[moodle.git] / user / edit.php

<?PHP // $Id$

    require_once("../config.php");
    require_once("$CFG->libdir/gdlib.php");

    require_variable($id);       // user id
    require_variable($course);   // course id

    
    if (! $user = get_record("user", "id", $id)) {
        error("User ID was incorrect");
    }

    if (! $course = get_record("course", "id", $course)) {
        error("Course ID was incorrect");
    }

    if ($user->confirmed and user_not_fully_set_up($user)) {
        // Special case which can only occur when a new account 
        // has just been created by EXTERNAL authentication
        // This is the only page in Moodle that has the exception
        // so that users can set up their accounts
        $newaccount  = true;

        if (empty($USER)) {
            error("Sessions don't seem to be working on this server!");
        }

    } else {
        $newaccount  = false;
        require_login($course->id);
    }

    if ($USER->id <> $user->id and !isadmin()) {
        error("You can only edit your own information");
    }

    if (isguest()) {
        error("The guest user cannot edit their profile.");
    }

    if (isguest($user->id)) {
        error("Sorry, the guest user cannot be edited.");
    }


/// If data submitted, then process and store.

    if ($usernew = data_submitted()) {

        if (isset($USER->username)) {
            check_for_restricted_user($USER->username, "$CFG->wwwroot/course/view.php?id=$course->id");
        }

        foreach ($usernew as $key => $data) {
            $usernew->$key = addslashes(clean_text(stripslashes($usernew->$key), FORMAT_MOODLE));
        }

        $usernew->firstname = trim(strip_tags($usernew->firstname));
        $usernew->lastname  = trim(strip_tags($usernew->lastname));

        if (isset($usernew->username)) {
            $usernew->username = trim(moodle_strtolower($usernew->username));
        }

        if (empty($_FILES['imagefile'])) {
            $_FILES['imagefile'] = NULL;    // To avoid using uninitialised variable later
        }

        if (find_form_errors($user, $usernew, $err)) {
            if ($filename = valid_uploaded_file($_FILES['imagefile'])) { 
                $usernew->picture = save_profile_image($user->id, $filename);
                set_field('user', 'picture', $usernew->picture, 'id', $user->id);  /// Note picture in DB
            } else {
                if (!empty($usernew->deletepicture)) {
                    set_field('user', 'picture', 0, 'id', $user->id);  /// Delete picture
                    $usernew->picture = 0;
                }
            }

            $user = $usernew;

        } else {
            $timenow = time();

            if ($filename = valid_uploaded_file($_FILES['imagefile'])) { 
                $usernew->picture = save_profile_image($user->id, $filename);
            } else {
                if (!empty($usernew->deletepicture)) {
                    set_field('user', 'picture', 0, 'id', $user->id);  /// Delete picture
                    $usernew->picture = 0;
                } else {
                    $usernew->picture = $user->picture;
                }
            }
    
            $usernew->timemodified = time();

            if (isadmin()) {
                if (!empty($usernew->newpassword)) {
                    $usernew->password = md5($usernew->newpassword);
                }
            } else {
                if (isset($usernew->newpassword)) {
                    error("You can not change the password like that");
                }
            }
            if ($usernew->url and !(substr($usernew->url, 0, 4) == "http")) {
                $usernew->url = "http://".$usernew->url;
            }

            if (update_record("user", $usernew)) {
                add_to_log($course->id, "user", "update", "view.php?id=$user->id&course=$course->id", "");

                if ($user->id == $USER->id) {
                    // Copy data into $USER session variable
                    $usernew = (array)$usernew;
                    foreach ($usernew as $variable => $value) {
                        $USER->$variable = stripslashes($value);
                    }
                    if (isset($USER->newadminuser)) {
                        unset($USER->newadminuser);
                        redirect("$CFG->wwwroot/", get_string("changessaved"));
                    }
                    redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id", get_string("changessaved"));
                } else {
                    redirect("$CFG->wwwroot/$CFG->admin/user.php", get_string("changessaved"));
                }
            } else {
                error("Could not update the user record ($user->id)");
            }
        }
    }
    
/// Otherwise fill and print the form.

    $streditmyprofile = get_string("editmyprofile");
    $strparticipants = get_string("participants");
    $strnewuser = get_string("newuser");

    if (($user->firstname and $user->lastname) or $newaccount) {
        if ($newaccount) {
            $userfullname = $strnewuser;
        } else {
            $userfullname = fullname($user, isteacher($course->id));
        }
        if ($course->category) {
            print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile",
                        "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a> 
                        -> <a href=\"index.php?id=$course->id\">$strparticipants</a>
                        -> <a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a> 
                        -> $streditmyprofile", "");
        } else {
            if (isset($USER->newadminuser)) {
                print_header();
            } else {
                print_header("$course->shortname: $streditmyprofile", "$course->fullname",
                             "<a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a> 
                              -> $streditmyprofile", "");
            }
        }
    } else {
        $userfullname = $strnewuser;
        $straddnewuser = get_string("addnewuser");

        $stradministration = get_string("administration");
        print_header("$course->shortname: $streditmyprofile", "$course->fullname",
                     "<a href=\"$CFG->wwwroot/$CFG->admin/\">$stradministration</a> -> ".
                     "<a href=\"$CFG->wwwroot/$CFG->admin/users.php\">$strusers</a> -> $straddnewuser", "");
    }

    $teacher = strtolower($course->teacher);
    if (!isadmin()) {
        $teacheronly = "(".get_string("teacheronly", "", $teacher).")";
    } else {
        $teacheronly = "";
    }

    print_heading( get_string("userprofilefor", "", "$userfullname") );

    if (isset($USER->newadminuser)) {
        print_simple_box(get_string("configintroadmin"), "center", "50%");
        echo "<br />";
    }

    print_simple_box_start("center", "", "$THEME->cellheading");
    if (!empty($err)) {
       echo "<center>";
       notify(get_string("someerrorswerefound"));
       echo "</center>";
    }
    include("edit.html");
    print_simple_box_end();

    if (!isset($USER->newadminuser)) {
        print_footer($course);
    }

    exit;


/// FUNCTIONS ////////////////////

function find_form_errors(&$user, &$usernew, &$err) {
    global $CFG;

    if (isadmin()) {
        if (empty($usernew->username)) {
            $err["username"] = get_string("missingusername");

        } else if (record_exists("user", "username", $usernew->username) and $user->username == "changeme") {
                $err["username"] = get_string("usernameexists");

        } else {
            if (empty($CFG->extendedusernamechars)) {
                $string = eregi_replace("[^(-\.[:alnum:])]", "", $usernew->username);
                if (strcmp($usernew->username, $string)) {
                    $err["username"] = get_string("alphanumerical");
                }
            }
        }

        if (empty($usernew->newpassword) and empty($user->password) and is_internal_auth() )
            $err["newpassword"] = get_string("missingpassword");

        if (($usernew->newpassword == "admin") or ($user->password == md5("admin") and empty($usernew->newpassword)) ) {
            $err["newpassword"] = get_string("unsafepassword");
        }
    }

    if (empty($usernew->email))
        $err["email"] = get_string("missingemail");

    if (empty($usernew->description) and !isadmin())
        $err["description"] = get_string("missingdescription");

    if (empty($usernew->city))
        $err["city"] = get_string("missingcity");

    if (empty($usernew->firstname))
        $err["firstname"] = get_string("missingfirstname");

    if (empty($usernew->lastname))
        $err["lastname"] = get_string("missinglastname");

    if (empty($usernew->country))
        $err["country"] = get_string("missingcountry");

    if (! validate_email($usernew->email)) {
        $err["email"] = get_string("invalidemail");

    } else if ($otheruser = get_record("user", "email", $usernew->email)) {
        if ($otheruser->id <> $user->id) {
            $err["email"] = get_string("emailexists");
        }
    }
    
    if (empty($err["email"]) and !isadmin()) {
        if ($error = email_is_not_allowed($usernew->email)) {
            $err["email"] = $error;
        }
    }

    $user->email = $usernew->email;

    return count($err);
}


?>
Commit	Line	Data
f9903ed0	1	<?PHP // $Id$
f9903ed0	2
dc2590e5	3	require_once("../config.php");
951b22a8	4	require_once("$CFG->libdir/gdlib.php");
f9903ed0	5
	6	require_variable($id); // user id
	7	require_variable($course); // course id
	8
f971d502	9
f971d502	10
f9903ed0	11	if (! $user = get_record("user", "id", $id)) {
	12	error("User ID was incorrect");
	13	}
	14
	15	if (! $course = get_record("course", "id", $course)) {
0087d8a6	16	error("Course ID was incorrect");
f9903ed0	17	}
f9903ed0	18
2c104c01	19	if ($user->confirmed and user_not_fully_set_up($user)) {
faebaf0f	20	// Special case which can only occur when a new account
	21	// has just been created by EXTERNAL authentication
	22	// This is the only page in Moodle that has the exception
	23	// so that users can set up their accounts
	24	$newaccount = true;
	25
deae201f	26	if (empty($USER)) {
ea229804	27	error("Sessions don't seem to be working on this server!");
	28	}
	29
faebaf0f	30	} else {
faebaf0f	31	$newaccount = false;
dc2590e5	32	require_login($course->id);
faebaf0f	33	}
f9903ed0	34
a3447e10	35	if ($USER->id <> $user->id and !isadmin()) {
f9903ed0	36	error("You can only edit your own information");
	37	}
	38
603d4c72	39	if (isguest()) {
	40	error("The guest user cannot edit their profile.");
	41	}
	42
a3447e10	43	if (isguest($user->id)) {
	44	error("Sorry, the guest user cannot be edited.");
	45	}
	46
f9903ed0	47
	48	/// If data submitted, then process and store.
	49
dc2590e5	50	if ($usernew = data_submitted()) {
999beee0	51
ab394456	52	if (isset($USER->username)) {
	53	check_for_restricted_user($USER->username, "$CFG->wwwroot/course/view.php?id=$course->id");
	54	}
	55
999beee0	56	foreach ($usernew as $key => $data) {
6acfbb43	57	$usernew->$key = addslashes(clean_text(stripslashes($usernew->$key), FORMAT_MOODLE));
999beee0	58	}
999beee0	59
9d05e261	60	$usernew->firstname = trim(strip_tags($usernew->firstname));
9d05e261	61	$usernew->lastname = trim(strip_tags($usernew->lastname));
999beee0	62
dc2590e5	63	if (isset($usernew->username)) {
	64	$usernew->username = trim(moodle_strtolower($usernew->username));
	65	}
	66
de38e262	67	if (empty($_FILES['imagefile'])) {
	68	$_FILES['imagefile'] = NULL; // To avoid using uninitialised variable later
	69	}
	70
b913b369	71	if (find_form_errors($user, $usernew, $err)) {
607809b3	72	if ($filename = valid_uploaded_file($_FILES['imagefile'])) {
7721c694	73	$usernew->picture = save_profile_image($user->id, $filename);
1aacb503	74	set_field('user', 'picture', $usernew->picture, 'id', $user->id); /// Note picture in DB
ec67cbf2	75	} else {
	76	if (!empty($usernew->deletepicture)) {
	77	set_field('user', 'picture', 0, 'id', $user->id); /// Delete picture
	78	$usernew->picture = 0;
	79	}
a406cdec	80	}
a406cdec	81
a3447e10	82	$user = $usernew;
	83
	84	} else {
dc2590e5	85	$timenow = time();
f9903ed0	86
607809b3	87	if ($filename = valid_uploaded_file($_FILES['imagefile'])) {
7721c694	88	$usernew->picture = save_profile_image($user->id, $filename);
f9903ed0	89	} else {
ec67cbf2	90	if (!empty($usernew->deletepicture)) {
	91	set_field('user', 'picture', 0, 'id', $user->id); /// Delete picture
	92	$usernew->picture = 0;
	93	} else {
	94	$usernew->picture = $user->picture;
	95	}
f9903ed0	96	}
	97
	98	$usernew->timemodified = time();
	99
a3447e10	100	if (isadmin()) {
f0eec3b6	101	if (!empty($usernew->newpassword)) {
a3447e10	102	$usernew->password = md5($usernew->newpassword);
	103	}
	104	} else {
	105	if (isset($usernew->newpassword)) {
	106	error("You can not change the password like that");
	107	}
	108	}
ef9955b0	109	if ($usernew->url and !(substr($usernew->url, 0, 4) == "http")) {
	110	$usernew->url = "http://".$usernew->url;
	111	}
873960de	112
f9903ed0	113	if (update_record("user", $usernew)) {
253ae7db	114	add_to_log($course->id, "user", "update", "view.php?id=$user->id&course=$course->id", "");
873960de	115
a3447e10	116	if ($user->id == $USER->id) {
	117	// Copy data into $USER session variable
	118	$usernew = (array)$usernew;
	119	foreach ($usernew as $variable => $value) {
521d04cf	120	$USER->$variable = stripslashes($value);
a3447e10	121	}
1f33691c	122	if (isset($USER->newadminuser)) {
1f33691c	123	unset($USER->newadminuser);
dd85cc81	124	redirect("$CFG->wwwroot/", get_string("changessaved"));
1f33691c	125	}
1f33691c	126	redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id", get_string("changessaved"));
a3447e10	127	} else {
003296c4	128	redirect("$CFG->wwwroot/$CFG->admin/user.php", get_string("changessaved"));
873960de	129	}
f9903ed0	130	} else {
	131	error("Could not update the user record ($user->id)");
	132	}
dc2590e5	133	}
f9903ed0	134	}
	135
	136	/// Otherwise fill and print the form.
	137
faebaf0f	138	$streditmyprofile = get_string("editmyprofile");
	139	$strparticipants = get_string("participants");
	140	$strnewuser = get_string("newuser");
8553b700	141
faebaf0f	142	if (($user->firstname and $user->lastname) or $newaccount) {
	143	if ($newaccount) {
	144	$userfullname = $strnewuser;
	145	} else {
5fde0ca6	146	$userfullname = fullname($user, isteacher($course->id));
faebaf0f	147	}
7cbb4c96	148	if ($course->category) {
dc2590e5	149	print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile",
031c49fa	150	"<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a>
031c49fa	151	-> <a href=\"index.php?id=$course->id\">$strparticipants</a>
357b5286	152	-> <a href=\"view.php?id=$user->id&course=$course->id\">$userfullname</a>
faebaf0f	153	-> $streditmyprofile", "");
7cbb4c96	154	} else {
1f33691c	155	if (isset($USER->newadminuser)) {
	156	print_header();
	157	} else {
	158	print_header("$course->shortname: $streditmyprofile", "$course->fullname",
357b5286	159	"<a href=\"view.php?id=$user->id&course=$course->id\">$userfullname</a>
1f33691c	160	-> $streditmyprofile", "");
1f33691c	161	}
7cbb4c96	162	}
f9903ed0	163	} else {
faebaf0f	164	$userfullname = $strnewuser;
7cbb4c96	165	$straddnewuser = get_string("addnewuser");
	166
	167	$stradministration = get_string("administration");
dc2590e5	168	print_header("$course->shortname: $streditmyprofile", "$course->fullname",
55e4b5f9	169	"<a href=\"$CFG->wwwroot/$CFG->admin/\">$stradministration</a> -> ".
55e4b5f9	170	"<a href=\"$CFG->wwwroot/$CFG->admin/users.php\">$strusers</a> -> $straddnewuser", "");
f9903ed0	171	}
f9903ed0	172
bda8d43a	173	$teacher = strtolower($course->teacher);
a3447e10	174	if (!isadmin()) {
a3447e10	175	$teacheronly = "(".get_string("teacheronly", "", $teacher).")";
9c9f7d77	176	} else {
9c9f7d77	177	$teacheronly = "";
a3447e10	178	}
bda8d43a	179
7cbb4c96	180	print_heading( get_string("userprofilefor", "", "$userfullname") );
1f33691c	181
1f33691c	182	if (isset($USER->newadminuser)) {
d2b6ba70	183	print_simple_box(get_string("configintroadmin"), "center", "50%");
1f33691c	184	echo "<br />";
	185	}
	186
4d0dde91	187	print_simple_box_start("center", "", "$THEME->cellheading");
9c9f7d77	188	if (!empty($err)) {
031c49fa	189	echo "<center>";
a406cdec	190	notify(get_string("someerrorswerefound"));
031c49fa	191	echo "</center>";
a406cdec	192	}
dc2590e5	193	include("edit.html");
f9903ed0	194	print_simple_box_end();
f9903ed0	195
1f33691c	196	if (!isset($USER->newadminuser)) {
	197	print_footer($course);
	198	}
	199
	200	exit;
f9903ed0	201
	202
	203
	204	/// FUNCTIONS ////////////////////
	205
	206	function find_form_errors(&$user, &$usernew, &$err) {
c9ca1fa5	207	global $CFG;
f9903ed0	208
a3447e10	209	if (isadmin()) {
2b25f2a0	210	if (empty($usernew->username)) {
a3447e10	211	$err["username"] = get_string("missingusername");
a3447e10	212
2b25f2a0	213	} else if (record_exists("user", "username", $usernew->username) and $user->username == "changeme") {
	214	$err["username"] = get_string("usernameexists");
	215
	216	} else {
c9ca1fa5	217	if (empty($CFG->extendedusernamechars)) {
	218	$string = eregi_replace("[^(-\.[:alnum:])]", "", $usernew->username);
	219	if (strcmp($usernew->username, $string)) {
	220	$err["username"] = get_string("alphanumerical");
	221	}
	222	}
2b25f2a0	223	}
2b25f2a0	224
ecac660c	225	if (empty($usernew->newpassword) and empty($user->password) and is_internal_auth() )
a3447e10	226	$err["newpassword"] = get_string("missingpassword");
e98e0915	227
09ba0c8a	228	if (($usernew->newpassword == "admin") or ($user->password == md5("admin") and empty($usernew->newpassword)) ) {
e98e0915	229	$err["newpassword"] = get_string("unsafepassword");
09ba0c8a	230	}
a3447e10	231	}
a3447e10	232
f9903ed0	233	if (empty($usernew->email))
8553b700	234	$err["email"] = get_string("missingemail");
f9903ed0	235
87f3a895	236	if (empty($usernew->description) and !isadmin())
a3447e10	237	$err["description"] = get_string("missingdescription");
a3447e10	238
bda8d43a	239	if (empty($usernew->city))
8553b700	240	$err["city"] = get_string("missingcity");
bda8d43a	241
9c055aa5	242	if (empty($usernew->firstname))
	243	$err["firstname"] = get_string("missingfirstname");
	244
	245	if (empty($usernew->lastname))
	246	$err["lastname"] = get_string("missinglastname");
	247
bda8d43a	248	if (empty($usernew->country))
8553b700	249	$err["country"] = get_string("missingcountry");
bda8d43a	250
21f01485	251	if (! validate_email($usernew->email)) {
8553b700	252	$err["email"] = get_string("invalidemail");
f9903ed0	253
21f01485	254	} else if ($otheruser = get_record("user", "email", $usernew->email)) {
f9903ed0	255	if ($otheruser->id <> $user->id) {
8553b700	256	$err["email"] = get_string("emailexists");
f9903ed0	257	}
f9903ed0	258	}
21f01485	259
21f01485	260	if (empty($err["email"]) and !isadmin()) {
85a1d4c9	261	if ($error = email_is_not_allowed($usernew->email)) {
85a1d4c9	262	$err["email"] = $error;
21f01485	263	}
21f01485	264	}
f9903ed0	265
	266	$user->email = $usernew->email;
	267
	268	return count($err);
	269	}
	270
	271
	272	?>