Switching back to an interger-rounded retrieved best grade. Will probably
[moodle.git] / user / edit.php
CommitLineData
1066e0dc 1<?php // $Id$
f9903ed0 2
dc2590e5 3 require_once("../config.php");
951b22a8 4 require_once("$CFG->libdir/gdlib.php");
f9903ed0 5
e41ddc4b 6 optional_variable($id); // user id
7 optional_variable($course); // course id
f9903ed0 8
e41ddc4b 9 if (empty($id)) { // See your own profile by default
10 require_login();
11 $id = $USER->id;
12 }
8f0cd6ef 13
e41ddc4b 14 if (empty($course)) { // See it at site level by default
15 $course = SITEID;
16 }
f971d502 17
f9903ed0 18 if (! $user = get_record("user", "id", $id)) {
19 error("User ID was incorrect");
20 }
21
22 if (! $course = get_record("course", "id", $course)) {
0087d8a6 23 error("Course ID was incorrect");
f9903ed0 24 }
25
2c104c01 26 if ($user->confirmed and user_not_fully_set_up($user)) {
8f0cd6ef 27 // Special case which can only occur when a new account
faebaf0f 28 // has just been created by EXTERNAL authentication
29 // This is the only page in Moodle that has the exception
30 // so that users can set up their accounts
31 $newaccount = true;
32
1066e0dc 33 if (empty($USER->id)) {
ea229804 34 error("Sessions don't seem to be working on this server!");
35 }
36
faebaf0f 37 } else {
38 $newaccount = false;
dc2590e5 39 require_login($course->id);
faebaf0f 40 }
f9903ed0 41
1a86eccc 42 if (($USER->id <> $user->id) && !isadmin()) {
f9903ed0 43 error("You can only edit your own information");
44 }
45
603d4c72 46 if (isguest()) {
47 error("The guest user cannot edit their profile.");
48 }
49
a3447e10 50 if (isguest($user->id)) {
51 error("Sorry, the guest user cannot be edited.");
52 }
53
d35757eb 54 // load the relevant auth libraries
55 if ($user->auth) {
56 $auth = $user->auth;
57 if (!file_exists("$CFG->dirroot/auth/$auth/lib.php")) {
58 $auth = "manual"; // Can't find auth module, default to internal
59 }
60 require_once("$CFG->dirroot/auth/$auth/lib.php");
61 }
f9903ed0 62
d35757eb 63
f9903ed0 64/// If data submitted, then process and store.
65
dc2590e5 66 if ($usernew = data_submitted()) {
999beee0 67
1a86eccc 68 if (($USER->id <> $usernew->id) && !isadmin()) {
69 error("You can only edit your own information");
70 }
71
ab394456 72 if (isset($USER->username)) {
73 check_for_restricted_user($USER->username, "$CFG->wwwroot/course/view.php?id=$course->id");
74 }
75
999beee0 76 foreach ($usernew as $key => $data) {
6acfbb43 77 $usernew->$key = addslashes(clean_text(stripslashes($usernew->$key), FORMAT_MOODLE));
999beee0 78 }
79
9d05e261 80 $usernew->firstname = trim(strip_tags($usernew->firstname));
81 $usernew->lastname = trim(strip_tags($usernew->lastname));
999beee0 82
dc2590e5 83 if (isset($usernew->username)) {
84 $usernew->username = trim(moodle_strtolower($usernew->username));
85 }
86
de38e262 87
81d425b4 88 require_once($CFG->dirroot.'/lib/uploadlib.php');
96038147 89 $um = new upload_manager('imagefile',false,false,null,false,0,true,true);
81d425b4 90
d35757eb 91 if (find_form_errors($user, $usernew, $err, $um)) {
81d425b4 92 if (empty($err['imagefile']) && $usernew->picture = save_profile_image($user->id, $um,'users')) {
1aacb503 93 set_field('user', 'picture', $usernew->picture, 'id', $user->id); /// Note picture in DB
ec67cbf2 94 } else {
95 if (!empty($usernew->deletepicture)) {
96 set_field('user', 'picture', 0, 'id', $user->id); /// Delete picture
97 $usernew->picture = 0;
98 }
a406cdec 99 }
100
b36a8fc4 101 $usernew->auth = $user->auth;
a3447e10 102 $user = $usernew;
103
104 } else {
dc2590e5 105 $timenow = time();
b36a8fc4 106
81d425b4 107 if (!$usernew->picture = save_profile_image($user->id,$um,'users')) {
ec67cbf2 108 if (!empty($usernew->deletepicture)) {
109 set_field('user', 'picture', 0, 'id', $user->id); /// Delete picture
110 $usernew->picture = 0;
111 } else {
112 $usernew->picture = $user->picture;
113 }
f9903ed0 114 }
8f0cd6ef 115
f9903ed0 116 $usernew->timemodified = time();
8f0cd6ef 117
a3447e10 118 if (isadmin()) {
f0eec3b6 119 if (!empty($usernew->newpassword)) {
a3447e10 120 $usernew->password = md5($usernew->newpassword);
d35757eb 121 // update external passwords
122 if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) {
a3f1f815 123 if (function_exists('auth_user_update_password')){
d35757eb 124 if (!auth_user_update_password($user->username, $usernew->newpassword)){
125 error('Failed to update password on external auth: ' . $user->auth .
126 '. See the server logs for more details.');
127 }
128 } else {
129 error('Your external authentication module is misconfigued!');
130 }
131 }
a3f1f815 132 }
133 // store forcepasswordchange in user's preferences
6eb3e776 134 if (!empty($usernew->forcepasswordchange)){
a3f1f815 135 set_user_preference('auth_forcepasswordchange', 1, $user->id);
136 } else {
6eb3e776 137 unset_user_preference('auth_forcepasswordchange', $user->id);
a3447e10 138 }
139 } else {
140 if (isset($usernew->newpassword)) {
141 error("You can not change the password like that");
142 }
143 }
ef9955b0 144 if ($usernew->url and !(substr($usernew->url, 0, 4) == "http")) {
145 $usernew->url = "http://".$usernew->url;
146 }
873960de 147
f9903ed0 148 if (update_record("user", $usernew)) {
b36a8fc4 149 if (function_exists("auth_user_update")){
150 // pass a true $userold here
151 auth_user_update($userold, $usernew);
152 };
153
d35757eb 154 add_to_log($course->id, "user", "update", "view.php?id=$user->id&course=$course->id", "");
873960de 155
a3447e10 156 if ($user->id == $USER->id) {
157 // Copy data into $USER session variable
158 $usernew = (array)$usernew;
159 foreach ($usernew as $variable => $value) {
521d04cf 160 $USER->$variable = stripslashes($value);
a3447e10 161 }
1f33691c 162 if (isset($USER->newadminuser)) {
163 unset($USER->newadminuser);
dd85cc81 164 redirect("$CFG->wwwroot/", get_string("changessaved"));
1f33691c 165 }
8f0cd6ef 166 redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id", get_string("changessaved"));
a3447e10 167 } else {
003296c4 168 redirect("$CFG->wwwroot/$CFG->admin/user.php", get_string("changessaved"));
873960de 169 }
f9903ed0 170 } else {
171 error("Could not update the user record ($user->id)");
172 }
dc2590e5 173 }
f9903ed0 174 }
8f0cd6ef 175
f9903ed0 176/// Otherwise fill and print the form.
177
faebaf0f 178 $streditmyprofile = get_string("editmyprofile");
179 $strparticipants = get_string("participants");
180 $strnewuser = get_string("newuser");
8553b700 181
faebaf0f 182 if (($user->firstname and $user->lastname) or $newaccount) {
183 if ($newaccount) {
184 $userfullname = $strnewuser;
185 } else {
5fde0ca6 186 $userfullname = fullname($user, isteacher($course->id));
faebaf0f 187 }
7cbb4c96 188 if ($course->category) {
dc2590e5 189 print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile",
8f0cd6ef 190 "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a>
031c49fa 191 -> <a href=\"index.php?id=$course->id\">$strparticipants</a>
8f0cd6ef 192 -> <a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a>
faebaf0f 193 -> $streditmyprofile", "");
7cbb4c96 194 } else {
1f33691c 195 if (isset($USER->newadminuser)) {
196 print_header();
197 } else {
198 print_header("$course->shortname: $streditmyprofile", "$course->fullname",
8f0cd6ef 199 "<a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a>
1f33691c 200 -> $streditmyprofile", "");
201 }
7cbb4c96 202 }
f9903ed0 203 } else {
faebaf0f 204 $userfullname = $strnewuser;
7cbb4c96 205 $straddnewuser = get_string("addnewuser");
206
207 $stradministration = get_string("administration");
dc2590e5 208 print_header("$course->shortname: $streditmyprofile", "$course->fullname",
55e4b5f9 209 "<a href=\"$CFG->wwwroot/$CFG->admin/\">$stradministration</a> -> ".
210 "<a href=\"$CFG->wwwroot/$CFG->admin/users.php\">$strusers</a> -> $straddnewuser", "");
f9903ed0 211 }
212
bda8d43a 213 $teacher = strtolower($course->teacher);
a3447e10 214 if (!isadmin()) {
215 $teacheronly = "(".get_string("teacheronly", "", $teacher).")";
9c9f7d77 216 } else {
217 $teacheronly = "";
a3447e10 218 }
bda8d43a 219
7cbb4c96 220 print_heading( get_string("userprofilefor", "", "$userfullname") );
1f33691c 221
222 if (isset($USER->newadminuser)) {
d2b6ba70 223 print_simple_box(get_string("configintroadmin"), "center", "50%");
1f33691c 224 echo "<br />";
225 }
226
b77c41c1 227 print_simple_box_start("center");
a3f1f815 228
9c9f7d77 229 if (!empty($err)) {
d35757eb 230 echo "<center>";
231 notify(get_string("someerrorswerefound"));
232 echo "</center>";
a406cdec 233 }
a3f1f815 234
dc2590e5 235 include("edit.html");
a3f1f815 236
237 if (!isadmin()) { /// Lock all the locked fields using Javascript
238 $fields = get_user_fieldnames();
239
240 echo '<script type="text/javascript">'."\n";
241 echo '<!--'."\n";
242
243 foreach ($fields as $field) {
244 $configvariable = 'auth_user_'.$field.'_editlock';
245 if (!empty($CFG->$configvariable)) {
246 echo "eval('document.form.$field.disabled=true');\n";
247 }
248 }
249
250 echo '-->'."\n";
251 echo '</script>'."\n";
252 }
253
f9903ed0 254 print_simple_box_end();
f9903ed0 255
1f33691c 256 if (!isset($USER->newadminuser)) {
257 print_footer($course);
258 }
259
260 exit;
f9903ed0 261
262
263
264/// FUNCTIONS ////////////////////
265
81d425b4 266function find_form_errors(&$user, &$usernew, &$err, &$um) {
c9ca1fa5 267 global $CFG;
f9903ed0 268
a3447e10 269 if (isadmin()) {
2b25f2a0 270 if (empty($usernew->username)) {
a3447e10 271 $err["username"] = get_string("missingusername");
272
2b25f2a0 273 } else if (record_exists("user", "username", $usernew->username) and $user->username == "changeme") {
d35757eb 274 $err["username"] = get_string("usernameexists");
2b25f2a0 275
276 } else {
c9ca1fa5 277 if (empty($CFG->extendedusernamechars)) {
278 $string = eregi_replace("[^(-\.[:alnum:])]", "", $usernew->username);
279 if (strcmp($usernew->username, $string)) {
280 $err["username"] = get_string("alphanumerical");
281 }
282 }
2b25f2a0 283 }
284
ecac660c 285 if (empty($usernew->newpassword) and empty($user->password) and is_internal_auth() )
a3447e10 286 $err["newpassword"] = get_string("missingpassword");
e98e0915 287
09ba0c8a 288 if (($usernew->newpassword == "admin") or ($user->password == md5("admin") and empty($usernew->newpassword)) ) {
e98e0915 289 $err["newpassword"] = get_string("unsafepassword");
09ba0c8a 290 }
a3447e10 291 }
292
f9903ed0 293 if (empty($usernew->email))
8553b700 294 $err["email"] = get_string("missingemail");
f9903ed0 295
87f3a895 296 if (empty($usernew->description) and !isadmin())
a3447e10 297 $err["description"] = get_string("missingdescription");
298
bda8d43a 299 if (empty($usernew->city))
8553b700 300 $err["city"] = get_string("missingcity");
bda8d43a 301
9c055aa5 302 if (empty($usernew->firstname))
303 $err["firstname"] = get_string("missingfirstname");
304
305 if (empty($usernew->lastname))
306 $err["lastname"] = get_string("missinglastname");
307
bda8d43a 308 if (empty($usernew->country))
8553b700 309 $err["country"] = get_string("missingcountry");
bda8d43a 310
21f01485 311 if (! validate_email($usernew->email)) {
8553b700 312 $err["email"] = get_string("invalidemail");
f9903ed0 313
21f01485 314 } else if ($otheruser = get_record("user", "email", $usernew->email)) {
f9903ed0 315 if ($otheruser->id <> $user->id) {
8553b700 316 $err["email"] = get_string("emailexists");
f9903ed0 317 }
318 }
8f0cd6ef 319
21f01485 320 if (empty($err["email"]) and !isadmin()) {
85a1d4c9 321 if ($error = email_is_not_allowed($usernew->email)) {
322 $err["email"] = $error;
21f01485 323 }
324 }
a3f1f815 325
81d425b4 326 if (!$um->preprocess_files()) {
327 $err['imagefile'] = $um->notify;
328 }
f9903ed0 329
a3f1f815 330 if (!isadmin()) { /// Make sure that locked fields are not being edited
331 $fields = get_user_fieldnames();
332
333 foreach ($fields as $field) {
334 $configvariable = 'auth_user_'.$field.'_editlock';
335 if (!empty($CFG->$configvariable)) {
336 if ($user->$field !== $usernew->$field) {
337 $err[$field] = get_string("editlock");
338 }
339 }
340 }
d35757eb 341 }
342
f9903ed0 343 $user->email = $usernew->email;
344
345 return count($err);
346}
347
348
349?>