MDL-26882 profile: Applying cap check (site:viewuseridentity) to email field in user...
[moodle.git] / user / profile.php
CommitLineData
03d9401e
MD
1<?php
2
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18/**
19 * Public Profile -- a user's public profile page
20 *
21 * - each user can currently have their own page (cloned from system and then customised)
22 * - users can add any blocks they want
23 * - the administrators can define a default site public profile for users who have
24 * not created their own public profile
25 *
26 * This script implements the user's view of the public profile, and allows editing
27 * of the public profile.
28 *
29 * @package moodlecore
30 * @subpackage my
31 * @copyright 2010 Remote-Learner.net
32 * @author Hubert Chathi <hubert@remote-learner.net>
33 * @author Olav Jordan <olav.jordan@remote-learner.net>
34 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
35 */
36
37require_once(dirname(__FILE__) . '/../config.php');
38require_once($CFG->dirroot . '/my/lib.php');
da84c149 39require_once($CFG->dirroot . '/tag/lib.php');
03d9401e 40require_once($CFG->dirroot . '/user/profile/lib.php');
50542ff0 41require_once($CFG->libdir.'/filelib.php');
03d9401e
MD
42
43$userid = optional_param('id', 0, PARAM_INT);
44$edit = optional_param('edit', null, PARAM_BOOL); // Turn editing on and off
45
81b58cc2
PS
46$PAGE->set_url('/user/profile.php', array('id'=>$userid));
47
03d9401e
MD
48if (!empty($CFG->forceloginforprofiles)) {
49 require_login();
50 if (isguestuser()) {
81b58cc2 51 $SESSION->wantsurl = $PAGE->url->out(false);
03d9401e
MD
52 redirect(get_login_url());
53 }
54} else if (!empty($CFG->forcelogin)) {
55 require_login();
56}
57
58$userid = $userid ? $userid : $USER->id; // Owner of the page
59$user = $DB->get_record('user', array('id' => $userid));
d05e39b0
PS
60
61if ($user->deleted) {
43731030 62 $PAGE->set_context(context_system::instance());
d05e39b0
PS
63 echo $OUTPUT->header();
64 echo $OUTPUT->heading(get_string('userdeleted'));
65 echo $OUTPUT->footer();
66 die;
67}
68
03d9401e 69$currentuser = ($user->id == $USER->id);
43731030 70$context = $usercontext = context_user::instance($userid, MUST_EXIST);
03d9401e
MD
71
72if (!$currentuser &&
04aec3da 73 !empty($CFG->forceloginforprofiles) &&
eb8d85c1 74 !has_capability('moodle/user:viewdetails', $context) &&
1291a79f 75 !has_coursecontact_role($userid)) {
181991e7 76
03d9401e
MD
77 // Course managers can be browsed at site level. If not forceloginforprofiles, allow access (bug #4366)
78 $struser = get_string('user');
43731030 79 $PAGE->set_context(context_system::instance());
b45ac028 80 $PAGE->set_title("$SITE->shortname: $struser"); // Do not leak the name
03d9401e
MD
81 $PAGE->set_heading("$SITE->shortname: $struser");
82 $PAGE->set_url('/user/profile.php', array('id'=>$userid));
83 $PAGE->navbar->add($struser);
84 echo $OUTPUT->header();
85 echo $OUTPUT->heading(get_string('usernotavailable', 'error'));
86 echo $OUTPUT->footer();
87 exit;
88}
89
90// Get the profile page. Should always return something unless the database is broken.
91if (!$currentpage = my_get_page($userid, MY_PAGE_PUBLIC)) {
92 print_error('mymoodlesetup');
93}
94
95if (!$currentpage->userid) {
43731030 96 $context = context_system::instance(); // A trick so that we even see non-sticky blocks
03d9401e
MD
97}
98
99$PAGE->set_context($context);
100$PAGE->set_pagelayout('mydashboard');
101$PAGE->set_pagetype('user-profile');
102
103// Set up block editing capabilities
104if (isguestuser()) { // Guests can never edit their profile
105 $USER->editing = $edit = 0; // Just in case
106 $PAGE->set_blocks_editing_capability('moodle/my:configsyspages'); // unlikely :)
107} else {
108 if ($currentuser) {
109 $PAGE->set_blocks_editing_capability('moodle/user:manageownblocks');
110 } else {
111 $PAGE->set_blocks_editing_capability('moodle/user:manageblocks');
112 }
113}
114
eb8d85c1
SH
115if (has_capability('moodle/user:viewhiddendetails', $context)) {
116 $hiddenfields = array();
117} else {
118 $hiddenfields = array_flip(explode(',', $CFG->hiddenuserfields));
119}
03d9401e 120
222ada37
AA
121if (has_capability('moodle/site:viewuseridentity', $context)) {
122 $identityfields = array_flip(explode(',', $CFG->showuseridentity));
123} else {
124 $identityfields = array();
125}
126
03d9401e
MD
127// Start setting up the page
128$strpublicprofile = get_string('publicprofile');
129
03d9401e
MD
130$PAGE->blocks->add_region('content');
131$PAGE->set_subpage($currentpage->id);
b45ac028
MD
132$PAGE->set_title(fullname($user).": $strpublicprofile");
133$PAGE->set_heading(fullname($user).": $strpublicprofile");
87c215de
SH
134
135if (!$currentuser) {
136 $PAGE->navigation->extend_for_user($user);
5d07e957 137 if ($node = $PAGE->settingsnav->get('userviewingsettings'.$user->id)) {
87c215de 138 $node->forceopen = true;
c07dfe70 139 }
87c215de
SH
140} else if ($node = $PAGE->settingsnav->get('usercurrentsettings', navigation_node::TYPE_CONTAINER)) {
141 $node->forceopen = true;
142}
143if ($node = $PAGE->settingsnav->get('root')) {
144 $node->forceopen = false;
c07dfe70 145}
03d9401e
MD
146
147
148// Toggle the editing state and switches
149if ($PAGE->user_allowed_editing()) {
150 if ($edit !== null) { // Editing state was specified
151 $USER->editing = $edit; // Change editing state
152 if (!$currentpage->userid && $edit) {
153 // If we are viewing a system page as ordinary user, and the user turns
154 // editing on, copy the system pages as new user pages, and get the
155 // new page record
156 if (!$currentpage = my_copy_page($USER->id, MY_PAGE_PUBLIC, 'user-profile')) {
157 print_error('mymoodlesetup');
158 }
159 $PAGE->set_context($usercontext);
160 $PAGE->set_subpage($currentpage->id);
161 }
162 } else { // Editing state is in session
163 if ($currentpage->userid) { // It's a page we can edit, so load from session
164 if (!empty($USER->editing)) {
165 $edit = 1;
166 } else {
167 $edit = 0;
168 }
169 } else { // It's a system page and they are not allowed to edit system pages
170 $USER->editing = $edit = 0; // Disable editing completely, just to be safe
171 }
172 }
173
174 // Add button for editing page
175 $params = array('edit' => !$edit);
176
177 if (!$currentpage->userid) {
178 // viewing a system page -- let the user customise it
179 $editstring = get_string('updatemymoodleon');
180 $params['edit'] = 1;
181 } else if (empty($edit)) {
182 $editstring = get_string('updatemymoodleon');
183 } else {
184 $editstring = get_string('updatemymoodleoff');
185 }
186
187 $url = new moodle_url("$CFG->wwwroot/user/profile.php", $params);
188 $button = $OUTPUT->single_button($url, $editstring);
189 $PAGE->set_button($button);
190
191} else {
192 $USER->editing = $edit = 0;
193}
194
195// HACK WARNING! This loads up all this page's blocks in the system context
196if ($currentpage->userid == 0) {
197 $CFG->blockmanagerclass = 'my_syspage_block_manager';
198}
199
200// TODO WORK OUT WHERE THE NAV BAR IS!
99cca847 201
03d9401e 202echo $OUTPUT->header();
99cca847 203echo '<div class="userprofile">';
03d9401e
MD
204
205
206// Print the standard content of this page, the basic profile info
207
208echo $OUTPUT->heading(fullname($user));
209
210if (is_mnet_remote_user($user)) {
5db29f49
DM
211 $sql = "SELECT h.id, h.name, h.wwwroot,
212 a.name as application, a.display_name
213 FROM {mnet_host} h, {mnet_application} a
214 WHERE h.id = ? AND h.applicationid = a.id";
03d9401e
MD
215
216 $remotehost = $DB->get_record_sql($sql, array($user->mnethostid));
5db29f49
DM
217 $a = new stdclass();
218 $a->remotetype = $remotehost->display_name;
219 $a->remotename = $remotehost->name;
220 $a->remoteurl = $remotehost->wwwroot;
03d9401e 221
5db29f49 222 echo $OUTPUT->box(get_string('remoteuserinfo', 'mnet', $a), 'remoteuserinfo');
03d9401e
MD
223}
224
29ef7d4f 225echo '<div class="userprofilebox clearfix"><div class="profilepicture">';
03d9401e
MD
226echo $OUTPUT->user_picture($user, array('size'=>100));
227echo '</div>';
228
29ef7d4f 229echo '<div class="descriptionbox"><div class="description">';
03d9401e
MD
230// Print the description
231
232if ($user->description && !isset($hiddenfields['description'])) {
233 if (!empty($CFG->profilesforenrolledusersonly) && !$currentuser && !$DB->record_exists('role_assignments', array('userid'=>$user->id))) {
234 echo get_string('profilenotshown', 'moodle');
235 } else {
64f93798 236 $user->description = file_rewrite_pluginfile_urls($user->description, 'pluginfile.php', $usercontext->id, 'user', 'profile', null);
367a75fa
SH
237 $options = array('overflowdiv'=>true);
238 echo format_text($user->description, $user->descriptionformat, $options);
03d9401e
MD
239 }
240}
241echo '</div>';
242
f59d8e45 243
03d9401e
MD
244// Print all the little details in a list
245
246echo '<table class="list" summary="">';
247
248if (! isset($hiddenfields['country']) && $user->country) {
249 print_row(get_string('country') . ':', get_string($user->country, 'countries'));
250}
251
252if (! isset($hiddenfields['city']) && $user->city) {
253 print_row(get_string('city') . ':', $user->city);
254}
255
222ada37
AA
256if (isset($identityfields['address']) && $user->address) {
257 print_row(get_string("address").":", "$user->address");
258}
259
260if (isset($identityfields['phone1']) && $user->phone1) {
03d9401e 261 print_row(get_string("phone").":", "$user->phone1");
222ada37
AA
262}
263
264if (isset($identityfields['phone2']) && $user->phone2) {
03d9401e 265 print_row(get_string("phone2").":", "$user->phone2");
222ada37
AA
266}
267
268if (isset($identityfields['institution']) && $user->institution) {
269 print_row(get_string("institution").":", "$user->institution");
270}
271
272if (isset($identityfields['department']) && $user->department) {
273 print_row(get_string("department").":", "$user->department");
274}
275
276if (isset($identityfields['idnumber']) && $user->idnumber) {\r
277 print_row(get_string("idnumber").":", "$user->idnumber");\r
03d9401e
MD
278}
279
b48ceab7 280if (($currentuser
181991e7
PS
281 or $user->maildisplay == 1
282 or has_capability('moodle/course:useremail', $context)
b48ceab7
AA
283 or ($user->maildisplay == 2 and enrol_sharing_course($user, $USER)))
284 and isset($identityfields['email'])) {
03d9401e 285
46505ee7 286 print_row(get_string("email").":", obfuscate_mailto($user->email, ''));
03d9401e
MD
287}
288
289if ($user->url && !isset($hiddenfields['webpage'])) {
290 $url = $user->url;
291 if (strpos($user->url, '://') === false) {
292 $url = 'http://'. $url;
293 }
294 print_row(get_string("webpage") .":", '<a href="'.s($url).'">'.s($user->url).'</a>');
295}
296
297if ($user->icq && !isset($hiddenfields['icqnumber'])) {
298 print_row(get_string('icqnumber').':',"<a href=\"http://web.icq.com/wwp?uin=".urlencode($user->icq)."\">".s($user->icq)." <img src=\"http://web.icq.com/whitepages/online?icq=".urlencode($user->icq)."&amp;img=5\" alt=\"\" /></a>");
299}
300
301if ($user->skype && !isset($hiddenfields['skypeid'])) {
65f78adf 302 print_row(get_string('skypeid').':','<a href="skype:'.urlencode($user->skype).'?call">'.s($user->skype).
03d9401e
MD
303 ' <img src="http://mystatus.skype.com/smallicon/'.urlencode($user->skype).'" alt="'.get_string('status').'" '.
304 ' /></a>');
305}
306if ($user->yahoo && !isset($hiddenfields['yahooid'])) {
307 print_row(get_string('yahooid').':', '<a href="http://edit.yahoo.com/config/send_webmesg?.target='.urlencode($user->yahoo).'&amp;.src=pg">'.s($user->yahoo)." <img src=\"http://opi.yahoo.com/online?u=".urlencode($user->yahoo)."&m=g&t=0\" alt=\"\"></a>");
308}
309if ($user->aim && !isset($hiddenfields['aimid'])) {
310 print_row(get_string('aimid').':', '<a href="aim:goim?screenname='.urlencode($user->aim).'">'.s($user->aim).'</a>');
311}
312if ($user->msn && !isset($hiddenfields['msnid'])) {
313 print_row(get_string('msnid').':', s($user->msn));
314}
315
316/// Print the Custom User Fields
317profile_display_fields($user->id);
318
319
320if (!isset($hiddenfields['mycourses'])) {
9ffd29ce 321 if ($mycourses = enrol_get_all_users_courses($user->id, true, NULL, 'visible DESC,sortorder ASC')) {
03d9401e
MD
322 $shown=0;
323 $courselisting = '';
324 foreach ($mycourses as $mycourse) {
325 if ($mycourse->category) {
326 $class = '';
327 if ($mycourse->visible == 0) {
43731030 328 $ccontext = context_course::instance($mycourse->id);
df997f84
PS
329 if (!has_capability('moodle/course:viewhiddencourses', $ccontext)) {
330 continue;
331 }
03d9401e
MD
332 $class = 'class="dimmed"';
333 }
334 $courselisting .= "<a href=\"{$CFG->wwwroot}/user/view.php?id={$user->id}&amp;course={$mycourse->id}\" $class >" . format_string($mycourse->fullname) . "</a>, ";
335 }
336 $shown++;
337 if($shown==20) {
338 $courselisting.= "...";
339 break;
340 }
341 }
342 print_row(get_string('courseprofiles').':', rtrim($courselisting,', '));
343 }
344}
345if (!isset($hiddenfields['firstaccess'])) {
346 if ($user->firstaccess) {
347 $datestring = userdate($user->firstaccess)."&nbsp; (".format_time(time() - $user->firstaccess).")";
348 } else {
349 $datestring = get_string("never");
350 }
351 print_row(get_string("firstaccess").":", $datestring);
352}
353if (!isset($hiddenfields['lastaccess'])) {
354 if ($user->lastaccess) {
355 $datestring = userdate($user->lastaccess)."&nbsp; (".format_time(time() - $user->lastaccess).")";
356 } else {
357 $datestring = get_string("never");
358 }
359 print_row(get_string("lastaccess").":", $datestring);
360}
361
362/// Printing tagged interests
363if (!empty($CFG->usetags)) {
364 if ($interests = tag_get_tags_csv('user', $user->id) ) {
365 print_row(get_string('interests') .": ", $interests);
366 }
367}
368
4ad72c28
PS
369if (!isset($hiddenfields['suspended'])) {
370 if ($user->suspended) {
371 print_row('', get_string('suspended', 'auth'));
372 }
373}
374
29ef7d4f 375echo "</table></div></div>";
03d9401e
MD
376
377
378echo $OUTPUT->blocks_for_region('content');
379
f59d8e45
MD
380// Print messaging link if allowed
381if (isloggedin() && has_capability('moodle/site:sendmessage', $context)
04aec3da 382 && !empty($CFG->messaging) && !isguestuser() && !isguestuser($user) && ($USER->id != $user->id)) {
f59d8e45
MD
383 echo '<div class="messagebox">';
384 echo '<a href="'.$CFG->wwwroot.'/message/index.php?id='.$user->id.'">'.get_string('messageselectadd').'</a>';
385 echo '</div>';
386}
387
99cca847
MD
388if ($CFG->debugdisplay && debugging('', DEBUG_DEVELOPER) && $currentuser) { // Show user object
389 echo '<br /><br /><hr />';
390 echo $OUTPUT->heading('DEBUG MODE: User session variables');
391 print_object($USER);
392}
393
394echo '</div>'; // userprofile class
03d9401e
MD
395echo $OUTPUT->footer();
396
397
398function print_row($left, $right) {
d17ba1e1 399 echo "\n<tr><th class=\"label c0\">$left</th><td class=\"info c1\">$right</td></tr>\n";
03d9401e 400}