[moodle.git] / user / edit.php

<?PHP // $Id$

	require_once("../config.php");
	require_once("../lib/countries.php");
	require_once("lib.php");

    require_variable($id);       // user id
    require_variable($course);   // course id

    if (! $user = get_record("user", "id", $id)) {
        error("User ID was incorrect");
    }

    if (! $course = get_record("course", "id", $course)) {
        error("Course ID was incorrect");
    }

    if ($user->confirmed and user_not_fully_set_up($user)) {
        // Special case which can only occur when a new account 
        // has just been created by EXTERNAL authentication
        // This is the only page in Moodle that has the exception
        // so that users can set up their accounts
        $newaccount  = true;

    } else {
        $newaccount  = false;
	    require_login($course->id);
    }

    if ($USER->id <> $user->id and !isadmin()) {
        error("You can only edit your own information");
    }

    if (isguest()) {
        error("The guest user cannot edit their profile.");
    }

    if (isguest($user->id)) {
        error("Sorry, the guest user cannot be edited.");
    }


/// If data submitted, then process and store.

	if ($usernew = data_submitted()) {
        $usernew->firstname = strip_tags($usernew->firstname);
        $usernew->lastname  = strip_tags($usernew->lastname);
        $usernew->username = trim(moodle_strtolower($usernew->username));
        if (empty($_FILES['imagefile'])) {
            $_FILES['imagefile'] = NULL;    // To avoid using uninitialised variable later
        }

        if (find_form_errors($user, $usernew, $err)) {
            if ($filename = valid_uploaded_file($_FILES['imagefile'])) { 
                $usernew->picture = save_user_image($user->id, $filename);
            }

            $user = $usernew;

        } else {
		    $timenow = time();

            if ($filename = valid_uploaded_file($_FILES['imagefile'])) { 
                $usernew->picture = save_user_image($user->id, $filename);
            } else {
                $usernew->picture = $user->picture;
            }
    
            $usernew->timemodified = time();

            if (isadmin()) {
                if ($usernew->newpassword) {
                    $usernew->password = md5($usernew->newpassword);
                }
            } else {
                if (isset($usernew->newpassword)) {
                    error("You can not change the password like that");
                }
            }
            if ($usernew->url and !(substr($usernew->url, 0, 4) == "http")) {
                $usernew->url = "http://".$usernew->url;
            }

            if (update_record("user", $usernew)) {
                add_to_log($course->id, "user", "update", "view.php?id=$user->id&course=$course->id", "");

                if ($user->id == $USER->id) {
                    // Copy data into $USER session variable
                    $usernew = (array)$usernew;
                    foreach ($usernew as $variable => $value) {
                        $USER->$variable = $value;
                    }
		            redirect("view.php?id=$user->id&course=$course->id", get_string("changessaved"));
                } else {
		            redirect("../admin/user.php", get_string("changessaved"));
                }
            } else {
                error("Could not update the user record ($user->id)");
            }
	    }
    }
    
/// Otherwise fill and print the form.

    $streditmyprofile = get_string("editmyprofile");
    $strparticipants = get_string("participants");
    $strnewuser = get_string("newuser");

    if (($user->firstname and $user->lastname) or $newaccount) {
        if ($newaccount) {
            $userfullname = $strnewuser;
        } else {
            $userfullname = "$user->firstname $user->lastname";
        }
        if ($course->category) {
	        print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile",
                        "<A HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A> 
                        -> <A HREF=\"index.php?id=$course->id\">$strparticipants</A>
                        -> <A HREF=\"view.php?id=$user->id&course=$course->id\">$userfullname</A> 
                        -> $streditmyprofile", "");
        } else {
	        print_header("$course->shortname: $streditmyprofile", "$course->fullname",
                         "<A HREF=\"view.php?id=$user->id&course=$course->id\">$userfullname</A> 
                          -> $streditmyprofile", "");
        }
    } else {
        $userfullname = $strnewuser;
        $straddnewuser = get_string("addnewuser");

        $stradministration = get_string("administration");
	    print_header("$course->shortname: $streditmyprofile", "$course->fullname",
                     "<A HREF=\"$CFG->wwwroot/admin\">$stradministration</A> ->
                      $straddnewuser", "");
    }

    $teacher = strtolower($course->teacher);
    if (!isadmin()) {
        $teacheronly = "(".get_string("teacheronly", "", $teacher).")";
    } else {
        $teacheronly = "";
    }

    print_heading( get_string("userprofilefor", "", "$userfullname") );
    print_simple_box_start("center", "", "$THEME->cellheading");
    if (!empty($err)) {
       echo "<CENTER>";
       notify(get_string("someerrorswerefound"));
       echo "</CENTER>";
    }
	include("edit.html");
    print_simple_box_end();
    print_footer($course);


/// FUNCTIONS ////////////////////

function find_form_errors(&$user, &$usernew, &$err) {

    if (isadmin()) {
        if (empty($usernew->username)) {
            $err["username"] = get_string("missingusername");

        } else if (record_exists("user", "username", $usernew->username) and $user->username == "changeme") {
                $err["username"] = get_string("usernameexists");

        } else {
            $string = eregi_replace("[^(-\.[:alnum:])]", "", $usernew->username);
            if (strcmp($usernew->username, $string)) 
                $err["username"] = get_string("alphanumerical");
        }

        if (empty($usernew->newpassword) and empty($user->password))
            $err["newpassword"] = get_string("missingpassword");

        if (($usernew->newpassword == "admin") or ($user->password == md5("admin") and empty($usernew->newpassword)) ) {
            $err["newpassword"] = get_string("unsafepassword");
        }
    }

    if (empty($usernew->email))
        $err["email"] = get_string("missingemail");

    if (empty($usernew->description))
        $err["description"] = get_string("missingdescription");

    if (empty($usernew->city))
        $err["city"] = get_string("missingcity");

    if (empty($usernew->firstname))
        $err["firstname"] = get_string("missingfirstname");

    if (empty($usernew->lastname))
        $err["lastname"] = get_string("missinglastname");

    if (empty($usernew->country))
        $err["country"] = get_string("missingcountry");

    if (! validate_email($usernew->email))
        $err["email"] = get_string("invalidemail");

    else if ($otheruser = get_record("user", "email", $usernew->email)) {
        if ($otheruser->id <> $user->id) {
            $err["email"] = get_string("emailexists");
        }
    }

    $user->email = $usernew->email;

    return count($err);
}


?>
Commit	Line	Data
f9903ed0	1	<?PHP // $Id$
f9903ed0	2
b0e3a925	3	require_once("../config.php");
	4	require_once("../lib/countries.php");
	5	require_once("lib.php");
f9903ed0	6
	7	require_variable($id); // user id
	8	require_variable($course); // course id
	9
	10	if (! $user = get_record("user", "id", $id)) {
	11	error("User ID was incorrect");
	12	}
	13
	14	if (! $course = get_record("course", "id", $course)) {
0087d8a6	15	error("Course ID was incorrect");
f9903ed0	16	}
f9903ed0	17
2c104c01	18	if ($user->confirmed and user_not_fully_set_up($user)) {
faebaf0f	19	// Special case which can only occur when a new account
	20	// has just been created by EXTERNAL authentication
	21	// This is the only page in Moodle that has the exception
	22	// so that users can set up their accounts
	23	$newaccount = true;
	24
	25	} else {
	26	$newaccount = false;
	27	require_login($course->id);
	28	}
f9903ed0	29
a3447e10	30	if ($USER->id <> $user->id and !isadmin()) {
f9903ed0	31	error("You can only edit your own information");
	32	}
	33
603d4c72	34	if (isguest()) {
	35	error("The guest user cannot edit their profile.");
	36	}
	37
a3447e10	38	if (isguest($user->id)) {
	39	error("Sorry, the guest user cannot be edited.");
	40	}
	41
f9903ed0	42
	43	/// If data submitted, then process and store.
	44
36b4f985	45	if ($usernew = data_submitted()) {
a3447e10	46	$usernew->firstname = strip_tags($usernew->firstname);
a3447e10	47	$usernew->lastname = strip_tags($usernew->lastname);
1e22bc9c	48	$usernew->username = trim(moodle_strtolower($usernew->username));
de38e262	49	if (empty($_FILES['imagefile'])) {
	50	$_FILES['imagefile'] = NULL; // To avoid using uninitialised variable later
	51	}
	52
b913b369	53	if (find_form_errors($user, $usernew, $err)) {
607809b3	54	if ($filename = valid_uploaded_file($_FILES['imagefile'])) {
a406cdec	55	$usernew->picture = save_user_image($user->id, $filename);
	56	}
	57
a3447e10	58	$user = $usernew;
	59
	60	} else {
f9903ed0	61	$timenow = time();
f9903ed0	62
607809b3	63	if ($filename = valid_uploaded_file($_FILES['imagefile'])) {
a406cdec	64	$usernew->picture = save_user_image($user->id, $filename);
f9903ed0	65	} else {
	66	$usernew->picture = $user->picture;
	67	}
	68
	69	$usernew->timemodified = time();
	70
a3447e10	71	if (isadmin()) {
	72	if ($usernew->newpassword) {
	73	$usernew->password = md5($usernew->newpassword);
	74	}
	75	} else {
	76	if (isset($usernew->newpassword)) {
	77	error("You can not change the password like that");
	78	}
	79	}
ef9955b0	80	if ($usernew->url and !(substr($usernew->url, 0, 4) == "http")) {
	81	$usernew->url = "http://".$usernew->url;
	82	}
873960de	83
f9903ed0	84	if (update_record("user", $usernew)) {
253ae7db	85	add_to_log($course->id, "user", "update", "view.php?id=$user->id&course=$course->id", "");
873960de	86
a3447e10	87	if ($user->id == $USER->id) {
	88	// Copy data into $USER session variable
	89	$usernew = (array)$usernew;
	90	foreach ($usernew as $variable => $value) {
	91	$USER->$variable = $value;
	92	}
a8b7b661	93	redirect("view.php?id=$user->id&course=$course->id", get_string("changessaved"));
a3447e10	94	} else {
a8b7b661	95	redirect("../admin/user.php", get_string("changessaved"));
873960de	96	}
f9903ed0	97	} else {
	98	error("Could not update the user record ($user->id)");
	99	}
	100	}
	101	}
	102
	103	/// Otherwise fill and print the form.
	104
faebaf0f	105	$streditmyprofile = get_string("editmyprofile");
	106	$strparticipants = get_string("participants");
	107	$strnewuser = get_string("newuser");
8553b700	108
faebaf0f	109	if (($user->firstname and $user->lastname) or $newaccount) {
	110	if ($newaccount) {
	111	$userfullname = $strnewuser;
	112	} else {
	113	$userfullname = "$user->firstname $user->lastname";
	114	}
7cbb4c96	115	if ($course->category) {
dfb6e4ac	116	print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile",
7cbb4c96	117	"<A HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A>
faebaf0f	118	-> <A HREF=\"index.php?id=$course->id\">$strparticipants</A>
7cbb4c96	119	-> <A HREF=\"view.php?id=$user->id&course=$course->id\">$userfullname</A>
faebaf0f	120	-> $streditmyprofile", "");
7cbb4c96	121	} else {
dfb6e4ac	122	print_header("$course->shortname: $streditmyprofile", "$course->fullname",
7cbb4c96	123	"<A HREF=\"view.php?id=$user->id&course=$course->id\">$userfullname</A>
faebaf0f	124	-> $streditmyprofile", "");
7cbb4c96	125	}
f9903ed0	126	} else {
faebaf0f	127	$userfullname = $strnewuser;
7cbb4c96	128	$straddnewuser = get_string("addnewuser");
	129
	130	$stradministration = get_string("administration");
dfb6e4ac	131	print_header("$course->shortname: $streditmyprofile", "$course->fullname",
7cbb4c96	132	"<A HREF=\"$CFG->wwwroot/admin\">$stradministration</A> ->
7cbb4c96	133	$straddnewuser", "");
f9903ed0	134	}
f9903ed0	135
bda8d43a	136	$teacher = strtolower($course->teacher);
a3447e10	137	if (!isadmin()) {
a3447e10	138	$teacheronly = "(".get_string("teacheronly", "", $teacher).")";
9c9f7d77	139	} else {
9c9f7d77	140	$teacheronly = "";
a3447e10	141	}
bda8d43a	142
7cbb4c96	143	print_heading( get_string("userprofilefor", "", "$userfullname") );
4d0dde91	144	print_simple_box_start("center", "", "$THEME->cellheading");
9c9f7d77	145	if (!empty($err)) {
a406cdec	146	echo "<CENTER>";
	147	notify(get_string("someerrorswerefound"));
	148	echo "</CENTER>";
	149	}
f9903ed0	150	include("edit.html");
f9903ed0	151	print_simple_box_end();
f9903ed0	152	print_footer($course);
	153
	154
	155
	156
	157	/// FUNCTIONS ////////////////////
	158
	159	function find_form_errors(&$user, &$usernew, &$err) {
	160
a3447e10	161	if (isadmin()) {
2b25f2a0	162	if (empty($usernew->username)) {
a3447e10	163	$err["username"] = get_string("missingusername");
a3447e10	164
2b25f2a0	165	} else if (record_exists("user", "username", $usernew->username) and $user->username == "changeme") {
	166	$err["username"] = get_string("usernameexists");
	167
	168	} else {
e6829515	169	$string = eregi_replace("[^(-\.[:alnum:])]", "", $usernew->username);
78e72ed1	170	if (strcmp($usernew->username, $string))
2b25f2a0	171	$err["username"] = get_string("alphanumerical");
	172	}
	173
a3447e10	174	if (empty($usernew->newpassword) and empty($user->password))
a3447e10	175	$err["newpassword"] = get_string("missingpassword");
e98e0915	176
09ba0c8a	177	if (($usernew->newpassword == "admin") or ($user->password == md5("admin") and empty($usernew->newpassword)) ) {
e98e0915	178	$err["newpassword"] = get_string("unsafepassword");
09ba0c8a	179	}
a3447e10	180	}
a3447e10	181
f9903ed0	182	if (empty($usernew->email))
8553b700	183	$err["email"] = get_string("missingemail");
f9903ed0	184
a3447e10	185	if (empty($usernew->description))
	186	$err["description"] = get_string("missingdescription");
	187
bda8d43a	188	if (empty($usernew->city))
8553b700	189	$err["city"] = get_string("missingcity");
bda8d43a	190
9c055aa5	191	if (empty($usernew->firstname))
	192	$err["firstname"] = get_string("missingfirstname");
	193
	194	if (empty($usernew->lastname))
	195	$err["lastname"] = get_string("missinglastname");
	196
bda8d43a	197	if (empty($usernew->country))
8553b700	198	$err["country"] = get_string("missingcountry");
bda8d43a	199
a3447e10	200	if (! validate_email($usernew->email))
8553b700	201	$err["email"] = get_string("invalidemail");
f9903ed0	202
	203	else if ($otheruser = get_record("user", "email", $usernew->email)) {
	204	if ($otheruser->id <> $user->id) {
8553b700	205	$err["email"] = get_string("emailexists");
f9903ed0	206	}
	207	}
	208
	209	$user->email = $usernew->email;
	210
	211	return count($err);
	212	}
	213
	214
	215	?>