0cc90faa8a539bd2e8f047ec0b4ba56baab988e3
[moodle.git] / admin / tool / uploaduser / index.php
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
17 /**
18  * Bulk user registration script from a comma separated file
19  *
20  * @package    tool
21  * @subpackage uploaduser
22  * @copyright  2004 onwards Martin Dougiamas (http://dougiamas.com)
23  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
24  */
26 require('../../../config.php');
27 require_once($CFG->libdir.'/adminlib.php');
28 require_once($CFG->libdir.'/csvlib.class.php');
29 require_once($CFG->dirroot.'/user/profile/lib.php');
30 require_once($CFG->dirroot.'/user/lib.php');
31 require_once($CFG->dirroot.'/group/lib.php');
32 require_once($CFG->dirroot.'/cohort/lib.php');
33 require_once('locallib.php');
34 require_once('user_form.php');
36 $iid         = optional_param('iid', '', PARAM_INT);
37 $previewrows = optional_param('previewrows', 10, PARAM_INT);
39 @set_time_limit(60*60); // 1 hour should be enough
40 raise_memory_limit(MEMORY_HUGE);
42 require_login();
43 admin_externalpage_setup('tooluploaduser');
44 require_capability('moodle/site:uploadusers', context_system::instance());
46 $struserrenamed             = get_string('userrenamed', 'tool_uploaduser');
47 $strusernotrenamedexists    = get_string('usernotrenamedexists', 'error');
48 $strusernotrenamedmissing   = get_string('usernotrenamedmissing', 'error');
49 $strusernotrenamedoff       = get_string('usernotrenamedoff', 'error');
50 $strusernotrenamedadmin     = get_string('usernotrenamedadmin', 'error');
52 $struserupdated             = get_string('useraccountupdated', 'tool_uploaduser');
53 $strusernotupdated          = get_string('usernotupdatederror', 'error');
54 $strusernotupdatednotexists = get_string('usernotupdatednotexists', 'error');
55 $strusernotupdatedadmin     = get_string('usernotupdatedadmin', 'error');
57 $struseruptodate            = get_string('useraccountuptodate', 'tool_uploaduser');
59 $struseradded               = get_string('newuser');
60 $strusernotadded            = get_string('usernotaddedregistered', 'error');
61 $strusernotaddederror       = get_string('usernotaddederror', 'error');
63 $struserdeleted             = get_string('userdeleted', 'tool_uploaduser');
64 $strusernotdeletederror     = get_string('usernotdeletederror', 'error');
65 $strusernotdeletedmissing   = get_string('usernotdeletedmissing', 'error');
66 $strusernotdeletedoff       = get_string('usernotdeletedoff', 'error');
67 $strusernotdeletedadmin     = get_string('usernotdeletedadmin', 'error');
69 $strcannotassignrole        = get_string('cannotassignrole', 'error');
71 $struserauthunsupported     = get_string('userauthunsupported', 'error');
72 $stremailduplicate          = get_string('useremailduplicate', 'error');
74 $strinvalidpasswordpolicy   = get_string('invalidpasswordpolicy', 'error');
75 $errorstr                   = get_string('error');
77 $stryes                     = get_string('yes');
78 $strno                      = get_string('no');
79 $stryesnooptions = array(0=>$strno, 1=>$stryes);
81 $returnurl = new moodle_url('/admin/tool/uploaduser/index.php');
82 $bulknurl  = new moodle_url('/admin/user/user_bulk.php');
84 $today = time();
85 $today = make_timestamp(date('Y', $today), date('m', $today), date('d', $today), 0, 0, 0);
87 // array of all valid fields for validation
88 $STD_FIELDS = array('id', 'firstname', 'lastname', 'username', 'email',
89         'city', 'country', 'lang', 'timezone', 'mailformat',
90         'maildisplay', 'maildigest', 'htmleditor', 'autosubscribe',
91         'institution', 'department', 'idnumber', 'skype',
92         'msn', 'aim', 'yahoo', 'icq', 'phone1', 'phone2', 'address',
93         'url', 'description', 'descriptionformat', 'password',
94         'auth',        // watch out when changing auth type or using external auth plugins!
95         'oldusername', // use when renaming users - this is the original username
96         'suspended',   // 1 means suspend user account, 0 means activate user account, nothing means keep as is for existing users
97         'deleted',     // 1 means delete user
98         'mnethostid',  // Can not be used for adding, updating or deleting of users - only for enrolments, groups, cohorts and suspending.
99     );
101 $PRF_FIELDS = array();
103 if ($prof_fields = $DB->get_records('user_info_field')) {
104     foreach ($prof_fields as $prof_field) {
105         $PRF_FIELDS[] = 'profile_field_'.$prof_field->shortname;
106     }
108 unset($prof_fields);
110 if (empty($iid)) {
111     $mform1 = new admin_uploaduser_form1();
113     if ($formdata = $mform1->get_data()) {
114         $iid = csv_import_reader::get_new_iid('uploaduser');
115         $cir = new csv_import_reader($iid, 'uploaduser');
117         $content = $mform1->get_file_content('userfile');
119         $readcount = $cir->load_csv_content($content, $formdata->encoding, $formdata->delimiter_name);
120         unset($content);
122         if ($readcount === false) {
123             print_error('csvloaderror', '', $returnurl);
124         } else if ($readcount == 0) {
125             print_error('csvemptyfile', 'error', $returnurl);
126         }
127         // test if columns ok
128         $filecolumns = uu_validate_user_upload_columns($cir, $STD_FIELDS, $PRF_FIELDS, $returnurl);
129         // continue to form2
131     } else {
132         echo $OUTPUT->header();
134         echo $OUTPUT->heading_with_help(get_string('uploadusers', 'tool_uploaduser'), 'uploadusers', 'tool_uploaduser');
136         $mform1->display();
137         echo $OUTPUT->footer();
138         die;
139     }
140 } else {
141     $cir = new csv_import_reader($iid, 'uploaduser');
142     $filecolumns = uu_validate_user_upload_columns($cir, $STD_FIELDS, $PRF_FIELDS, $returnurl);
145 $mform2 = new admin_uploaduser_form2(null, array('columns'=>$filecolumns, 'data'=>array('iid'=>$iid, 'previewrows'=>$previewrows)));
147 // If a file has been uploaded, then process it
148 if ($formdata = $mform2->is_cancelled()) {
149     $cir->cleanup(true);
150     redirect($returnurl);
152 } else if ($formdata = $mform2->get_data()) {
153     // Print the header
154     echo $OUTPUT->header();
155     echo $OUTPUT->heading(get_string('uploadusersresult', 'tool_uploaduser'));
157     $optype = $formdata->uutype;
159     $updatetype        = isset($formdata->uuupdatetype) ? $formdata->uuupdatetype : 0;
160     $createpasswords   = (!empty($formdata->uupasswordnew) and $optype != UU_USER_UPDATE);
161     $updatepasswords   = (!empty($formdata->uupasswordold)  and $optype != UU_USER_ADDNEW and $optype != UU_USER_ADDINC and ($updatetype == UU_UPDATE_FILEOVERRIDE or $updatetype == UU_UPDATE_ALLOVERRIDE));
162     $allowrenames      = (!empty($formdata->uuallowrenames) and $optype != UU_USER_ADDNEW and $optype != UU_USER_ADDINC);
163     $allowdeletes      = (!empty($formdata->uuallowdeletes) and $optype != UU_USER_ADDNEW and $optype != UU_USER_ADDINC);
164     $allowsuspends     = (!empty($formdata->uuallowsuspends));
165     $bulk              = $formdata->uubulk;
166     $noemailduplicates = $formdata->uunoemailduplicates;
167     $standardusernames = $formdata->uustandardusernames;
168     $resetpasswords    = isset($formdata->uuforcepasswordchange) ? $formdata->uuforcepasswordchange : UU_PWRESET_NONE;
170     // verification moved to two places: after upload and into form2
171     $usersnew      = 0;
172     $usersupdated  = 0;
173     $usersuptodate = 0; //not printed yet anywhere
174     $userserrors   = 0;
175     $deletes       = 0;
176     $deleteerrors  = 0;
177     $renames       = 0;
178     $renameerrors  = 0;
179     $usersskipped  = 0;
180     $weakpasswords = 0;
182     // caches
183     $ccache         = array(); // course cache - do not fetch all courses here, we  will not probably use them all anyway!
184     $cohorts        = array();
185     $rolecache      = uu_allowed_roles_cache(); // roles lookup cache
186     $manualcache    = array(); // cache of used manual enrol plugins in each course
187     $supportedauths = uu_supported_auths(); // officially supported plugins that are enabled
189     // we use only manual enrol plugin here, if it is disabled no enrol is done
190     if (enrol_is_enabled('manual')) {
191         $manual = enrol_get_plugin('manual');
192     } else {
193         $manual = NULL;
194     }
196     // clear bulk selection
197     if ($bulk) {
198         $SESSION->bulk_users = array();
199     }
201     // init csv import helper
202     $cir->init();
203     $linenum = 1; //column header is first line
205     // init upload progress tracker
206     $upt = new uu_progress_tracker();
207     $upt->start(); // start table
209     while ($line = $cir->next()) {
210         $upt->flush();
211         $linenum++;
213         $upt->track('line', $linenum);
215         $user = new stdClass();
217         // add fields to user object
218         foreach ($line as $keynum => $value) {
219             if (!isset($filecolumns[$keynum])) {
220                 // this should not happen
221                 continue;
222             }
223             $key = $filecolumns[$keynum];
224             if (strpos($key, 'profile_field_') === 0) {
225                 //NOTE: bloody mega hack alert!!
226                 if (isset($USER->$key) and is_array($USER->$key)) {
227                     // this must be some hacky field that is abusing arrays to store content and format
228                     $user->$key = array();
229                     $user->$key['text']   = $value;
230                     $user->$key['format'] = FORMAT_MOODLE;
231                 } else {
232                     $user->$key = $value;
233                 }
234             } else {
235                 $user->$key = $value;
236             }
238             if (in_array($key, $upt->columns)) {
239                 // default value in progress tracking table, can be changed later
240                 $upt->track($key, s($value), 'normal');
241             }
242         }
243         if (!isset($user->username)) {
244             // prevent warnings below
245             $user->username = '';
246         }
248         if ($optype == UU_USER_ADDNEW or $optype == UU_USER_ADDINC) {
249             // user creation is a special case - the username may be constructed from templates using firstname and lastname
250             // better never try this in mixed update types
251             $error = false;
252             if (!isset($user->firstname) or $user->firstname === '') {
253                 $upt->track('status', get_string('missingfield', 'error', 'firstname'), 'error');
254                 $upt->track('firstname', $errorstr, 'error');
255                 $error = true;
256             }
257             if (!isset($user->lastname) or $user->lastname === '') {
258                 $upt->track('status', get_string('missingfield', 'error', 'lastname'), 'error');
259                 $upt->track('lastname', $errorstr, 'error');
260                 $error = true;
261             }
262             if ($error) {
263                 $userserrors++;
264                 continue;
265             }
266             // we require username too - we might use template for it though
267             if (empty($user->username) and !empty($formdata->username)) {
268                 $user->username = uu_process_template($formdata->username, $user);
269                 $upt->track('username', s($user->username));
270             }
271         }
273         // normalize username
274         $originalusername = $user->username;
275         if ($standardusernames) {
276             $user->username = clean_param($user->username, PARAM_USERNAME);
277         }
279         // make sure we really have username
280         if (empty($user->username)) {
281             $upt->track('status', get_string('missingfield', 'error', 'username'), 'error');
282             $upt->track('username', $errorstr, 'error');
283             $userserrors++;
284             continue;
285         } else if ($user->username === 'guest') {
286             $upt->track('status', get_string('guestnoeditprofileother', 'error'), 'error');
287             $userserrors++;
288             continue;
289         }
291         if ($user->username !== clean_param($user->username, PARAM_USERNAME)) {
292             $upt->track('status', get_string('invalidusername', 'error', 'username'), 'error');
293             $upt->track('username', $errorstr, 'error');
294             $userserrors++;
295         }
297         if (empty($user->mnethostid)) {
298             $user->mnethostid = $CFG->mnet_localhost_id;
299         }
301         if ($existinguser = $DB->get_record('user', array('username'=>$user->username, 'mnethostid'=>$user->mnethostid))) {
302             $upt->track('id', $existinguser->id, 'normal', false);
303         }
305         if ($user->mnethostid == $CFG->mnet_localhost_id) {
306             $remoteuser = false;
308             // Find out if username incrementing required.
309             if ($existinguser and $optype == UU_USER_ADDINC) {
310                 $user->username = uu_increment_username($user->username);
311                 $existinguser = false;
312             }
314         } else {
315             if (!$existinguser or $optype == UU_USER_ADDINC) {
316                 $upt->track('status', get_string('errormnetadd', 'tool_uploaduser'), 'error');
317                 $userserrors++;
318                 continue;
319             }
321             $remoteuser = true;
323             // Make sure there are no changes of existing fields except the suspended status.
324             foreach ((array)$existinguser as $k => $v) {
325                 if ($k === 'suspended') {
326                     continue;
327                 }
328                 if (property_exists($user, $k)) {
329                     $user->$k = $v;
330                 }
331                 if (in_array($k, $upt->columns)) {
332                     if ($k === 'password' or $k === 'oldusername' or $k === 'deleted') {
333                         $upt->track($k, '', 'normal', false);
334                     } else {
335                         $upt->track($k, s($v), 'normal', false);
336                     }
337                 }
338             }
339             unset($user->oldusername);
340             unset($user->password);
341             $user->auth = $existinguser->auth;
342         }
344         // notify about nay username changes
345         if ($originalusername !== $user->username) {
346             $upt->track('username', '', 'normal', false); // clear previous
347             $upt->track('username', s($originalusername).'-->'.s($user->username), 'info');
348         } else {
349             $upt->track('username', s($user->username), 'normal', false);
350         }
352         // add default values for remaining fields
353         $formdefaults = array();
354         foreach ($STD_FIELDS as $field) {
355             if (isset($user->$field)) {
356                 continue;
357             }
358             // all validation moved to form2
359             if (isset($formdata->$field)) {
360                 // process templates
361                 $user->$field = uu_process_template($formdata->$field, $user);
362                 $formdefaults[$field] = true;
363                 if (in_array($field, $upt->columns)) {
364                     $upt->track($field, s($user->$field), 'normal');
365                 }
366             }
367         }
368         foreach ($PRF_FIELDS as $field) {
369             if (isset($user->$field)) {
370                 continue;
371             }
372             if (isset($formdata->$field)) {
373                 // process templates
374                 $user->$field = uu_process_template($formdata->$field, $user);
375                 $formdefaults[$field] = true;
376             }
377         }
379         // delete user
380         if (!empty($user->deleted)) {
381             if (!$allowdeletes or $remoteuser) {
382                 $usersskipped++;
383                 $upt->track('status', $strusernotdeletedoff, 'warning');
384                 continue;
385             }
386             if ($existinguser) {
387                 if (is_siteadmin($existinguser->id)) {
388                     $upt->track('status', $strusernotdeletedadmin, 'error');
389                     $deleteerrors++;
390                     continue;
391                 }
392                 if (delete_user($existinguser)) {
393                     $upt->track('status', $struserdeleted);
394                     $deletes++;
395                 } else {
396                     $upt->track('status', $strusernotdeletederror, 'error');
397                     $deleteerrors++;
398                 }
399             } else {
400                 $upt->track('status', $strusernotdeletedmissing, 'error');
401                 $deleteerrors++;
402             }
403             continue;
404         }
405         // we do not need the deleted flag anymore
406         unset($user->deleted);
408         // renaming requested?
409         if (!empty($user->oldusername) ) {
410             if (!$allowrenames) {
411                 $usersskipped++;
412                 $upt->track('status', $strusernotrenamedoff, 'warning');
413                 continue;
414             }
416             if ($existinguser) {
417                 $upt->track('status', $strusernotrenamedexists, 'error');
418                 $renameerrors++;
419                 continue;
420             }
422             if ($user->username === 'guest') {
423                 $upt->track('status', get_string('guestnoeditprofileother', 'error'), 'error');
424                 $renameerrors++;
425                 continue;
426             }
428             if ($standardusernames) {
429                 $oldusername = clean_param($user->oldusername, PARAM_USERNAME);
430             } else {
431                 $oldusername = $user->oldusername;
432             }
434             // no guessing when looking for old username, it must be exact match
435             if ($olduser = $DB->get_record('user', array('username'=>$oldusername, 'mnethostid'=>$CFG->mnet_localhost_id))) {
436                 $upt->track('id', $olduser->id, 'normal', false);
437                 if (is_siteadmin($olduser->id)) {
438                     $upt->track('status', $strusernotrenamedadmin, 'error');
439                     $renameerrors++;
440                     continue;
441                 }
442                 $DB->set_field('user', 'username', $user->username, array('id'=>$olduser->id));
443                 $upt->track('username', '', 'normal', false); // clear previous
444                 $upt->track('username', s($oldusername).'-->'.s($user->username), 'info');
445                 $upt->track('status', $struserrenamed);
446                 $renames++;
447             } else {
448                 $upt->track('status', $strusernotrenamedmissing, 'error');
449                 $renameerrors++;
450                 continue;
451             }
452             $existinguser = $olduser;
453             $existinguser->username = $user->username;
454         }
456         // can we process with update or insert?
457         $skip = false;
458         switch ($optype) {
459             case UU_USER_ADDNEW:
460                 if ($existinguser) {
461                     $usersskipped++;
462                     $upt->track('status', $strusernotadded, 'warning');
463                     $skip = true;
464                 }
465                 break;
467             case UU_USER_ADDINC:
468                 if ($existinguser) {
469                     //this should not happen!
470                     $upt->track('status', $strusernotaddederror, 'error');
471                     $userserrors++;
472                     $skip = true;
473                 }
474                 break;
476             case UU_USER_ADD_UPDATE:
477                 break;
479             case UU_USER_UPDATE:
480                 if (!$existinguser) {
481                     $usersskipped++;
482                     $upt->track('status', $strusernotupdatednotexists, 'warning');
483                     $skip = true;
484                 }
485                 break;
487             default:
488                 // unknown type
489                 $skip = true;
490         }
492         if ($skip) {
493             continue;
494         }
496         if ($existinguser) {
497             $user->id = $existinguser->id;
499             $upt->track('username', html_writer::link(new moodle_url('/user/profile.php', array('id'=>$existinguser->id)), s($existinguser->username)), 'normal', false);
500             $upt->track('suspended', $stryesnooptions[$existinguser->suspended] , 'normal', false);
501             $upt->track('auth', $existinguser->auth, 'normal', false);
503             if (is_siteadmin($user->id)) {
504                 $upt->track('status', $strusernotupdatedadmin, 'error');
505                 $userserrors++;
506                 continue;
507             }
509             $existinguser->timemodified = time();
510             // do NOT mess with timecreated or firstaccess here!
512             //load existing profile data
513             profile_load_data($existinguser);
515             $doupdate = false;
516             $dologout = false;
518             if ($updatetype != UU_UPDATE_NOCHANGES and !$remoteuser) {
519                 if (!empty($user->auth) and $user->auth !== $existinguser->auth) {
520                     $upt->track('auth', s($existinguser->auth).'-->'.s($user->auth), 'info', false);
521                     $existinguser->auth = $user->auth;
522                     if (!isset($supportedauths[$user->auth])) {
523                         $upt->track('auth', $struserauthunsupported, 'warning');
524                     }
525                     $doupdate = true;
526                     if ($existinguser->auth === 'nologin') {
527                         $dologout = true;
528                     }
529                 }
530                 $allcolumns = array_merge($STD_FIELDS, $PRF_FIELDS);
531                 foreach ($allcolumns as $column) {
532                     if ($column === 'username' or $column === 'password' or $column === 'auth' or $column === 'suspended') {
533                         // these can not be changed here
534                         continue;
535                     }
536                     if (!property_exists($user, $column) or !property_exists($existinguser, $column)) {
537                         // this should never happen
538                         debugging("Could not find $column on the user objects", DEBUG_DEVELOPER);
539                         continue;
540                     }
541                     if ($updatetype == UU_UPDATE_MISSING) {
542                         if (!is_null($existinguser->$column) and $existinguser->$column !== '') {
543                             continue;
544                         }
545                     } else if ($updatetype == UU_UPDATE_ALLOVERRIDE) {
546                         // we override everything
548                     } else if ($updatetype == UU_UPDATE_FILEOVERRIDE) {
549                         if (!empty($formdefaults[$column])) {
550                             // do not override with form defaults
551                             continue;
552                         }
553                     }
554                     if ($existinguser->$column !== $user->$column) {
555                         if ($column === 'email') {
556                             if ($DB->record_exists('user', array('email'=>$user->email))) {
557                                 if ($noemailduplicates) {
558                                     $upt->track('email', $stremailduplicate, 'error');
559                                     $upt->track('status', $strusernotupdated, 'error');
560                                     $userserrors++;
561                                     continue 2;
562                                 } else {
563                                     $upt->track('email', $stremailduplicate, 'warning');
564                                 }
565                             }
566                             if (!validate_email($user->email)) {
567                                 $upt->track('email', get_string('invalidemail'), 'warning');
568                             }
569                         }
571                         if ($column === 'lang') {
572                             if (empty($user->lang)) {
573                                 // Do not change to not-set value.
574                                 continue;
575                             } else if (clean_param($user->lang, PARAM_LANG) === '') {
576                                 $upt->track('status', get_string('cannotfindlang', 'error', $user->lang), 'warning');
577                                 continue;
578                             }
579                         }
581                         if (in_array($column, $upt->columns)) {
582                             $upt->track($column, s($existinguser->$column).'-->'.s($user->$column), 'info', false);
583                         }
584                         $existinguser->$column = $user->$column;
585                         $doupdate = true;
586                     }
587                 }
588             }
590             try {
591                 $auth = get_auth_plugin($existinguser->auth);
592             } catch (Exception $e) {
593                 $upt->track('auth', get_string('userautherror', 'error', s($existinguser->auth)), 'error');
594                 $upt->track('status', $strusernotupdated, 'error');
595                 $userserrors++;
596                 continue;
597             }
598             $isinternalauth = $auth->is_internal();
600             // deal with suspending and activating of accounts
601             if ($allowsuspends and isset($user->suspended) and $user->suspended !== '') {
602                 $user->suspended = $user->suspended ? 1 : 0;
603                 if ($existinguser->suspended != $user->suspended) {
604                     $upt->track('suspended', '', 'normal', false);
605                     $upt->track('suspended', $stryesnooptions[$existinguser->suspended].'-->'.$stryesnooptions[$user->suspended], 'info', false);
606                     $existinguser->suspended = $user->suspended;
607                     $doupdate = true;
608                     if ($existinguser->suspended) {
609                         $dologout = true;
610                     }
611                 }
612             }
614             // changing of passwords is a special case
615             // do not force password changes for external auth plugins!
616             $oldpw = $existinguser->password;
618             if ($remoteuser) {
619                 // Do not mess with passwords of remote users.
621             } else if (!$isinternalauth) {
622                 $existinguser->password = AUTH_PASSWORD_NOT_CACHED;
623                 $upt->track('password', '-', 'normal', false);
624                 // clean up prefs
625                 unset_user_preference('create_password', $existinguser);
626                 unset_user_preference('auth_forcepasswordchange', $existinguser);
628             } else if (!empty($user->password)) {
629                 if ($updatepasswords) {
630                     // Check for passwords that we want to force users to reset next
631                     // time they log in.
632                     $errmsg = null;
633                     $weak = !check_password_policy($user->password, $errmsg);
634                     if ($resetpasswords == UU_PWRESET_ALL or ($resetpasswords == UU_PWRESET_WEAK and $weak)) {
635                         if ($weak) {
636                             $weakpasswords++;
637                             $upt->track('password', $strinvalidpasswordpolicy, 'warning');
638                         }
639                         set_user_preference('auth_forcepasswordchange', 1, $existinguser);
640                     } else {
641                         unset_user_preference('auth_forcepasswordchange', $existinguser);
642                     }
643                     unset_user_preference('create_password', $existinguser); // no need to create password any more
645                     // Use a low cost factor when generating bcrypt hash otherwise
646                     // hashing would be slow when uploading lots of users. Hashes
647                     // will be automatically updated to a higher cost factor the first
648                     // time the user logs in.
649                     $existinguser->password = hash_internal_user_password($user->password, true);
650                     $upt->track('password', $user->password, 'normal', false);
651                 } else {
652                     // do not print password when not changed
653                     $upt->track('password', '', 'normal', false);
654                 }
655             }
657             if ($doupdate or $existinguser->password !== $oldpw) {
658                 // We want only users that were really updated.
659                 user_update_user($existinguser, false);
661                 $upt->track('status', $struserupdated);
662                 $usersupdated++;
664                 if (!$remoteuser) {
665                     // pre-process custom profile menu fields data from csv file
666                     $existinguser = uu_pre_process_custom_profile_data($existinguser);
667                     // save custom profile fields data from csv file
668                     profile_save_data($existinguser);
669                 }
671                 if ($bulk == UU_BULK_UPDATED or $bulk == UU_BULK_ALL) {
672                     if (!in_array($user->id, $SESSION->bulk_users)) {
673                         $SESSION->bulk_users[] = $user->id;
674                     }
675                 }
677             } else {
678                 // no user information changed
679                 $upt->track('status', $struseruptodate);
680                 $usersuptodate++;
682                 if ($bulk == UU_BULK_ALL) {
683                     if (!in_array($user->id, $SESSION->bulk_users)) {
684                         $SESSION->bulk_users[] = $user->id;
685                     }
686                 }
687             }
689             if ($dologout) {
690                 \core\session\manager::kill_user_sessions($existinguser->id);
691             }
693         } else {
694             // save the new user to the database
695             $user->confirmed    = 1;
696             $user->timemodified = time();
697             $user->timecreated  = time();
698             $user->mnethostid   = $CFG->mnet_localhost_id; // we support ONLY local accounts here, sorry
700             if (!isset($user->suspended) or $user->suspended === '') {
701                 $user->suspended = 0;
702             } else {
703                 $user->suspended = $user->suspended ? 1 : 0;
704             }
705             $upt->track('suspended', $stryesnooptions[$user->suspended], 'normal', false);
707             if (empty($user->auth)) {
708                 $user->auth = 'manual';
709             }
710             $upt->track('auth', $user->auth, 'normal', false);
712             // do not insert record if new auth plugin does not exist!
713             try {
714                 $auth = get_auth_plugin($user->auth);
715             } catch (Exception $e) {
716                 $upt->track('auth', get_string('userautherror', 'error', s($user->auth)), 'error');
717                 $upt->track('status', $strusernotaddederror, 'error');
718                 $userserrors++;
719                 continue;
720             }
721             if (!isset($supportedauths[$user->auth])) {
722                 $upt->track('auth', $struserauthunsupported, 'warning');
723             }
725             $isinternalauth = $auth->is_internal();
727             if (empty($user->email)) {
728                 $upt->track('email', get_string('invalidemail'), 'error');
729                 $upt->track('status', $strusernotaddederror, 'error');
730                 $userserrors++;
731                 continue;
733             } else if ($DB->record_exists('user', array('email'=>$user->email))) {
734                 if ($noemailduplicates) {
735                     $upt->track('email', $stremailduplicate, 'error');
736                     $upt->track('status', $strusernotaddederror, 'error');
737                     $userserrors++;
738                     continue;
739                 } else {
740                     $upt->track('email', $stremailduplicate, 'warning');
741                 }
742             }
743             if (!validate_email($user->email)) {
744                 $upt->track('email', get_string('invalidemail'), 'warning');
745             }
747             if (empty($user->lang)) {
748                 $user->lang = '';
749             } else if (clean_param($user->lang, PARAM_LANG) === '') {
750                 $upt->track('status', get_string('cannotfindlang', 'error', $user->lang), 'warning');
751                 $user->lang = '';
752             }
754             $forcechangepassword = false;
756             if ($isinternalauth) {
757                 if (empty($user->password)) {
758                     if ($createpasswords) {
759                         $user->password = 'to be generated';
760                         $upt->track('password', '', 'normal', false);
761                         $upt->track('password', get_string('uupasswordcron', 'tool_uploaduser'), 'warning', false);
762                     } else {
763                         $upt->track('password', '', 'normal', false);
764                         $upt->track('password', get_string('missingfield', 'error', 'password'), 'error');
765                         $upt->track('status', $strusernotaddederror, 'error');
766                         $userserrors++;
767                         continue;
768                     }
769                 } else {
770                     $errmsg = null;
771                     $weak = !check_password_policy($user->password, $errmsg);
772                     if ($resetpasswords == UU_PWRESET_ALL or ($resetpasswords == UU_PWRESET_WEAK and $weak)) {
773                         if ($weak) {
774                             $weakpasswords++;
775                             $upt->track('password', $strinvalidpasswordpolicy, 'warning');
776                         }
777                         $forcechangepassword = true;
778                     }
779                     // Use a low cost factor when generating bcrypt hash otherwise
780                     // hashing would be slow when uploading lots of users. Hashes
781                     // will be automatically updated to a higher cost factor the first
782                     // time the user logs in.
783                     $user->password = hash_internal_user_password($user->password, true);
784                 }
785             } else {
786                 $user->password = AUTH_PASSWORD_NOT_CACHED;
787                 $upt->track('password', '-', 'normal', false);
788             }
790             $user->id = user_create_user($user, false);
791             $upt->track('username', html_writer::link(new moodle_url('/user/profile.php', array('id'=>$user->id)), s($user->username)), 'normal', false);
793             // pre-process custom profile menu fields data from csv file
794             $user = uu_pre_process_custom_profile_data($user);
795             // save custom profile fields data
796             profile_save_data($user);
798             if ($forcechangepassword) {
799                 set_user_preference('auth_forcepasswordchange', 1, $user);
800             }
801             if ($user->password === 'to be generated') {
802                 set_user_preference('create_password', 1, $user);
803             }
805             $upt->track('status', $struseradded);
806             $upt->track('id', $user->id, 'normal', false);
807             $usersnew++;
809             // make sure user context exists
810             context_user::instance($user->id);
812             if ($bulk == UU_BULK_NEW or $bulk == UU_BULK_ALL) {
813                 if (!in_array($user->id, $SESSION->bulk_users)) {
814                     $SESSION->bulk_users[] = $user->id;
815                 }
816             }
817         }
820         // add to cohort first, it might trigger enrolments indirectly - do NOT create cohorts here!
821         foreach ($filecolumns as $column) {
822             if (!preg_match('/^cohort\d+$/', $column)) {
823                 continue;
824             }
826             if (!empty($user->$column)) {
827                 $addcohort = $user->$column;
828                 if (!isset($cohorts[$addcohort])) {
829                     if (is_number($addcohort)) {
830                         // only non-numeric idnumbers!
831                         $cohort = $DB->get_record('cohort', array('id'=>$addcohort));
832                     } else {
833                         $cohort = $DB->get_record('cohort', array('idnumber'=>$addcohort));
834                     }
836                     if (empty($cohort)) {
837                         $cohorts[$addcohort] = get_string('unknowncohort', 'core_cohort', s($addcohort));
838                     } else if (!empty($cohort->component)) {
839                         // cohorts synchronised with external sources must not be modified!
840                         $cohorts[$addcohort] = get_string('external', 'core_cohort');
841                     } else {
842                         $cohorts[$addcohort] = $cohort;
843                     }
844                 }
846                 if (is_object($cohorts[$addcohort])) {
847                     $cohort = $cohorts[$addcohort];
848                     if (!$DB->record_exists('cohort_members', array('cohortid'=>$cohort->id, 'userid'=>$user->id))) {
849                         cohort_add_member($cohort->id, $user->id);
850                         // we might add special column later, for now let's abuse enrolments
851                         $upt->track('enrolments', get_string('useradded', 'core_cohort', s($cohort->name)));
852                     }
853                 } else {
854                     // error message
855                     $upt->track('enrolments', $cohorts[$addcohort], 'error');
856                 }
857             }
858         }
861         // find course enrolments, groups, roles/types and enrol periods
862         // this is again a special case, we always do this for any updated or created users
863         foreach ($filecolumns as $column) {
864             if (!preg_match('/^course\d+$/', $column)) {
865                 continue;
866             }
867             $i = substr($column, 6);
869             if (empty($user->{'course'.$i})) {
870                 continue;
871             }
872             $shortname = $user->{'course'.$i};
873             if (!array_key_exists($shortname, $ccache)) {
874                 if (!$course = $DB->get_record('course', array('shortname'=>$shortname), 'id, shortname')) {
875                     $upt->track('enrolments', get_string('unknowncourse', 'error', s($shortname)), 'error');
876                     continue;
877                 }
878                 $ccache[$shortname] = $course;
879                 $ccache[$shortname]->groups = null;
880             }
881             $courseid      = $ccache[$shortname]->id;
882             $coursecontext = context_course::instance($courseid);
883             if (!isset($manualcache[$courseid])) {
884                 $manualcache[$courseid] = false;
885                 if ($manual) {
886                     if ($instances = enrol_get_instances($courseid, false)) {
887                         foreach ($instances as $instance) {
888                             if ($instance->enrol === 'manual') {
889                                 $manualcache[$courseid] = $instance;
890                                 break;
891                             }
892                         }
893                     }
894                 }
895             }
897             if ($courseid == SITEID) {
898                 // Technically frontpage does not have enrolments, but only role assignments,
899                 // let's not invent new lang strings here for this rarely used feature.
901                 if (!empty($user->{'role'.$i})) {
902                     $addrole = $user->{'role'.$i};
903                     if (array_key_exists($addrole, $rolecache)) {
904                         $rid = $rolecache[$addrole]->id;
905                     } else {
906                         $upt->track('enrolments', get_string('unknownrole', 'error', s($addrole)), 'error');
907                         continue;
908                     }
910                     role_assign($rid, $user->id, context_course::instance($courseid));
912                     $a = new stdClass();
913                     $a->course = $shortname;
914                     $a->role   = $rolecache[$rid]->name;
915                     $upt->track('enrolments', get_string('enrolledincourserole', 'enrol_manual', $a));
916                 }
918             } else if ($manual and $manualcache[$courseid]) {
920                 // find role
921                 $rid = false;
922                 if (!empty($user->{'role'.$i})) {
923                     $addrole = $user->{'role'.$i};
924                     if (array_key_exists($addrole, $rolecache)) {
925                         $rid = $rolecache[$addrole]->id;
926                     } else {
927                         $upt->track('enrolments', get_string('unknownrole', 'error', s($addrole)), 'error');
928                         continue;
929                     }
931                 } else if (!empty($user->{'type'.$i})) {
932                     // if no role, then find "old" enrolment type
933                     $addtype = $user->{'type'.$i};
934                     if ($addtype < 1 or $addtype > 3) {
935                         $upt->track('enrolments', $strerror.': typeN = 1|2|3', 'error');
936                         continue;
937                     } else if (empty($formdata->{'uulegacy'.$addtype})) {
938                         continue;
939                     } else {
940                         $rid = $formdata->{'uulegacy'.$addtype};
941                     }
942                 } else {
943                     // no role specified, use the default from manual enrol plugin
944                     $rid = $manualcache[$courseid]->roleid;
945                 }
947                 if ($rid) {
948                     // Find duration and/or enrol status.
949                     $timeend = 0;
950                     $status = null;
952                     if (isset($user->{'enrolstatus'.$i})) {
953                         $enrolstatus = trim($user->{'enrolstatus'.$i});
954                         if ($enrolstatus == '') {
955                             $status = null;
956                         } else if ($enrolstatus === (string)ENROL_USER_ACTIVE) {
957                             $status = ENROL_USER_ACTIVE;
958                         } else if ($enrolstatus === (string)ENROL_USER_SUSPENDED) {
959                             $status = ENROL_USER_SUSPENDED;
960                         } else {
961                             debugging('Unknown enrolment status.');
962                         }
963                     }
965                     if (!empty($user->{'enrolperiod'.$i})) {
966                         $duration = (int)$user->{'enrolperiod'.$i} * 60*60*24; // convert days to seconds
967                         if ($duration > 0) { // sanity check
968                             $timeend = $today + $duration;
969                         }
970                     } else if ($manualcache[$courseid]->enrolperiod > 0) {
971                         $timeend = $today + $manualcache[$courseid]->enrolperiod;
972                     }
974                     $manual->enrol_user($manualcache[$courseid], $user->id, $rid, $today, $timeend, $status);
976                     $a = new stdClass();
977                     $a->course = $shortname;
978                     $a->role   = $rolecache[$rid]->name;
979                     $upt->track('enrolments', get_string('enrolledincourserole', 'enrol_manual', $a));
980                 }
981             }
983             // find group to add to
984             if (!empty($user->{'group'.$i})) {
985                 // make sure user is enrolled into course before adding into groups
986                 if (!is_enrolled($coursecontext, $user->id)) {
987                     $upt->track('enrolments', get_string('addedtogroupnotenrolled', '', $user->{'group'.$i}), 'error');
988                     continue;
989                 }
990                 //build group cache
991                 if (is_null($ccache[$shortname]->groups)) {
992                     $ccache[$shortname]->groups = array();
993                     if ($groups = groups_get_all_groups($courseid)) {
994                         foreach ($groups as $gid=>$group) {
995                             $ccache[$shortname]->groups[$gid] = new stdClass();
996                             $ccache[$shortname]->groups[$gid]->id   = $gid;
997                             $ccache[$shortname]->groups[$gid]->name = $group->name;
998                             if (!is_numeric($group->name)) { // only non-numeric names are supported!!!
999                                 $ccache[$shortname]->groups[$group->name] = new stdClass();
1000                                 $ccache[$shortname]->groups[$group->name]->id   = $gid;
1001                                 $ccache[$shortname]->groups[$group->name]->name = $group->name;
1002                             }
1003                         }
1004                     }
1005                 }
1006                 // group exists?
1007                 $addgroup = $user->{'group'.$i};
1008                 if (!array_key_exists($addgroup, $ccache[$shortname]->groups)) {
1009                     // if group doesn't exist,  create it
1010                     $newgroupdata = new stdClass();
1011                     $newgroupdata->name = $addgroup;
1012                     $newgroupdata->courseid = $ccache[$shortname]->id;
1013                     $newgroupdata->description = '';
1014                     $gid = groups_create_group($newgroupdata);
1015                     if ($gid){
1016                         $ccache[$shortname]->groups[$addgroup] = new stdClass();
1017                         $ccache[$shortname]->groups[$addgroup]->id   = $gid;
1018                         $ccache[$shortname]->groups[$addgroup]->name = $newgroupdata->name;
1019                     } else {
1020                         $upt->track('enrolments', get_string('unknowngroup', 'error', s($addgroup)), 'error');
1021                         continue;
1022                     }
1023                 }
1024                 $gid   = $ccache[$shortname]->groups[$addgroup]->id;
1025                 $gname = $ccache[$shortname]->groups[$addgroup]->name;
1027                 try {
1028                     if (groups_add_member($gid, $user->id)) {
1029                         $upt->track('enrolments', get_string('addedtogroup', '', s($gname)));
1030                     }  else {
1031                         $upt->track('enrolments', get_string('addedtogroupnot', '', s($gname)), 'error');
1032                     }
1033                 } catch (moodle_exception $e) {
1034                     $upt->track('enrolments', get_string('addedtogroupnot', '', s($gname)), 'error');
1035                     continue;
1036                 }
1037             }
1038         }
1039     }
1040     $upt->close(); // close table
1042     $cir->close();
1043     $cir->cleanup(true);
1045     echo $OUTPUT->box_start('boxwidthnarrow boxaligncenter generalbox', 'uploadresults');
1046     echo '<p>';
1047     if ($optype != UU_USER_UPDATE) {
1048         echo get_string('userscreated', 'tool_uploaduser').': '.$usersnew.'<br />';
1049     }
1050     if ($optype == UU_USER_UPDATE or $optype == UU_USER_ADD_UPDATE) {
1051         echo get_string('usersupdated', 'tool_uploaduser').': '.$usersupdated.'<br />';
1052     }
1053     if ($allowdeletes) {
1054         echo get_string('usersdeleted', 'tool_uploaduser').': '.$deletes.'<br />';
1055         echo get_string('deleteerrors', 'tool_uploaduser').': '.$deleteerrors.'<br />';
1056     }
1057     if ($allowrenames) {
1058         echo get_string('usersrenamed', 'tool_uploaduser').': '.$renames.'<br />';
1059         echo get_string('renameerrors', 'tool_uploaduser').': '.$renameerrors.'<br />';
1060     }
1061     if ($usersskipped) {
1062         echo get_string('usersskipped', 'tool_uploaduser').': '.$usersskipped.'<br />';
1063     }
1064     echo get_string('usersweakpassword', 'tool_uploaduser').': '.$weakpasswords.'<br />';
1065     echo get_string('errors', 'tool_uploaduser').': '.$userserrors.'</p>';
1066     echo $OUTPUT->box_end();
1068     if ($bulk) {
1069         echo $OUTPUT->continue_button($bulknurl);
1070     } else {
1071         echo $OUTPUT->continue_button($returnurl);
1072     }
1073     echo $OUTPUT->footer();
1074     die;
1077 // Print the header
1078 echo $OUTPUT->header();
1080 echo $OUTPUT->heading(get_string('uploaduserspreview', 'tool_uploaduser'));
1082 // NOTE: this is JUST csv processing preview, we must not prevent import from here if there is something in the file!!
1083 //       this was intended for validation of csv formatting and encoding, not filtering the data!!!!
1084 //       we definitely must not process the whole file!
1086 // preview table data
1087 $data = array();
1088 $cir->init();
1089 $linenum = 1; //column header is first line
1090 $noerror = true; // Keep status of any error.
1091 while ($linenum <= $previewrows and $fields = $cir->next()) {
1092     $linenum++;
1093     $rowcols = array();
1094     $rowcols['line'] = $linenum;
1095     foreach($fields as $key => $field) {
1096         $rowcols[$filecolumns[$key]] = s($field);
1097     }
1098     $rowcols['status'] = array();
1100     if (isset($rowcols['username'])) {
1101         $stdusername = clean_param($rowcols['username'], PARAM_USERNAME);
1102         if ($rowcols['username'] !== $stdusername) {
1103             $rowcols['status'][] = get_string('invalidusernameupload');
1104         }
1105         if ($userid = $DB->get_field('user', 'id', array('username'=>$stdusername, 'mnethostid'=>$CFG->mnet_localhost_id))) {
1106             $rowcols['username'] = html_writer::link(new moodle_url('/user/profile.php', array('id'=>$userid)), $rowcols['username']);
1107         }
1108     } else {
1109         $rowcols['status'][] = get_string('missingusername');
1110     }
1112     if (isset($rowcols['email'])) {
1113         if (!validate_email($rowcols['email'])) {
1114             $rowcols['status'][] = get_string('invalidemail');
1115         }
1116         if ($DB->record_exists('user', array('email'=>$rowcols['email']))) {
1117             $rowcols['status'][] = $stremailduplicate;
1118         }
1119     }
1121     if (isset($rowcols['city'])) {
1122         $rowcols['city'] = trim($rowcols['city']);
1123     }
1124     // Check if rowcols have custom profile field with correct data and update error state.
1125     $noerror = uu_check_custom_profile_data($rowcols) && $noerror;
1126     $rowcols['status'] = implode('<br />', $rowcols['status']);
1127     $data[] = $rowcols;
1129 if ($fields = $cir->next()) {
1130     $data[] = array_fill(0, count($fields) + 2, '...');
1132 $cir->close();
1134 $table = new html_table();
1135 $table->id = "uupreview";
1136 $table->attributes['class'] = 'generaltable';
1137 $table->tablealign = 'center';
1138 $table->summary = get_string('uploaduserspreview', 'tool_uploaduser');
1139 $table->head = array();
1140 $table->data = $data;
1142 $table->head[] = get_string('uucsvline', 'tool_uploaduser');
1143 foreach ($filecolumns as $column) {
1144     $table->head[] = $column;
1146 $table->head[] = get_string('status');
1148 echo html_writer::tag('div', html_writer::table($table), array('class'=>'flexible-wrap'));
1150 // Print the form if valid values are available
1151 if ($noerror) {
1152     $mform2->display();
1154 echo $OUTPUT->footer();
1155 die;