user/editadvanced.php

   1 <?php
   2 // This file is part of Moodle - http://moodle.org/
   3 //
   4 // Moodle is free software: you can redistribute it and/or modify
   5 // it under the terms of the GNU General Public License as published by
   6 // the Free Software Foundation, either version 3 of the License, or
   7 // (at your option) any later version.
   8 //
   9 // Moodle is distributed in the hope that it will be useful,
  10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 // GNU General Public License for more details.
  13 //
  14 // You should have received a copy of the GNU General Public License
  15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * Allows you to edit a users profile
  19  *
  20  * @copyright 1999 Martin Dougiamas  http://dougiamas.com
  21  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  22  * @package core_user
  23  */
  24
  25 require_once('../config.php');
  26 require_once($CFG->libdir.'/gdlib.php');
  27 require_once($CFG->libdir.'/adminlib.php');
  28 require_once($CFG->dirroot.'/user/editadvanced_form.php');
  29 require_once($CFG->dirroot.'/user/editlib.php');
  30 require_once($CFG->dirroot.'/user/profile/lib.php');
  31 require_once($CFG->dirroot.'/user/lib.php');
  32 require_once($CFG->dirroot.'/webservice/lib.php');
  33
  34 $id     = optional_param('id', $USER->id, PARAM_INT);    // User id; -1 if creating new user.
  35 $course = optional_param('course', SITEID, PARAM_INT);   // Course id (defaults to Site).
  36 $returnto = optional_param('returnto', null, PARAM_ALPHA);  // Code determining where to return to after save.
  37
  38 $PAGE->set_url('/user/editadvanced.php', array('course' => $course, 'id' => $id));
  39
  40 $course = $DB->get_record('course', array('id' => $course), '*', MUST_EXIST);
  41
  42 if (!empty($USER->newadminuser)) {
  43     // Ignore double clicks, we must finish all operations before cancelling request.
  44     ignore_user_abort(true);
  45
  46     $PAGE->set_course($SITE);
  47     $PAGE->set_pagelayout('maintenance');
  48 } else {
  49     if ($course->id == SITEID) {
  50         require_login();
  51         $PAGE->set_context(context_system::instance());
  52     } else {
  53         require_login($course);
  54     }
  55     $PAGE->set_pagelayout('admin');
  56 }
  57
  58 if ($course->id == SITEID) {
  59     $coursecontext = context_system::instance();   // SYSTEM context.
  60 } else {
  61     $coursecontext = context_course::instance($course->id);   // Course context.
  62 }
  63 $systemcontext = context_system::instance();
  64
  65 if ($id == -1) {
  66     // Creating new user.
  67     $user = new stdClass();
  68     $user->id = -1;
  69     $user->auth = 'manual';
  70     $user->confirmed = 1;
  71     $user->deleted = 0;
  72     $user->timezone = '99';
  73     require_capability('moodle/user:create', $systemcontext);
  74     admin_externalpage_setup('addnewuser', '', array('id' => -1));
  75 } else {
  76     // Editing existing user.
  77     require_capability('moodle/user:update', $systemcontext);
  78     $user = $DB->get_record('user', array('id' => $id), '*', MUST_EXIST);
  79     $PAGE->set_context(context_user::instance($user->id));
  80     $PAGE->navbar->includesettingsbase = true;
  81     if ($user->id != $USER->id) {
  82         $PAGE->navigation->extend_for_user($user);
  83     } else {
  84         if ($node = $PAGE->navigation->find('myprofile', navigation_node::TYPE_ROOTNODE)) {
  85             $node->force_open();
  86         }
  87     }
  88 }
  89
  90 // Remote users cannot be edited.
  91 if ($user->id != -1 and is_mnet_remote_user($user)) {
  92     redirect($CFG->wwwroot . "/user/view.php?id=$id&course={$course->id}");
  93 }
  94
  95 if ($user->id != $USER->id and is_siteadmin($user) and !is_siteadmin($USER)) {  // Only admins may edit other admins.
  96     print_error('useradmineditadmin');
  97 }
  98
  99 if (isguestuser($user->id)) { // The real guest user can not be edited.
 100     print_error('guestnoeditprofileother');
 101 }
 102
 103 if ($user->deleted) {
 104     echo $OUTPUT->header();
 105     echo $OUTPUT->heading(get_string('userdeleted'));
 106     echo $OUTPUT->footer();
 107     die;
 108 }
 109
 110 // Load user preferences.
 111 useredit_load_preferences($user);
 112
 113 // Load custom profile fields data.
 114 profile_load_data($user);
 115
 116 // User interests.
 117 $user->interests = core_tag_tag::get_item_tags_array('core', 'user', $id);
 118
 119 if ($user->id !== -1) {
 120     $usercontext = context_user::instance($user->id);
 121     $editoroptions = array(
 122         'maxfiles'   => EDITOR_UNLIMITED_FILES,
 123         'maxbytes'   => $CFG->maxbytes,
 124         'trusttext'  => false,
 125         'forcehttps' => false,
 126         'context'    => $usercontext
 127     );
 128
 129     $user = file_prepare_standard_editor($user, 'description', $editoroptions, $usercontext, 'user', 'profile', 0);
 130 } else {
 131     $usercontext = null;
 132     // This is a new user, we don't want to add files here.
 133     $editoroptions = array(
 134         'maxfiles' => 0,
 135         'maxbytes' => 0,
 136         'trusttext' => false,
 137         'forcehttps' => false,
 138         'context' => $coursecontext
 139     );
 140 }
 141
 142 // Prepare filemanager draft area.
 143 $draftitemid = 0;
 144 $filemanagercontext = $editoroptions['context'];
 145 $filemanageroptions = array('maxbytes'       => $CFG->maxbytes,
 146                              'subdirs'        => 0,
 147                              'maxfiles'       => 1,
 148                              'accepted_types' => 'web_image');
 149 file_prepare_draft_area($draftitemid, $filemanagercontext->id, 'user', 'newicon', 0, $filemanageroptions);
 150 $user->imagefile = $draftitemid;
 151 // Create form.
 152 $userform = new user_editadvanced_form(new moodle_url($PAGE->url, array('returnto' => $returnto)), array(
 153     'editoroptions' => $editoroptions,
 154     'filemanageroptions' => $filemanageroptions,
 155     'user' => $user));
 156
 157 if ($usernew = $userform->get_data()) {
 158     $usercreated = false;
 159
 160     if (empty($usernew->auth)) {
 161         // User editing self.
 162         $authplugin = get_auth_plugin($user->auth);
 163         unset($usernew->auth); // Can not change/remove.
 164     } else {
 165         $authplugin = get_auth_plugin($usernew->auth);
 166     }
 167
 168     $usernew->timemodified = time();
 169     $createpassword = false;
 170
 171     if ($usernew->id == -1) {
 172         unset($usernew->id);
 173         $createpassword = !empty($usernew->createpassword);
 174         unset($usernew->createpassword);
 175         $usernew = file_postupdate_standard_editor($usernew, 'description', $editoroptions, null, 'user', 'profile', null);
 176         $usernew->mnethostid = $CFG->mnet_localhost_id; // Always local user.
 177         $usernew->confirmed  = 1;
 178         $usernew->timecreated = time();
 179         if ($authplugin->is_internal()) {
 180             if ($createpassword or empty($usernew->newpassword)) {
 181                 $usernew->password = '';
 182             } else {
 183                 $usernew->password = hash_internal_user_password($usernew->newpassword);
 184             }
 185         } else {
 186             $usernew->password = AUTH_PASSWORD_NOT_CACHED;
 187         }
 188         $usernew->id = user_create_user($usernew, false, false);
 189
 190         if (!$authplugin->is_internal() and $authplugin->can_change_password() and !empty($usernew->newpassword)) {
 191             if (!$authplugin->user_update_password($usernew, $usernew->newpassword)) {
 192                 // Do not stop here, we need to finish user creation.
 193                 debugging(get_string('cannotupdatepasswordonextauth', '', '', $usernew->auth), DEBUG_NONE);
 194             }
 195         }
 196         $usercreated = true;
 197     } else {
 198         $usernew = file_postupdate_standard_editor($usernew, 'description', $editoroptions, $usercontext, 'user', 'profile', 0);
 199         // Pass a true old $user here.
 200         if (!$authplugin->user_update($user, $usernew)) {
 201             // Auth update failed.
 202             print_error('cannotupdateuseronexauth', '', '', $user->auth);
 203         }
 204         user_update_user($usernew, false, false);
 205
 206         // Set new password if specified.
 207         if (!empty($usernew->newpassword)) {
 208             if ($authplugin->can_change_password()) {
 209                 if (!$authplugin->user_update_password($usernew, $usernew->newpassword)) {
 210                     print_error('cannotupdatepasswordonextauth', '', '', $usernew->auth);
 211                 }
 212                 unset_user_preference('create_password', $usernew); // Prevent cron from generating the password.
 213
 214                 if (!empty($CFG->passwordchangelogout)) {
 215                     // We can use SID of other user safely here because they are unique,
 216                     // the problem here is we do not want to logout admin here when changing own password.
 217                     \core\session\manager::kill_user_sessions($usernew->id, session_id());
 218                 }
 219                 if (!empty($usernew->signoutofotherservices)) {
 220                     webservice::delete_user_ws_tokens($usernew->id);
 221                 }
 222             }
 223         }
 224
 225         // Force logout if user just suspended.
 226         if (isset($usernew->suspended) and $usernew->suspended and !$user->suspended) {
 227             \core\session\manager::kill_user_sessions($user->id);
 228         }
 229     }
 230
 231     $usercontext = context_user::instance($usernew->id);
 232
 233     // Update preferences.
 234     useredit_update_user_preference($usernew);
 235
 236     // Update tags.
 237     if (empty($USER->newadminuser) && isset($usernew->interests)) {
 238         useredit_update_interests($usernew, $usernew->interests);
 239     }
 240
 241     // Update user picture.
 242     if (empty($USER->newadminuser)) {
 243         core_user::update_picture($usernew, $filemanageroptions);
 244     }
 245
 246     // Update mail bounces.
 247     useredit_update_bounces($user, $usernew);
 248
 249     // Update forum track preference.
 250     useredit_update_trackforums($user, $usernew);
 251
 252     // Save custom profile fields data.
 253     profile_save_data($usernew);
 254
 255     // Reload from db.
 256     $usernew = $DB->get_record('user', array('id' => $usernew->id));
 257
 258     if ($createpassword) {
 259         setnew_password_and_mail($usernew);
 260         unset_user_preference('create_password', $usernew);
 261         set_user_preference('auth_forcepasswordchange', 1, $usernew);
 262     }
 263
 264     // Trigger update/create event, after all fields are stored.
 265     if ($usercreated) {
 266         \core\event\user_created::create_from_userid($usernew->id)->trigger();
 267     } else {
 268         \core\event\user_updated::create_from_userid($usernew->id)->trigger();
 269     }
 270
 271     if ($user->id == $USER->id) {
 272         // Override old $USER session variable.
 273         foreach ((array)$usernew as $variable => $value) {
 274             if ($variable === 'description' or $variable === 'password') {
 275                 // These are not set for security nad perf reasons.
 276                 continue;
 277             }
 278             $USER->$variable = $value;
 279         }
 280         // Preload custom fields.
 281         profile_load_custom_fields($USER);
 282
 283         if (!empty($USER->newadminuser)) {
 284             unset($USER->newadminuser);
 285             // Apply defaults again - some of them might depend on admin user info, backup, roles, etc.
 286             admin_apply_default_settings(null, false);
 287             // Admin account is fully configured - set flag here in case the redirect does not work.
 288             unset_config('adminsetuppending');
 289             // Redirect to admin/ to continue with installation.
 290             redirect("$CFG->wwwroot/$CFG->admin/");
 291         } else if (empty($SITE->fullname)) {
 292             // Somebody double clicked when editing admin user during install.
 293             redirect("$CFG->wwwroot/$CFG->admin/");
 294         } else {
 295             if ($returnto === 'profile') {
 296                 if ($course->id != SITEID) {
 297                     $returnurl = new moodle_url('/user/view.php', array('id' => $user->id, 'course' => $course->id));
 298                 } else {
 299                     $returnurl = new moodle_url('/user/profile.php', array('id' => $user->id));
 300                 }
 301             } else {
 302                 $returnurl = new moodle_url('/user/preferences.php', array('userid' => $user->id));
 303             }
 304             redirect($returnurl);
 305         }
 306     } else {
 307         \core\session\manager::gc(); // Remove stale sessions.
 308         redirect("$CFG->wwwroot/$CFG->admin/user.php");
 309     }
 310     // Never reached..
 311 }
 312
 313
 314 // Display page header.
 315 if ($user->id == -1 or ($user->id != $USER->id)) {
 316     if ($user->id == -1) {
 317         echo $OUTPUT->header();
 318     } else {
 319         $streditmyprofile = get_string('editmyprofile');
 320         $userfullname = fullname($user, true);
 321         $PAGE->set_heading($userfullname);
 322         $PAGE->set_title("$course->shortname: $streditmyprofile - $userfullname");
 323         echo $OUTPUT->header();
 324         echo $OUTPUT->heading($userfullname);
 325     }
 326 } else if (!empty($USER->newadminuser)) {
 327     $strinstallation = get_string('installation', 'install');
 328     $strprimaryadminsetup = get_string('primaryadminsetup');
 329
 330     $PAGE->navbar->add($strprimaryadminsetup);
 331     $PAGE->set_title($strinstallation);
 332     $PAGE->set_heading($strinstallation);
 333     $PAGE->set_cacheable(false);
 334
 335     echo $OUTPUT->header();
 336     echo $OUTPUT->box(get_string('configintroadmin', 'admin'), 'generalbox boxwidthnormal boxaligncenter');
 337     echo '<br />';
 338 } else {
 339     $streditmyprofile = get_string('editmyprofile');
 340     $strparticipants  = get_string('participants');
 341     $strnewuser       = get_string('newuser');
 342     $userfullname     = fullname($user, true);
 343
 344     $PAGE->set_title("$course->shortname: $streditmyprofile");
 345     $PAGE->set_heading($userfullname);
 346
 347     echo $OUTPUT->header();
 348     echo $OUTPUT->heading($streditmyprofile);
 349 }
 350
 351 // Finally display THE form.
 352 $userform->display();
 353
 354 // And proper footer.
 355 echo $OUTPUT->footer();
 356