search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
when inserting 'Give Up' button, if site encoding is not iso-8859-1, then set page...
[moodle.git] / user / edit.php
blob2180a69fd548de56514e261d9edc226df1da9378
1 <?php // $Id$
2
3 require_once("../config.php");
4 require_once("$CFG->libdir/gdlib.php");
5
6 $id = optional_param('id', 0, PARAM_INT); // user id
7 $course = optional_param('course', SITEID, PARAM_INT); // course id (defaults to Site)
8
9 if (empty($id)) { // See your own profile by default
10 require_login();
11 $id = $USER->id;
12 }
13
14 if (! $user = get_record("user", "id", $id)) {
15 error("User ID was incorrect");
16 }
17
18 if (! $course = get_record("course", "id", $course)) {
19 error("Course ID was incorrect");
20 }
21
22 if ($user->confirmed and user_not_fully_set_up($user)) {
23 // Special case which can only occur when a new account
24 // has just been created by EXTERNAL authentication
25 // This is the only page in Moodle that has the exception
26 // so that users can set up their accounts
27 $newaccount = true;
28
29 if (empty($USER->id)) {
30 error("Sessions don't seem to be working on this server!");
31 }
32
33 } else {
34 $newaccount = false;
35 require_login($course->id);
36 }
37
38 if ($USER->id <> $user->id) { // Current user editing someone else's profile
39 if (isadmin()) { // Current user is an admin
40 if ($mainadmin = get_admin()) {
41 if ($user->id == $mainadmin->id) { // Can't edit primary admin
42 print_error('adminprimarynoedit');
43 }
44 }
45 } else {
46 print_error('onlyeditown');
47 }
48 }
49
50 if (isguest()) {
51 print_error('guestnoeditprofile');
52 }
53
54 if (isguest($user->id)) {
55 print_error('guestnoeditprofileother');
56 }
57
58
59 // load the relevant auth libraries
60 if (!empty($user->auth)) {
61 $auth = $user->auth;
62 if (!file_exists("$CFG->dirroot/auth/$auth/lib.php")) {
63 trigger_error("Can't find auth module $auth , default to internal.");
64 $auth = "manual"; // Can't find auth module, default to internal
65 }
66 require_once("$CFG->dirroot/auth/$auth/lib.php");
67 }
68
69
70 /// If data submitted, then process and store.
71
72 if ($usernew = data_submitted()) {
73
74 if (($USER->id <> $usernew->id) && !isadmin()) {
75 print_error('onlyeditown');
76 }
77
78 if (isset($USER->username)) {
79 check_for_restricted_user($USER->username, "$CFG->wwwroot/course/view.php?id=$course->id");
80 }
81
82 if (isset($usernew->password)) {
83 unset($usernew->password);
84 }
85
86 // data cleanup
87 // username is validated in find_form_errors
88 $usernew->country = clean_param($usernew->country, PARAM_ALPHA);
89 $usernew->lang = clean_param($usernew->lang, PARAM_FILE);
90 $usernew->url = clean_param($usernew->url, PARAM_URL);
91 $usernew->icq = clean_param($usernew->icq, PARAM_INT);
92 if (!$usernew->icq) {
93 $usernew->icq = '';
94 }
95 $usernew->skype = clean_param($usernew->skype, PARAM_CLEAN);
96 $usernew->yahoo = clean_param($usernew->yahoo, PARAM_CLEAN);
97 $usernew->aim = clean_param($usernew->aim, PARAM_CLEAN);
98 $usernew->msn = clean_param($usernew->msn, PARAM_CLEAN);
99
100 $usernew->maildisplay = clean_param($usernew->maildisplay, PARAM_INT);
101 $usernew->mailformat = clean_param($usernew->mailformat, PARAM_INT);
102 if (!empty($CFG->unicodedb) && $CFG->allowusermailcharset) {
103 $usernew->mailcharset = clean_param($usernew->mailcharset, PARAM_CLEAN);
104 if (!empty($usernew->mailcharset)) {
105 set_user_preference('mailcharset', $usernew->mailcharset, $user->id);
106 } else {
107 unset_user_preference('mailcharset', $user->id);
108 }
109 } else {
110 unset_user_preference('mailcharset', $user->id);
111 }
112 $usernew->maildigest = clean_param($usernew->maildigest, PARAM_INT);
113 $usernew->autosubscribe = clean_param($usernew->autosubscribe, PARAM_INT);
114 if (!empty($CFG->htmleditor)) {
115 $usernew->htmleditor = clean_param($usernew->htmleditor, PARAM_INT);
116 }
117 else {
118 unset( $usernew->htmleditor );
119 }
120 $usernew->emailstop = clean_param($usernew->emailstop, PARAM_INT);
121
122 if (isset($usernew->timezone)) {
123 if ($CFG->forcetimezone != 99) { // Don't allow changing this in any way
124 unset($usernew->timezone);
125 } else { // Clean up the data a bit, just in case of injections
126 $usernew->timezone = clean_param($usernew->timezone, PARAM_PATH); //not a path, but it looks like it anyway
127 }
128 }
129
130 foreach ($usernew as $key => $data) {
131 $usernew->$key = addslashes(clean_text(stripslashes(trim($usernew->$key)), FORMAT_MOODLE));
132 }
133
134 $usernew->firstname = strip_tags($usernew->firstname);
135 $usernew->lastname = strip_tags($usernew->lastname);
136
137 if (isset($usernew->username)) {
138 $usernew->username = moodle_strtolower($usernew->username);
139 }
140
141 if (!empty($_FILES) and !(empty($CFG->disableuserimages) or isadmin())) {
142 error('Users can not update profile images!');
143 }
144
145 require_once($CFG->dirroot.'/lib/uploadlib.php');
146 $um = new upload_manager('imagefile',false,false,null,false,0,true,true);
147
148 // override locked values
149 if (!isadmin()) {
150 $fields = get_user_fieldnames();
151 $authconfig = get_config( 'auth/' . $user->auth );
152 foreach ($fields as $field) {
153 $configvariable = 'field_lock_' . $field;
154 if ( empty($authconfig->{$configvariable}) ) {
155 continue; //no locking set
156 }
157 if ( $authconfig->{$configvariable} === 'locked'
158 || ($authconfig->{$configvariable} === 'unlockedifempty' && !empty($user->$field)) ) {
159 if (!empty( $user->$field)) {
160 $usernew->$field = addslashes($user->$field);
161 }
162 }
163 }
164 unset($fields);
165 unset($field);
166 unset($configvariable);
167 }
168 if (find_form_errors($user, $usernew, $err, $um)) {
169 if (empty($err['imagefile']) && $usernew->picture = save_profile_image($user->id, $um,'users')) {
170 set_field('user', 'picture', $usernew->picture, 'id', $user->id); /// Note picture in DB
171 } else {
172 if (!empty($usernew->deletepicture)) {
173 set_field('user', 'picture', 0, 'id', $user->id); /// Delete picture
174 $usernew->picture = 0;
175 }
176 }
177
178 $usernew->auth = $user->auth;
179 $user = $usernew;
180
181 } else {
182 $timenow = time();
183
184 if (!$usernew->picture = save_profile_image($user->id,$um,'users')) {
185 if (!empty($usernew->deletepicture)) {
186 set_field('user', 'picture', 0, 'id', $user->id); /// Delete picture
187 $usernew->picture = 0;
188 } else {
189 $usernew->picture = $user->picture;
190 }
191 }
192
193 $usernew->timemodified = time();
194
195 if (isadmin()) {
196 if (!empty($usernew->newpassword)) {
197 $usernew->password = hash_internal_user_password($usernew->newpassword);
198 // update external passwords
199 if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) {
200 if (function_exists('auth_user_update_password')){
201 if (!auth_user_update_password($user->username, $usernew->newpassword)){
202 error('Failed to update password on external auth: ' . $user->auth .
203 '. See the server logs for more details.');
204 }
205 } else {
206 error('Your external authentication module is misconfigued!');
207 }
208 }
209 }
210 // store forcepasswordchange in user's preferences
211 if (!empty($usernew->forcepasswordchange)){
212 set_user_preference('auth_forcepasswordchange', 1, $user->id);
213 } else {
214 unset_user_preference('auth_forcepasswordchange', $user->id);
215 }
216 } else {
217 if (isset($usernew->newpassword)) {
218 error("You can not change the password like that");
219 }
220 }
221 if ($usernew->url and !(substr($usernew->url, 0, 4) == "http")) {
222 $usernew->url = "http://".$usernew->url;
223 }
224
225 $userold = get_record('user','id',$usernew->id);
226 if (update_record("user", $usernew)) {
227 if (function_exists("auth_user_update")){
228 // pass a true $userold here
229 if (!auth_user_update($userold, $usernew)) {
230 // auth update failed, rollback for moodle
231 update_record("user", $userold);
232 error('Failed to update user data on external auth: '.$user->auth.
233 '. See the server logs for more details.');
234 }
235 };
236
237 if ($userold->email != $usernew->email) {
238 set_bounce_count($usernew,true);
239 set_send_count($usernew,true);
240 }
241
242 /// Update forum track preference.
243 if (($usernew->trackforums != $USER->trackforums) && !$usernew->trackforums) {
244 require_once($CFG->dirroot.'/mod/forum/lib.php');
245 forum_tp_delete_read_records($USER->id);
246 }
247
248 add_to_log($course->id, "user", "update", "view.php?id=$user->id&course=$course->id", "");
249
250 if ($user->id == $USER->id) {
251 // Copy data into $USER session variable
252 $usernew = (array)$usernew;
253 foreach ($usernew as $variable => $value) {
254 $USER->$variable = stripslashes($value);
255 }
256 if (isset($USER->newadminuser)) {
257 unset($USER->newadminuser);
258 redirect("$CFG->wwwroot/", get_string('changessaved'));
259 }
260 if (!empty($SESSION->wantsurl)) { // User may have been forced to edit account, so let's
261 // send them to where they wanted to go originally
262 $wantsurl = $SESSION->wantsurl;
263 $SESSION->wantsurl = ''; // In case unset doesn't work as expected
264 unset($SESSION->wantsurl);
265 redirect($wantsurl, get_string('changessaved'));
266 } else {
267 redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id",
268 get_string("changessaved"));
269 }
270 } else {
271 redirect("$CFG->wwwroot/$CFG->admin/user.php", get_string("changessaved"));
272 }
273 } else {
274 error("Could not update the user record ($user->id)");
275 }
276 }
277 }
278
279 /// Otherwise fill and print the form.
280
281 $usehtmleditor = can_use_html_editor();
282
283 //temporary hack to disable htmleditor in IE when loginhttps on and wwwroot starts with http://
284 //see bug #5534
285 if (!empty($CFG->loginhttps) and check_browser_version('MSIE', 5.5) and (strpos($CFG->wwwroot, 'http://') === 0)) {
286 $usehtmleditor = false;
287 }
288
289 $streditmyprofile = get_string("editmyprofile");
290 $strparticipants = get_string("participants");
291 $strnewuser = get_string("newuser");
292
293 if (over_bounce_threshold($user) && empty($err['email'])) {
294 $err['email'] = get_string('toomanybounces');
295 }
296
297 if (($user->firstname and $user->lastname) or $newaccount) {
298 if ($newaccount) {
299 $userfullname = $strnewuser;
300 } else {
301 $userfullname = fullname($user, isteacher($course->id));
302 }
303 if ($course->category) {
304 print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile",
305 "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a>
306 -> <a href=\"index.php?id=$course->id\">$strparticipants</a>
307 -> <a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a>
308 -> $streditmyprofile", "");
309 } else {
310 if (isset($USER->newadminuser)) {
311 print_header();
312 } else {
313 print_header("$course->shortname: $streditmyprofile", "$course->fullname",
314 "<a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a>
315 -> $streditmyprofile", "");
316 }
317 }
318 } else {
319 $userfullname = $strnewuser;
320 $straddnewuser = get_string("addnewuser");
321
322 $stradministration = get_string("administration");
323 print_header("$course->shortname: $streditmyprofile", "$course->fullname",
324 "<a href=\"$CFG->wwwroot/$CFG->admin/\">$stradministration</a> -> ".
325 "<a href=\"$CFG->wwwroot/$CFG->admin/users.php\">$strusers</a> -> $straddnewuser", "");
326 }
327
328
329 if (isset($USER->newadminuser)) {
330 print_simple_box(get_string('configintroadmin', 'admin'), 'center', '50%');
331 echo '<br />';
332 } else {
333 /// Print tabs at top
334 /// This same call is made in:
335 /// /user/view.php
336 /// /user/edit.php
337 /// /course/user.php
338 $currenttab = 'editprofile';
339 include('tabs.php');
340 }
341
342 print_simple_box_start("center");
343
344 if (!empty($err)) {
345 echo "<center>";
346 notify(get_string("someerrorswerefound"));
347 echo "</center>";
348 }
349
350 $teacher = strtolower($course->teacher);
351 if (!isadmin()) {
352 $teacheronly = '('.get_string('teacheronly', '', $teacher).')';
353 } else {
354 $teacheronly = '';
355 }
356
357 include("edit.html");
358
359 if (!isadmin()) { /// Lock all the locked fields using Javascript
360 $fields = get_user_fieldnames();
361
362 echo '<script type="text/javascript">'."\n";
363 echo '<!--'."\n";
364
365 $authconfig = get_config( 'auth/' . $user->auth );
366
367 foreach ($fields as $field) {
368 $configvariable = 'field_lock_' . $field;
369 if (isset($authconfig->{$configvariable})) {
370 if ( $authconfig->{$configvariable} === 'locked'
371 || ($authconfig->{$configvariable} === 'unlockedifempty' && !empty($user->$field)) ) {
372 echo "eval('document.form.$field.disabled=true');\n";
373 }
374 }
375 }
376
377 echo '-->'."\n";
378 echo '</script>'."\n";
379 }
380
381 print_simple_box_end();
382
383 if ($usehtmleditor) {
384 use_html_editor("description");
385 }
386
387 if (!isset($USER->newadminuser)) {
388 print_footer($course);
389 }
390
391 exit;
392
393
394
395 /// FUNCTIONS ////////////////////
396
397 function find_form_errors(&$user, &$usernew, &$err, &$um) {
398 global $CFG;
399
400 if (isadmin()) {
401 if (empty($usernew->username)) {
402 $err["username"] = get_string("missingusername");
403
404 } else if (record_exists("user", "username", $usernew->username) and $user->username == "changeme") {
405 $err["username"] = get_string("usernameexists");
406
407 } else {
408 if (empty($CFG->extendedusernamechars)) {
409 $string = eregi_replace("[^(-\.[:alnum:])]", "", $usernew->username);
410 if (strcmp($usernew->username, $string)) {
411 $err["username"] = get_string("alphanumerical");
412 }
413 }
414 }
415
416 if (empty($usernew->newpassword) and empty($user->password) and is_internal_auth() )
417 $err["newpassword"] = get_string("missingpassword");
418
419 if (($usernew->newpassword == "admin") or ($user->password == md5("admin") and empty($usernew->newpassword)) ) {
420 $err["newpassword"] = get_string("unsafepassword");
421 }
422 }
423
424 if (empty($usernew->email))
425 $err["email"] = get_string("missingemail");
426
427 if (over_bounce_threshold($user) && $user->email == $usernew->email)
428 $err['email'] = get_string('toomanybounces');
429
430 if (empty($usernew->description) and !isadmin())
431 $err["description"] = get_string("missingdescription");
432
433 if (empty($usernew->city))
434 $err["city"] = get_string("missingcity");
435
436 if (empty($usernew->firstname))
437 $err["firstname"] = get_string("missingfirstname");
438
439 if (empty($usernew->lastname))
440 $err["lastname"] = get_string("missinglastname");
441
442 if (empty($usernew->country))
443 $err["country"] = get_string("missingcountry");
444
445 if (! validate_email($usernew->email)) {
446 $err["email"] = get_string("invalidemail");
447
448 } else if ($otheruser = get_record("user", "email", $usernew->email)) {
449 if ($otheruser->id <> $user->id) {
450 $err["email"] = get_string("emailexists");
451 }
452 }
453
454 if (empty($err["email"]) and !isadmin()) {
455 if ($error = email_is_not_allowed($usernew->email)) {
456 $err["email"] = $error;
457 }
458 }
459
460 if (!$um->preprocess_files()) {
461 $err['imagefile'] = $um->notify;
462 }
463
464 $user->email = $usernew->email;
465
466 return count($err);
467 }
468
469
470 ?>
Read-only mirror of the Moodle CVS