New user tabs from Shane and myself ... these bring together the
[moodle.git] / user / edit.php
CommitLineData
1066e0dc 1<?php // $Id$
f9903ed0 2
dc2590e5 3 require_once("../config.php");
951b22a8 4 require_once("$CFG->libdir/gdlib.php");
f9903ed0 5
b6c93894 6 $id = optional_param('id', PARAM_INT); // user id
7 $course = optional_param('course', PARAM_INT); // course id
f9903ed0 8
e41ddc4b 9 if (empty($id)) { // See your own profile by default
10 require_login();
11 $id = $USER->id;
12 }
8f0cd6ef 13
e41ddc4b 14 if (empty($course)) { // See it at site level by default
15 $course = SITEID;
16 }
f971d502 17
f9903ed0 18 if (! $user = get_record("user", "id", $id)) {
19 error("User ID was incorrect");
20 }
21
22 if (! $course = get_record("course", "id", $course)) {
0087d8a6 23 error("Course ID was incorrect");
f9903ed0 24 }
25
2c104c01 26 if ($user->confirmed and user_not_fully_set_up($user)) {
8f0cd6ef 27 // Special case which can only occur when a new account
faebaf0f 28 // has just been created by EXTERNAL authentication
29 // This is the only page in Moodle that has the exception
30 // so that users can set up their accounts
31 $newaccount = true;
32
1066e0dc 33 if (empty($USER->id)) {
ea229804 34 error("Sessions don't seem to be working on this server!");
35 }
36
faebaf0f 37 } else {
38 $newaccount = false;
dc2590e5 39 require_login($course->id);
faebaf0f 40 }
f9903ed0 41
04981917 42 if ($USER->id <> $user->id) { // Current user editing someone else's profile
43 if (isadmin()) { // Current user is an admin
44 if ($mainadmin = get_admin()) {
45 if ($user->id == $mainadmin->id) { // Can't edit primary admin
46 print_error('adminprimarynoedit');
47 }
48 }
49 } else {
50 print_error('onlyeditown');
51 }
f9903ed0 52 }
53
603d4c72 54 if (isguest()) {
55 error("The guest user cannot edit their profile.");
56 }
57
a3447e10 58 if (isguest($user->id)) {
59 error("Sorry, the guest user cannot be edited.");
60 }
61
04981917 62
d35757eb 63 // load the relevant auth libraries
64 if ($user->auth) {
65 $auth = $user->auth;
66 if (!file_exists("$CFG->dirroot/auth/$auth/lib.php")) {
67 $auth = "manual"; // Can't find auth module, default to internal
68 }
69 require_once("$CFG->dirroot/auth/$auth/lib.php");
70 }
f9903ed0 71
d35757eb 72
f9903ed0 73/// If data submitted, then process and store.
74
dc2590e5 75 if ($usernew = data_submitted()) {
999beee0 76
1a86eccc 77 if (($USER->id <> $usernew->id) && !isadmin()) {
78 error("You can only edit your own information");
79 }
80
ab394456 81 if (isset($USER->username)) {
82 check_for_restricted_user($USER->username, "$CFG->wwwroot/course/view.php?id=$course->id");
83 }
84
b6c93894 85 // data cleanup
86 // username is validated in find_form_errors
87 $usernew->country = clean_param($usernew->country, PARAM_ALPHA);
88 $usernew->lang = clean_param($usernew->lang, PARAM_FILE);
89 $usernew->url = clean_param($usernew->url, PARAM_URL);
90 $usernew->icq = clean_param($usernew->icq, PARAM_INT);
766d2bf3 91 if (!$usernew->icq) {
92 $usernew->icq = '';
93 }
94 $usernew->skype = clean_param($usernew->skype, PARAM_CLEAN);
95 $usernew->yahoo = clean_param($usernew->yahoo, PARAM_CLEAN);
96 $usernew->aim = clean_param($usernew->aim, PARAM_CLEAN);
97 $usernew->msn = clean_param($usernew->msn, PARAM_CLEAN);
b6c93894 98
99 $usernew->maildisplay = clean_param($usernew->maildisplay, PARAM_INT);
100 $usernew->mailformat = clean_param($usernew->mailformat, PARAM_INT);
101 $usernew->maildigest = clean_param($usernew->maildigest, PARAM_INT);
102 $usernew->autosubscribe = clean_param($usernew->autosubscribe, PARAM_INT);
103 $usernew->htmleditor = clean_param($usernew->htmleditor, PARAM_INT);
104 $usernew->emailstop = clean_param($usernew->emailstop, PARAM_INT);
105
999beee0 106 foreach ($usernew as $key => $data) {
6acfbb43 107 $usernew->$key = addslashes(clean_text(stripslashes($usernew->$key), FORMAT_MOODLE));
999beee0 108 }
109
9d05e261 110 $usernew->firstname = trim(strip_tags($usernew->firstname));
111 $usernew->lastname = trim(strip_tags($usernew->lastname));
999beee0 112
dc2590e5 113 if (isset($usernew->username)) {
114 $usernew->username = trim(moodle_strtolower($usernew->username));
115 }
116
de38e262 117
81d425b4 118 require_once($CFG->dirroot.'/lib/uploadlib.php');
96038147 119 $um = new upload_manager('imagefile',false,false,null,false,0,true,true);
81d425b4 120
d35757eb 121 if (find_form_errors($user, $usernew, $err, $um)) {
81d425b4 122 if (empty($err['imagefile']) && $usernew->picture = save_profile_image($user->id, $um,'users')) {
1aacb503 123 set_field('user', 'picture', $usernew->picture, 'id', $user->id); /// Note picture in DB
ec67cbf2 124 } else {
125 if (!empty($usernew->deletepicture)) {
126 set_field('user', 'picture', 0, 'id', $user->id); /// Delete picture
127 $usernew->picture = 0;
128 }
a406cdec 129 }
130
b36a8fc4 131 $usernew->auth = $user->auth;
a3447e10 132 $user = $usernew;
133
134 } else {
dc2590e5 135 $timenow = time();
b36a8fc4 136
81d425b4 137 if (!$usernew->picture = save_profile_image($user->id,$um,'users')) {
ec67cbf2 138 if (!empty($usernew->deletepicture)) {
139 set_field('user', 'picture', 0, 'id', $user->id); /// Delete picture
140 $usernew->picture = 0;
141 } else {
142 $usernew->picture = $user->picture;
143 }
f9903ed0 144 }
8f0cd6ef 145
f9903ed0 146 $usernew->timemodified = time();
8f0cd6ef 147
a3447e10 148 if (isadmin()) {
f0eec3b6 149 if (!empty($usernew->newpassword)) {
a3447e10 150 $usernew->password = md5($usernew->newpassword);
d35757eb 151 // update external passwords
152 if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) {
a3f1f815 153 if (function_exists('auth_user_update_password')){
d35757eb 154 if (!auth_user_update_password($user->username, $usernew->newpassword)){
155 error('Failed to update password on external auth: ' . $user->auth .
156 '. See the server logs for more details.');
157 }
158 } else {
159 error('Your external authentication module is misconfigued!');
160 }
161 }
a3f1f815 162 }
163 // store forcepasswordchange in user's preferences
6eb3e776 164 if (!empty($usernew->forcepasswordchange)){
a3f1f815 165 set_user_preference('auth_forcepasswordchange', 1, $user->id);
166 } else {
6eb3e776 167 unset_user_preference('auth_forcepasswordchange', $user->id);
a3447e10 168 }
169 } else {
170 if (isset($usernew->newpassword)) {
171 error("You can not change the password like that");
172 }
173 }
ef9955b0 174 if ($usernew->url and !(substr($usernew->url, 0, 4) == "http")) {
175 $usernew->url = "http://".$usernew->url;
176 }
873960de 177
f9903ed0 178 if (update_record("user", $usernew)) {
b36a8fc4 179 if (function_exists("auth_user_update")){
180 // pass a true $userold here
181 auth_user_update($userold, $usernew);
182 };
183
bb64b51a 184 if ($userold->email != $usernew->email) {
185 set_bounce_count($usernew,true);
186 set_send_count($usernew,true);
187 }
188
d35757eb 189 add_to_log($course->id, "user", "update", "view.php?id=$user->id&course=$course->id", "");
873960de 190
a3447e10 191 if ($user->id == $USER->id) {
192 // Copy data into $USER session variable
193 $usernew = (array)$usernew;
194 foreach ($usernew as $variable => $value) {
521d04cf 195 $USER->$variable = stripslashes($value);
a3447e10 196 }
1f33691c 197 if (isset($USER->newadminuser)) {
198 unset($USER->newadminuser);
dd85cc81 199 redirect("$CFG->wwwroot/", get_string("changessaved"));
1f33691c 200 }
8f0cd6ef 201 redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id", get_string("changessaved"));
a3447e10 202 } else {
003296c4 203 redirect("$CFG->wwwroot/$CFG->admin/user.php", get_string("changessaved"));
873960de 204 }
f9903ed0 205 } else {
206 error("Could not update the user record ($user->id)");
207 }
dc2590e5 208 }
f9903ed0 209 }
8f0cd6ef 210
f9903ed0 211/// Otherwise fill and print the form.
212
faebaf0f 213 $streditmyprofile = get_string("editmyprofile");
214 $strparticipants = get_string("participants");
215 $strnewuser = get_string("newuser");
8553b700 216
bb64b51a 217 if (over_bounce_threshold($user) && empty($err['email'])) {
218 $err['email'] = get_string('toomanybounces');
219 }
220
faebaf0f 221 if (($user->firstname and $user->lastname) or $newaccount) {
222 if ($newaccount) {
223 $userfullname = $strnewuser;
224 } else {
5fde0ca6 225 $userfullname = fullname($user, isteacher($course->id));
faebaf0f 226 }
7cbb4c96 227 if ($course->category) {
dc2590e5 228 print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile",
8f0cd6ef 229 "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a>
031c49fa 230 -> <a href=\"index.php?id=$course->id\">$strparticipants</a>
8f0cd6ef 231 -> <a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a>
faebaf0f 232 -> $streditmyprofile", "");
7cbb4c96 233 } else {
1f33691c 234 if (isset($USER->newadminuser)) {
235 print_header();
236 } else {
237 print_header("$course->shortname: $streditmyprofile", "$course->fullname",
8f0cd6ef 238 "<a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a>
1f33691c 239 -> $streditmyprofile", "");
240 }
7cbb4c96 241 }
f9903ed0 242 } else {
faebaf0f 243 $userfullname = $strnewuser;
7cbb4c96 244 $straddnewuser = get_string("addnewuser");
245
246 $stradministration = get_string("administration");
dc2590e5 247 print_header("$course->shortname: $streditmyprofile", "$course->fullname",
55e4b5f9 248 "<a href=\"$CFG->wwwroot/$CFG->admin/\">$stradministration</a> -> ".
249 "<a href=\"$CFG->wwwroot/$CFG->admin/users.php\">$strusers</a> -> $straddnewuser", "");
f9903ed0 250 }
251
f9a0ea69 252
253/// Print tabs at top
254/// This same call is made in:
255/// /user/view.php
256/// /user/edit.php
257/// /course/user.php
258 $currenttab = 'editprofile';
259 include('tabs.php');
260
261
262
bda8d43a 263 $teacher = strtolower($course->teacher);
a3447e10 264 if (!isadmin()) {
265 $teacheronly = "(".get_string("teacheronly", "", $teacher).")";
9c9f7d77 266 } else {
267 $teacheronly = "";
a3447e10 268 }
bda8d43a 269
1f33691c 270 if (isset($USER->newadminuser)) {
6f07ab64 271 print_simple_box(get_string("configintroadmin", 'admin'), "center", "50%");
1f33691c 272 echo "<br />";
273 }
274
b77c41c1 275 print_simple_box_start("center");
a3f1f815 276
9c9f7d77 277 if (!empty($err)) {
d35757eb 278 echo "<center>";
279 notify(get_string("someerrorswerefound"));
280 echo "</center>";
a406cdec 281 }
a3f1f815 282
dc2590e5 283 include("edit.html");
a3f1f815 284
285 if (!isadmin()) { /// Lock all the locked fields using Javascript
286 $fields = get_user_fieldnames();
287
288 echo '<script type="text/javascript">'."\n";
289 echo '<!--'."\n";
290
291 foreach ($fields as $field) {
292 $configvariable = 'auth_user_'.$field.'_editlock';
293 if (!empty($CFG->$configvariable)) {
294 echo "eval('document.form.$field.disabled=true');\n";
295 }
296 }
297
298 echo '-->'."\n";
299 echo '</script>'."\n";
300 }
301
f9903ed0 302 print_simple_box_end();
f9903ed0 303
1f33691c 304 if (!isset($USER->newadminuser)) {
305 print_footer($course);
306 }
307
308 exit;
f9903ed0 309
310
311
312/// FUNCTIONS ////////////////////
313
81d425b4 314function find_form_errors(&$user, &$usernew, &$err, &$um) {
c9ca1fa5 315 global $CFG;
f9903ed0 316
a3447e10 317 if (isadmin()) {
2b25f2a0 318 if (empty($usernew->username)) {
a3447e10 319 $err["username"] = get_string("missingusername");
320
2b25f2a0 321 } else if (record_exists("user", "username", $usernew->username) and $user->username == "changeme") {
d35757eb 322 $err["username"] = get_string("usernameexists");
2b25f2a0 323
324 } else {
c9ca1fa5 325 if (empty($CFG->extendedusernamechars)) {
326 $string = eregi_replace("[^(-\.[:alnum:])]", "", $usernew->username);
327 if (strcmp($usernew->username, $string)) {
328 $err["username"] = get_string("alphanumerical");
329 }
330 }
2b25f2a0 331 }
332
ecac660c 333 if (empty($usernew->newpassword) and empty($user->password) and is_internal_auth() )
a3447e10 334 $err["newpassword"] = get_string("missingpassword");
e98e0915 335
09ba0c8a 336 if (($usernew->newpassword == "admin") or ($user->password == md5("admin") and empty($usernew->newpassword)) ) {
e98e0915 337 $err["newpassword"] = get_string("unsafepassword");
09ba0c8a 338 }
a3447e10 339 }
340
f9903ed0 341 if (empty($usernew->email))
8553b700 342 $err["email"] = get_string("missingemail");
f9903ed0 343
bb64b51a 344 if (over_bounce_threshold($user) && $user->email == $usernew->email)
345 $err['email'] = get_string('toomanybounces');
346
87f3a895 347 if (empty($usernew->description) and !isadmin())
a3447e10 348 $err["description"] = get_string("missingdescription");
349
bda8d43a 350 if (empty($usernew->city))
8553b700 351 $err["city"] = get_string("missingcity");
bda8d43a 352
9c055aa5 353 if (empty($usernew->firstname))
354 $err["firstname"] = get_string("missingfirstname");
355
356 if (empty($usernew->lastname))
357 $err["lastname"] = get_string("missinglastname");
358
bda8d43a 359 if (empty($usernew->country))
8553b700 360 $err["country"] = get_string("missingcountry");
bda8d43a 361
21f01485 362 if (! validate_email($usernew->email)) {
8553b700 363 $err["email"] = get_string("invalidemail");
f9903ed0 364
21f01485 365 } else if ($otheruser = get_record("user", "email", $usernew->email)) {
f9903ed0 366 if ($otheruser->id <> $user->id) {
8553b700 367 $err["email"] = get_string("emailexists");
f9903ed0 368 }
369 }
8f0cd6ef 370
21f01485 371 if (empty($err["email"]) and !isadmin()) {
85a1d4c9 372 if ($error = email_is_not_allowed($usernew->email)) {
373 $err["email"] = $error;
21f01485 374 }
375 }
a3f1f815 376
81d425b4 377 if (!$um->preprocess_files()) {
378 $err['imagefile'] = $um->notify;
379 }
f9903ed0 380
a3f1f815 381 if (!isadmin()) { /// Make sure that locked fields are not being edited
382 $fields = get_user_fieldnames();
383
384 foreach ($fields as $field) {
385 $configvariable = 'auth_user_'.$field.'_editlock';
386 if (!empty($CFG->$configvariable)) {
387 if ($user->$field !== $usernew->$field) {
388 $err[$field] = get_string("editlock");
389 }
390 }
391 }
d35757eb 392 }
393
f9903ed0 394 $user->email = $usernew->email;
395
396 return count($err);
397}
398
399
400?>