[moodle.git] / user / edit.php

<?PHP // $Id$

	require("../config.php");
	require("../lib/countries.php");
	require("lib.php");

    require_variable($id);       // user id
    require_variable($course);   // course id

    if (! $user = get_record("user", "id", $id)) {
        error("User ID was incorrect");
    }

    if (! $course = get_record("course", "id", $course)) {
        error("Course ID was incorrect");
    }

	require_login($course->id);

    if ($USER->id <> $user->id and !isadmin()) {
        error("You can only edit your own information");
    }

    if (isguest()) {
        error("The guest user cannot edit their profile.");
    }

    if (isguest($user->id)) {
        error("Sorry, the guest user cannot be edited.");
    }


/// If data submitted, then process and store.

	if (match_referer() && isset($HTTP_POST_VARS)) {

        $usernew = (object)$HTTP_POST_VARS;

        $usernew->firstname = strip_tags($usernew->firstname);
        $usernew->lastname  = strip_tags($usernew->lastname);

        if (find_form_errors($user, $usernew, $err) ) {
            $user = $usernew;

        } else {
		    $timenow = time();

            if ($filename = valid_uploaded_file($imagefile)) { 
                $imageinfo = GetImageSize($filename);
                $image->width  = $imageinfo[0];
                $image->height = $imageinfo[1];
                $image->type   = $imageinfo[2];
    
                switch ($image->type) {
                    case 2: $im = ImageCreateFromJPEG($filename); break;
                    case 3: $im = ImageCreateFromPNG($filename); break;
                    default: error("Image must be in JPG or PNG format");
                }
                if (function_exists("ImageCreateTrueColor") and $CFG->gdversion >= 2) {
                    $im1 = ImageCreateTrueColor(100,100);
                    $im2 = ImageCreateTrueColor(35,35);
                } else {
                    $im1 = ImageCreate(100,100);
                    $im2 = ImageCreate(35,35);
                }
                
                $cx = $image->width / 2;
                $cy = $image->height / 2;
    
                if ($image->width < $image->height) {
                    $half = floor($image->width / 2.0);
                } else {
                    $half = floor($image->height / 2.0);
                }
    
                if (!file_exists("$CFG->dataroot/users")) {
                    if (! mkdir("$CFG->dataroot/users", 0777)) {
                        $badpermissions = true;
                    }
                }
                if (!file_exists("$CFG->dataroot/users/$user->id")) {
                    if (! mkdir("$CFG->dataroot/users/$user->id", 0777)) {
                        $badpermissions = true;
                    }
                }
                
                if ($badpermissions) {
                    $usernew->picture = "0";

                } else {
                    ImageCopyBicubic($im1, $im, 0, 0, $cx-$half, $cy-$half, 100, 100, $half*2, $half*2);
                    ImageCopyBicubic($im2, $im, 0, 0, $cx-$half, $cy-$half, 35, 35, $half*2, $half*2);
    
                    // Draw borders over the top.
                    $black1 = ImageColorAllocate ($im1, 0, 0, 0);
                    $black2 = ImageColorAllocate ($im2, 0, 0, 0);
                    ImageLine ($im1, 0, 0, 0, 99, $black1);
                    ImageLine ($im1, 0, 99, 99, 99, $black1);
                    ImageLine ($im1, 99, 99, 99, 0, $black1);
                    ImageLine ($im1, 99, 0, 0, 0, $black1);
                    ImageLine ($im2, 0, 0, 0, 34, $black2);
                    ImageLine ($im2, 0, 34, 34, 34, $black2);
                    ImageLine ($im2, 34, 34, 34, 0, $black2);
                    ImageLine ($im2, 34, 0, 0, 0, $black2);
                
                    ImageJpeg($im1, "$CFG->dataroot/users/$user->id/f1.jpg", 90);
                    ImageJpeg($im2, "$CFG->dataroot/users/$user->id/f2.jpg", 95);
                    $usernew->picture = "1";
                }
            } else {
                $usernew->picture = $user->picture;
            }
    
            $usernew->timemodified = time();

            if (isadmin()) {
                if ($usernew->newpassword) {
                    $usernew->password = md5($usernew->newpassword);
                }
            } else {
                if (isset($usernew->newpassword)) {
                    error("You can not change the password like that");
                }
            }
            if ($usernew->url and !(substr($usernew->url, 0, 4) == "http")) {
                $usernew->url = "http://".$usernew->url;
            }

            if (update_record("user", $usernew)) {
                add_to_log($course->id, "user", "update", "view.php?id=$user->id&course=$course->id", "");

                if ($user->id == $USER->id) {
                    // Copy data into $USER session variable
                    $usernew = (array)$usernew;
                    foreach ($usernew as $variable => $value) {
                        $USER->$variable = $value;
                    }
                    save_session("USER");
		            redirect("view.php?id=$user->id&course=$course->id", "Changes saved");
                } else {
		            redirect("../admin/user.php", "Changes saved");
                }
            } else {
                error("Could not update the user record ($user->id)");
            }
	    }
    }
    
/// Otherwise fill and print the form.

    $editmyprofile = get_string("editmyprofile");
    $participants = get_string("participants");

    if ($user->firstname and $user->lastname) {
        $userfullname = "$user->firstname $user->lastname";
        if ($course->category) {
	        print_header("$course->fullname: $editmyprofile", "$course->fullname: $editmyprofile",
                        "<A HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A> 
                        -> <A HREF=\"index.php?id=$course->id\">$participants</A>
                        -> <A HREF=\"view.php?id=$user->id&course=$course->id\">$userfullname</A> 
                        -> $editmyprofile", "");
        } else {
	        print_header("$course->fullname: $editmyprofile", "$course->fullname",
                         "<A HREF=\"view.php?id=$user->id&course=$course->id\">$userfullname</A> 
                          -> $editmyprofile", "");
        }
    } else {
        $userfullname = get_string("newuser");
        $straddnewuser = get_string("addnewuser");

        $stradministration = get_string("administration");
	    print_header("$course->fullname: $editmyprofile", "$course->fullname",
                     "<A HREF=\"$CFG->wwwroot/admin\">$stradministration</A> ->
                      $straddnewuser", "");
    }

    $teacher = strtolower($course->teacher);
    if (!isadmin()) {
        $teacheronly = "(".get_string("teacheronly", "", $teacher).")";
    }

    print_heading( get_string("userprofilefor", "", "$userfullname") );
    print_simple_box_start("center", "", "$THEME->cellheading");
	include("edit.html");
    print_simple_box_end();
    print_footer($course);


/// FUNCTIONS ////////////////////

function find_form_errors(&$user, &$usernew, &$err) {

    if (isadmin()) {
        if (empty($usernew->username)) {
            $err["username"] = get_string("missingusername");

        } else if (record_exists("user", "username", $usernew->username) and $user->username == "changeme") {
                $err["username"] = get_string("usernameexists");

        } else {
            $string = eregi_replace("[^([:alnum:])]", "", $user->username);
            if (strcmp($user->username, $string)) 
                $err["username"] = get_string("alphanumerical");
        }

        if (empty($usernew->newpassword) and empty($user->password))
            $err["newpassword"] = get_string("missingpassword");

        if (($usernew->newpassword == "admin") or ($user->password == md5("admin") and empty($usernew->newpassword)) ) {
            $err["newpassword"] = get_string("unsafepassword");
        }
    }

    if (empty($usernew->email))
        $err["email"] = get_string("missingemail");

    if (empty($usernew->description))
        $err["description"] = get_string("missingdescription");

    if (empty($usernew->city))
        $err["city"] = get_string("missingcity");

    if (empty($usernew->firstname))
        $err["firstname"] = get_string("missingfirstname");

    if (empty($usernew->lastname))
        $err["lastname"] = get_string("missinglastname");

    if (empty($usernew->country))
        $err["country"] = get_string("missingcountry");

    if (! validate_email($usernew->email))
        $err["email"] = get_string("invalidemail");

    else if ($otheruser = get_record("user", "email", $usernew->email)) {
        if ($otheruser->id <> $user->id) {
            $err["email"] = get_string("emailexists");
        }
    }

    $user->email = $usernew->email;

    return count($err);
}


?>
Commit	Line	Data
f9903ed0	1	<?PHP // $Id$
	2
	3	require("../config.php");
bda8d43a	4	require("../lib/countries.php");
f9903ed0	5	require("lib.php");
	6
	7	require_variable($id); // user id
	8	require_variable($course); // course id
	9
	10	if (! $user = get_record("user", "id", $id)) {
	11	error("User ID was incorrect");
	12	}
	13
	14	if (! $course = get_record("course", "id", $course)) {
0087d8a6	15	error("Course ID was incorrect");
f9903ed0	16	}
	17
	18	require_login($course->id);
	19
a3447e10	20	if ($USER->id <> $user->id and !isadmin()) {
f9903ed0	21	error("You can only edit your own information");
	22	}
	23
603d4c72	24	if (isguest()) {
	25	error("The guest user cannot edit their profile.");
	26	}
	27
a3447e10	28	if (isguest($user->id)) {
	29	error("Sorry, the guest user cannot be edited.");
	30	}
	31
f9903ed0	32
	33	/// If data submitted, then process and store.
	34
	35	if (match_referer() && isset($HTTP_POST_VARS)) {
	36
	37	$usernew = (object)$HTTP_POST_VARS;
	38
a3447e10	39	$usernew->firstname = strip_tags($usernew->firstname);
	40	$usernew->lastname = strip_tags($usernew->lastname);
	41
	42	if (find_form_errors($user, $usernew, $err) ) {
	43	$user = $usernew;
	44
	45	} else {
f9903ed0	46	$timenow = time();
f9903ed0	47
8223d271	48	if ($filename = valid_uploaded_file($imagefile)) {
8223d271	49	$imageinfo = GetImageSize($filename);
f9903ed0	50	$image->width = $imageinfo[0];
	51	$image->height = $imageinfo[1];
	52	$image->type = $imageinfo[2];
	53
	54	switch ($image->type) {
8223d271	55	case 2: $im = ImageCreateFromJPEG($filename); break;
8223d271	56	case 3: $im = ImageCreateFromPNG($filename); break;
f9903ed0	57	default: error("Image must be in JPG or PNG format");
f9903ed0	58	}
22f4320b	59	if (function_exists("ImageCreateTrueColor") and $CFG->gdversion >= 2) {
f9903ed0	60	$im1 = ImageCreateTrueColor(100,100);
	61	$im2 = ImageCreateTrueColor(35,35);
	62	} else {
	63	$im1 = ImageCreate(100,100);
	64	$im2 = ImageCreate(35,35);
	65	}
	66
	67	$cx = $image->width / 2;
	68	$cy = $image->height / 2;
	69
	70	if ($image->width < $image->height) {
	71	$half = floor($image->width / 2.0);
	72	} else {
	73	$half = floor($image->height / 2.0);
	74	}
	75
	76	if (!file_exists("$CFG->dataroot/users")) {
54bdcdbe	77	if (! mkdir("$CFG->dataroot/users", 0777)) {
	78	$badpermissions = true;
	79	}
f9903ed0	80	}
a3447e10	81	if (!file_exists("$CFG->dataroot/users/$user->id")) {
a3447e10	82	if (! mkdir("$CFG->dataroot/users/$user->id", 0777)) {
54bdcdbe	83	$badpermissions = true;
54bdcdbe	84	}
f9903ed0	85	}
f9903ed0	86
54bdcdbe	87	if ($badpermissions) {
	88	$usernew->picture = "0";
	89
	90	} else {
	91	ImageCopyBicubic($im1, $im, 0, 0, $cx-$half, $cy-$half, 100, 100, $half2, $half2);
	92	ImageCopyBicubic($im2, $im, 0, 0, $cx-$half, $cy-$half, 35, 35, $half2, $half2);
f9903ed0	93
54bdcdbe	94	// Draw borders over the top.
	95	$black1 = ImageColorAllocate ($im1, 0, 0, 0);
	96	$black2 = ImageColorAllocate ($im2, 0, 0, 0);
	97	ImageLine ($im1, 0, 0, 0, 99, $black1);
	98	ImageLine ($im1, 0, 99, 99, 99, $black1);
	99	ImageLine ($im1, 99, 99, 99, 0, $black1);
	100	ImageLine ($im1, 99, 0, 0, 0, $black1);
	101	ImageLine ($im2, 0, 0, 0, 34, $black2);
	102	ImageLine ($im2, 0, 34, 34, 34, $black2);
	103	ImageLine ($im2, 34, 34, 34, 0, $black2);
	104	ImageLine ($im2, 34, 0, 0, 0, $black2);
	105
a3447e10	106	ImageJpeg($im1, "$CFG->dataroot/users/$user->id/f1.jpg", 90);
a3447e10	107	ImageJpeg($im2, "$CFG->dataroot/users/$user->id/f2.jpg", 95);
54bdcdbe	108	$usernew->picture = "1";
54bdcdbe	109	}
f9903ed0	110	} else {
	111	$usernew->picture = $user->picture;
	112	}
	113
	114	$usernew->timemodified = time();
	115
a3447e10	116	if (isadmin()) {
	117	if ($usernew->newpassword) {
	118	$usernew->password = md5($usernew->newpassword);
	119	}
	120	} else {
	121	if (isset($usernew->newpassword)) {
	122	error("You can not change the password like that");
	123	}
	124	}
ef9955b0	125	if ($usernew->url and !(substr($usernew->url, 0, 4) == "http")) {
	126	$usernew->url = "http://".$usernew->url;
	127	}
873960de	128
f9903ed0	129	if (update_record("user", $usernew)) {
253ae7db	130	add_to_log($course->id, "user", "update", "view.php?id=$user->id&course=$course->id", "");
873960de	131
a3447e10	132	if ($user->id == $USER->id) {
	133	// Copy data into $USER session variable
	134	$usernew = (array)$usernew;
	135	foreach ($usernew as $variable => $value) {
	136	$USER->$variable = $value;
	137	}
	138	save_session("USER");
	139	redirect("view.php?id=$user->id&course=$course->id", "Changes saved");
	140	} else {
	141	redirect("../admin/user.php", "Changes saved");
873960de	142	}
f9903ed0	143	} else {
	144	error("Could not update the user record ($user->id)");
	145	}
	146	}
	147	}
	148
	149	/// Otherwise fill and print the form.
	150
8553b700	151	$editmyprofile = get_string("editmyprofile");
	152	$participants = get_string("participants");
	153
7cbb4c96	154	if ($user->firstname and $user->lastname) {
	155	$userfullname = "$user->firstname $user->lastname";
	156	if ($course->category) {
	157	print_header("$course->fullname: $editmyprofile", "$course->fullname: $editmyprofile",
	158	"<A HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A>
	159	-> <A HREF=\"index.php?id=$course->id\">$participants</A>
	160	-> <A HREF=\"view.php?id=$user->id&course=$course->id\">$userfullname</A>
	161	-> $editmyprofile", "");
	162	} else {
	163	print_header("$course->fullname: $editmyprofile", "$course->fullname",
	164	"<A HREF=\"view.php?id=$user->id&course=$course->id\">$userfullname</A>
	165	-> $editmyprofile", "");
	166	}
f9903ed0	167	} else {
7cbb4c96	168	$userfullname = get_string("newuser");
	169	$straddnewuser = get_string("addnewuser");
	170
	171	$stradministration = get_string("administration");
0087d8a6	172	print_header("$course->fullname: $editmyprofile", "$course->fullname",
7cbb4c96	173	"<A HREF=\"$CFG->wwwroot/admin\">$stradministration</A> ->
7cbb4c96	174	$straddnewuser", "");
f9903ed0	175	}
f9903ed0	176
bda8d43a	177	$teacher = strtolower($course->teacher);
a3447e10	178	if (!isadmin()) {
	179	$teacheronly = "(".get_string("teacheronly", "", $teacher).")";
	180	}
bda8d43a	181
7cbb4c96	182	print_heading( get_string("userprofilefor", "", "$userfullname") );
4d0dde91	183	print_simple_box_start("center", "", "$THEME->cellheading");
f9903ed0	184	include("edit.html");
f9903ed0	185	print_simple_box_end();
f9903ed0	186	print_footer($course);
	187
	188
	189
	190
	191	/// FUNCTIONS ////////////////////
	192
	193	function find_form_errors(&$user, &$usernew, &$err) {
	194
a3447e10	195	if (isadmin()) {
2b25f2a0	196	if (empty($usernew->username)) {
a3447e10	197	$err["username"] = get_string("missingusername");
a3447e10	198
2b25f2a0	199	} else if (record_exists("user", "username", $usernew->username) and $user->username == "changeme") {
	200	$err["username"] = get_string("usernameexists");
	201
	202	} else {
	203	$string = eregi_replace("[^([:alnum:])]", "", $user->username);
	204	if (strcmp($user->username, $string))
	205	$err["username"] = get_string("alphanumerical");
	206	}
	207
a3447e10	208	if (empty($usernew->newpassword) and empty($user->password))
a3447e10	209	$err["newpassword"] = get_string("missingpassword");
e98e0915	210
09ba0c8a	211	if (($usernew->newpassword == "admin") or ($user->password == md5("admin") and empty($usernew->newpassword)) ) {
e98e0915	212	$err["newpassword"] = get_string("unsafepassword");
09ba0c8a	213	}
a3447e10	214	}
a3447e10	215
f9903ed0	216	if (empty($usernew->email))
8553b700	217	$err["email"] = get_string("missingemail");
f9903ed0	218
a3447e10	219	if (empty($usernew->description))
	220	$err["description"] = get_string("missingdescription");
	221
bda8d43a	222	if (empty($usernew->city))
8553b700	223	$err["city"] = get_string("missingcity");
bda8d43a	224
9c055aa5	225	if (empty($usernew->firstname))
	226	$err["firstname"] = get_string("missingfirstname");
	227
	228	if (empty($usernew->lastname))
	229	$err["lastname"] = get_string("missinglastname");
	230
bda8d43a	231	if (empty($usernew->country))
8553b700	232	$err["country"] = get_string("missingcountry");
bda8d43a	233
a3447e10	234	if (! validate_email($usernew->email))
8553b700	235	$err["email"] = get_string("invalidemail");
f9903ed0	236
	237	else if ($otheruser = get_record("user", "email", $usernew->email)) {
	238	if ($otheruser->id <> $user->id) {
8553b700	239	$err["email"] = get_string("emailexists");
f9903ed0	240	}
	241	}
	242
	243	$user->email = $usernew->email;
	244
	245	return count($err);
	246	}
	247
	248
	249	?>