search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MDL-70424 auth: Avoid random changes to $CFG->auth
[moodle.git] / user / action_redir.php
blobcccc8e95251d65eb544f6e81e2ed5861927ced34
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * Wrapper script redirecting user operations to correct destination.
19 *
20 * @copyright 1999 Martin Dougiamas http://dougiamas.com
21 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
22 * @package core_user
23 */
24
25 require_once("../config.php");
26 require_once($CFG->dirroot . '/course/lib.php');
27
28 $formaction = required_param('formaction', PARAM_LOCALURL);
29 $id = required_param('id', PARAM_INT);
30
31 $PAGE->set_url('/user/action_redir.php', array('formaction' => $formaction, 'id' => $id));
32 list($formaction) = explode('?', $formaction, 2);
33
34 // This page now only handles the bulk enrolment change actions, other actions are done with ajax.
35 $actions = array('bulkchange.php');
36
37 if (array_search($formaction, $actions) === false) {
38 print_error('unknownuseraction');
39 }
40
41 if (!confirm_sesskey()) {
42 print_error('confirmsesskeybad');
43 }
44
45 if ($formaction == 'bulkchange.php') {
46 // Backwards compatibility for enrolment plugins bulk change functionality.
47 // This awful code is adapting from the participant page with it's param names and values
48 // to the values expected by the bulk enrolment changes forms.
49 $formaction = required_param('formaction', PARAM_URL);
50 require_once($CFG->dirroot . '/enrol/locallib.php');
51
52 $url = new moodle_url($formaction);
53 // Get the enrolment plugin type and bulk action from the url.
54 $plugin = $url->param('plugin');
55 $operationname = $url->param('operation');
56 $dataformat = $url->param('dataformat');
57
58 $course = $DB->get_record('course', array('id' => $id), '*', MUST_EXIST);
59 $context = context_course::instance($id);
60 $PAGE->set_context($context);
61
62 $userids = optional_param_array('userid', array(), PARAM_INT);
63 $default = new moodle_url('/user/index.php', ['id' => $course->id]);
64 $returnurl = new moodle_url(optional_param('returnto', $default, PARAM_URL));
65
66 if (empty($userids)) {
67 $userids = optional_param_array('bulkuser', array(), PARAM_INT);
68 }
69 if (empty($userids)) {
70 // The first time list hack.
71 if (empty($userids) and $post = data_submitted()) {
72 foreach ($post as $k => $v) {
73 if (preg_match('/^user(\d+)$/', $k, $m)) {
74 $userids[] = $m[1];
75 }
76 }
77 }
78 }
79
80 if (empty($plugin) AND $operationname == 'download_participants') {
81 // Check permissions.
82 $pagecontext = ($course->id == SITEID) ? context_system::instance() : $context;
83 if (course_can_view_participants($pagecontext)) {
84 $plugins = core_plugin_manager::instance()->get_plugins_of_type('dataformat');
85 if (isset($plugins[$dataformat])) {
86 if ($plugins[$dataformat]->is_enabled()) {
87 if (empty($userids)) {
88 redirect($returnurl, get_string('noselectedusers', 'bulkusers'));
89 }
90
91 $columnnames = array(
92 'firstname' => get_string('firstname'),
93 'lastname' => get_string('lastname'),
94 );
95
96 $identityfields = get_extra_user_fields($context);
97 $identityfieldsselect = '';
98
99 foreach ($identityfields as $field) {
100 $columnnames[$field] = get_string($field);
101 $identityfieldsselect .= ', u.' . $field . ' ';
102 }
103
104 if (!empty($userids)) {
105 list($insql, $inparams) = $DB->get_in_or_equal($userids);
106 }
107
108 $sql = "SELECT u.firstname, u.lastname" . $identityfieldsselect . "
109 FROM {user} u
110 WHERE u.id $insql";
111
112 $rs = $DB->get_recordset_sql($sql, $inparams);
113 \core\dataformat::download_data('courseid_' . $course->id . '_participants', $dataformat, $columnnames, $rs);
114 $rs->close();
115 }
116 }
117 }
118 } else {
119 $instances = enrol_get_instances($course->id, false);
120 $instance = false;
121 foreach ($instances as $oneinstance) {
122 if ($oneinstance->enrol == $plugin) {
123 $instance = $oneinstance;
124 break;
125 }
126 }
127 if (!$instance) {
128 print_error('errorwithbulkoperation', 'enrol');
129 }
130
131 $manager = new course_enrolment_manager($PAGE, $course, $instance->id);
132 $plugins = $manager->get_enrolment_plugins();
133
134 if (!isset($plugins[$plugin])) {
135 print_error('errorwithbulkoperation', 'enrol');
136 }
137
138 $plugin = $plugins[$plugin];
139
140 $operations = $plugin->get_bulk_operations($manager);
141
142 if (!isset($operations[$operationname])) {
143 print_error('errorwithbulkoperation', 'enrol');
144 }
145 $operation = $operations[$operationname];
146
147 if (empty($userids)) {
148 redirect($returnurl, get_string('noselectedusers', 'bulkusers'));
149 }
150
151 $users = $manager->get_users_enrolments($userids);
152
153 $removed = array_diff($userids, array_keys($users));
154 if (!empty($removed)) {
155 // This manager does not filter by enrolment method - so we can get the removed users details.
156 $removedmanager = new course_enrolment_manager($PAGE, $course);
157 $removedusers = $removedmanager->get_users_enrolments($removed);
158
159 foreach ($removedusers as $removeduser) {
160 $msg = get_string('userremovedfromselectiona', 'enrol', fullname($removeduser));
161 \core\notification::warning($msg);
162 }
163 }
164
165 // We may have users from any kind of enrolment, we need to filter for the enrolment plugin matching the bulk action.
166 $matchesplugin = function($user) use ($plugin) {
167 foreach ($user->enrolments as $enrolment) {
168 if ($enrolment->enrolmentplugin->get_name() == $plugin->get_name()) {
169 return true;
170 }
171 }
172 return false;
173 };
174 $filteredusers = array_filter($users, $matchesplugin);
175
176 if (empty($filteredusers)) {
177 redirect($returnurl, get_string('noselectedusers', 'bulkusers'));
178 }
179
180 $users = $filteredusers;
181
182 // Get the form for the bulk operation.
183 $mform = $operation->get_form($PAGE->url, array('users' => $users));
184 // If the mform is false then attempt an immediate process. This may be an immediate action that
185 // doesn't require user input OR confirmation.... who know what but maybe one day.
186 if ($mform === false) {
187 if ($operation->process($manager, $users, new stdClass)) {
188 redirect($returnurl);
189 } else {
190 print_error('errorwithbulkoperation', 'enrol');
191 }
192 }
193 // Check if the bulk operation has been cancelled.
194 if ($mform->is_cancelled()) {
195 redirect($returnurl);
196 }
197 if ($mform->is_submitted() && $mform->is_validated() && confirm_sesskey()) {
198 if ($operation->process($manager, $users, $mform->get_data())) {
199 redirect($returnurl);
200 }
201 }
202
203 $pagetitle = get_string('bulkuseroperation', 'enrol');
204
205 $PAGE->set_title($pagetitle);
206 $PAGE->set_heading($pagetitle);
207 echo $OUTPUT->header();
208 echo $OUTPUT->heading($operation->get_title());
209 $mform->display();
210 echo $OUTPUT->footer();
211 exit();
212 }
213 } else {
214 throw new coding_exception('invalidaction');
215 }
Read-only mirror of the Moodle CVS