2 // This file is part of Moodle - http://moodle.org/
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
21 * @copyright 2009 Moodle Pty Ltd (http://moodle.com)
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
28 * @throws moodle_exception
29 * @param stdClass $user user to create
30 * @param bool $updatepassword if true, authentication plugin will update password.
31 * @param bool $triggerevent set false if user_created event should not be triggred.
32 * This will not affect user_password_updated event triggering.
33 * @return int id of the newly created user
35 function user_create_user($user, $updatepassword = true, $triggerevent = true) {
38 // Set the timecreate field to the current time.
39 if (!is_object($user)) {
40 $user = (object) $user;
44 if ($user->username
!== core_text
::strtolower($user->username
)) {
45 throw new moodle_exception('usernamelowercase');
47 if ($user->username
!== core_user
::clean_field($user->username
, 'username')) {
48 throw new moodle_exception('invalidusername');
52 // Save the password in a temp value for later.
53 if ($updatepassword && isset($user->password
)) {
55 // Check password toward the password policy.
56 if (!check_password_policy($user->password
, $errmsg)) {
57 throw new moodle_exception($errmsg);
60 $userpassword = $user->password
;
61 unset($user->password
);
64 // Apply default values for user preferences that are stored in users table.
65 if (!isset($user->calendartype
)) {
66 $user->calendartype
= core_user
::get_property_default('calendartype');
68 if (!isset($user->maildisplay
)) {
69 $user->maildisplay
= core_user
::get_property_default('maildisplay');
71 if (!isset($user->mailformat
)) {
72 $user->mailformat
= core_user
::get_property_default('mailformat');
74 if (!isset($user->maildigest
)) {
75 $user->maildigest
= core_user
::get_property_default('maildigest');
77 if (!isset($user->autosubscribe
)) {
78 $user->autosubscribe
= core_user
::get_property_default('autosubscribe');
80 if (!isset($user->trackforums
)) {
81 $user->trackforums
= core_user
::get_property_default('trackforums');
83 if (!isset($user->lang
)) {
84 $user->lang
= core_user
::get_property_default('lang');
87 $user->timecreated
= time();
88 $user->timemodified
= $user->timecreated
;
90 // Validate user data object.
91 $uservalidation = core_user
::validate($user);
92 if ($uservalidation !== true) {
93 foreach ($uservalidation as $field => $message) {
94 debugging("The property '$field' has invalid data and has been cleaned.", DEBUG_DEVELOPER
);
95 $user->$field = core_user
::clean_field($user->$field, $field);
99 // Insert the user into the database.
100 $newuserid = $DB->insert_record('user', $user);
102 // Create USER context for this user.
103 $usercontext = context_user
::instance($newuserid);
105 // Update user password if necessary.
106 if (isset($userpassword)) {
107 // Get full database user row, in case auth is default.
108 $newuser = $DB->get_record('user', array('id' => $newuserid));
109 $authplugin = get_auth_plugin($newuser->auth
);
110 $authplugin->user_update_password($newuser, $userpassword);
113 // Trigger event If required.
115 \core\event\user_created
::create_from_userid($newuserid)->trigger();
122 * Update a user with a user object (will compare against the ID)
124 * @throws moodle_exception
125 * @param stdClass $user the user to update
126 * @param bool $updatepassword if true, authentication plugin will update password.
127 * @param bool $triggerevent set false if user_updated event should not be triggred.
128 * This will not affect user_password_updated event triggering.
130 function user_update_user($user, $updatepassword = true, $triggerevent = true) {
133 // Set the timecreate field to the current time.
134 if (!is_object($user)) {
135 $user = (object) $user;
139 if (isset($user->username
)) {
140 if ($user->username
!== core_text
::strtolower($user->username
)) {
141 throw new moodle_exception('usernamelowercase');
143 if ($user->username
!== core_user
::clean_field($user->username
, 'username')) {
144 throw new moodle_exception('invalidusername');
149 // Unset password here, for updating later, if password update is required.
150 if ($updatepassword && isset($user->password
)) {
152 // Check password toward the password policy.
153 if (!check_password_policy($user->password
, $errmsg)) {
154 throw new moodle_exception($errmsg);
157 $passwd = $user->password
;
158 unset($user->password
);
161 // Make sure calendartype, if set, is valid.
162 if (empty($user->calendartype
)) {
163 // Unset this variable, must be an empty string, which we do not want to update the calendartype to.
164 unset($user->calendartype
);
167 $user->timemodified
= time();
169 // Validate user data object.
170 $uservalidation = core_user
::validate($user);
171 if ($uservalidation !== true) {
172 foreach ($uservalidation as $field => $message) {
173 debugging("The property '$field' has invalid data and has been cleaned.", DEBUG_DEVELOPER
);
174 $user->$field = core_user
::clean_field($user->$field, $field);
178 $DB->update_record('user', $user);
180 if ($updatepassword) {
181 // Get full user record.
182 $updateduser = $DB->get_record('user', array('id' => $user->id
));
184 // If password was set, then update its hash.
185 if (isset($passwd)) {
186 $authplugin = get_auth_plugin($updateduser->auth
);
187 if ($authplugin->can_change_password()) {
188 $authplugin->user_update_password($updateduser, $passwd);
192 // Trigger event if required.
194 \core\event\user_updated
::create_from_userid($user->id
)->trigger();
199 * Marks user deleted in internal user database and notifies the auth plugin.
200 * Also unenrols user from all roles and does other cleanup.
202 * @todo Decide if this transaction is really needed (look for internal TODO:)
203 * @param object $user Userobject before delete (without system magic quotes)
204 * @return boolean success
206 function user_delete_user($user) {
207 return delete_user($user);
213 * @param array $userids id of users to retrieve
216 function user_get_users_by_id($userids) {
218 return $DB->get_records_list('user', 'id', $userids);
222 * Returns the list of default 'displayable' fields
224 * Contains database field names but also names used to generate information, such as enrolledcourses
226 * @return array of user fields
228 function user_get_default_fields() {
229 return array( 'id', 'username', 'fullname', 'firstname', 'lastname', 'email',
230 'address', 'phone1', 'phone2', 'icq', 'skype', 'yahoo', 'aim', 'msn', 'department',
231 'institution', 'interests', 'firstaccess', 'lastaccess', 'auth', 'confirmed',
232 'idnumber', 'lang', 'theme', 'timezone', 'mailformat', 'description', 'descriptionformat',
233 'city', 'url', 'country', 'profileimageurlsmall', 'profileimageurl', 'customfields',
234 'groups', 'roles', 'preferences', 'enrolledcourses', 'suspended'
240 * Give user record from mdl_user, build an array contains all user details.
242 * Warning: description file urls are 'webservice/pluginfile.php' is use.
243 * it can be changed with $CFG->moodlewstextformatlinkstoimagesfile
245 * @throws moodle_exception
246 * @param stdClass $user user record from mdl_user
247 * @param stdClass $course moodle course
248 * @param array $userfields required fields
251 function user_get_user_details($user, $course = null, array $userfields = array()) {
252 global $USER, $DB, $CFG, $PAGE;
253 require_once($CFG->dirroot
. "/user/profile/lib.php"); // Custom field library.
254 require_once($CFG->dirroot
. "/lib/filelib.php"); // File handling on description and friends.
256 $defaultfields = user_get_default_fields();
258 if (empty($userfields)) {
259 $userfields = $defaultfields;
262 foreach ($userfields as $thefield) {
263 if (!in_array($thefield, $defaultfields)) {
264 throw new moodle_exception('invaliduserfield', 'error', '', $thefield);
268 // Make sure id and fullname are included.
269 if (!in_array('id', $userfields)) {
270 $userfields[] = 'id';
273 if (!in_array('fullname', $userfields)) {
274 $userfields[] = 'fullname';
277 if (!empty($course)) {
278 $context = context_course
::instance($course->id
);
279 $usercontext = context_user
::instance($user->id
);
280 $canviewdetailscap = (has_capability('moodle/user:viewdetails', $context) ||
has_capability('moodle/user:viewdetails', $usercontext));
282 $context = context_user
::instance($user->id
);
283 $usercontext = $context;
284 $canviewdetailscap = has_capability('moodle/user:viewdetails', $usercontext);
287 $currentuser = ($user->id
== $USER->id
);
288 $isadmin = is_siteadmin($USER);
290 $showuseridentityfields = get_extra_user_fields($context);
292 if (!empty($course)) {
293 $canviewhiddenuserfields = has_capability('moodle/course:viewhiddenuserfields', $context);
295 $canviewhiddenuserfields = has_capability('moodle/user:viewhiddendetails', $context);
297 $canviewfullnames = has_capability('moodle/site:viewfullnames', $context);
298 if (!empty($course)) {
299 $canviewuseremail = has_capability('moodle/course:useremail', $context);
301 $canviewuseremail = false;
303 $cannotviewdescription = !empty($CFG->profilesforenrolledusersonly
) && !$currentuser && !$DB->record_exists('role_assignments', array('userid' => $user->id
));
304 if (!empty($course)) {
305 $canaccessallgroups = has_capability('moodle/site:accessallgroups', $context);
307 $canaccessallgroups = false;
310 if (!$currentuser && !$canviewdetailscap && !has_coursecontact_role($user->id
)) {
311 // Skip this user details.
315 $userdetails = array();
316 $userdetails['id'] = $user->id
;
318 if (in_array('username', $userfields)) {
319 if ($currentuser or has_capability('moodle/user:viewalldetails', $context)) {
320 $userdetails['username'] = $user->username
;
323 if ($isadmin or $canviewfullnames) {
324 if (in_array('firstname', $userfields)) {
325 $userdetails['firstname'] = $user->firstname
;
327 if (in_array('lastname', $userfields)) {
328 $userdetails['lastname'] = $user->lastname
;
331 $userdetails['fullname'] = fullname($user);
333 if (in_array('customfields', $userfields)) {
334 $fields = $DB->get_recordset_sql("SELECT f.*
335 FROM {user_info_field} f
336 JOIN {user_info_category} c
338 ORDER BY c.sortorder ASC, f.sortorder ASC");
339 $userdetails['customfields'] = array();
340 foreach ($fields as $field) {
341 require_once($CFG->dirroot
.'/user/profile/field/'.$field->datatype
.'/field.class.php');
342 $newfield = 'profile_field_'.$field->datatype
;
343 $formfield = new $newfield($field->id
, $user->id
);
344 if ($formfield->is_visible() and !$formfield->is_empty()) {
346 // TODO: Part of MDL-50728, this conditional coding must be moved to
347 // proper profile fields API so they are self-contained.
348 // We only use display_data in fields that require text formatting.
349 if ($field->datatype
== 'text' or $field->datatype
== 'textarea') {
350 $fieldvalue = $formfield->display_data();
352 // Cases: datetime, checkbox and menu.
353 $fieldvalue = $formfield->data
;
356 $userdetails['customfields'][] =
357 array('name' => $formfield->field
->name
, 'value' => $fieldvalue,
358 'type' => $field->datatype
, 'shortname' => $formfield->field
->shortname
);
362 // Unset customfields if it's empty.
363 if (empty($userdetails['customfields'])) {
364 unset($userdetails['customfields']);
369 if (in_array('profileimageurl', $userfields)) {
370 $userpicture = new user_picture($user);
371 $userpicture->size
= 1; // Size f1.
372 $userdetails['profileimageurl'] = $userpicture->get_url($PAGE)->out(false);
374 if (in_array('profileimageurlsmall', $userfields)) {
375 if (!isset($userpicture)) {
376 $userpicture = new user_picture($user);
378 $userpicture->size
= 0; // Size f2.
379 $userdetails['profileimageurlsmall'] = $userpicture->get_url($PAGE)->out(false);
382 // Hidden user field.
383 if ($canviewhiddenuserfields) {
384 $hiddenfields = array();
385 // Address, phone1 and phone2 not appears in hidden fields list but require viewhiddenfields capability
386 // according to user/profile.php.
387 if ($user->address
&& in_array('address', $userfields)) {
388 $userdetails['address'] = $user->address
;
391 $hiddenfields = array_flip(explode(',', $CFG->hiddenuserfields
));
394 if ($user->phone1
&& in_array('phone1', $userfields) &&
395 (in_array('phone1', $showuseridentityfields) or $canviewhiddenuserfields)) {
396 $userdetails['phone1'] = $user->phone1
;
398 if ($user->phone2
&& in_array('phone2', $userfields) &&
399 (in_array('phone2', $showuseridentityfields) or $canviewhiddenuserfields)) {
400 $userdetails['phone2'] = $user->phone2
;
403 if (isset($user->description
) &&
404 ((!isset($hiddenfields['description']) && !$cannotviewdescription) or $isadmin)) {
405 if (in_array('description', $userfields)) {
406 // Always return the descriptionformat if description is requested.
407 list($userdetails['description'], $userdetails['descriptionformat']) =
408 external_format_text($user->description
, $user->descriptionformat
,
409 $usercontext->id
, 'user', 'profile', null);
413 if (in_array('country', $userfields) && (!isset($hiddenfields['country']) or $isadmin) && $user->country
) {
414 $userdetails['country'] = $user->country
;
417 if (in_array('city', $userfields) && (!isset($hiddenfields['city']) or $isadmin) && $user->city
) {
418 $userdetails['city'] = $user->city
;
421 if (in_array('url', $userfields) && $user->url
&& (!isset($hiddenfields['webpage']) or $isadmin)) {
423 if (strpos($user->url
, '://') === false) {
424 $url = 'http://'. $url;
426 $user->url
= clean_param($user->url
, PARAM_URL
);
427 $userdetails['url'] = $user->url
;
430 if (in_array('icq', $userfields) && $user->icq
&& (!isset($hiddenfields['icqnumber']) or $isadmin)) {
431 $userdetails['icq'] = $user->icq
;
434 if (in_array('skype', $userfields) && $user->skype
&& (!isset($hiddenfields['skypeid']) or $isadmin)) {
435 $userdetails['skype'] = $user->skype
;
437 if (in_array('yahoo', $userfields) && $user->yahoo
&& (!isset($hiddenfields['yahooid']) or $isadmin)) {
438 $userdetails['yahoo'] = $user->yahoo
;
440 if (in_array('aim', $userfields) && $user->aim
&& (!isset($hiddenfields['aimid']) or $isadmin)) {
441 $userdetails['aim'] = $user->aim
;
443 if (in_array('msn', $userfields) && $user->msn
&& (!isset($hiddenfields['msnid']) or $isadmin)) {
444 $userdetails['msn'] = $user->msn
;
446 if (in_array('suspended', $userfields) && (!isset($hiddenfields['suspended']) or $isadmin)) {
447 $userdetails['suspended'] = (bool)$user->suspended
;
450 if (in_array('firstaccess', $userfields) && (!isset($hiddenfields['firstaccess']) or $isadmin)) {
451 if ($user->firstaccess
) {
452 $userdetails['firstaccess'] = $user->firstaccess
;
454 $userdetails['firstaccess'] = 0;
457 if (in_array('lastaccess', $userfields) && (!isset($hiddenfields['lastaccess']) or $isadmin)) {
458 if ($user->lastaccess
) {
459 $userdetails['lastaccess'] = $user->lastaccess
;
461 $userdetails['lastaccess'] = 0;
465 if (in_array('email', $userfields) && ($isadmin // The admin is allowed the users email.
466 or $currentuser // Of course the current user is as well.
467 or $canviewuseremail // This is a capability in course context, it will be false in usercontext.
468 or in_array('email', $showuseridentityfields)
469 or $user->maildisplay
== 1
470 or ($user->maildisplay
== 2 and enrol_sharing_course($user, $USER)))) {
471 $userdetails['email'] = $user->email
;
474 if (in_array('interests', $userfields)) {
475 $interests = core_tag_tag
::get_item_tags_array('core', 'user', $user->id
, core_tag_tag
::BOTH_STANDARD_AND_NOT
, 0, false);
477 $userdetails['interests'] = join(', ', $interests);
481 // Departement/Institution/Idnumber are not displayed on any profile, however you can get them from editing profile.
482 if (in_array('idnumber', $userfields) && $user->idnumber
) {
483 if (in_array('idnumber', $showuseridentityfields) or $currentuser or
484 has_capability('moodle/user:viewalldetails', $context)) {
485 $userdetails['idnumber'] = $user->idnumber
;
488 if (in_array('institution', $userfields) && $user->institution
) {
489 if (in_array('institution', $showuseridentityfields) or $currentuser or
490 has_capability('moodle/user:viewalldetails', $context)) {
491 $userdetails['institution'] = $user->institution
;
494 // Isset because it's ok to have department 0.
495 if (in_array('department', $userfields) && isset($user->department
)) {
496 if (in_array('department', $showuseridentityfields) or $currentuser or
497 has_capability('moodle/user:viewalldetails', $context)) {
498 $userdetails['department'] = $user->department
;
502 if (in_array('roles', $userfields) && !empty($course)) {
504 $roles = get_user_roles($context, $user->id
, false);
505 $userdetails['roles'] = array();
506 foreach ($roles as $role) {
507 $userdetails['roles'][] = array(
508 'roleid' => $role->roleid
,
509 'name' => $role->name
,
510 'shortname' => $role->shortname
,
511 'sortorder' => $role->sortorder
516 // If groups are in use and enforced throughout the course, then make sure we can meet in at least one course level group.
517 if (in_array('groups', $userfields) && !empty($course) && $canaccessallgroups) {
518 $usergroups = groups_get_all_groups($course->id
, $user->id
, $course->defaultgroupingid
,
519 'g.id, g.name,g.description,g.descriptionformat');
520 $userdetails['groups'] = array();
521 foreach ($usergroups as $group) {
522 list($group->description
, $group->descriptionformat
) =
523 external_format_text($group->description
, $group->descriptionformat
,
524 $context->id
, 'group', 'description', $group->id
);
525 $userdetails['groups'][] = array('id' => $group->id
, 'name' => $group->name
,
526 'description' => $group->description
, 'descriptionformat' => $group->descriptionformat
);
529 // List of courses where the user is enrolled.
530 if (in_array('enrolledcourses', $userfields) && !isset($hiddenfields['mycourses'])) {
531 $enrolledcourses = array();
532 if ($mycourses = enrol_get_users_courses($user->id
, true)) {
533 foreach ($mycourses as $mycourse) {
534 if ($mycourse->category
) {
535 $coursecontext = context_course
::instance($mycourse->id
);
536 $enrolledcourse = array();
537 $enrolledcourse['id'] = $mycourse->id
;
538 $enrolledcourse['fullname'] = format_string($mycourse->fullname
, true, array('context' => $coursecontext));
539 $enrolledcourse['shortname'] = format_string($mycourse->shortname
, true, array('context' => $coursecontext));
540 $enrolledcourses[] = $enrolledcourse;
543 $userdetails['enrolledcourses'] = $enrolledcourses;
548 if (in_array('preferences', $userfields) && $currentuser) {
549 $preferences = array();
550 $userpreferences = get_user_preferences();
551 foreach ($userpreferences as $prefname => $prefvalue) {
552 $preferences[] = array('name' => $prefname, 'value' => $prefvalue);
554 $userdetails['preferences'] = $preferences;
561 * Tries to obtain user details, either recurring directly to the user's system profile
562 * or through one of the user's course enrollments (course profile).
564 * @param stdClass $user The user.
565 * @return array if unsuccessful or the allowed user details.
567 function user_get_user_details_courses($user) {
571 // Get the courses that the user is enrolled in (only active).
572 $courses = enrol_get_users_courses($user->id
, true);
574 $systemprofile = false;
575 if (can_view_user_details_cap($user) ||
($user->id
== $USER->id
) ||
has_coursecontact_role($user->id
)) {
576 $systemprofile = true;
579 // Try using system profile.
580 if ($systemprofile) {
581 $userdetails = user_get_user_details($user, null);
583 // Try through course profile.
584 foreach ($courses as $course) {
585 if (can_view_user_details_cap($user, $course) ||
($user->id
== $USER->id
) ||
has_coursecontact_role($user->id
)) {
586 $userdetails = user_get_user_details($user, $course);
595 * Check if $USER have the necessary capabilities to obtain user details.
597 * @param stdClass $user
598 * @param stdClass $course if null then only consider system profile otherwise also consider the course's profile.
599 * @return bool true if $USER can view user details.
601 function can_view_user_details_cap($user, $course = null) {
602 // Check $USER has the capability to view the user details at user context.
603 $usercontext = context_user
::instance($user->id
);
604 $result = has_capability('moodle/user:viewdetails', $usercontext);
605 // Otherwise can $USER see them at course context.
606 if (!$result && !empty($course)) {
607 $context = context_course
::instance($course->id
);
608 $result = has_capability('moodle/user:viewdetails', $context);
614 * Return a list of page types
615 * @param string $pagetype current page type
616 * @param stdClass $parentcontext Block's parent context
617 * @param stdClass $currentcontext Current context of block
620 function user_page_type_list($pagetype, $parentcontext, $currentcontext) {
621 return array('user-profile' => get_string('page-user-profile', 'pagetype'));
625 * Count the number of failed login attempts for the given user, since last successful login.
627 * @param int|stdclass $user user id or object.
628 * @param bool $reset Resets failed login count, if set to true.
630 * @return int number of failed login attempts since the last successful login.
632 function user_count_login_failures($user, $reset = true) {
635 if (!is_object($user)) {
636 $user = $DB->get_record('user', array('id' => $user), '*', MUST_EXIST
);
638 if ($user->deleted
) {
639 // Deleted user, nothing to do.
642 $count = get_user_preferences('login_failed_count_since_success', 0, $user);
644 set_user_preference('login_failed_count_since_success', 0, $user);
650 * Converts a string into a flat array of menu items, where each menu items is a
651 * stdClass with fields type, url, title, pix, and imgsrc.
653 * @param string $text the menu items definition
654 * @param moodle_page $page the current page
657 function user_convert_text_to_menu_items($text, $page) {
658 global $OUTPUT, $CFG;
660 $lines = explode("\n", $text);
666 foreach ($lines as $line) {
668 $bits = explode('|', $line, 3);
670 if (preg_match("/^#+$/", $line)) {
671 $itemtype = 'divider';
672 } else if (!array_key_exists(0, $bits) or empty($bits[0])) {
673 // Every item must have a name to be valid.
676 $bits[0] = ltrim($bits[0], '-');
680 $child = new stdClass();
681 $child->itemtype
= $itemtype;
682 if ($itemtype === 'divider') {
683 // Add the divider to the list of children and skip link
685 $children[] = $child;
690 $namebits = explode(',', $bits[0], 2);
691 if (count($namebits) == 2) {
692 // Check the validity of the identifier part of the string.
693 if (clean_param($namebits[0], PARAM_STRINGID
) !== '') {
694 // Treat this as a language string.
695 $child->title
= get_string($namebits[0], $namebits[1]);
696 $child->titleidentifier
= implode(',', $namebits);
699 if (empty($child->title
)) {
700 // Use it as is, don't even clean it.
701 $child->title
= $bits[0];
702 $child->titleidentifier
= str_replace(" ", "-", $bits[0]);
706 if (!array_key_exists(1, $bits) or empty($bits[1])) {
707 // Set the url to null, and set the itemtype to invalid.
709 $child->itemtype
= "invalid";
711 // Nasty hack to replace the grades with the direct url.
712 if (strpos($bits[1], '/grade/report/mygrades.php') !== false) {
713 $bits[1] = user_mygrades_url();
716 // Make sure the url is a moodle url.
717 $bits[1] = new moodle_url(trim($bits[1]));
719 $child->url
= $bits[1];
723 if (!array_key_exists(2, $bits) or empty($bits[2])) {
725 $child->pix
= $pixpath;
727 // Check for the specified image existing.
728 $pixpath = "t/" . $bits[2];
729 if ($page->theme
->resolve_image_location($pixpath, 'moodle', true)) {
731 $child->pix
= $pixpath;
733 // Treat it like a URL.
735 $child->imgsrc
= $bits[2];
739 // Add this child to the list of children.
740 $children[] = $child;
746 * Get a list of essential user navigation items.
748 * @param stdclass $user user object.
749 * @param moodle_page $page page object.
750 * @param array $options associative array.
752 * - avatarsize=35 (size of avatar image)
753 * @return stdClass $returnobj navigation information object, where:
755 * $returnobj->navitems array array of links where each link is a
756 * stdClass with fields url, title, and
758 * $returnobj->metadata array array of useful user metadata to be
759 * used when constructing navigation;
763 * asotherrole bool whether viewing as another role
764 * rolename string name of the role
767 * These fields are for the currently-logged in user, or for
768 * the user that the real user is currently logged in as.
770 * userid int the id of the user in question
771 * userfullname string the user's full name
772 * userprofileurl moodle_url the url of the user's profile
773 * useravatar string a HTML fragment - the rendered
774 * user_picture for this user
775 * userloginfail string an error string denoting the number
776 * of login failures since last login
779 * These fields are for when asotheruser is true, and
780 * correspond to the underlying "real user".
782 * asotheruser bool whether viewing as another user
783 * realuserid int the id of the user in question
784 * realuserfullname string the user's full name
785 * realuserprofileurl moodle_url the url of the user's profile
786 * realuseravatar string a HTML fragment - the rendered
787 * user_picture for this user
789 * MNET PROVIDER FIELDS
790 * asmnetuser bool whether viewing as a user from an
792 * mnetidprovidername string name of the MNet provider
793 * mnetidproviderwwwroot string URL of the MNet provider
795 function user_get_user_navigation_info($user, $page, $options = array()) {
796 global $OUTPUT, $DB, $SESSION, $CFG;
798 $returnobject = new stdClass();
799 $returnobject->navitems
= array();
800 $returnobject->metadata
= array();
802 $course = $page->course
;
804 // Query the environment.
805 $context = context_course
::instance($course->id
);
807 // Get basic user metadata.
808 $returnobject->metadata
['userid'] = $user->id
;
809 $returnobject->metadata
['userfullname'] = fullname($user, true);
810 $returnobject->metadata
['userprofileurl'] = new moodle_url('/user/profile.php', array(
814 $avataroptions = array('link' => false, 'visibletoscreenreaders' => false);
815 if (!empty($options['avatarsize'])) {
816 $avataroptions['size'] = $options['avatarsize'];
818 $returnobject->metadata
['useravatar'] = $OUTPUT->user_picture (
819 $user, $avataroptions
821 // Build a list of items for a regular user.
823 // Query MNet status.
824 if ($returnobject->metadata
['asmnetuser'] = is_mnet_remote_user($user)) {
825 $mnetidprovider = $DB->get_record('mnet_host', array('id' => $user->mnethostid
));
826 $returnobject->metadata
['mnetidprovidername'] = $mnetidprovider->name
;
827 $returnobject->metadata
['mnetidproviderwwwroot'] = $mnetidprovider->wwwroot
;
830 // Did the user just log in?
831 if (isset($SESSION->justloggedin
)) {
832 // Don't unset this flag as login_info still needs it.
833 if (!empty($CFG->displayloginfailures
)) {
834 // We're already in /user/lib.php, so we don't need to include.
835 if ($count = user_count_login_failures($user)) {
837 // Get login failures string.
839 $a->attempts
= html_writer
::tag('span', $count, array('class' => 'value'));
840 $returnobject->metadata
['userloginfail'] =
841 get_string('failedloginattempts', '', $a);
848 $myhome = new stdClass();
849 $myhome->itemtype
= 'link';
850 $myhome->url
= new moodle_url('/my/');
851 $myhome->title
= get_string('mymoodle', 'admin');
852 $myhome->titleidentifier
= 'mymoodle,admin';
853 $myhome->pix
= "i/course";
854 $returnobject->navitems
[] = $myhome;
856 // Links: My Profile.
857 $myprofile = new stdClass();
858 $myprofile->itemtype
= 'link';
859 $myprofile->url
= new moodle_url('/user/profile.php', array('id' => $user->id
));
860 $myprofile->title
= get_string('profile');
861 $myprofile->titleidentifier
= 'profile,moodle';
862 $myprofile->pix
= "i/user";
863 $returnobject->navitems
[] = $myprofile;
865 // Links: Role-return or logout link.
868 $returnobject->metadata
['asotherrole'] = false;
869 if (is_role_switched($course->id
)) {
870 if ($role = $DB->get_record('role', array('id' => $user->access
['rsw'][$context->path
]))) {
871 // Build role-return link instead of logout link.
872 $rolereturn = new stdClass();
873 $rolereturn->itemtype
= 'link';
874 $rolereturn->url
= new moodle_url('/course/switchrole.php', array(
876 'sesskey' => sesskey(),
878 'returnurl' => $page->url
->out_as_local_url(false)
880 $rolereturn->pix
= "a/logout";
881 $rolereturn->title
= get_string('switchrolereturn');
882 $rolereturn->titleidentifier
= 'switchrolereturn,moodle';
883 $lastobj = $rolereturn;
885 $returnobject->metadata
['asotherrole'] = true;
886 $returnobject->metadata
['rolename'] = role_get_name($role, $context);
888 $buildlogout = false;
892 if ($returnobject->metadata
['asotheruser'] = \core\session\manager
::is_loggedinas()) {
893 $realuser = \core\session\manager
::get_realuser();
895 // Save values for the real user, as $user will be full of data for the
896 // user the user is disguised as.
897 $returnobject->metadata
['realuserid'] = $realuser->id
;
898 $returnobject->metadata
['realuserfullname'] = fullname($realuser, true);
899 $returnobject->metadata
['realuserprofileurl'] = new moodle_url('/user/profile.php', array(
900 'id' => $realuser->id
902 $returnobject->metadata
['realuseravatar'] = $OUTPUT->user_picture($realuser, $avataroptions);
904 // Build a user-revert link.
905 $userrevert = new stdClass();
906 $userrevert->itemtype
= 'link';
907 $userrevert->url
= new moodle_url('/course/loginas.php', array(
909 'sesskey' => sesskey()
911 $userrevert->pix
= "a/logout";
912 $userrevert->title
= get_string('logout');
913 $userrevert->titleidentifier
= 'logout,moodle';
914 $lastobj = $userrevert;
916 $buildlogout = false;
920 // Build a logout link.
921 $logout = new stdClass();
922 $logout->itemtype
= 'link';
923 $logout->url
= new moodle_url('/login/logout.php', array('sesskey' => sesskey()));
924 $logout->pix
= "a/logout";
925 $logout->title
= get_string('logout');
926 $logout->titleidentifier
= 'logout,moodle';
930 // Before we add the last item (usually a logout link), add any
931 // custom-defined items.
932 $customitems = user_convert_text_to_menu_items($CFG->customusermenuitems
, $page);
933 foreach ($customitems as $item) {
934 $returnobject->navitems
[] = $item;
937 // Add the last item to the list.
938 if (!is_null($lastobj)) {
939 $returnobject->navitems
[] = $lastobj;
942 return $returnobject;
946 * Add password to the list of used hashes for this user.
948 * This is supposed to be used from:
949 * 1/ change own password form
950 * 2/ password reset process
951 * 3/ user signup in auth plugins if password changing supported
953 * @param int $userid user id
954 * @param string $password plaintext password
957 function user_add_password_history($userid, $password) {
960 if (empty($CFG->passwordreuselimit
) or $CFG->passwordreuselimit
< 0) {
964 // Note: this is using separate code form normal password hashing because
965 // we need to have this under control in the future. Also the auth
966 // plugin might not store the passwords locally at all.
968 $record = new stdClass();
969 $record->userid
= $userid;
970 $record->hash
= password_hash($password, PASSWORD_DEFAULT
);
971 $record->timecreated
= time();
972 $DB->insert_record('user_password_history', $record);
975 $records = $DB->get_records('user_password_history', array('userid' => $userid), 'timecreated DESC, id DESC');
976 foreach ($records as $record) {
978 if ($i > $CFG->passwordreuselimit
) {
979 $DB->delete_records('user_password_history', array('id' => $record->id
));
985 * Was this password used before on change or reset password page?
987 * The $CFG->passwordreuselimit setting determines
988 * how many times different password needs to be used
989 * before allowing previously used password again.
991 * @param int $userid user id
992 * @param string $password plaintext password
993 * @return bool true if password reused
995 function user_is_previously_used_password($userid, $password) {
998 if (empty($CFG->passwordreuselimit
) or $CFG->passwordreuselimit
< 0) {
1005 $records = $DB->get_records('user_password_history', array('userid' => $userid), 'timecreated DESC, id DESC');
1006 foreach ($records as $record) {
1008 if ($i > $CFG->passwordreuselimit
) {
1009 $DB->delete_records('user_password_history', array('id' => $record->id
));
1012 // NOTE: this is slow but we cannot compare the hashes directly any more.
1013 if (password_verify($password, $record->hash
)) {
1022 * Remove a user device from the Moodle database (for PUSH notifications usually).
1024 * @param string $uuid The device UUID.
1025 * @param string $appid The app id. If empty all the devices matching the UUID for the user will be removed.
1026 * @return bool true if removed, false if the device didn't exists in the database
1029 function user_remove_user_device($uuid, $appid = "") {
1032 $conditions = array('uuid' => $uuid, 'userid' => $USER->id
);
1033 if (!empty($appid)) {
1034 $conditions['appid'] = $appid;
1037 if (!$DB->count_records('user_devices', $conditions)) {
1041 $DB->delete_records('user_devices', $conditions);
1047 * Trigger user_list_viewed event.
1049 * @param stdClass $course course object
1050 * @param stdClass $context course context object
1053 function user_list_view($course, $context) {
1055 $event = \core\event\user_list_viewed
::create(array(
1056 'objectid' => $course->id
,
1057 'courseid' => $course->id
,
1058 'context' => $context,
1060 'courseshortname' => $course->shortname
,
1061 'coursefullname' => $course->fullname
1068 * Returns the url to use for the "Grades" link in the user navigation.
1070 * @param int $userid The user's ID.
1071 * @param int $courseid The course ID if available.
1072 * @return mixed A URL to be directed to for "Grades".
1074 function user_mygrades_url($userid = null, $courseid = SITEID
) {
1077 if (isset($CFG->grade_mygrades_report
) && $CFG->grade_mygrades_report
!= 'external') {
1078 if (isset($userid) && $USER->id
!= $userid) {
1079 // Send to the gradebook report.
1080 $url = new moodle_url('/grade/report/' . $CFG->grade_mygrades_report
. '/index.php',
1081 array('id' => $courseid, 'userid' => $userid));
1083 $url = new moodle_url('/grade/report/' . $CFG->grade_mygrades_report
. '/index.php');
1085 } else if (isset($CFG->grade_mygrades_report
) && $CFG->grade_mygrades_report
== 'external'
1086 && !empty($CFG->gradereport_mygradeurl
)) {
1087 $url = $CFG->gradereport_mygradeurl
;
1089 $url = $CFG->wwwroot
;
1095 * Check if a user has the permission to viewdetails in a shared course's context.
1097 * @param object $user The other user's details.
1098 * @param object $course Use this course to see if we have permission to see this user's profile.
1099 * @param context $usercontext The user context if available.
1100 * @return bool true for ability to view this user, else false.
1102 function user_can_view_profile($user, $course = null, $usercontext = null) {
1105 if ($user->deleted
) {
1109 // If any of these four things, return true.
1111 if ($USER->id
== $user->id
) {
1116 if (empty($CFG->forceloginforprofiles
)) {
1120 if (empty($usercontext)) {
1121 $usercontext = context_user
::instance($user->id
);
1124 if (has_capability('moodle/user:viewdetails', $usercontext)) {
1129 if (has_coursecontact_role($user->id
)) {
1133 if (isset($course)) {
1134 $sharedcourses = array($course);
1136 $sharedcourses = enrol_get_shared_courses($USER->id
, $user->id
, true);
1138 foreach ($sharedcourses as $sharedcourse) {
1139 $coursecontext = context_course
::instance($sharedcourse->id
);
1140 if (has_capability('moodle/user:viewdetails', $coursecontext)) {
1141 if (!groups_user_groups_visible($sharedcourse, $user->id
)) {
1142 // Not a member of the same group.
1152 * Returns users tagged with a specified tag.
1154 * @param core_tag_tag $tag
1155 * @param bool $exclusivemode if set to true it means that no other entities tagged with this tag
1156 * are displayed on the page and the per-page limit may be bigger
1157 * @param int $fromctx context id where the link was displayed, may be used by callbacks
1158 * to display items in the same context first
1159 * @param int $ctx context id where to search for records
1160 * @param bool $rec search in subcontexts as well
1161 * @param int $page 0-based number of page being displayed
1162 * @return \core_tag\output\tagindex
1164 function user_get_tagged_users($tag, $exclusivemode = false, $fromctx = 0, $ctx = 0, $rec = 1, $page = 0) {
1167 if ($ctx && $ctx != context_system
::instance()->id
) {
1170 // Users can only be displayed in system context.
1171 $usercount = $tag->count_tagged_items('core', 'user',
1172 'it.deleted=:notdeleted', array('notdeleted' => 0));
1174 $perpage = $exclusivemode ?
24 : 5;
1176 $totalpages = ceil($usercount / $perpage);
1179 $userlist = $tag->get_tagged_items('core', 'user', $page * $perpage, $perpage,
1180 'it.deleted=:notdeleted', array('notdeleted' => 0));
1181 $renderer = $PAGE->get_renderer('core', 'user');
1182 $content .= $renderer->user_list($userlist, $exclusivemode);
1185 return new core_tag\output\tagindex
($tag, 'core', 'user', $content,
1186 $exclusivemode, $fromctx, $ctx, $rec, $page, $totalpages);