[moodle.git] / user / edit.php

<?php // $Id$

    require_once('../config.php');
    require_once($CFG->libdir.'/gdlib.php');
    require_once($CFG->dirroot.'/user/edit_form.php');
    require_once($CFG->dirroot.'/user/editlib.php');
    require_once($CFG->dirroot.'/user/profile/lib.php');

    httpsrequired();

    $userid = optional_param('id', $USER->id, PARAM_INT);    // user id
    $course = optional_param('course', SITEID, PARAM_INT);   // course id (defaults to Site)
    $cancelemailchange = optional_param('cancelemailchange', false, PARAM_INT);   // course id (defaults to Site)

    if (!$course = $DB->get_record('course', array('id'=>$course))) {
        print_error('invalidcourseid');
    }

    if ($course->id != SITEID) {
        require_login($course);
    } else if (!isloggedin()) {
        if (empty($SESSION->wantsurl)) {
            $SESSION->wantsurl = $CFG->httpswwwroot.'/user/edit.php';
        }
        redirect($CFG->httpswwwroot.'/login/index.php');
    }

    // Guest can not edit
    if (isguestuser()) {
        print_error('guestnoeditprofile');
    }

    // The user profile we are editing
    if (!$user = $DB->get_record('user', array('id'=>$userid))) {
        print_error('invaliduserid');
    }

    // Guest can not be edited
    if (isguestuser($user)) {
        print_error('guestnoeditprofile');
    }

    // User interests separated by commas
    if (!empty($CFG->usetags)) {
        require_once($CFG->dirroot.'/tag/lib.php');
        $user->interests = tag_get_tags_csv('user', $user->id, TAG_RETURN_TEXT);
    }

    // remote users cannot be edited
    if (is_mnet_remote_user($user)) {
        redirect($CFG->wwwroot . "/user/view.php?course={$course->id}");
    }

    if ($course->id == SITEID) {
        $coursecontext = get_context_instance(CONTEXT_SYSTEM);   // SYSTEM context
    } else {
        $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);   // Course context
    }
    $systemcontext   = get_context_instance(CONTEXT_SYSTEM);
    $personalcontext = get_context_instance(CONTEXT_USER, $user->id);

    // check access control
    if ($user->id == $USER->id) {
        //editing own profile - require_login() MUST NOT be used here, it would result in infinite loop!
        if (!has_capability('moodle/user:editownprofile', $systemcontext)) {
            print_error('cannotedityourprofile');
        }

    } else {
        // teachers, parents, etc.
        require_capability('moodle/user:editprofile', $personalcontext);
        // no editing of guest user account
        if (isguestuser($user->id)) {
            print_error('guestnoeditprofileother');
        }
        // no editing of primary admin!
        if (is_primary_admin($user->id)) {
            print_error('adminprimarynoedit');
        }
    }

    if ($user->deleted) {
        print_header();
        print_heading(get_string('userdeleted'));
        print_footer($course);
        die;
    }

    // Process email change cancellation
    if ($cancelemailchange) {
        cancel_email_update($user->id);
    }

    //load user preferences
    useredit_load_preferences($user);

    //Load custom profile fields data
    profile_load_data($user);


    //create form
    $userform = new user_edit_form();
    $userform->set_data($user);

    $email_changed = false;

    if ($usernew = $userform->get_data()) {

        add_to_log($course->id, 'user', 'update', "view.php?id=$user->id&course=$course->id", '');

        $email_changed_html = '';

        if ($CFG->emailchangeconfirmation) {
            // Handle change of email carefully for non-trusted users
            if ($user->email != $usernew->email && !has_capability('moodle/user:update', $systemcontext)) {
                $a = new stdClass();
                $a->newemail = $usernew->preference_newemail = $usernew->email;
                $usernew->preference_newemailkey = random_string(20);
                $usernew->preference_newemailattemptsleft = 3;
                $a->oldemail = $usernew->email = $user->email;

                $email_changed_html = print_box(get_string('auth_changingemailaddress', 'auth', $a), 'generalbox', 'notice', true);
                $email_changed_html .= print_continue("$CFG->wwwroot/user/view.php?id=$user->id&amp;course=$course->id", true);
                $email_changed = true;
            }
        }

        $authplugin = get_auth_plugin($user->auth);

        $usernew->timemodified = time();

        if (!$DB->update_record('user', $usernew)) {
            print_error('cannotupdateprofile');
        }

        // pass a true $userold here
        if (! $authplugin->user_update($user, $userform->get_data())) {
            // auth update failed, rollback for moodle
            $DB->update_record('user', $user);
            print_error('cannotupdateprofile');
        }

        //update preferences
        useredit_update_user_preference($usernew);

        //update interests
        if (!empty($CFG->usetags)) {
            useredit_update_interests($usernew, $usernew->interests);
        }

        //update user picture
        if (!empty($CFG->gdversion) and empty($CFG->disableuserimages)) {
            useredit_update_picture($usernew, $userform);
        }

        // update mail bounces
        useredit_update_bounces($user, $usernew);

        /// update forum track preference
        useredit_update_trackforums($user, $usernew);

        // save custom profile fields data
        profile_save_data($usernew);

        // If email was changed, send confirmation email now
        if ($email_changed && $CFG->emailchangeconfirmation) {
            $temp_user = fullclone($user);
            $temp_user->email = $usernew->preference_newemail;

            $a = new stdClass();
            $a->url = $CFG->wwwroot . '/user/emailupdate.php?key=' . $usernew->preference_newemailkey . '&id=' . $user->id;
            $a->site = $SITE->fullname;
            $a->fullname = fullname($user, true);

            $emailupdatemessage = get_string('auth_emailupdatemessage', 'auth', $a);
            $emailupdatetitle = get_string('auth_emailupdatetitle', 'auth', $a);

            if(!$mail_results = email_to_user($temp_user, get_admin(), $emailupdatetitle, $emailupdatemessage)) {
                die("could not send email!");
            }
        }

        if ($USER->id == $user->id) {
            // Override old $USER session variable if needed
            $usernew = $DB->get_record('user', array('id'=>$user->id)); // reload from db
            foreach ($usernew as $variable => $value) {
                $USER->$variable = $value;
            }
        }
        events_trigger('user_updated', $usernew);

        if (!$email_changed || !$CFG->emailchangeconfirmation) {
            redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id");
        }
    }


/// Display page header
    $streditmyprofile = get_string('editmyprofile');
    $strparticipants  = get_string('participants');
    $userfullname     = fullname($user, true);

    $navlinks = array();
    if (has_capability('moodle/course:viewparticipants', $coursecontext) || has_capability('moodle/site:viewparticipants', $systemcontext)) {
        $navlinks[] = array('name' => $strparticipants, 'link' => "index.php?id=$course->id", 'type' => 'misc');
    }
    $navlinks[] = array('name' => $userfullname,
                        'link' => "view.php?id=$user->id&amp;course=$course->id",
                        'type' => 'misc');
    $navlinks[] = array('name' => $streditmyprofile, 'link' => null, 'type' => 'misc');
    $navigation = build_navigation($navlinks);
    print_header("$course->shortname: $streditmyprofile", $course->fullname, $navigation, "");

    /// Print tabs at the top
    $showroles = 1;
    $currenttab = 'editprofile';
    require('tabs.php');

    if ($email_changed) {
        echo $email_changed_html;
    } else {
    /// Finally display THE form
        $userform->display();
    }

/// and proper footer
    print_footer($course);

?>
Commit	Line	Data
1066e0dc	1	<?php // $Id$
f9903ed0	2
d8734783	3	require_once('../config.php');
	4	require_once($CFG->libdir.'/gdlib.php');
	5	require_once($CFG->dirroot.'/user/edit_form.php');
14a6b7e1	6	require_once($CFG->dirroot.'/user/editlib.php');
d8734783	7	require_once($CFG->dirroot.'/user/profile/lib.php');
2d836c0b	8
dcf6d93c	9	httpsrequired();
dcf6d93c	10
b0c90e6e	11	$userid = optional_param('id', $USER->id, PARAM_INT); // user id
0e72da1a	12	$course = optional_param('course', SITEID, PARAM_INT); // course id (defaults to Site)
d6ace123	13	$cancelemailchange = optional_param('cancelemailchange', false, PARAM_INT); // course id (defaults to Site)
f9903ed0	14
5d910388	15	if (!$course = $DB->get_record('course', array('id'=>$course))) {
4e244ba8	16	print_error('invalidcourseid');
e41ddc4b	17	}
8f0cd6ef	18
03a2aac1	19	if ($course->id != SITEID) {
	20	require_login($course);
	21	} else if (!isloggedin()) {
b7c3bb21	22	if (empty($SESSION->wantsurl)) {
80c64fc7	23	$SESSION->wantsurl = $CFG->httpswwwroot.'/user/edit.php';
03a2aac1	24	}
b7c3bb21	25	redirect($CFG->httpswwwroot.'/login/index.php');
03a2aac1	26	}
ff4220f5	27
277fe19d	28	// Guest can not edit
1cb3da36	29	if (isguestuser()) {
d8734783	30	print_error('guestnoeditprofile');
f9903ed0	31	}
b0c90e6e	32
277fe19d	33	// The user profile we are editing
5d910388	34	if (!$user = $DB->get_record('user', array('id'=>$userid))) {
4e244ba8	35	print_error('invaliduserid');
faebaf0f	36	}
f9903ed0	37
277fe19d	38	// Guest can not be edited
d6ace123	39	if (isguestuser($user)) {
277fe19d	40	print_error('guestnoeditprofile');
	41	}
	42
	43	// User interests separated by commas
1e1c51a3	44	if (!empty($CFG->usetags)) {
1e1c51a3	45	require_once($CFG->dirroot.'/tag/lib.php');
0aa05b32	46	$user->interests = tag_get_tags_csv('user', $user->id, TAG_RETURN_TEXT);
1e1c51a3	47	}
1e1c51a3	48
56f52742	49	// remote users cannot be edited
56f52742	50	if (is_mnet_remote_user($user)) {
d8734783	51	redirect($CFG->wwwroot . "/user/view.php?course={$course->id}");
56f52742	52	}
56f52742	53
bb9a123a	54	if ($course->id == SITEID) {
	55	$coursecontext = get_context_instance(CONTEXT_SYSTEM); // SYSTEM context
	56	} else {
	57	$coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); // Course context
	58	}
e6eea4f2	59	$systemcontext = get_context_instance(CONTEXT_SYSTEM);
	60	$personalcontext = get_context_instance(CONTEXT_USER, $user->id);
	61
b0c90e6e	62	// check access control
1cb3da36	63	if ($user->id == $USER->id) {
8b3dc202	64	//editing own profile - require_login() MUST NOT be used here, it would result in infinite loop!
8b3dc202	65	if (!has_capability('moodle/user:editownprofile', $systemcontext)) {
4e244ba8	66	print_error('cannotedityourprofile');
8b3dc202	67	}
1cb3da36	68
1cb3da36	69	} else {
b0c90e6e	70	// teachers, parents, etc.
b0c90e6e	71	require_capability('moodle/user:editprofile', $personalcontext);
	72	// no editing of guest user account
	73	if (isguestuser($user->id)) {
	74	print_error('guestnoeditprofileother');
	75	}
	76	// no editing of primary admin!
fc4b2dec	77	if (is_primary_admin($user->id)) {
b0c90e6e	78	print_error('adminprimarynoedit');
	79	}
	80	}
	81
f5fc83e8	82	if ($user->deleted) {
	83	print_header();
	84	print_heading(get_string('userdeleted'));
	85	print_footer($course);
	86	die;
	87	}
	88
05c38e2b	89	// Process email change cancellation
	90	if ($cancelemailchange) {
	91	cancel_email_update($user->id);
	92	}
	93
14a6b7e1	94	//load user preferences
	95	useredit_load_preferences($user);
	96
	97	//Load custom profile fields data
	98	profile_load_data($user);
f9903ed0	99
0be6f678	100
d8734783	101	//create form
d8734783	102	$userform = new user_edit_form();
e8e0bb2d	103	$userform->set_data($user);
2d836c0b	104
d6ace123	105	$email_changed = false;
d6ace123	106
294ce987	107	if ($usernew = $userform->get_data()) {
1e1c51a3	108
d8734783	109	add_to_log($course->id, 'user', 'update', "view.php?id=$user->id&course=$course->id", '');
f9903ed0	110
d6ace123	111	$email_changed_html = '';
	112
	113	if ($CFG->emailchangeconfirmation) {
	114	// Handle change of email carefully for non-trusted users
	115	if ($user->email != $usernew->email && !has_capability('moodle/user:update', $systemcontext)) {
	116	$a = new stdClass();
	117	$a->newemail = $usernew->preference_newemail = $usernew->email;
	118	$usernew->preference_newemailkey = random_string(20);
	119	$usernew->preference_newemailattemptsleft = 3;
	120	$a->oldemail = $usernew->email = $user->email;
	121
	122	$email_changed_html = print_box(get_string('auth_changingemailaddress', 'auth', $a), 'generalbox', 'notice', true);
	123	$email_changed_html .= print_continue("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id", true);
	124	$email_changed = true;
	125	}
	126	}
	127
d8734783	128	$authplugin = get_auth_plugin($user->auth);
a3447e10	129
2d836c0b	130	$usernew->timemodified = time();
8f0cd6ef	131
5d910388	132	if (!$DB->update_record('user', $usernew)) {
4e244ba8	133	print_error('cannotupdateprofile');
d8734783	134	}
2d836c0b	135
6bc1e5d5	136	// pass a true $userold here
294ce987	137	if (! $authplugin->user_update($user, $userform->get_data())) {
6bc1e5d5	138	// auth update failed, rollback for moodle
5d910388	139	$DB->update_record('user', $user);
4e244ba8	140	print_error('cannotupdateprofile');
6bc1e5d5	141	}
6bc1e5d5	142
d8734783	143	//update preferences
14a6b7e1	144	useredit_update_user_preference($usernew);
0be6f678	145
1e1c51a3	146	//update interests
	147	if (!empty($CFG->usetags)) {
	148	useredit_update_interests($usernew, $usernew->interests);
	149	}
0be6f678	150
14a6b7e1	151	//update user picture
d8734783	152	if (!empty($CFG->gdversion) and empty($CFG->disableuserimages)) {
14a6b7e1	153	useredit_update_picture($usernew, $userform);
dc2590e5	154	}
d1c8eb14	155
d8734783	156	// update mail bounces
14a6b7e1	157	useredit_update_bounces($user, $usernew);
7cbb4c96	158
14a6b7e1	159	/// update forum track preference
14a6b7e1	160	useredit_update_trackforums($user, $usernew);
f9903ed0	161
14a6b7e1	162	// save custom profile fields data
14a6b7e1	163	profile_save_data($usernew);
f9a0ea69	164
d6ace123	165	// If email was changed, send confirmation email now
	166	if ($email_changed && $CFG->emailchangeconfirmation) {
	167	$temp_user = fullclone($user);
	168	$temp_user->email = $usernew->preference_newemail;
	169
	170	$a = new stdClass();
	171	$a->url = $CFG->wwwroot . '/user/emailupdate.php?key=' . $usernew->preference_newemailkey . '&id=' . $user->id;
	172	$a->site = $SITE->fullname;
	173	$a->fullname = fullname($user, true);
	174
	175	$emailupdatemessage = get_string('auth_emailupdatemessage', 'auth', $a);
	176	$emailupdatetitle = get_string('auth_emailupdatetitle', 'auth', $a);
	177
	178	if(!$mail_results = email_to_user($temp_user, get_admin(), $emailupdatetitle, $emailupdatemessage)) {
	179	die("could not send email!");
	180	}
	181	}
	182
b0c90e6e	183	if ($USER->id == $user->id) {
b0c90e6e	184	// Override old $USER session variable if needed
5d910388	185	$usernew = $DB->get_record('user', array('id'=>$user->id)); // reload from db
b0c90e6e	186	foreach ($usernew as $variable => $value) {
	187	$USER->$variable = $value;
	188	}
4332512e	189	}
ae483dad	190	events_trigger('user_updated', $usernew);
d6ace123	191
	192	if (!$email_changed \|\| !$CFG->emailchangeconfirmation) {
	193	redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id");
	194	}
1f33691c	195	}
1f33691c	196
a3f1f815	197
d8734783	198	/// Display page header
	199	$streditmyprofile = get_string('editmyprofile');
	200	$strparticipants = get_string('participants');
	201	$userfullname = fullname($user, true);
0be6f678	202
0be6f678	203	$navlinks = array();
bb9a123a	204	if (has_capability('moodle/course:viewparticipants', $coursecontext) \|\| has_capability('moodle/site:viewparticipants', $systemcontext)) {
	205	$navlinks[] = array('name' => $strparticipants, 'link' => "index.php?id=$course->id", 'type' => 'misc');
	206	}
0be6f678	207	$navlinks[] = array('name' => $userfullname,
	208	'link' => "view.php?id=$user->id&course=$course->id",
	209	'type' => 'misc');
	210	$navlinks[] = array('name' => $streditmyprofile, 'link' => null, 'type' => 'misc');
	211	$navigation = build_navigation($navlinks);
	212	print_header("$course->shortname: $streditmyprofile", $course->fullname, $navigation, "");
	213
d8734783	214	/// Print tabs at the top
	215	$showroles = 1;
	216	$currenttab = 'editprofile';
	217	require('tabs.php');
0236ec73	218
d6ace123	219	if ($email_changed) {
	220	echo $email_changed_html;
	221	} else {
	222	/// Finally display THE form
	223	$userform->display();
	224	}
a3f1f815	225
d8734783	226	/// and proper footer
d8734783	227	print_footer($course);
1f33691c	228
f9903ed0	229	?>