[moodle.git] / user / edit.php

<?PHP // $Id$

    require_once("../config.php");
    require_once("$CFG->libdir/gdlib.php");

    require_variable($id);       // user id
    require_variable($course);   // course id

    if (! $user = get_record("user", "id", $id)) {
        error("User ID was incorrect");
    }

    if (! $course = get_record("course", "id", $course)) {
        error("Course ID was incorrect");
    }

    if ($user->confirmed and user_not_fully_set_up($user)) {
        // Special case which can only occur when a new account 
        // has just been created by EXTERNAL authentication
        // This is the only page in Moodle that has the exception
        // so that users can set up their accounts
        $newaccount  = true;

        if (empty($USER)) {
            error("Sessions don't seem to be working on this server!");
        }

    } else {
        $newaccount  = false;
        require_login($course->id);
    }

    if ($USER->id <> $user->id and !isadmin()) {
        error("You can only edit your own information");
    }

    if (isguest()) {
        error("The guest user cannot edit their profile.");
    }

    if (isguest($user->id)) {
        error("Sorry, the guest user cannot be edited.");
    }


/// If data submitted, then process and store.

    if ($usernew = data_submitted()) {

        if (isset($USER->username)) {
            check_for_restricted_user($USER->username, "$CFG->wwwroot/course/view.php?id=$course->id");
        }

        foreach ($usernew as $key => $data) {
            $usernew->$key = clean_text($usernew->$key, FORMAT_MOODLE);
        }

        $usernew->firstname = strip_tags($usernew->firstname);
        $usernew->lastname  = strip_tags($usernew->lastname);

        if (isset($usernew->username)) {
            $usernew->username = trim(moodle_strtolower($usernew->username));
        }

        if (empty($_FILES['imagefile'])) {
            $_FILES['imagefile'] = NULL;    // To avoid using uninitialised variable later
        }

        if (find_form_errors($user, $usernew, $err)) {
            if ($filename = valid_uploaded_file($_FILES['imagefile'])) { 
                $usernew->picture = save_profile_image($user->id, $filename);
                set_field('user', 'picture', $usernew->picture, 'id', $user->id);  /// Note picture in DB
            }

            $user = $usernew;

        } else {
            $timenow = time();

            if ($filename = valid_uploaded_file($_FILES['imagefile'])) { 
                $usernew->picture = save_profile_image($user->id, $filename);
            } else {
                $usernew->picture = $user->picture;
            }
    
            $usernew->timemodified = time();

            if (isadmin()) {
                if (!empty($usernew->newpassword)) {
                    $usernew->password = md5($usernew->newpassword);
                }
            } else {
                if (isset($usernew->newpassword)) {
                    error("You can not change the password like that");
                }
            }
            if ($usernew->url and !(substr($usernew->url, 0, 4) == "http")) {
                $usernew->url = "http://".$usernew->url;
            }

            if (update_record("user", $usernew)) {
                add_to_log($course->id, "user", "update", "view.php?id=$user->id&course=$course->id", "");

                if ($user->id == $USER->id) {
                    // Copy data into $USER session variable
                    $usernew = (array)$usernew;
                    foreach ($usernew as $variable => $value) {
                        $USER->$variable = stripslashes($value);
                    }
                    if (isset($USER->newadminuser)) {
                        unset($USER->newadminuser);
                        redirect("$CFG->wwwroot/", get_string("changessaved"));
                    }
                    redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id", get_string("changessaved"));
                } else {
                    redirect("$CFG->wwwroot/$CFG->admin/user.php", get_string("changessaved"));
                }
            } else {
                error("Could not update the user record ($user->id)");
            }
        }
    }
    
/// Otherwise fill and print the form.

    $streditmyprofile = get_string("editmyprofile");
    $strparticipants = get_string("participants");
    $strnewuser = get_string("newuser");

    if (($user->firstname and $user->lastname) or $newaccount) {
        if ($newaccount) {
            $userfullname = $strnewuser;
        } else {
            $userfullname = fullname($user, isteacher($course->id));
        }
        if ($course->category) {
            print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile",
                        "<A HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A> 
                        -> <A HREF=\"index.php?id=$course->id\">$strparticipants</A>
                        -> <A HREF=\"view.php?id=$user->id&course=$course->id\">$userfullname</A> 
                        -> $streditmyprofile", "");
        } else {
            if (isset($USER->newadminuser)) {
                print_header();
            } else {
                print_header("$course->shortname: $streditmyprofile", "$course->fullname",
                             "<A HREF=\"view.php?id=$user->id&course=$course->id\">$userfullname</A> 
                              -> $streditmyprofile", "");
            }
        }
    } else {
        $userfullname = $strnewuser;
        $straddnewuser = get_string("addnewuser");

        $stradministration = get_string("administration");
        print_header("$course->shortname: $streditmyprofile", "$course->fullname",
                     "<a href=\"$CFG->wwwroot/$CFG->admin/\">$stradministration</a> -> ".
                     "<a href=\"$CFG->wwwroot/$CFG->admin/users.php\">$strusers</a> -> $straddnewuser", "");
    }

    $teacher = strtolower($course->teacher);
    if (!isadmin()) {
        $teacheronly = "(".get_string("teacheronly", "", $teacher).")";
    } else {
        $teacheronly = "";
    }

    print_heading( get_string("userprofilefor", "", "$userfullname") );

    if (isset($USER->newadminuser)) {
        print_simple_box(get_string("configintroadmin"), "center", "50%");
        echo "<br />";
    }

    print_simple_box_start("center", "", "$THEME->cellheading");
    if (!empty($err)) {
       echo "<CENTER>";
       notify(get_string("someerrorswerefound"));
       echo "</CENTER>";
    }
    include("edit.html");
    print_simple_box_end();

    if (!isset($USER->newadminuser)) {
        print_footer($course);
    }

    exit;


/// FUNCTIONS ////////////////////

function find_form_errors(&$user, &$usernew, &$err) {

    if (isadmin()) {
        if (empty($usernew->username)) {
            $err["username"] = get_string("missingusername");

        } else if (record_exists("user", "username", $usernew->username) and $user->username == "changeme") {
                $err["username"] = get_string("usernameexists");

        } else {
Commit	Line	Data
f9903ed0	1	<?PHP // $Id$
f9903ed0	2
dc2590e5	3	require_once("../config.php");
951b22a8	4	require_once("$CFG->libdir/gdlib.php");
f9903ed0	5
	6	require_variable($id); // user id
	7	require_variable($course); // course id
	8
	9	if (! $user = get_record("user", "id", $id)) {
	10	error("User ID was incorrect");
	11	}
	12
	13	if (! $course = get_record("course", "id", $course)) {
0087d8a6	14	error("Course ID was incorrect");
f9903ed0	15	}
f9903ed0	16
2c104c01	17	if ($user->confirmed and user_not_fully_set_up($user)) {
faebaf0f	18	// Special case which can only occur when a new account
	19	// has just been created by EXTERNAL authentication
	20	// This is the only page in Moodle that has the exception
	21	// so that users can set up their accounts
	22	$newaccount = true;
	23
deae201f	24	if (empty($USER)) {
ea229804	25	error("Sessions don't seem to be working on this server!");
	26	}
	27
faebaf0f	28	} else {
faebaf0f	29	$newaccount = false;
dc2590e5	30	require_login($course->id);
faebaf0f	31	}
f9903ed0	32
a3447e10	33	if ($USER->id <> $user->id and !isadmin()) {
f9903ed0	34	error("You can only edit your own information");
	35	}
	36
603d4c72	37	if (isguest()) {
	38	error("The guest user cannot edit their profile.");
	39	}
	40
a3447e10	41	if (isguest($user->id)) {
	42	error("Sorry, the guest user cannot be edited.");
	43	}
	44
f9903ed0	45
	46	/// If data submitted, then process and store.
	47
dc2590e5	48	if ($usernew = data_submitted()) {
999beee0	49
ab394456	50	if (isset($USER->username)) {
	51	check_for_restricted_user($USER->username, "$CFG->wwwroot/course/view.php?id=$course->id");
	52	}
	53
999beee0	54	foreach ($usernew as $key => $data) {
	55	$usernew->$key = clean_text($usernew->$key, FORMAT_MOODLE);
	56	}
	57
a3447e10	58	$usernew->firstname = strip_tags($usernew->firstname);
a3447e10	59	$usernew->lastname = strip_tags($usernew->lastname);
999beee0	60
dc2590e5	61	if (isset($usernew->username)) {
	62	$usernew->username = trim(moodle_strtolower($usernew->username));
	63	}
	64
de38e262	65	if (empty($_FILES['imagefile'])) {
	66	$_FILES['imagefile'] = NULL; // To avoid using uninitialised variable later
	67	}
	68
b913b369	69	if (find_form_errors($user, $usernew, $err)) {
607809b3	70	if ($filename = valid_uploaded_file($_FILES['imagefile'])) {
7721c694	71	$usernew->picture = save_profile_image($user->id, $filename);
1aacb503	72	set_field('user', 'picture', $usernew->picture, 'id', $user->id); /// Note picture in DB
a406cdec	73	}
a406cdec	74
a3447e10	75	$user = $usernew;
	76
	77	} else {
dc2590e5	78	$timenow = time();
f9903ed0	79
607809b3	80	if ($filename = valid_uploaded_file($_FILES['imagefile'])) {
7721c694	81	$usernew->picture = save_profile_image($user->id, $filename);
f9903ed0	82	} else {
	83	$usernew->picture = $user->picture;
	84	}
	85
	86	$usernew->timemodified = time();
	87
a3447e10	88	if (isadmin()) {
f0eec3b6	89	if (!empty($usernew->newpassword)) {
a3447e10	90	$usernew->password = md5($usernew->newpassword);
	91	}
	92	} else {
	93	if (isset($usernew->newpassword)) {
	94	error("You can not change the password like that");
	95	}
	96	}
ef9955b0	97	if ($usernew->url and !(substr($usernew->url, 0, 4) == "http")) {
	98	$usernew->url = "http://".$usernew->url;
	99	}
873960de	100
f9903ed0	101	if (update_record("user", $usernew)) {
253ae7db	102	add_to_log($course->id, "user", "update", "view.php?id=$user->id&course=$course->id", "");
873960de	103
a3447e10	104	if ($user->id == $USER->id) {
	105	// Copy data into $USER session variable
	106	$usernew = (array)$usernew;
	107	foreach ($usernew as $variable => $value) {
521d04cf	108	$USER->$variable = stripslashes($value);
a3447e10	109	}
1f33691c	110	if (isset($USER->newadminuser)) {
1f33691c	111	unset($USER->newadminuser);
dd85cc81	112	redirect("$CFG->wwwroot/", get_string("changessaved"));
1f33691c	113	}
1f33691c	114	redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id", get_string("changessaved"));
a3447e10	115	} else {
003296c4	116	redirect("$CFG->wwwroot/$CFG->admin/user.php", get_string("changessaved"));
873960de	117	}
f9903ed0	118	} else {
	119	error("Could not update the user record ($user->id)");
	120	}
dc2590e5	121	}
f9903ed0	122	}
	123
	124	/// Otherwise fill and print the form.
	125
faebaf0f	126	$streditmyprofile = get_string("editmyprofile");
	127	$strparticipants = get_string("participants");
	128	$strnewuser = get_string("newuser");
8553b700	129
faebaf0f	130	if (($user->firstname and $user->lastname) or $newaccount) {
	131	if ($newaccount) {
	132	$userfullname = $strnewuser;
	133	} else {
5fde0ca6	134	$userfullname = fullname($user, isteacher($course->id));
faebaf0f	135	}
7cbb4c96	136	if ($course->category) {
dc2590e5	137	print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile",
7cbb4c96	138	"<A HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A>
faebaf0f	139	-> <A HREF=\"index.php?id=$course->id\">$strparticipants</A>
7cbb4c96	140	-> <A HREF=\"view.php?id=$user->id&course=$course->id\">$userfullname</A>
faebaf0f	141	-> $streditmyprofile", "");
7cbb4c96	142	} else {
1f33691c	143	if (isset($USER->newadminuser)) {
	144	print_header();
	145	} else {
	146	print_header("$course->shortname: $streditmyprofile", "$course->fullname",
	147	"<A HREF=\"view.php?id=$user->id&course=$course->id\">$userfullname</A>
	148	-> $streditmyprofile", "");
	149	}
7cbb4c96	150	}
f9903ed0	151	} else {
faebaf0f	152	$userfullname = $strnewuser;
7cbb4c96	153	$straddnewuser = get_string("addnewuser");
	154
	155	$stradministration = get_string("administration");
dc2590e5	156	print_header("$course->shortname: $streditmyprofile", "$course->fullname",
55e4b5f9	157	"<a href=\"$CFG->wwwroot/$CFG->admin/\">$stradministration</a> -> ".
55e4b5f9	158	"<a href=\"$CFG->wwwroot/$CFG->admin/users.php\">$strusers</a> -> $straddnewuser", "");
f9903ed0	159	}
f9903ed0	160
bda8d43a	161	$teacher = strtolower($course->teacher);
a3447e10	162	if (!isadmin()) {
a3447e10	163	$teacheronly = "(".get_string("teacheronly", "", $teacher).")";
9c9f7d77	164	} else {
9c9f7d77	165	$teacheronly = "";
a3447e10	166	}
bda8d43a	167
7cbb4c96	168	print_heading( get_string("userprofilefor", "", "$userfullname") );
1f33691c	169
1f33691c	170	if (isset($USER->newadminuser)) {
d2b6ba70	171	print_simple_box(get_string("configintroadmin"), "center", "50%");
1f33691c	172	echo "<br />";
	173	}
	174
4d0dde91	175	print_simple_box_start("center", "", "$THEME->cellheading");
9c9f7d77	176	if (!empty($err)) {
a406cdec	177	echo "<CENTER>";
	178	notify(get_string("someerrorswerefound"));
	179	echo "</CENTER>";
	180	}
dc2590e5	181	include("edit.html");
f9903ed0	182	print_simple_box_end();
f9903ed0	183
1f33691c	184	if (!isset($USER->newadminuser)) {
	185	print_footer($course);
	186	}
	187
	188	exit;
f9903ed0	189
	190
	191
	192	/// FUNCTIONS ////////////////////
	193
	194	function find_form_errors(&$user, &$usernew, &$err) {
	195
a3447e10	196	if (isadmin()) {
2b25f2a0	197	if (empty($usernew->username)) {
a3447e10	198	$err["username"] = get_string("missingusername");
a3447e10	199
2b25f2a0	200	} else if (record_exists("user", "username", $usernew->username) and $user->username == "changeme") {
	201	$err["username"] = get_string("usernameexists");
	202
	203	} else {
36c34ab6	204