MDL-52843 users: Fix the PARAM type of the name fields in signup form
[moodle.git] / login / signup_form.php
1 <?php
3 // This file is part of Moodle - http://moodle.org/
4 //
5 // Moodle is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation, either version 3 of the License, or
8 // (at your option) any later version.
9 //
10 // Moodle is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 // GNU General Public License for more details.
14 //
15 // You should have received a copy of the GNU General Public License
16 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
18 /**
19  * User sign-up form.
20  *
21  * @package    core
22  * @subpackage auth
23  * @copyright  1999 onwards Martin Dougiamas  http://dougiamas.com
24  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
25  */
27 defined('MOODLE_INTERNAL') || die();
29 require_once($CFG->libdir.'/formslib.php');
30 require_once($CFG->dirroot.'/user/profile/lib.php');
31 require_once($CFG->dirroot . '/user/editlib.php');
33 class login_signup_form extends moodleform {
34     function definition() {
35         global $USER, $CFG;
37         $mform = $this->_form;
39         $mform->addElement('header', 'createuserandpass', get_string('createuserandpass'), '');
42         $mform->addElement('text', 'username', get_string('username'), 'maxlength="100" size="12"');
43         $mform->setType('username', PARAM_NOTAGS);
44         $mform->addRule('username', get_string('missingusername'), 'required', null, 'client');
46         if (!empty($CFG->passwordpolicy)){
47             $mform->addElement('static', 'passwordpolicyinfo', '', print_password_policy());
48         }
49         $mform->addElement('passwordunmask', 'password', get_string('password'), 'maxlength="32" size="12"');
50         $mform->setType('password', PARAM_RAW);
51         $mform->addRule('password', get_string('missingpassword'), 'required', null, 'client');
53         $mform->addElement('header', 'supplyinfo', get_string('supplyinfo'),'');
55         $mform->addElement('text', 'email', get_string('email'), 'maxlength="100" size="25"');
56         $mform->setType('email', PARAM_RAW_TRIMMED);
57         $mform->addRule('email', get_string('missingemail'), 'required', null, 'client');
59         $mform->addElement('text', 'email2', get_string('emailagain'), 'maxlength="100" size="25"');
60         $mform->setType('email2', PARAM_RAW_TRIMMED);
61         $mform->addRule('email2', get_string('missingemail'), 'required', null, 'client');
63         $namefields = useredit_get_required_name_fields();
64         foreach ($namefields as $field) {
65             $mform->addElement('text', $field, get_string($field), 'maxlength="100" size="30"');
66             $mform->setType($field, PARAM_NOTAGS);
67             $stringid = 'missing' . $field;
68             if (!get_string_manager()->string_exists($stringid, 'moodle')) {
69                 $stringid = 'required';
70             }
71             $mform->addRule($field, get_string($stringid), 'required', null, 'client');
72         }
74         $mform->addElement('text', 'city', get_string('city'), 'maxlength="120" size="20"');
75         $mform->setType('city', PARAM_TEXT);
76         if (!empty($CFG->defaultcity)) {
77             $mform->setDefault('city', $CFG->defaultcity);
78         }
80         $country = get_string_manager()->get_list_of_countries();
81         $default_country[''] = get_string('selectacountry');
82         $country = array_merge($default_country, $country);
83         $mform->addElement('select', 'country', get_string('country'), $country);
85         if( !empty($CFG->country) ){
86             $mform->setDefault('country', $CFG->country);
87         }else{
88             $mform->setDefault('country', '');
89         }
91         profile_signup_fields($mform);
93         if ($this->signup_captcha_enabled()) {
94             $mform->addElement('recaptcha', 'recaptcha_element', get_string('security_question', 'auth'), array('https' => $CFG->loginhttps));
95             $mform->addHelpButton('recaptcha_element', 'recaptcha', 'auth');
96             $mform->closeHeaderBefore('recaptcha_element');
97         }
99         if (!empty($CFG->sitepolicy)) {
100             $mform->addElement('header', 'policyagreement', get_string('policyagreement'), '');
101             $mform->setExpanded('policyagreement');
102             $mform->addElement('static', 'policylink', '', '<a href="'.$CFG->sitepolicy.'" onclick="this.target=\'_blank\'">'.get_String('policyagreementclick').'</a>');
103             $mform->addElement('checkbox', 'policyagreed', get_string('policyaccept'));
104             $mform->addRule('policyagreed', get_string('policyagree'), 'required', null, 'client');
105         }
107         // buttons
108         $this->add_action_buttons(true, get_string('createaccount'));
110     }
112     function definition_after_data(){
113         $mform = $this->_form;
114         $mform->applyFilter('username', 'trim');
115     }
117     function validation($data, $files) {
118         global $CFG, $DB;
119         $errors = parent::validation($data, $files);
121         $authplugin = get_auth_plugin($CFG->registerauth);
123         if ($DB->record_exists('user', array('username'=>$data['username'], 'mnethostid'=>$CFG->mnet_localhost_id))) {
124             $errors['username'] = get_string('usernameexists');
125         } else {
126             //check allowed characters
127             if ($data['username'] !== core_text::strtolower($data['username'])) {
128                 $errors['username'] = get_string('usernamelowercase');
129             } else {
130                 if ($data['username'] !== clean_param($data['username'], PARAM_USERNAME)) {
131                     $errors['username'] = get_string('invalidusername');
132                 }
134             }
135         }
137         //check if user exists in external db
138         //TODO: maybe we should check all enabled plugins instead
139         if ($authplugin->user_exists($data['username'])) {
140             $errors['username'] = get_string('usernameexists');
141         }
144         if (! validate_email($data['email'])) {
145             $errors['email'] = get_string('invalidemail');
147         } else if ($DB->record_exists('user', array('email'=>$data['email']))) {
148             $errors['email'] = get_string('emailexists').' <a href="forgot_password.php">'.get_string('newpassword').'?</a>';
149         }
150         if (empty($data['email2'])) {
151             $errors['email2'] = get_string('missingemail');
153         } else if ($data['email2'] != $data['email']) {
154             $errors['email2'] = get_string('invalidemail');
155         }
156         if (!isset($errors['email'])) {
157             if ($err = email_is_not_allowed($data['email'])) {
158                 $errors['email'] = $err;
159             }
161         }
163         $errmsg = '';
164         if (!check_password_policy($data['password'], $errmsg)) {
165             $errors['password'] = $errmsg;
166         }
168         if ($this->signup_captcha_enabled()) {
169             $recaptcha_element = $this->_form->getElement('recaptcha_element');
170             if (!empty($this->_form->_submitValues['recaptcha_challenge_field'])) {
171                 $challenge_field = $this->_form->_submitValues['recaptcha_challenge_field'];
172                 $response_field = $this->_form->_submitValues['recaptcha_response_field'];
173                 if (true !== ($result = $recaptcha_element->verify($challenge_field, $response_field))) {
174                     $errors['recaptcha'] = $result;
175                 }
176             } else {
177                 $errors['recaptcha'] = get_string('missingrecaptchachallengefield');
178             }
179         }
180         // Validate customisable profile fields. (profile_validation expects an object as the parameter with userid set)
181         $dataobject = (object)$data;
182         $dataobject->id = 0;
183         $errors += profile_validation($dataobject, $files);
185         return $errors;
187     }
189     /**
190      * Returns whether or not the captcha element is enabled, and the admin settings fulfil its requirements.
191      * @return bool
192      */
193     function signup_captcha_enabled() {
194         global $CFG;
195         $authplugin = get_auth_plugin($CFG->registerauth);
196         return !empty($CFG->recaptchapublickey) && !empty($CFG->recaptchaprivatekey) && $authplugin->is_captcha_enabled();
197     }