 $preferences['filepicker_recentviewmode'] = [
1003 'type' => PARAM_INT,
1004 'null' => NULL_NOT_ALLOWED,
1005 'default' => 1,
1006 'choices' => [1, 2, 3],
1007 'permissioncallback' => [static::class, 'is_current_user'],
1008 ];
1009 $preferences['userselector_optionscollapsed'] = [
1010 'type' => PARAM_BOOL,
1011 'null' => NULL_NOT_ALLOWED,
1012 'default' => true,
1013 'permissioncallback' => [static::class, 'is_current_user'],
1014 ];
1015 $preferences['userselector_autoselectunique'] = [
1016 'type' => PARAM_BOOL,
1017 'null' => NULL_NOT_ALLOWED,
1018 'default' => false,
1019 'permissioncallback' => [static::class, 'is_current_user'],
1020 ];
1021 $preferences['userselector_preserveselected'] = [
1022 'type' => PARAM_BOOL,
1023 'null' => NULL_NOT_ALLOWED,
1024 'default' => false,
1025 'permissioncallback' => [static::class, 'is_current_user'],
1026 ];
1027 $preferences['userselector_searchtype'] = [
1028 'type' => PARAM_INT,
1029 'null' => NULL_NOT_ALLOWED,
1030 'default' => USER_SEARCH_STARTS_WITH,
1031 'permissioncallback' => [static::class, 'is_current_user'],
1032 ];
1033 $preferences['question_bank_advanced_search'] = [
1034 'type' => PARAM_BOOL,
1035 'null' => NULL_NOT_ALLOWED,
1036 'default' => false,
1037 'permissioncallback' => [static::class, 'is_current_user'],
1038 ];
1039
1040 $choices = [HOMEPAGE_SITE];
1041 if (!empty($CFG->enabledashboard)) {
1042 $choices[] = HOMEPAGE_MY;
1043 }
1044 $choices[] = HOMEPAGE_MYCOURSES;
1045 $preferences['user_home_page_preference'] = [
1046 'type' => PARAM_INT,
1047 'null' => NULL_ALLOWED,
1048 'default' => get_default_home_page(),
1049 'choices' => $choices,
1050 'permissioncallback' => function ($user, $preferencename) {
1051 global $CFG;
1052 return self::is_current_user($user) &&
1053 (!empty($CFG->defaulthomepage) && ($CFG->defaulthomepage == HOMEPAGE_USER));
1054 }
1055 ];
1056
1057 // Core components that may want to define their preferences.
1058 // List of core components implementing callback is hardcoded here for performance reasons.
1059 // TODO MDL-58184 cache list of core components implementing a function.
1060 $corecomponents = ['core_message', 'core_calendar', 'core_contentbank'];
1061 foreach ($corecomponents as $component) {
1062 if (($pluginpreferences = component_callback($component, 'user_preferences')) && is_array($pluginpreferences)) {
1063 $preferences += $pluginpreferences;
1064 }
1065 }
1066
1067 // Plugins that may define their preferences.
1068 if ($pluginsfunction = get_plugins_with_function('user_preferences')) {
1069 foreach ($pluginsfunction as $plugintype => $plugins) {
1070 foreach ($plugins as $function) {
1071 if (($pluginpreferences = call_user_func($function)) && is_array($pluginpreferences)) {
1072 $preferences += $pluginpreferences;
1073 }
1074 }
1075 }
1076 }
1077
1078 self::$preferencescache = $preferences;
1079 }
1080
1081 /**
1082 * Retrieves the preference definition
1083 *
1084 * @param string $preferencename
1085 * @return array
1086 */
1087 protected static function get_preference_definition($preferencename) {
1088 self::fill_preferences_cache();
1089
1090 foreach (self::$preferencescache as $key => $preference) {
1091 if (empty($preference['isregex'])) {
1092 if ($key === $preferencename) {
1093 return $preference;
1094 }
1095 } else {
1096 if (preg_match($key, $preferencename)) {
1097 return $preference;
1098 }
1099 }
1100 }
1101
1102 throw new coding_exception('Invalid preference requested.');
1103 }
1104
1105 /**
1106 * Default callback used for checking if current user is allowed to change permission of user $user
1107 *
1108 * @param stdClass $user
1109 * @param string $preferencename
1110 * @return bool
1111 */
1112 protected static function default_preference_permission_check($user, $preferencename) {
1113 global $USER;
1114 if (is_mnet_remote_user($user)) {
1115 // Can't edit MNET user.
1116 return false;
1117 }
1118
1119 if (self::is_current_user($user)) {
1120 // Editing own profile.
1121 $systemcontext = context_system::instance();
1122 return has_capability('moodle/user:editownprofile', $systemcontext);
1123 } else {
1124 // Teachers, parents, etc.
1125 $personalcontext = context_user::instance($user->id);
1126 if (!has_capability('moodle/user:editprofile', $personalcontext)) {
1127 return false;
1128 }
1129 if (is_siteadmin($user->id) and !is_siteadmin($USER)) {
1130 // Only admins may edit other admins.
1131 return false;
1132 }
1133 return true;
1134 }
1135 }
1136
1137 /**
1138 * Can current user edit preference of this/another user
1139 *
1140 * @param string $preferencename
1141 * @param stdClass $user
1142 * @return bool
1143 */
1144 public static function can_edit_preference($preferencename, $user) {
1145 if (!isloggedin() || isguestuser()) {
1146 // Guests can not edit anything.
1147 return false;
1148 }
1149
1150 try {
1151 $definition = self::get_preference_definition($preferencename);
1152 } catch (coding_exception $e) {
1153 return false;
1154 }
1155
1156 if ($user->deleted || !context_user::instance($user->id, IGNORE_MISSING)) {
1157 // User is deleted.
1158 return false;
1159 }
1160
1161 if (isset($definition['permissioncallback'])) {
1162 $callback = $definition['permissioncallback'];
1163 if (is_callable($callback)) {
1164 return call_user_func_array($callback, [$user, $preferencename]);
1165 } else {
1166 throw new coding_exception('Permission callback for preference ' . s($preferencename) . ' is not callable');
1167 return false;
1168 }
1169 } else {
1170 return self::default_preference_permission_check($user, $preferencename);
1171 }
1172 }
1173
1174 /**
1175 * Clean value of a user preference
1176 *
1177 * @param string $value the user preference value to be cleaned.
1178 * @param string $preferencename the user preference name
1179 * @return string the cleaned preference value
1180 */
1181 public static function clean_preference($value, $preferencename) {
1182
1183 $definition = self::get_preference_definition($preferencename);
1184
1185 if (isset($definition['type']) && $value !== null) {
1186 $value = clean_param($value, $definition['type']);
1187 }
1188
1189 if (isset($definition['cleancallback'])) {
1190 $callback = $definition['cleancallback'];
1191 if (is_callable($callback)) {
1192 return $callback($value, $preferencename);
1193 } else {
1194 throw new coding_exception('Clean callback for preference ' . s($preferencename) . ' is not callable');
1195 }
1196 } else if ($value === null && (!isset($definition['null']) || $definition['null'] == NULL_ALLOWED)) {
1197 return null;
1198 } else if (isset($definition['choices'])) {
1199 if (!in_array($value, $definition['choices'])) {
1200 if (isset($definition['default'])) {
1201 return $definition['default'];
1202 } else {
1203 $first = reset($definition['choices']);
1204 return $first;
1205 }
1206 } else {
1207 return $value;
1208 }
1209 } else {
1210 if ($value === null) {
1211 return isset($definition['default']) ? $definition['default'] : '';
1212 }
1213 return $value;
1214 }
1215 }
1216
1217 /**
1218 * Is the user expected to perform an action to start using Moodle properly?
1219 *
1220 * This covers cases such as filling the profile, changing password or agreeing to the site policy.
1221 *
1222 * @param stdClass $user User object, defaults to the current user.
1223 * @return bool
1224 */
1225 public static function awaiting_action(stdClass $user = null): bool {
1226 global $USER;
1227
1228 if ($user === null) {
1229 $user = $USER;
1230 }
1231
1232 if (user_not_fully_set_up($user)) {
1233 // Awaiting the user to fill all fields in the profile.
1234 return true;
1235 }
1236
1237 if (get_user_preferences('auth_forcepasswordchange', false, $user)) {
1238 // Awaiting the user to change their password.
1239 return true;
1240 }
1241
1242 if (empty($user->policyagreed) && !is_siteadmin($user)) {
1243 $manager = new \core_privacy\local\sitepolicy\manager();
1244
1245 if ($manager->is_defined(isguestuser($user))) {
1246 return true;
1247 }
1248 }
1249
1250 return false;
1251 }
1252
1253 /**
1254 * Get welcome message.
1255 *
1256 * @return lang_string welcome message
1257 */
1258 public static function welcome_message(): ?lang_string {
1259 global $USER;
1260
1261 $isloggedinas = \core\session\manager::is_loggedinas();
1262 if (!isloggedin() || isguestuser() || $isloggedinas) {
1263 return null;
1264 }
1265 if (empty($USER->core_welcome_message)) {
1266 $USER->core_welcome_message = true;
1267 $messagekey = 'welcomeback';
1268 if (empty(get_user_preferences('core_user_welcome', null))) {
1269 $messagekey = 'welcometosite';
1270 set_user_preference('core_user_welcome', time());
1271 }
1272
1273 $namefields = [
1274 'fullname' => fullname($USER),
1275 'alternativefullname' => fullname($USER, true),
1276 ];
1277
1278 foreach (\core_user\fields::get_name_fields() as $namefield) {
1279 $namefields[$namefield] = $USER->{$namefield};
1280 }
1281
1282 return new lang_string($messagekey, 'core', $namefields);
1283 };
1284 return null;
1285 }
1286
1287 /**
1288 * Return full name depending on context.
1289 * This function should be used for displaying purposes only as the details may not be the same as it is on database.
1290 *
1291 * @param stdClass $user the person to get details of.
1292 * @param context|null $context The context will be used to determine the visibility of the user's full name.
1293 * @param array $options can include: override - if true, will not use forced firstname/lastname settings
1294 * @return string Full name of the user
1295 */
1296 public static function get_fullname(stdClass $user, context $context = null, array $options = []): string {
1297 global $CFG, $SESSION;
1298
1299 // Clone the user so that it does not mess up the original object.
1300 $user = clone($user);
1301
1302 // Override options.
1303 $override = $options["override"] ?? false;
1304
1305 if (!isset($user->firstname) && !isset($user->lastname)) {
1306 return '';
1307 }
1308
1309 // Get all of the name fields.
1310 $allnames = \core_user\fields::get_name_fields();
1311 if ($CFG->debugdeveloper) {
1312 $missingfields = [];
1313 foreach ($allnames as $allname) {
1314 if (!property_exists($user, $allname)) {
1315 $missingfields[] = $allname;
1316 }
1317 }
1318 if (!empty($missingfields)) {
1319 debugging('The following name fields are missing from the user object: ' . implode(', ', $missingfields));
1320 }
1321 }
1322
1323 if (!$override) {
1324 if (!empty($CFG->forcefirstname)) {
1325 $user->firstname = $CFG->forcefirstname;
1326 }
1327 if (!empty($CFG->forcelastname)) {
1328 $user->lastname = $CFG->forcelastname;
1329 }
1330 }
1331
1332 if (!empty($SESSION->fullnamedisplay)) {
1333 $CFG->fullnamedisplay = $SESSION->fullnamedisplay;
1334 }
1335
1336 $template = null;
1337 // If the fullnamedisplay setting is available, set the template to that.
1338 if (isset($CFG->fullnamedisplay)) {
1339 $template = $CFG->fullnamedisplay;
1340 }
1341 // If the template is empty, or set to language, return the language string.
1342 if ((empty($template) || $template == 'language') && !$override) {
1343 return get_string('fullnamedisplay', null, $user);
1344 }
1345
1346 // Check to see if we are displaying according to the alternative full name format.
1347 if ($override) {
1348 if (empty($CFG->alternativefullnameformat) || $CFG->alternativefullnameformat == 'language') {
1349 // Default to show just the user names according to the fullnamedisplay string.
1350 return get_string('fullnamedisplay', null, $user);
1351 } else {
1352 // If the override is true, then change the template to use the complete name.
1353 $template = $CFG->alternativefullnameformat;
1354 }
1355 }
1356
1357 $requirednames = array();
1358 // With each name, see if it is in the display name template, and add it to the required names array if it is.
1359 foreach ($allnames as $allname) {
1360 if (strpos($template, $allname) !== false) {
1361 $requirednames[] = $allname;
1362 }
1363 }
1364
1365 $displayname = $template;
1366 // Switch in the actual data into the template.
1367 foreach ($requirednames as $altname) {
1368 if (isset($user->$altname)) {
1369 // Using empty() on the below if statement causes breakages.
1370 if ((string)$user->$altname == '') {
1371 $displayname = str_replace($altname, 'EMPTY', $displayname);
1372 } else {
1373 $displayname = str_replace($altname, $user->$altname, $displayname);
1374 }
1375 } else {
1376 $displayname = str_replace($altname, 'EMPTY', $displayname);
1377 }
1378 }
1379 // Tidy up any misc. characters (Not perfect, but gets most characters).
1380 // Don't remove the "u" at the end of the first expression unless you want garbled characters when combining hiragana or
1381 // katakana and parenthesis.
1382 $patterns = array();
1383 // This regular expression replacement is to fix problems such as 'James () Kirk' Where 'Tiberius' (middlename) has not been
1384 // filled in by a user.
1385 // The special characters are Japanese brackets that are common enough to make allowances for them (not covered by :punct:).
1386 $patterns[] = '/[[:punct:]「」]*EMPTY[[:punct:]「」]*/u';
1387 // This regular expression is to remove any double spaces in the display name.
1388 $patterns[] = '/\s{2,}/u';
1389 foreach ($patterns as $pattern) {
1390 $displayname = preg_replace($pattern, ' ', $displayname);
1391 }
1392
1393 // Trimming $displayname will help the next check to ensure that we don't have a display name with spaces.
1394 $displayname = trim($displayname);
1395 if (empty($displayname)) {
1396 // Going with just the first name if no alternate fields are filled out. May be changed later depending on what
1397 // people in general feel is a good setting to fall back on.
1398 $displayname = $user->firstname;
1399 }
1400 return $displayname;
1401 }
1402
1403 /**
1404 * Return profile url depending on context.
1405 *
1406 * @param stdClass $user the person to get details of.
1407 * @param context|null $context The context will be used to determine the visibility of the user's profile url.
1408 * @return moodle_url Profile url of the user
1409 */
1410 public static function get_profile_url(stdClass $user, context $context = null): moodle_url {
1411 if (empty($user->id)) {
1412 throw new coding_exception('User id is required when displaying profile url.');
1413 }
1414
1415 // Params to be passed to the user view page.
1416 $params = ['id' => $user->id];
1417
1418 // Get courseid from context if provided.
1419 if ($context && $coursecontext = $context->get_course_context(false)) {
1420 $params['courseid'] = $coursecontext->instanceid;
1421 }
1422
1423 // If courseid is not set or is set to site id, then return profile page, otherwise return view page.
1424 if (!isset($params['courseid']) || $params['courseid'] == SITEID) {
1425 return new moodle_url('/user/profile.php', $params);
1426 } else {
1427 return new moodle_url('/user/view.php', $params);
1428 }
1429 }
1430
1431 /**
1432 * Return user picture depending on context.
1433 * This function should be used for displaying purposes only as the details may not be the same as it is on database.
1434 *
1435 * @param stdClass $user the person to get details of.
1436 * @param context|null $context The context will be used to determine the visibility of the user's picture.
1437 * @param array $options public properties of {@see user_picture} to be overridden
1438 * - courseid = $this->page->course->id (course id of user profile in link)
1439 * - size = 35 (size of image)
1440 * - link = true (make image clickable - the link leads to user profile)
1441 * - popup = false (open in popup)
1442 * - alttext = true (add image alt attribute)
1443 * - class = image class attribute (default 'userpicture')
1444 * - visibletoscreenreaders = true (whether to be visible to screen readers)
1445 * - includefullname = false (whether to include the user's full name together with the user picture)
1446 * - includetoken = false (whether to use a token for authentication. True for current user, int value for other user id)
1447 * @return user_picture User picture object
1448 */
1449 public static function get_profile_picture(stdClass $user, context $context = null, array $options = []): user_picture {
1450 // Create a new user picture object.
1451 $userpicture = new user_picture($user);
1452
1453 // Override the user picture object with the options provided.
1454 foreach ($options as $key => $value) {
1455 if (property_exists($userpicture, $key)) {
1456 $userpicture->$key = $value;
1457 }
1458 }
1459
1460 // Return the user picture.
1461 return $userpicture;
1462 }
1463
1464 /**
1465 * Get initials for users
1466 *
1467 * @param stdClass $user
1468 * @return string
1469 */
1470 public static function get_initials(stdClass $user): string {
1471 // Get the available name fields.
1472 $namefields = \core_user\fields::get_name_fields();
1473 // Build a dummy user to determine the name format.
1474 $dummyuser = array_combine($namefields, $namefields);
1475 // Determine the name format by using fullname() and passing the dummy user.
1476 $nameformat = fullname((object) $dummyuser);
1477 // Fetch all the available username fields.
1478 $availablefields = order_in_string($namefields, $nameformat);
1479 // We only want the first and last name fields.
1480 if (!empty($availablefields) && count($availablefields) >= 2) {
1481 $availablefields = [reset($availablefields), end($availablefields)];
1482 }
1483 $initials = '';
1484 foreach ($availablefields as $userfieldname) {
1485 if (!empty($user->$userfieldname)) {
1486 $initials .= mb_substr($user->$userfieldname, 0, 1);
1487 }
1488 }
1489 return $initials;
1490 }
1491
1492 }
Read-only mirror of the Moodle CVS