Merge branch 'wip-mdl-41744' of https://github.com/rajeshtaneja/moodle
[moodle.git] / admin / tool / uploaduser / index.php
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
17 /**
18  * Bulk user registration script from a comma separated file
19  *
20  * @package    tool
21  * @subpackage uploaduser
22  * @copyright  2004 onwards Martin Dougiamas (http://dougiamas.com)
23  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
24  */
26 require('../../../config.php');
27 require_once($CFG->libdir.'/adminlib.php');
28 require_once($CFG->libdir.'/csvlib.class.php');
29 require_once($CFG->dirroot.'/user/profile/lib.php');
30 require_once($CFG->dirroot.'/user/lib.php');
31 require_once($CFG->dirroot.'/group/lib.php');
32 require_once($CFG->dirroot.'/cohort/lib.php');
33 require_once('locallib.php');
34 require_once('user_form.php');
36 $iid         = optional_param('iid', '', PARAM_INT);
37 $previewrows = optional_param('previewrows', 10, PARAM_INT);
39 @set_time_limit(60*60); // 1 hour should be enough
40 raise_memory_limit(MEMORY_HUGE);
42 require_login();
43 admin_externalpage_setup('tooluploaduser');
44 require_capability('moodle/site:uploadusers', context_system::instance());
46 $struserrenamed             = get_string('userrenamed', 'tool_uploaduser');
47 $strusernotrenamedexists    = get_string('usernotrenamedexists', 'error');
48 $strusernotrenamedmissing   = get_string('usernotrenamedmissing', 'error');
49 $strusernotrenamedoff       = get_string('usernotrenamedoff', 'error');
50 $strusernotrenamedadmin     = get_string('usernotrenamedadmin', 'error');
52 $struserupdated             = get_string('useraccountupdated', 'tool_uploaduser');
53 $strusernotupdated          = get_string('usernotupdatederror', 'error');
54 $strusernotupdatednotexists = get_string('usernotupdatednotexists', 'error');
55 $strusernotupdatedadmin     = get_string('usernotupdatedadmin', 'error');
57 $struseruptodate            = get_string('useraccountuptodate', 'tool_uploaduser');
59 $struseradded               = get_string('newuser');
60 $strusernotadded            = get_string('usernotaddedregistered', 'error');
61 $strusernotaddederror       = get_string('usernotaddederror', 'error');
63 $struserdeleted             = get_string('userdeleted', 'tool_uploaduser');
64 $strusernotdeletederror     = get_string('usernotdeletederror', 'error');
65 $strusernotdeletedmissing   = get_string('usernotdeletedmissing', 'error');
66 $strusernotdeletedoff       = get_string('usernotdeletedoff', 'error');
67 $strusernotdeletedadmin     = get_string('usernotdeletedadmin', 'error');
69 $strcannotassignrole        = get_string('cannotassignrole', 'error');
71 $struserauthunsupported     = get_string('userauthunsupported', 'error');
72 $stremailduplicate          = get_string('useremailduplicate', 'error');
74 $strinvalidpasswordpolicy   = get_string('invalidpasswordpolicy', 'error');
75 $errorstr                   = get_string('error');
77 $stryes                     = get_string('yes');
78 $strno                      = get_string('no');
79 $stryesnooptions = array(0=>$strno, 1=>$stryes);
81 $returnurl = new moodle_url('/admin/tool/uploaduser/index.php');
82 $bulknurl  = new moodle_url('/admin/user/user_bulk.php');
84 $today = time();
85 $today = make_timestamp(date('Y', $today), date('m', $today), date('d', $today), 0, 0, 0);
87 // array of all valid fields for validation
88 $STD_FIELDS = array('id', 'firstname', 'lastname', 'username', 'email',
89         'city', 'country', 'lang', 'timezone', 'mailformat',
90         'maildisplay', 'maildigest', 'htmleditor', 'autosubscribe',
91         'institution', 'department', 'idnumber', 'skype',
92         'msn', 'aim', 'yahoo', 'icq', 'phone1', 'phone2', 'address',
93         'url', 'description', 'descriptionformat', 'password',
94         'auth',        // watch out when changing auth type or using external auth plugins!
95         'oldusername', // use when renaming users - this is the original username
96         'suspended',   // 1 means suspend user account, 0 means activate user account, nothing means keep as is for existing users
97         'deleted',     // 1 means delete user
98         'mnethostid',  // Can not be used for adding, updating or deleting of users - only for enrolments, groups, cohorts and suspending.
99     );
101 $PRF_FIELDS = array();
103 if ($proffields = $DB->get_records('user_info_field')) {
104     foreach ($proffields as $key => $proffield) {
105         $profilefieldname = 'profile_field_'.$proffield->shortname;
106         $PRF_FIELDS[] = $profilefieldname;
107         // Re-index $proffields with key as shortname. This will be
108         // used while checking if profile data is key and needs to be converted (eg. menu profile field)
109         $proffields[$profilefieldname] = $proffield;
110         unset($proffields[$key]);
111     }
114 if (empty($iid)) {
115     $mform1 = new admin_uploaduser_form1();
117     if ($formdata = $mform1->get_data()) {
118         $iid = csv_import_reader::get_new_iid('uploaduser');
119         $cir = new csv_import_reader($iid, 'uploaduser');
121         $content = $mform1->get_file_content('userfile');
123         $readcount = $cir->load_csv_content($content, $formdata->encoding, $formdata->delimiter_name);
124         unset($content);
126         if ($readcount === false) {
127             print_error('csvloaderror', '', $returnurl);
128         } else if ($readcount == 0) {
129             print_error('csvemptyfile', 'error', $returnurl);
130         }
131         // test if columns ok
132         $filecolumns = uu_validate_user_upload_columns($cir, $STD_FIELDS, $PRF_FIELDS, $returnurl);
133         // continue to form2
135     } else {
136         echo $OUTPUT->header();
138         echo $OUTPUT->heading_with_help(get_string('uploadusers', 'tool_uploaduser'), 'uploadusers', 'tool_uploaduser');
140         $mform1->display();
141         echo $OUTPUT->footer();
142         die;
143     }
144 } else {
145     $cir = new csv_import_reader($iid, 'uploaduser');
146     $filecolumns = uu_validate_user_upload_columns($cir, $STD_FIELDS, $PRF_FIELDS, $returnurl);
149 $mform2 = new admin_uploaduser_form2(null, array('columns'=>$filecolumns, 'data'=>array('iid'=>$iid, 'previewrows'=>$previewrows)));
151 // If a file has been uploaded, then process it
152 if ($formdata = $mform2->is_cancelled()) {
153     $cir->cleanup(true);
154     redirect($returnurl);
156 } else if ($formdata = $mform2->get_data()) {
157     // Print the header
158     echo $OUTPUT->header();
159     echo $OUTPUT->heading(get_string('uploadusersresult', 'tool_uploaduser'));
161     $optype = $formdata->uutype;
163     $updatetype        = isset($formdata->uuupdatetype) ? $formdata->uuupdatetype : 0;
164     $createpasswords   = (!empty($formdata->uupasswordnew) and $optype != UU_USER_UPDATE);
165     $updatepasswords   = (!empty($formdata->uupasswordold)  and $optype != UU_USER_ADDNEW and $optype != UU_USER_ADDINC and ($updatetype == UU_UPDATE_FILEOVERRIDE or $updatetype == UU_UPDATE_ALLOVERRIDE));
166     $allowrenames      = (!empty($formdata->uuallowrenames) and $optype != UU_USER_ADDNEW and $optype != UU_USER_ADDINC);
167     $allowdeletes      = (!empty($formdata->uuallowdeletes) and $optype != UU_USER_ADDNEW and $optype != UU_USER_ADDINC);
168     $allowsuspends     = (!empty($formdata->uuallowsuspends));
169     $bulk              = $formdata->uubulk;
170     $noemailduplicates = $formdata->uunoemailduplicates;
171     $standardusernames = $formdata->uustandardusernames;
172     $resetpasswords    = isset($formdata->uuforcepasswordchange) ? $formdata->uuforcepasswordchange : UU_PWRESET_NONE;
174     // verification moved to two places: after upload and into form2
175     $usersnew      = 0;
176     $usersupdated  = 0;
177     $usersuptodate = 0; //not printed yet anywhere
178     $userserrors   = 0;
179     $deletes       = 0;
180     $deleteerrors  = 0;
181     $renames       = 0;
182     $renameerrors  = 0;
183     $usersskipped  = 0;
184     $weakpasswords = 0;
186     // caches
187     $ccache         = array(); // course cache - do not fetch all courses here, we  will not probably use them all anyway!
188     $cohorts        = array();
189     $rolecache      = uu_allowed_roles_cache(); // roles lookup cache
190     $manualcache    = array(); // cache of used manual enrol plugins in each course
191     $supportedauths = uu_supported_auths(); // officially supported plugins that are enabled
193     // we use only manual enrol plugin here, if it is disabled no enrol is done
194     if (enrol_is_enabled('manual')) {
195         $manual = enrol_get_plugin('manual');
196     } else {
197         $manual = NULL;
198     }
200     // clear bulk selection
201     if ($bulk) {
202         $SESSION->bulk_users = array();
203     }
205     // init csv import helper
206     $cir->init();
207     $linenum = 1; //column header is first line
209     // init upload progress tracker
210     $upt = new uu_progress_tracker();
211     $upt->start(); // start table
213     while ($line = $cir->next()) {
214         $upt->flush();
215         $linenum++;
217         $upt->track('line', $linenum);
219         $user = new stdClass();
221         // add fields to user object
222         foreach ($line as $keynum => $value) {
223             if (!isset($filecolumns[$keynum])) {
224                 // this should not happen
225                 continue;
226             }
227             $key = $filecolumns[$keynum];
228             if (strpos($key, 'profile_field_') === 0) {
229                 //NOTE: bloody mega hack alert!!
230                 if (isset($USER->$key) and is_array($USER->$key)) {
231                     // this must be some hacky field that is abusing arrays to store content and format
232                     $user->$key = array();
233                     $user->$key['text']   = $value;
234                     $user->$key['format'] = FORMAT_MOODLE;
235                 } else {
236                     $user->$key = $value;
237                 }
238             } else {
239                 $user->$key = $value;
240             }
242             if (in_array($key, $upt->columns)) {
243                 // default value in progress tracking table, can be changed later
244                 $upt->track($key, s($value), 'normal');
245             }
246         }
247         if (!isset($user->username)) {
248             // prevent warnings below
249             $user->username = '';
250         }
252         if ($optype == UU_USER_ADDNEW or $optype == UU_USER_ADDINC) {
253             // user creation is a special case - the username may be constructed from templates using firstname and lastname
254             // better never try this in mixed update types
255             $error = false;
256             if (!isset($user->firstname) or $user->firstname === '') {
257                 $upt->track('status', get_string('missingfield', 'error', 'firstname'), 'error');
258                 $upt->track('firstname', $errorstr, 'error');
259                 $error = true;
260             }
261             if (!isset($user->lastname) or $user->lastname === '') {
262                 $upt->track('status', get_string('missingfield', 'error', 'lastname'), 'error');
263                 $upt->track('lastname', $errorstr, 'error');
264                 $error = true;
265             }
266             if ($error) {
267                 $userserrors++;
268                 continue;
269             }
270             // we require username too - we might use template for it though
271             if (empty($user->username) and !empty($formdata->username)) {
272                 $user->username = uu_process_template($formdata->username, $user);
273                 $upt->track('username', s($user->username));
274             }
275         }
277         // normalize username
278         $originalusername = $user->username;
279         if ($standardusernames) {
280             $user->username = clean_param($user->username, PARAM_USERNAME);
281         }
283         // make sure we really have username
284         if (empty($user->username)) {
285             $upt->track('status', get_string('missingfield', 'error', 'username'), 'error');
286             $upt->track('username', $errorstr, 'error');
287             $userserrors++;
288             continue;
289         } else if ($user->username === 'guest') {
290             $upt->track('status', get_string('guestnoeditprofileother', 'error'), 'error');
291             $userserrors++;
292             continue;
293         }
295         if ($user->username !== clean_param($user->username, PARAM_USERNAME)) {
296             $upt->track('status', get_string('invalidusername', 'error', 'username'), 'error');
297             $upt->track('username', $errorstr, 'error');
298             $userserrors++;
299         }
301         if (empty($user->mnethostid)) {
302             $user->mnethostid = $CFG->mnet_localhost_id;
303         }
305         if ($existinguser = $DB->get_record('user', array('username'=>$user->username, 'mnethostid'=>$user->mnethostid))) {
306             $upt->track('id', $existinguser->id, 'normal', false);
307         }
309         if ($user->mnethostid == $CFG->mnet_localhost_id) {
310             $remoteuser = false;
312             // Find out if username incrementing required.
313             if ($existinguser and $optype == UU_USER_ADDINC) {
314                 $user->username = uu_increment_username($user->username);
315                 $existinguser = false;
316             }
318         } else {
319             if (!$existinguser or $optype == UU_USER_ADDINC) {
320                 $upt->track('status', get_string('errormnetadd', 'tool_uploaduser'), 'error');
321                 $userserrors++;
322                 continue;
323             }
325             $remoteuser = true;
327             // Make sure there are no changes of existing fields except the suspended status.
328             foreach ((array)$existinguser as $k => $v) {
329                 if ($k === 'suspended') {
330                     continue;
331                 }
332                 if (property_exists($user, $k)) {
333                     $user->$k = $v;
334                 }
335                 if (in_array($k, $upt->columns)) {
336                     if ($k === 'password' or $k === 'oldusername' or $k === 'deleted') {
337                         $upt->track($k, '', 'normal', false);
338                     } else {
339                         $upt->track($k, s($v), 'normal', false);
340                     }
341                 }
342             }
343             unset($user->oldusername);
344             unset($user->password);
345             $user->auth = $existinguser->auth;
346         }
348         // notify about nay username changes
349         if ($originalusername !== $user->username) {
350             $upt->track('username', '', 'normal', false); // clear previous
351             $upt->track('username', s($originalusername).'-->'.s($user->username), 'info');
352         } else {
353             $upt->track('username', s($user->username), 'normal', false);
354         }
356         // add default values for remaining fields
357         $formdefaults = array();
358         foreach ($STD_FIELDS as $field) {
359             if (isset($user->$field)) {
360                 continue;
361             }
362             // all validation moved to form2
363             if (isset($formdata->$field)) {
364                 // process templates
365                 $user->$field = uu_process_template($formdata->$field, $user);
366                 $formdefaults[$field] = true;
367                 if (in_array($field, $upt->columns)) {
368                     $upt->track($field, s($user->$field), 'normal');
369                 }
370             }
371         }
372         foreach ($PRF_FIELDS as $field) {
373             if (isset($user->$field)) {
374                 continue;
375             }
376             if (isset($formdata->$field)) {
377                 // process templates
378                 $user->$field = uu_process_template($formdata->$field, $user);
380                 // Form contains key and later code expects value.
381                 // Convert key to value for required profile fields.
382                 require_once($CFG->dirroot.'/user/profile/field/'.$proffields[$field]->datatype.'/field.class.php');
383                 $profilefieldclass = 'profile_field_'.$proffields[$field]->datatype;
384                 $profilefield = new $profilefieldclass($proffields[$field]->id);
385                 if (method_exists($profilefield, 'convert_external_data')) {
386                     $user->$field = $profilefield->edit_save_data_preprocess($user->$field, null);
387                 }
389                 $formdefaults[$field] = true;
390             }
391         }
393         // delete user
394         if (!empty($user->deleted)) {
395             if (!$allowdeletes or $remoteuser) {
396                 $usersskipped++;
397                 $upt->track('status', $strusernotdeletedoff, 'warning');
398                 continue;
399             }
400             if ($existinguser) {
401                 if (is_siteadmin($existinguser->id)) {
402                     $upt->track('status', $strusernotdeletedadmin, 'error');
403                     $deleteerrors++;
404                     continue;
405                 }
406                 if (delete_user($existinguser)) {
407                     $upt->track('status', $struserdeleted);
408                     $deletes++;
409                 } else {
410                     $upt->track('status', $strusernotdeletederror, 'error');
411                     $deleteerrors++;
412                 }
413             } else {
414                 $upt->track('status', $strusernotdeletedmissing, 'error');
415                 $deleteerrors++;
416             }
417             continue;
418         }
419         // we do not need the deleted flag anymore
420         unset($user->deleted);
422         // renaming requested?
423         if (!empty($user->oldusername) ) {
424             if (!$allowrenames) {
425                 $usersskipped++;
426                 $upt->track('status', $strusernotrenamedoff, 'warning');
427                 continue;
428             }
430             if ($existinguser) {
431                 $upt->track('status', $strusernotrenamedexists, 'error');
432                 $renameerrors++;
433                 continue;
434             }
436             if ($user->username === 'guest') {
437                 $upt->track('status', get_string('guestnoeditprofileother', 'error'), 'error');
438                 $renameerrors++;
439                 continue;
440             }
442             if ($standardusernames) {
443                 $oldusername = clean_param($user->oldusername, PARAM_USERNAME);
444             } else {
445                 $oldusername = $user->oldusername;
446             }
448             // no guessing when looking for old username, it must be exact match
449             if ($olduser = $DB->get_record('user', array('username'=>$oldusername, 'mnethostid'=>$CFG->mnet_localhost_id))) {
450                 $upt->track('id', $olduser->id, 'normal', false);
451                 if (is_siteadmin($olduser->id)) {
452                     $upt->track('status', $strusernotrenamedadmin, 'error');
453                     $renameerrors++;
454                     continue;
455                 }
456                 $DB->set_field('user', 'username', $user->username, array('id'=>$olduser->id));
457                 $upt->track('username', '', 'normal', false); // clear previous
458                 $upt->track('username', s($oldusername).'-->'.s($user->username), 'info');
459                 $upt->track('status', $struserrenamed);
460                 $renames++;
461             } else {
462                 $upt->track('status', $strusernotrenamedmissing, 'error');
463                 $renameerrors++;
464                 continue;
465             }
466             $existinguser = $olduser;
467             $existinguser->username = $user->username;
468         }
470         // can we process with update or insert?
471         $skip = false;
472         switch ($optype) {
473             case UU_USER_ADDNEW:
474                 if ($existinguser) {
475                     $usersskipped++;
476                     $upt->track('status', $strusernotadded, 'warning');
477                     $skip = true;
478                 }
479                 break;
481             case UU_USER_ADDINC:
482                 if ($existinguser) {
483                     //this should not happen!
484                     $upt->track('status', $strusernotaddederror, 'error');
485                     $userserrors++;
486                     $skip = true;
487                 }
488                 break;
490             case UU_USER_ADD_UPDATE:
491                 break;
493             case UU_USER_UPDATE:
494                 if (!$existinguser) {
495                     $usersskipped++;
496                     $upt->track('status', $strusernotupdatednotexists, 'warning');
497                     $skip = true;
498                 }
499                 break;
501             default:
502                 // unknown type
503                 $skip = true;
504         }
506         if ($skip) {
507             continue;
508         }
510         if ($existinguser) {
511             $user->id = $existinguser->id;
513             $upt->track('username', html_writer::link(new moodle_url('/user/profile.php', array('id'=>$existinguser->id)), s($existinguser->username)), 'normal', false);
514             $upt->track('suspended', $stryesnooptions[$existinguser->suspended] , 'normal', false);
515             $upt->track('auth', $existinguser->auth, 'normal', false);
517             if (is_siteadmin($user->id)) {
518                 $upt->track('status', $strusernotupdatedadmin, 'error');
519                 $userserrors++;
520                 continue;
521             }
523             $existinguser->timemodified = time();
524             // do NOT mess with timecreated or firstaccess here!
526             //load existing profile data
527             profile_load_data($existinguser);
529             $doupdate = false;
530             $dologout = false;
532             if ($updatetype != UU_UPDATE_NOCHANGES and !$remoteuser) {
533                 if (!empty($user->auth) and $user->auth !== $existinguser->auth) {
534                     $upt->track('auth', s($existinguser->auth).'-->'.s($user->auth), 'info', false);
535                     $existinguser->auth = $user->auth;
536                     if (!isset($supportedauths[$user->auth])) {
537                         $upt->track('auth', $struserauthunsupported, 'warning');
538                     }
539                     $doupdate = true;
540                     if ($existinguser->auth === 'nologin') {
541                         $dologout = true;
542                     }
543                 }
544                 $allcolumns = array_merge($STD_FIELDS, $PRF_FIELDS);
545                 foreach ($allcolumns as $column) {
546                     if ($column === 'username' or $column === 'password' or $column === 'auth' or $column === 'suspended') {
547                         // these can not be changed here
548                         continue;
549                     }
550                     if (!property_exists($user, $column) or !property_exists($existinguser, $column)) {
551                         // this should never happen
552                         debugging("Could not find $column on the user objects", DEBUG_DEVELOPER);
553                         continue;
554                     }
555                     if ($updatetype == UU_UPDATE_MISSING) {
556                         if (!is_null($existinguser->$column) and $existinguser->$column !== '') {
557                             continue;
558                         }
559                     } else if ($updatetype == UU_UPDATE_ALLOVERRIDE) {
560                         // we override everything
562                     } else if ($updatetype == UU_UPDATE_FILEOVERRIDE) {
563                         if (!empty($formdefaults[$column])) {
564                             // do not override with form defaults
565                             continue;
566                         }
567                     }
568                     if ($existinguser->$column !== $user->$column) {
569                         if ($column === 'email') {
570                             if ($DB->record_exists('user', array('email'=>$user->email))) {
571                                 if ($noemailduplicates) {
572                                     $upt->track('email', $stremailduplicate, 'error');
573                                     $upt->track('status', $strusernotupdated, 'error');
574                                     $userserrors++;
575                                     continue 2;
576                                 } else {
577                                     $upt->track('email', $stremailduplicate, 'warning');
578                                 }
579                             }
580                             if (!validate_email($user->email)) {
581                                 $upt->track('email', get_string('invalidemail'), 'warning');
582                             }
583                         }
585                         if ($column === 'lang') {
586                             if (empty($user->lang)) {
587                                 // Do not change to not-set value.
588                                 continue;
589                             } else if (clean_param($user->lang, PARAM_LANG) === '') {
590                                 $upt->track('status', get_string('cannotfindlang', 'error', $user->lang), 'warning');
591                                 continue;
592                             }
593                         }
595                         if (in_array($column, $upt->columns)) {
596                             $upt->track($column, s($existinguser->$column).'-->'.s($user->$column), 'info', false);
597                         }
598                         $existinguser->$column = $user->$column;
599                         $doupdate = true;
600                     }
601                 }
602             }
604             try {
605                 $auth = get_auth_plugin($existinguser->auth);
606             } catch (Exception $e) {
607                 $upt->track('auth', get_string('userautherror', 'error', s($existinguser->auth)), 'error');
608                 $upt->track('status', $strusernotupdated, 'error');
609                 $userserrors++;
610                 continue;
611             }
612             $isinternalauth = $auth->is_internal();
614             // deal with suspending and activating of accounts
615             if ($allowsuspends and isset($user->suspended) and $user->suspended !== '') {
616                 $user->suspended = $user->suspended ? 1 : 0;
617                 if ($existinguser->suspended != $user->suspended) {
618                     $upt->track('suspended', '', 'normal', false);
619                     $upt->track('suspended', $stryesnooptions[$existinguser->suspended].'-->'.$stryesnooptions[$user->suspended], 'info', false);
620                     $existinguser->suspended = $user->suspended;
621                     $doupdate = true;
622                     if ($existinguser->suspended) {
623                         $dologout = true;
624                     }
625                 }
626             }
628             // changing of passwords is a special case
629             // do not force password changes for external auth plugins!
630             $oldpw = $existinguser->password;
632             if ($remoteuser) {
633                 // Do not mess with passwords of remote users.
635             } else if (!$isinternalauth) {
636                 $existinguser->password = AUTH_PASSWORD_NOT_CACHED;
637                 $upt->track('password', '-', 'normal', false);
638                 // clean up prefs
639                 unset_user_preference('create_password', $existinguser);
640                 unset_user_preference('auth_forcepasswordchange', $existinguser);
642             } else if (!empty($user->password)) {
643                 if ($updatepasswords) {
644                     // Check for passwords that we want to force users to reset next
645                     // time they log in.
646                     $errmsg = null;
647                     $weak = !check_password_policy($user->password, $errmsg);
648                     if ($resetpasswords == UU_PWRESET_ALL or ($resetpasswords == UU_PWRESET_WEAK and $weak)) {
649                         if ($weak) {
650                             $weakpasswords++;
651                             $upt->track('password', $strinvalidpasswordpolicy, 'warning');
652                         }
653                         set_user_preference('auth_forcepasswordchange', 1, $existinguser);
654                     } else {
655                         unset_user_preference('auth_forcepasswordchange', $existinguser);
656                     }
657                     unset_user_preference('create_password', $existinguser); // no need to create password any more
659                     // Use a low cost factor when generating bcrypt hash otherwise
660                     // hashing would be slow when uploading lots of users. Hashes
661                     // will be automatically updated to a higher cost factor the first
662                     // time the user logs in.
663                     $existinguser->password = hash_internal_user_password($user->password, true);
664                     $upt->track('password', $user->password, 'normal', false);
665                 } else {
666                     // do not print password when not changed
667                     $upt->track('password', '', 'normal', false);
668                 }
669             }
671             if ($doupdate or $existinguser->password !== $oldpw) {
672                 // We want only users that were really updated.
673                 user_update_user($existinguser, false);
675                 $upt->track('status', $struserupdated);
676                 $usersupdated++;
678                 if (!$remoteuser) {
679                     // pre-process custom profile menu fields data from csv file
680                     $existinguser = uu_pre_process_custom_profile_data($existinguser);
681                     // save custom profile fields data from csv file
682                     profile_save_data($existinguser);
683                 }
685                 if ($bulk == UU_BULK_UPDATED or $bulk == UU_BULK_ALL) {
686                     if (!in_array($user->id, $SESSION->bulk_users)) {
687                         $SESSION->bulk_users[] = $user->id;
688                     }
689                 }
691             } else {
692                 // no user information changed
693                 $upt->track('status', $struseruptodate);
694                 $usersuptodate++;
696                 if ($bulk == UU_BULK_ALL) {
697                     if (!in_array($user->id, $SESSION->bulk_users)) {
698                         $SESSION->bulk_users[] = $user->id;
699                     }
700                 }
701             }
703             if ($dologout) {
704                 \core\session\manager::kill_user_sessions($existinguser->id);
705             }
707         } else {
708             // save the new user to the database
709             $user->confirmed    = 1;
710             $user->timemodified = time();
711             $user->timecreated  = time();
712             $user->mnethostid   = $CFG->mnet_localhost_id; // we support ONLY local accounts here, sorry
714             if (!isset($user->suspended) or $user->suspended === '') {
715                 $user->suspended = 0;
716             } else {
717                 $user->suspended = $user->suspended ? 1 : 0;
718             }
719             $upt->track('suspended', $stryesnooptions[$user->suspended], 'normal', false);
721             if (empty($user->auth)) {
722                 $user->auth = 'manual';
723             }
724             $upt->track('auth', $user->auth, 'normal', false);
726             // do not insert record if new auth plugin does not exist!
727             try {
728                 $auth = get_auth_plugin($user->auth);
729             } catch (Exception $e) {
730                 $upt->track('auth', get_string('userautherror', 'error', s($user->auth)), 'error');
731                 $upt->track('status', $strusernotaddederror, 'error');
732                 $userserrors++;
733                 continue;
734             }
735             if (!isset($supportedauths[$user->auth])) {
736                 $upt->track('auth', $struserauthunsupported, 'warning');
737             }
739             $isinternalauth = $auth->is_internal();
741             if (empty($user->email)) {
742                 $upt->track('email', get_string('invalidemail'), 'error');
743                 $upt->track('status', $strusernotaddederror, 'error');
744                 $userserrors++;
745                 continue;
747             } else if ($DB->record_exists('user', array('email'=>$user->email))) {
748                 if ($noemailduplicates) {
749                     $upt->track('email', $stremailduplicate, 'error');
750                     $upt->track('status', $strusernotaddederror, 'error');
751                     $userserrors++;
752                     continue;
753                 } else {
754                     $upt->track('email', $stremailduplicate, 'warning');
755                 }
756             }
757             if (!validate_email($user->email)) {
758                 $upt->track('email', get_string('invalidemail'), 'warning');
759             }
761             if (empty($user->lang)) {
762                 $user->lang = '';
763             } else if (clean_param($user->lang, PARAM_LANG) === '') {
764                 $upt->track('status', get_string('cannotfindlang', 'error', $user->lang), 'warning');
765                 $user->lang = '';
766             }
768             $forcechangepassword = false;
770             if ($isinternalauth) {
771                 if (empty($user->password)) {
772                     if ($createpasswords) {
773                         $user->password = 'to be generated';
774                         $upt->track('password', '', 'normal', false);
775                         $upt->track('password', get_string('uupasswordcron', 'tool_uploaduser'), 'warning', false);
776                     } else {
777                         $upt->track('password', '', 'normal', false);
778                         $upt->track('password', get_string('missingfield', 'error', 'password'), 'error');
779                         $upt->track('status', $strusernotaddederror, 'error');
780                         $userserrors++;
781                         continue;
782                     }
783                 } else {
784                     $errmsg = null;
785                     $weak = !check_password_policy($user->password, $errmsg);
786                     if ($resetpasswords == UU_PWRESET_ALL or ($resetpasswords == UU_PWRESET_WEAK and $weak)) {
787                         if ($weak) {
788                             $weakpasswords++;
789                             $upt->track('password', $strinvalidpasswordpolicy, 'warning');
790                         }
791                         $forcechangepassword = true;
792                     }
793                     // Use a low cost factor when generating bcrypt hash otherwise
794                     // hashing would be slow when uploading lots of users. Hashes
795                     // will be automatically updated to a higher cost factor the first
796                     // time the user logs in.
797                     $user->password = hash_internal_user_password($user->password, true);
798                 }
799             } else {
800                 $user->password = AUTH_PASSWORD_NOT_CACHED;
801                 $upt->track('password', '-', 'normal', false);
802             }
804             $user->id = user_create_user($user, false);
805             $upt->track('username', html_writer::link(new moodle_url('/user/profile.php', array('id'=>$user->id)), s($user->username)), 'normal', false);
807             // pre-process custom profile menu fields data from csv file
808             $user = uu_pre_process_custom_profile_data($user);
809             // save custom profile fields data
810             profile_save_data($user);
812             if ($forcechangepassword) {
813                 set_user_preference('auth_forcepasswordchange', 1, $user);
814             }
815             if ($user->password === 'to be generated') {
816                 set_user_preference('create_password', 1, $user);
817             }
819             $upt->track('status', $struseradded);
820             $upt->track('id', $user->id, 'normal', false);
821             $usersnew++;
823             // make sure user context exists
824             context_user::instance($user->id);
826             if ($bulk == UU_BULK_NEW or $bulk == UU_BULK_ALL) {
827                 if (!in_array($user->id, $SESSION->bulk_users)) {
828                     $SESSION->bulk_users[] = $user->id;
829                 }
830             }
831         }
834         // add to cohort first, it might trigger enrolments indirectly - do NOT create cohorts here!
835         foreach ($filecolumns as $column) {
836             if (!preg_match('/^cohort\d+$/', $column)) {
837                 continue;
838             }
840             if (!empty($user->$column)) {
841                 $addcohort = $user->$column;
842                 if (!isset($cohorts[$addcohort])) {
843                     if (is_number($addcohort)) {
844                         // only non-numeric idnumbers!
845                         $cohort = $DB->get_record('cohort', array('id'=>$addcohort));
846                     } else {
847                         $cohort = $DB->get_record('cohort', array('idnumber'=>$addcohort));
848                     }
850                     if (empty($cohort)) {
851                         $cohorts[$addcohort] = get_string('unknowncohort', 'core_cohort', s($addcohort));
852                     } else if (!empty($cohort->component)) {
853                         // cohorts synchronised with external sources must not be modified!
854                         $cohorts[$addcohort] = get_string('external', 'core_cohort');
855                     } else {
856                         $cohorts[$addcohort] = $cohort;
857                     }
858                 }
860                 if (is_object($cohorts[$addcohort])) {
861                     $cohort = $cohorts[$addcohort];
862                     if (!$DB->record_exists('cohort_members', array('cohortid'=>$cohort->id, 'userid'=>$user->id))) {
863                         cohort_add_member($cohort->id, $user->id);
864                         // we might add special column later, for now let's abuse enrolments
865                         $upt->track('enrolments', get_string('useradded', 'core_cohort', s($cohort->name)));
866                     }
867                 } else {
868                     // error message
869                     $upt->track('enrolments', $cohorts[$addcohort], 'error');
870                 }
871             }
872         }
875         // find course enrolments, groups, roles/types and enrol periods
876         // this is again a special case, we always do this for any updated or created users
877         foreach ($filecolumns as $column) {
878             if (!preg_match('/^course\d+$/', $column)) {
879                 continue;
880             }
881             $i = substr($column, 6);
883             if (empty($user->{'course'.$i})) {
884                 continue;
885             }
886             $shortname = $user->{'course'.$i};
887             if (!array_key_exists($shortname, $ccache)) {
888                 if (!$course = $DB->get_record('course', array('shortname'=>$shortname), 'id, shortname')) {
889                     $upt->track('enrolments', get_string('unknowncourse', 'error', s($shortname)), 'error');
890                     continue;
891                 }
892                 $ccache[$shortname] = $course;
893                 $ccache[$shortname]->groups = null;
894             }
895             $courseid      = $ccache[$shortname]->id;
896             $coursecontext = context_course::instance($courseid);
897             if (!isset($manualcache[$courseid])) {
898                 $manualcache[$courseid] = false;
899                 if ($manual) {
900                     if ($instances = enrol_get_instances($courseid, false)) {
901                         foreach ($instances as $instance) {
902                             if ($instance->enrol === 'manual') {
903                                 $manualcache[$courseid] = $instance;
904                                 break;
905                             }
906                         }
907                     }
908                 }
909             }
911             if ($courseid == SITEID) {
912                 // Technically frontpage does not have enrolments, but only role assignments,
913                 // let's not invent new lang strings here for this rarely used feature.
915                 if (!empty($user->{'role'.$i})) {
916                     $addrole = $user->{'role'.$i};
917                     if (array_key_exists($addrole, $rolecache)) {
918                         $rid = $rolecache[$addrole]->id;
919                     } else {
920                         $upt->track('enrolments', get_string('unknownrole', 'error', s($addrole)), 'error');
921                         continue;
922                     }
924                     role_assign($rid, $user->id, context_course::instance($courseid));
926                     $a = new stdClass();
927                     $a->course = $shortname;
928                     $a->role   = $rolecache[$rid]->name;
929                     $upt->track('enrolments', get_string('enrolledincourserole', 'enrol_manual', $a));
930                 }
932             } else if ($manual and $manualcache[$courseid]) {
934                 // find role
935                 $rid = false;
936                 if (!empty($user->{'role'.$i})) {
937                     $addrole = $user->{'role'.$i};
938                     if (array_key_exists($addrole, $rolecache)) {
939                         $rid = $rolecache[$addrole]->id;
940                     } else {
941                         $upt->track('enrolments', get_string('unknownrole', 'error', s($addrole)), 'error');
942                         continue;
943                     }
945                 } else if (!empty($user->{'type'.$i})) {
946                     // if no role, then find "old" enrolment type
947                     $addtype = $user->{'type'.$i};
948                     if ($addtype < 1 or $addtype > 3) {
949                         $upt->track('enrolments', $strerror.': typeN = 1|2|3', 'error');
950                         continue;
951                     } else if (empty($formdata->{'uulegacy'.$addtype})) {
952                         continue;
953                     } else {
954                         $rid = $formdata->{'uulegacy'.$addtype};
955                     }
956                 } else {
957                     // no role specified, use the default from manual enrol plugin
958                     $rid = $manualcache[$courseid]->roleid;
959                 }
961                 if ($rid) {
962                     // Find duration and/or enrol status.
963                     $timeend = 0;
964                     $status = null;
966                     if (isset($user->{'enrolstatus'.$i})) {
967                         $enrolstatus = trim($user->{'enrolstatus'.$i});
968                         if ($enrolstatus == '') {
969                             $status = null;
970                         } else if ($enrolstatus === (string)ENROL_USER_ACTIVE) {
971                             $status = ENROL_USER_ACTIVE;
972                         } else if ($enrolstatus === (string)ENROL_USER_SUSPENDED) {
973                             $status = ENROL_USER_SUSPENDED;
974                         } else {
975                             debugging('Unknown enrolment status.');
976                         }
977                     }
979                     if (!empty($user->{'enrolperiod'.$i})) {
980                         $duration = (int)$user->{'enrolperiod'.$i} * 60*60*24; // convert days to seconds
981                         if ($duration > 0) { // sanity check
982                             $timeend = $today + $duration;
983                         }
984                     } else if ($manualcache[$courseid]->enrolperiod > 0) {
985                         $timeend = $today + $manualcache[$courseid]->enrolperiod;
986                     }
988                     $manual->enrol_user($manualcache[$courseid], $user->id, $rid, $today, $timeend, $status);
990                     $a = new stdClass();
991                     $a->course = $shortname;
992                     $a->role   = $rolecache[$rid]->name;
993                     $upt->track('enrolments', get_string('enrolledincourserole', 'enrol_manual', $a));
994                 }
995             }
997             // find group to add to
998             if (!empty($user->{'group'.$i})) {
999                 // make sure user is enrolled into course before adding into groups
1000                 if (!is_enrolled($coursecontext, $user->id)) {
1001                     $upt->track('enrolments', get_string('addedtogroupnotenrolled', '', $user->{'group'.$i}), 'error');
1002                     continue;
1003                 }
1004                 //build group cache
1005                 if (is_null($ccache[$shortname]->groups)) {
1006                     $ccache[$shortname]->groups = array();
1007                     if ($groups = groups_get_all_groups($courseid)) {
1008                         foreach ($groups as $gid=>$group) {
1009                             $ccache[$shortname]->groups[$gid] = new stdClass();
1010                             $ccache[$shortname]->groups[$gid]->id   = $gid;
1011                             $ccache[$shortname]->groups[$gid]->name = $group->name;
1012                             if (!is_numeric($group->name)) { // only non-numeric names are supported!!!
1013                                 $ccache[$shortname]->groups[$group->name] = new stdClass();
1014                                 $ccache[$shortname]->groups[$group->name]->id   = $gid;
1015                                 $ccache[$shortname]->groups[$group->name]->name = $group->name;
1016                             }
1017                         }
1018                     }
1019                 }
1020                 // group exists?
1021                 $addgroup = $user->{'group'.$i};
1022                 if (!array_key_exists($addgroup, $ccache[$shortname]->groups)) {
1023                     // if group doesn't exist,  create it
1024                     $newgroupdata = new stdClass();
1025                     $newgroupdata->name = $addgroup;
1026                     $newgroupdata->courseid = $ccache[$shortname]->id;
1027                     $newgroupdata->description = '';
1028                     $gid = groups_create_group($newgroupdata);
1029                     if ($gid){
1030                         $ccache[$shortname]->groups[$addgroup] = new stdClass();
1031                         $ccache[$shortname]->groups[$addgroup]->id   = $gid;
1032                         $ccache[$shortname]->groups[$addgroup]->name = $newgroupdata->name;
1033                     } else {
1034                         $upt->track('enrolments', get_string('unknowngroup', 'error', s($addgroup)), 'error');
1035                         continue;
1036                     }
1037                 }
1038                 $gid   = $ccache[$shortname]->groups[$addgroup]->id;
1039                 $gname = $ccache[$shortname]->groups[$addgroup]->name;
1041                 try {
1042                     if (groups_add_member($gid, $user->id)) {
1043                         $upt->track('enrolments', get_string('addedtogroup', '', s($gname)));
1044                     }  else {
1045                         $upt->track('enrolments', get_string('addedtogroupnot', '', s($gname)), 'error');
1046                     }
1047                 } catch (moodle_exception $e) {
1048                     $upt->track('enrolments', get_string('addedtogroupnot', '', s($gname)), 'error');
1049                     continue;
1050                 }
1051             }
1052         }
1053     }
1054     $upt->close(); // close table
1056     $cir->close();
1057     $cir->cleanup(true);
1059     echo $OUTPUT->box_start('boxwidthnarrow boxaligncenter generalbox', 'uploadresults');
1060     echo '<p>';
1061     if ($optype != UU_USER_UPDATE) {
1062         echo get_string('userscreated', 'tool_uploaduser').': '.$usersnew.'<br />';
1063     }
1064     if ($optype == UU_USER_UPDATE or $optype == UU_USER_ADD_UPDATE) {
1065         echo get_string('usersupdated', 'tool_uploaduser').': '.$usersupdated.'<br />';
1066     }
1067     if ($allowdeletes) {
1068         echo get_string('usersdeleted', 'tool_uploaduser').': '.$deletes.'<br />';
1069         echo get_string('deleteerrors', 'tool_uploaduser').': '.$deleteerrors.'<br />';
1070     }
1071     if ($allowrenames) {
1072         echo get_string('usersrenamed', 'tool_uploaduser').': '.$renames.'<br />';
1073         echo get_string('renameerrors', 'tool_uploaduser').': '.$renameerrors.'<br />';
1074     }
1075     if ($usersskipped) {
1076         echo get_string('usersskipped', 'tool_uploaduser').': '.$usersskipped.'<br />';
1077     }
1078     echo get_string('usersweakpassword', 'tool_uploaduser').': '.$weakpasswords.'<br />';
1079     echo get_string('errors', 'tool_uploaduser').': '.$userserrors.'</p>';
1080     echo $OUTPUT->box_end();
1082     if ($bulk) {
1083         echo $OUTPUT->continue_button($bulknurl);
1084     } else {
1085         echo $OUTPUT->continue_button($returnurl);
1086     }
1087     echo $OUTPUT->footer();
1088     die;
1091 // Print the header
1092 echo $OUTPUT->header();
1094 echo $OUTPUT->heading(get_string('uploaduserspreview', 'tool_uploaduser'));
1096 // NOTE: this is JUST csv processing preview, we must not prevent import from here if there is something in the file!!
1097 //       this was intended for validation of csv formatting and encoding, not filtering the data!!!!
1098 //       we definitely must not process the whole file!
1100 // preview table data
1101 $data = array();
1102 $cir->init();
1103 $linenum = 1; //column header is first line
1104 $noerror = true; // Keep status of any error.
1105 while ($linenum <= $previewrows and $fields = $cir->next()) {
1106     $linenum++;
1107     $rowcols = array();
1108     $rowcols['line'] = $linenum;
1109     foreach($fields as $key => $field) {
1110         $rowcols[$filecolumns[$key]] = s($field);
1111     }
1112     $rowcols['status'] = array();
1114     if (isset($rowcols['username'])) {
1115         $stdusername = clean_param($rowcols['username'], PARAM_USERNAME);
1116         if ($rowcols['username'] !== $stdusername) {
1117             $rowcols['status'][] = get_string('invalidusernameupload');
1118         }
1119         if ($userid = $DB->get_field('user', 'id', array('username'=>$stdusername, 'mnethostid'=>$CFG->mnet_localhost_id))) {
1120             $rowcols['username'] = html_writer::link(new moodle_url('/user/profile.php', array('id'=>$userid)), $rowcols['username']);
1121         }
1122     } else {
1123         $rowcols['status'][] = get_string('missingusername');
1124     }
1126     if (isset($rowcols['email'])) {
1127         if (!validate_email($rowcols['email'])) {
1128             $rowcols['status'][] = get_string('invalidemail');
1129         }
1130         if ($DB->record_exists('user', array('email'=>$rowcols['email']))) {
1131             $rowcols['status'][] = $stremailduplicate;
1132         }
1133     }
1135     if (isset($rowcols['city'])) {
1136         $rowcols['city'] = trim($rowcols['city']);
1137     }
1138     // Check if rowcols have custom profile field with correct data and update error state.
1139     $noerror = uu_check_custom_profile_data($rowcols) && $noerror;
1140     $rowcols['status'] = implode('<br />', $rowcols['status']);
1141     $data[] = $rowcols;
1143 if ($fields = $cir->next()) {
1144     $data[] = array_fill(0, count($fields) + 2, '...');
1146 $cir->close();
1148 $table = new html_table();
1149 $table->id = "uupreview";
1150 $table->attributes['class'] = 'generaltable';
1151 $table->tablealign = 'center';
1152 $table->summary = get_string('uploaduserspreview', 'tool_uploaduser');
1153 $table->head = array();
1154 $table->data = $data;
1156 $table->head[] = get_string('uucsvline', 'tool_uploaduser');
1157 foreach ($filecolumns as $column) {
1158     $table->head[] = $column;
1160 $table->head[] = get_string('status');
1162 echo html_writer::tag('div', html_writer::table($table), array('class'=>'flexible-wrap'));
1164 // Print the form if valid values are available
1165 if ($noerror) {
1166     $mform2->display();
1168 echo $OUTPUT->footer();
1169 die;