User descriptions weren't being filtered! They are now. :-)
[moodle.git] / user / edit.php
CommitLineData
f9903ed0 1<?PHP // $Id$
2
dc2590e5 3 require_once("../config.php");
951b22a8 4 require_once("$CFG->libdir/gdlib.php");
f9903ed0 5
6 require_variable($id); // user id
7 require_variable($course); // course id
8
9 if (! $user = get_record("user", "id", $id)) {
10 error("User ID was incorrect");
11 }
12
13 if (! $course = get_record("course", "id", $course)) {
0087d8a6 14 error("Course ID was incorrect");
f9903ed0 15 }
16
2c104c01 17 if ($user->confirmed and user_not_fully_set_up($user)) {
faebaf0f 18 // Special case which can only occur when a new account
19 // has just been created by EXTERNAL authentication
20 // This is the only page in Moodle that has the exception
21 // so that users can set up their accounts
22 $newaccount = true;
23
deae201f 24 if (empty($USER)) {
ea229804 25 error("Sessions don't seem to be working on this server!");
26 }
27
faebaf0f 28 } else {
29 $newaccount = false;
dc2590e5 30 require_login($course->id);
faebaf0f 31 }
f9903ed0 32
a3447e10 33 if ($USER->id <> $user->id and !isadmin()) {
f9903ed0 34 error("You can only edit your own information");
35 }
36
603d4c72 37 if (isguest()) {
38 error("The guest user cannot edit their profile.");
39 }
40
a3447e10 41 if (isguest($user->id)) {
42 error("Sorry, the guest user cannot be edited.");
43 }
44
f9903ed0 45
46/// If data submitted, then process and store.
47
dc2590e5 48 if ($usernew = data_submitted()) {
a3447e10 49 $usernew->firstname = strip_tags($usernew->firstname);
50 $usernew->lastname = strip_tags($usernew->lastname);
dc2590e5 51 if (isset($usernew->username)) {
52 $usernew->username = trim(moodle_strtolower($usernew->username));
53 }
54
de38e262 55 if (empty($_FILES['imagefile'])) {
56 $_FILES['imagefile'] = NULL; // To avoid using uninitialised variable later
57 }
58
b913b369 59 if (find_form_errors($user, $usernew, $err)) {
607809b3 60 if ($filename = valid_uploaded_file($_FILES['imagefile'])) {
a406cdec 61 $usernew->picture = save_user_image($user->id, $filename);
62 }
63
a3447e10 64 $user = $usernew;
65
66 } else {
dc2590e5 67 $timenow = time();
f9903ed0 68
607809b3 69 if ($filename = valid_uploaded_file($_FILES['imagefile'])) {
a406cdec 70 $usernew->picture = save_user_image($user->id, $filename);
f9903ed0 71 } else {
72 $usernew->picture = $user->picture;
73 }
74
75 $usernew->timemodified = time();
76
a3447e10 77 if (isadmin()) {
f0eec3b6 78 if (!empty($usernew->newpassword)) {
a3447e10 79 $usernew->password = md5($usernew->newpassword);
80 }
81 } else {
82 if (isset($usernew->newpassword)) {
83 error("You can not change the password like that");
84 }
85 }
ef9955b0 86 if ($usernew->url and !(substr($usernew->url, 0, 4) == "http")) {
87 $usernew->url = "http://".$usernew->url;
88 }
873960de 89
f9903ed0 90 if (update_record("user", $usernew)) {
253ae7db 91 add_to_log($course->id, "user", "update", "view.php?id=$user->id&course=$course->id", "");
873960de 92
a3447e10 93 if ($user->id == $USER->id) {
94 // Copy data into $USER session variable
95 $usernew = (array)$usernew;
96 foreach ($usernew as $variable => $value) {
521d04cf 97 $USER->$variable = stripslashes($value);
a3447e10 98 }
1f33691c 99 if (isset($USER->newadminuser)) {
100 unset($USER->newadminuser);
dd85cc81 101 redirect("$CFG->wwwroot/", get_string("changessaved"));
1f33691c 102 }
103 redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id", get_string("changessaved"));
a3447e10 104 } else {
003296c4 105 redirect("$CFG->wwwroot/$CFG->admin/user.php", get_string("changessaved"));
873960de 106 }
f9903ed0 107 } else {
108 error("Could not update the user record ($user->id)");
109 }
dc2590e5 110 }
f9903ed0 111 }
112
113/// Otherwise fill and print the form.
114
faebaf0f 115 $streditmyprofile = get_string("editmyprofile");
116 $strparticipants = get_string("participants");
117 $strnewuser = get_string("newuser");
8553b700 118
faebaf0f 119 if (($user->firstname and $user->lastname) or $newaccount) {
120 if ($newaccount) {
121 $userfullname = $strnewuser;
122 } else {
5fde0ca6 123 $userfullname = fullname($user, isteacher($course->id));
faebaf0f 124 }
7cbb4c96 125 if ($course->category) {
dc2590e5 126 print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile",
7cbb4c96 127 "<A HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A>
faebaf0f 128 -> <A HREF=\"index.php?id=$course->id\">$strparticipants</A>
7cbb4c96 129 -> <A HREF=\"view.php?id=$user->id&course=$course->id\">$userfullname</A>
faebaf0f 130 -> $streditmyprofile", "");
7cbb4c96 131 } else {
1f33691c 132 if (isset($USER->newadminuser)) {
133 print_header();
134 } else {
135 print_header("$course->shortname: $streditmyprofile", "$course->fullname",
136 "<A HREF=\"view.php?id=$user->id&course=$course->id\">$userfullname</A>
137 -> $streditmyprofile", "");
138 }
7cbb4c96 139 }
f9903ed0 140 } else {
faebaf0f 141 $userfullname = $strnewuser;
7cbb4c96 142 $straddnewuser = get_string("addnewuser");
143
144 $stradministration = get_string("administration");
dc2590e5 145 print_header("$course->shortname: $streditmyprofile", "$course->fullname",
55e4b5f9 146 "<a href=\"$CFG->wwwroot/$CFG->admin/\">$stradministration</a> -> ".
147 "<a href=\"$CFG->wwwroot/$CFG->admin/users.php\">$strusers</a> -> $straddnewuser", "");
f9903ed0 148 }
149
bda8d43a 150 $teacher = strtolower($course->teacher);
a3447e10 151 if (!isadmin()) {
152 $teacheronly = "(".get_string("teacheronly", "", $teacher).")";
9c9f7d77 153 } else {
154 $teacheronly = "";
a3447e10 155 }
bda8d43a 156
7cbb4c96 157 print_heading( get_string("userprofilefor", "", "$userfullname") );
1f33691c 158
159 if (isset($USER->newadminuser)) {
d2b6ba70 160 print_simple_box(get_string("configintroadmin"), "center", "50%");
1f33691c 161 echo "<br />";
162 }
163
4d0dde91 164 print_simple_box_start("center", "", "$THEME->cellheading");
9c9f7d77 165 if (!empty($err)) {
a406cdec 166 echo "<CENTER>";
167 notify(get_string("someerrorswerefound"));
168 echo "</CENTER>";
169 }
dc2590e5 170 include("edit.html");
f9903ed0 171 print_simple_box_end();
f9903ed0 172
1f33691c 173 if (!isset($USER->newadminuser)) {
174 print_footer($course);
175 }
176
177 exit;
f9903ed0 178
179
180
181/// FUNCTIONS ////////////////////
182
183function find_form_errors(&$user, &$usernew, &$err) {
184
a3447e10 185 if (isadmin()) {
2b25f2a0 186 if (empty($usernew->username)) {
a3447e10 187 $err["username"] = get_string("missingusername");
188
2b25f2a0 189 } else if (record_exists("user", "username", $usernew->username) and $user->username == "changeme") {
190 $err["username"] = get_string("usernameexists");
191
192 } else {
e6829515 193 $string = eregi_replace("[^(-\.[:alnum:])]", "", $usernew->username);
78e72ed1 194 if (strcmp($usernew->username, $string))
2b25f2a0 195 $err["username"] = get_string("alphanumerical");
196 }
197
ecac660c 198 if (empty($usernew->newpassword) and empty($user->password) and is_internal_auth() )
a3447e10 199 $err["newpassword"] = get_string("missingpassword");
e98e0915 200
09ba0c8a 201 if (($usernew->newpassword == "admin") or ($user->password == md5("admin") and empty($usernew->newpassword)) ) {
e98e0915 202 $err["newpassword"] = get_string("unsafepassword");
09ba0c8a 203 }
a3447e10 204 }
205
f9903ed0 206 if (empty($usernew->email))
8553b700 207 $err["email"] = get_string("missingemail");
f9903ed0 208
a3447e10 209 if (empty($usernew->description))
210 $err["description"] = get_string("missingdescription");
211
bda8d43a 212 if (empty($usernew->city))
8553b700 213 $err["city"] = get_string("missingcity");
bda8d43a 214
9c055aa5 215 if (empty($usernew->firstname))
216 $err["firstname"] = get_string("missingfirstname");
217
218 if (empty($usernew->lastname))
219 $err["lastname"] = get_string("missinglastname");
220
bda8d43a 221 if (empty($usernew->country))
8553b700 222 $err["country"] = get_string("missingcountry");
bda8d43a 223
a3447e10 224 if (! validate_email($usernew->email))
8553b700 225 $err["email"] = get_string("invalidemail");
f9903ed0 226
227 else if ($otheruser = get_record("user", "email", $usernew->email)) {
228 if ($otheruser->id <> $user->id) {
8553b700 229 $err["email"] = get_string("emailexists");
f9903ed0 230 }
231 }
232
233 $user->email = $usernew->email;
234
235 return count($err);
236}
237
238
239?>