MDL-41176 do not set description and pw fields in $USER when editing own profile
[moodle.git] / user / editadvanced.php
CommitLineData
ce221eb5 1<?php
2
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18/**
19 * Allows you to edit a users profile
20 *
21 * @copyright 1999 Martin Dougiamas http://dougiamas.com
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 * @package user
24 */
25
26require_once('../config.php');
27require_once($CFG->libdir.'/gdlib.php');
28require_once($CFG->libdir.'/adminlib.php');
29require_once($CFG->dirroot.'/user/editadvanced_form.php');
30require_once($CFG->dirroot.'/user/editlib.php');
31require_once($CFG->dirroot.'/user/profile/lib.php');
bb78e249 32require_once($CFG->dirroot.'/user/lib.php');
ce221eb5 33
17c70aa0
PS
34//HTTPS is required in this page when $CFG->loginhttps enabled
35$PAGE->https_required();
ce221eb5 36
37$id = optional_param('id', $USER->id, PARAM_INT); // user id; -1 if creating new user
38$course = optional_param('course', SITEID, PARAM_INT); // course id (defaults to Site)
39
17c70aa0 40$PAGE->set_url('/user/editadvanced.php', array('course'=>$course, 'id'=>$id));
ce221eb5 41
74df2951 42$course = $DB->get_record('course', array('id'=>$course), '*', MUST_EXIST);
3406acde 43
ce221eb5 44if (!empty($USER->newadminuser)) {
45 $PAGE->set_course($SITE);
78946b9b 46 $PAGE->set_pagelayout('maintenance');
ce221eb5 47} else {
48 require_login($course);
3406acde 49 $PAGE->set_pagelayout('admin');
ce221eb5 50}
51
52if ($course->id == SITEID) {
43731030 53 $coursecontext = context_system::instance(); // SYSTEM context
ce221eb5 54} else {
43731030 55 $coursecontext = context_course::instance($course->id); // Course context
ce221eb5 56}
43731030 57$systemcontext = context_system::instance();
ce221eb5 58
59if ($id == -1) {
60 // creating new user
bf718f50 61 $user = new stdClass();
ce221eb5 62 $user->id = -1;
6b8ad965 63 $user->auth = 'manual';
ce221eb5 64 $user->confirmed = 1;
65 $user->deleted = 0;
3406acde
SH
66 require_capability('moodle/user:create', $systemcontext);
67 admin_externalpage_setup('addnewuser', '', array('id' => -1));
ce221eb5 68} else {
69 // editing existing user
70 require_capability('moodle/user:update', $systemcontext);
3406acde 71 $user = $DB->get_record('user', array('id'=>$id), '*', MUST_EXIST);
43731030 72 $PAGE->set_context(context_user::instance($user->id));
5ac851fb
SH
73 if ($user->id == $USER->id) {
74 if ($course->id != SITEID && $node = $PAGE->navigation->find($course->id, navigation_node::TYPE_COURSE)) {
75 $node->make_active();
76 $PAGE->navbar->includesettingsbase = true;
77 }
78 } else {
79 $PAGE->navigation->extend_for_user($user);
80 }
ce221eb5 81}
ad6226fb 82
ce221eb5 83// remote users cannot be edited
84if ($user->id != -1 and is_mnet_remote_user($user)) {
85 redirect($CFG->wwwroot . "/user/view.php?id=$id&course={$course->id}");
86}
ad6226fb 87
4f622c38
PS
88if ($user->id != $USER->id and is_siteadmin($user) and !is_siteadmin($USER)) { // Only admins may edit other admins
89 print_error('useradmineditadmin');
ce221eb5 90}
ad6226fb 91
ce221eb5 92if (isguestuser($user->id)) { // the real guest user can not be edited
93 print_error('guestnoeditprofileother');
94}
ad6226fb 95
ce221eb5 96if ($user->deleted) {
97 echo $OUTPUT->header();
98 echo $OUTPUT->heading(get_string('userdeleted'));
99 echo $OUTPUT->footer();
100 die;
101}
102
ce221eb5 103//load user preferences
104useredit_load_preferences($user);
105
106//Load custom profile fields data
107profile_load_data($user);
108
109//User interests
110if (!empty($CFG->usetags)) {
111 require_once($CFG->dirroot.'/tag/lib.php');
112 $user->interests = tag_get_tags_array('user', $id);
113}
114
8bdc9cac 115if ($user->id !== -1) {
43731030 116 $usercontext = context_user::instance($user->id);
e9de1cf4
RT
117 $editoroptions = array(
118 'maxfiles' => EDITOR_UNLIMITED_FILES,
119 'maxbytes' => $CFG->maxbytes,
120 'trusttext' => false,
121 'forcehttps' => false,
122 'context' => $usercontext
123 );
124
64f93798 125 $user = file_prepare_standard_editor($user, 'description', $editoroptions, $usercontext, 'user', 'profile', 0);
8bdc9cac 126} else {
4f0c2d00 127 $usercontext = null;
8bdc9cac 128 // This is a new user, we don't want to add files here
dedb69a2
RT
129 $editoroptions = array(
130 'maxfiles'=>0,
131 'maxbytes'=>0,
132 'trusttext'=>false,
133 'forcehttps'=>false,
134 'context' => $coursecontext
135 );
8bdc9cac
SH
136}
137
4e782b32
RT
138// Prepare filemanager draft area.
139$draftitemid = 0;
140$filemanagercontext = $editoroptions['context'];
141$filemanageroptions = array('maxbytes' => $CFG->maxbytes,
142 'subdirs' => 0,
143 'maxfiles' => 1,
144 'accepted_types' => 'web_image');
145file_prepare_draft_area($draftitemid, $filemanagercontext->id, 'user', 'newicon', 0, $filemanageroptions);
146$user->imagefile = $draftitemid;
ce221eb5 147//create form
4e782b32
RT
148$userform = new user_editadvanced_form(null, array(
149 'editoroptions' => $editoroptions,
fc3aa0fb
RT
150 'filemanageroptions' => $filemanageroptions,
151 'userid' => $user->id));
ce221eb5 152$userform->set_data($user);
153
154if ($usernew = $userform->get_data()) {
ce221eb5 155
156 if (empty($usernew->auth)) {
157 //user editing self
158 $authplugin = get_auth_plugin($user->auth);
159 unset($usernew->auth); //can not change/remove
160 } else {
161 $authplugin = get_auth_plugin($usernew->auth);
1e1c51a3 162 }
6b8ad965
PS
163
164 $usernew->timemodified = time();
4d6f35ce 165 $createpassword = false;
ad6226fb 166
ce221eb5 167 if ($usernew->id == -1) {
168 //TODO check out if it makes sense to create account with this auth plugin and what to do with the password
169 unset($usernew->id);
4d6f35ce 170 $createpassword = !empty($usernew->createpassword);
483b6804 171 unset($usernew->createpassword);
64f93798 172 $usernew = file_postupdate_standard_editor($usernew, 'description', $editoroptions, null, 'user', 'profile', null);
ce221eb5 173 $usernew->mnethostid = $CFG->mnet_localhost_id; // always local user
d3d393ab
RW
174 $usernew->confirmed = 1;
175 $usernew->timecreated = time();
4d6f35ce 176 if ($createpassword) {
483b6804
PS
177 $usernew->password = '';
178 } else {
179 $usernew->password = hash_internal_user_password($usernew->newpassword);
180 }
bb78e249 181 $usernew->id = user_create_user($usernew, false);
ce221eb5 182 } else {
64f93798 183 $usernew = file_postupdate_standard_editor($usernew, 'description', $editoroptions, $usercontext, 'user', 'profile', 0);
bb78e249
RT
184 // Pass a true old $user here.
185 if (!$authplugin->user_update($user, $usernew)) {
186 // Auth update failed.
ce221eb5 187 print_error('cannotupdateuseronexauth', '', '', $user->auth);
d8734783 188 }
bb78e249 189 user_update_user($usernew, false);
ad6226fb 190
ce221eb5 191 //set new password if specified
192 if (!empty($usernew->newpassword)) {
193 if ($authplugin->can_change_password()) {
194 if (!$authplugin->user_update_password($usernew, $usernew->newpassword)){
195 print_error('cannotupdatepasswordonextauth', '', '', $usernew->auth);
ad6226fb 196 }
8bdb31ed 197 unset_user_preference('create_password', $usernew); // prevent cron from generating the password
ad6226fb 198 }
199 }
4ad72c28
PS
200
201 // force logout if user just suspended
202 if (isset($usernew->suspended) and $usernew->suspended and !$user->suspended) {
d79d5ac2 203 \core\session\manager::kill_user_sessions($user->id);
4ad72c28 204 }
ce221eb5 205 }
ad6226fb 206
43731030 207 $usercontext = context_user::instance($usernew->id);
98bc6446 208
ce221eb5 209 //update preferences
210 useredit_update_user_preference($usernew);
ad6226fb 211
ce221eb5 212 // update tags
de2d81fa 213 if (!empty($CFG->usetags) and empty($USER->newadminuser)) {
ce221eb5 214 useredit_update_interests($usernew, $usernew->interests);
215 }
1e1c51a3 216
ce221eb5 217 //update user picture
689096bc 218 if (empty($USER->newadminuser)) {
4e782b32 219 useredit_update_picture($usernew, $userform, $filemanageroptions);
ce221eb5 220 }
ad6226fb 221
ce221eb5 222 // update mail bounces
223 useredit_update_bounces($user, $usernew);
ad6226fb 224
ce221eb5 225 // update forum track preference
226 useredit_update_trackforums($user, $usernew);
ad6226fb 227
ce221eb5 228 // save custom profile fields data
229 profile_save_data($usernew);
ad6226fb 230
ce221eb5 231 // reload from db
232 $usernew = $DB->get_record('user', array('id'=>$usernew->id));
5e61d1a4 233
4d6f35ce 234 if ($createpassword) {
483b6804
PS
235 setnew_password_and_mail($usernew);
236 unset_user_preference('create_password', $usernew);
237 set_user_preference('auth_forcepasswordchange', 1, $usernew);
238 }
239
ce221eb5 240 if ($user->id == $USER->id) {
241 // Override old $USER session variable
242 foreach ((array)$usernew as $variable => $value) {
cf361a95
PS
243 if ($variable === 'description' or $variable === 'password') {
244 // These are not set for security nad perf reasons.
245 continue;
246 }
ce221eb5 247 $USER->$variable = $value;
248 }
a1248ca4
PS
249 // preload custom fields
250 profile_load_custom_fields($USER);
251
ce221eb5 252 if (!empty($USER->newadminuser)) {
253 unset($USER->newadminuser);
254 // apply defaults again - some of them might depend on admin user info, backup, roles, etc.
255 admin_apply_default_settings(NULL , false);
256 // redirect to admin/ to continue with installation
257 redirect("$CFG->wwwroot/$CFG->admin/");
afb5b0ae 258 } else {
ce221eb5 259 redirect("$CFG->wwwroot/user/view.php?id=$USER->id&course=$course->id");
ad6226fb 260 }
ce221eb5 261 } else {
d79d5ac2 262 \core\session\manager::gc(); // Remove stale sessions.
ce221eb5 263 redirect("$CFG->wwwroot/$CFG->admin/user.php");
ad6226fb 264 }
ce221eb5 265 //never reached
266}
ad6226fb 267
17c70aa0
PS
268// make sure we really are on the https page when https login required
269$PAGE->verify_https_required();
270
ad6226fb 271
272/// Display page header
ce221eb5 273if ($user->id == -1 or ($user->id != $USER->id)) {
274 if ($user->id == -1) {
61ef8f9f 275 echo $OUTPUT->header();
ad6226fb 276 } else {
8cb89f5b 277 $PAGE->set_heading($SITE->fullname);
61ef8f9f 278 echo $OUTPUT->header();
ce221eb5 279 $userfullname = fullname($user, true);
280 echo $OUTPUT->heading($userfullname);
281 }
282} else if (!empty($USER->newadminuser)) {
283 $strinstallation = get_string('installation', 'install');
284 $strprimaryadminsetup = get_string('primaryadminsetup');
285
286 $PAGE->navbar->add($strprimaryadminsetup);
287 $PAGE->set_title($strinstallation);
288 $PAGE->set_heading($strinstallation);
289 $PAGE->set_cacheable(false);
290
291 echo $OUTPUT->header();
292 echo $OUTPUT->box(get_string('configintroadmin', 'admin'), 'generalbox boxwidthnormal boxaligncenter');
293 echo '<br />';
294} else {
295 $streditmyprofile = get_string('editmyprofile');
296 $strparticipants = get_string('participants');
297 $strnewuser = get_string('newuser');
298 $userfullname = fullname($user, true);
299
ce221eb5 300 $PAGE->set_title("$course->shortname: $streditmyprofile");
301 $PAGE->set_heading($course->fullname);
302
303 echo $OUTPUT->header();
03d9401e 304 echo $OUTPUT->heading($userfullname);
ce221eb5 305}
ad6226fb 306
307/// Finally display THE form
ce221eb5 308$userform->display();
ad6226fb 309
310/// and proper footer
ce221eb5 311echo $OUTPUT->footer();
ad6226fb 312