$CFG->preferlinegraphs will make graphs use lines instead of bars
[moodle.git] / user / edit.php
1 <?php // $Id$
3     require_once("../config.php");
4     require_once("$CFG->libdir/gdlib.php");
6     $id     = optional_param('id',     PARAM_INT);   // user id
7     $course = optional_param('course', PARAM_INT);   // course id
9     if (empty($id)) {         // See your own profile by default
10         require_login();
11         $id = $USER->id;
12     }
14     if (empty($course)) {     // See it at site level by default
15         $course = SITEID;
16     }
18     if (! $user = get_record("user", "id", $id)) {
19         error("User ID was incorrect");
20     }
22     if (! $course = get_record("course", "id", $course)) {
23         error("Course ID was incorrect");
24     }
26     if ($user->confirmed and user_not_fully_set_up($user)) {
27         // Special case which can only occur when a new account
28         // has just been created by EXTERNAL authentication
29         // This is the only page in Moodle that has the exception
30         // so that users can set up their accounts
31         $newaccount  = true;
33         if (empty($USER->id)) {
34             error("Sessions don't seem to be working on this server!");
35         }
37     } else {
38         $newaccount  = false;
39         require_login($course->id);
40     }
42     if ($USER->id <> $user->id) {    // Current user editing someone else's profile
43         if (isadmin()) {             // Current user is an admin
44             if ($mainadmin = get_admin()) {        
45                 if ($user->id == $mainadmin->id) {  // Can't edit primary admin
46                     print_error('adminprimarynoedit');
47                 }
48             }
49         } else {
50             print_error('onlyeditown');
51         }
52     }
54     if (isguest()) {
55         error("The guest user cannot edit their profile.");
56     }
58     if (isguest($user->id)) {
59         error("Sorry, the guest user cannot be edited.");
60     }
63     // load the relevant auth libraries
64     if ($user->auth) { 
65         $auth = $user->auth;
66         if (!file_exists("$CFG->dirroot/auth/$auth/lib.php")) {
67             $auth = "manual";    // Can't find auth module, default to internal
68         }
69         require_once("$CFG->dirroot/auth/$auth/lib.php");
70     }
72     
73 /// If data submitted, then process and store.
75     if ($usernew = data_submitted()) {
77         if (($USER->id <> $usernew->id) && !isadmin()) {
78             error("You can only edit your own information");
79         }
81         if (isset($USER->username)) {
82             check_for_restricted_user($USER->username, "$CFG->wwwroot/course/view.php?id=$course->id");
83         }
85         // data cleanup 
86         // username is validated in find_form_errors
87         $usernew->country = clean_param($usernew->country, PARAM_ALPHA);
88         $usernew->lang    = clean_param($usernew->lang,    PARAM_FILE);
89         $usernew->url     = clean_param($usernew->url,     PARAM_URL);
90         $usernew->icq     = clean_param($usernew->icq,     PARAM_INT);
91         if (!$usernew->icq) {
92             $usernew->icq = '';
93         }
94         $usernew->skype   = clean_param($usernew->skype,   PARAM_CLEAN);
95         $usernew->yahoo   = clean_param($usernew->yahoo,   PARAM_CLEAN);
96         $usernew->aim   = clean_param($usernew->aim,   PARAM_CLEAN);
97         $usernew->msn   = clean_param($usernew->msn,   PARAM_CLEAN);
98         
99         $usernew->maildisplay   = clean_param($usernew->maildisplay,   PARAM_INT);
100         $usernew->mailformat    = clean_param($usernew->mailformat,    PARAM_INT);
101         $usernew->maildigest    = clean_param($usernew->maildigest,    PARAM_INT);
102         $usernew->autosubscribe = clean_param($usernew->autosubscribe, PARAM_INT);
103         $usernew->htmleditor    = clean_param($usernew->htmleditor,    PARAM_INT);
104         $usernew->emailstop     = clean_param($usernew->emailstop,     PARAM_INT);
105         
106         foreach ($usernew as $key => $data) {
107             $usernew->$key = addslashes(clean_text(stripslashes($usernew->$key), FORMAT_MOODLE));
108         }
110         $usernew->firstname = trim(strip_tags($usernew->firstname));
111         $usernew->lastname  = trim(strip_tags($usernew->lastname));
113         if (isset($usernew->username)) {
114             $usernew->username = trim(moodle_strtolower($usernew->username));
115         }
118         require_once($CFG->dirroot.'/lib/uploadlib.php');
119         $um = new upload_manager('imagefile',false,false,null,false,0,true,true);
121         if (find_form_errors($user, $usernew, $err, $um)) {
122             if (empty($err['imagefile']) && $usernew->picture = save_profile_image($user->id, $um,'users')) {
123                 set_field('user', 'picture', $usernew->picture, 'id', $user->id);  /// Note picture in DB
124             } else {
125                 if (!empty($usernew->deletepicture)) {
126                     set_field('user', 'picture', 0, 'id', $user->id);  /// Delete picture
127                     $usernew->picture = 0;
128                 }
129             }
131             $usernew->auth = $user->auth;
132             $user = $usernew;
134         } else {
135             $timenow = time();
136             
137             if (!$usernew->picture = save_profile_image($user->id,$um,'users')) {
138                 if (!empty($usernew->deletepicture)) {
139                     set_field('user', 'picture', 0, 'id', $user->id);  /// Delete picture
140                     $usernew->picture = 0;
141                 } else {
142                     $usernew->picture = $user->picture;
143                 }
144             }
146             $usernew->timemodified = time();
148             if (isadmin()) {
149                 if (!empty($usernew->newpassword)) {
150                     $usernew->password = md5($usernew->newpassword);
151                     // update external passwords
152                     if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) {
153                         if (function_exists('auth_user_update_password')){
154                             if (!auth_user_update_password($user->username, $usernew->newpassword)){
155                                 error('Failed to update password on external auth: ' . $user->auth .
156                                         '. See the server logs for more details.');
157                             }
158                         } else {
159                             error('Your external authentication module is misconfigued!'); 
160                         }
161                     }
162                 }
163                 // store forcepasswordchange in user's preferences
164                 if (!empty($usernew->forcepasswordchange)){
165                     set_user_preference('auth_forcepasswordchange', 1, $user->id);
166                 } else {
167                     unset_user_preference('auth_forcepasswordchange', $user->id);
168                 }
169             } else {
170                 if (isset($usernew->newpassword)) {
171                     error("You can not change the password like that");
172                 }
173             }
174             if ($usernew->url and !(substr($usernew->url, 0, 4) == "http")) {
175                 $usernew->url = "http://".$usernew->url;
176             }
178             if (update_record("user", $usernew)) {
179                 if (function_exists("auth_user_update")){
180                     // pass a true $userold here 
181                     auth_user_update($userold, $usernew);
182                 };
184                  if ($userold->email != $usernew->email) {
185                     set_bounce_count($usernew,true);
186                     set_send_count($usernew,true);
187                 }
189                 add_to_log($course->id, "user", "update", "view.php?id=$user->id&course=$course->id", "");
191                 if ($user->id == $USER->id) {
192                     // Copy data into $USER session variable
193                     $usernew = (array)$usernew;
194                     foreach ($usernew as $variable => $value) {
195                         $USER->$variable = stripslashes($value);
196                     }
197                     if (isset($USER->newadminuser)) {
198                         unset($USER->newadminuser);
199                         redirect("$CFG->wwwroot/", get_string("changessaved"));
200                     }
201                     redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id", get_string("changessaved"));
202                 } else {
203                     redirect("$CFG->wwwroot/$CFG->admin/user.php", get_string("changessaved"));
204                 }
205             } else {
206                 error("Could not update the user record ($user->id)");
207             }
208         }
209     }
211 /// Otherwise fill and print the form.
213     $streditmyprofile = get_string("editmyprofile");
214     $strparticipants = get_string("participants");
215     $strnewuser = get_string("newuser");
217     if (over_bounce_threshold($user) && empty($err['email'])) {
218         $err['email'] = get_string('toomanybounces');
219     }
221     if (($user->firstname and $user->lastname) or $newaccount) {
222         if ($newaccount) {
223             $userfullname = $strnewuser;
224         } else {
225             $userfullname = fullname($user, isteacher($course->id));
226         }
227         if ($course->category) {
228             print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile",
229                         "<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a>
230                         -> <a href=\"index.php?id=$course->id\">$strparticipants</a>
231                         -> <a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a>
232                         -> $streditmyprofile", "");
233         } else {
234             if (isset($USER->newadminuser)) {
235                 print_header();
236             } else {
237                 print_header("$course->shortname: $streditmyprofile", "$course->fullname",
238                              "<a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a>
239                               -> $streditmyprofile", "");
240             }
241         }
242     } else {
243         $userfullname = $strnewuser;
244         $straddnewuser = get_string("addnewuser");
246         $stradministration = get_string("administration");
247         print_header("$course->shortname: $streditmyprofile", "$course->fullname",
248                      "<a href=\"$CFG->wwwroot/$CFG->admin/\">$stradministration</a> -> ".
249                      "<a href=\"$CFG->wwwroot/$CFG->admin/users.php\">$strusers</a> -> $straddnewuser", "");
250     }
252     $teacher = strtolower($course->teacher);
253     if (!isadmin()) {
254         $teacheronly = "(".get_string("teacheronly", "", $teacher).")";
255     } else {
256         $teacheronly = "";
257     }
259     print_heading( get_string("userprofilefor", "", "$userfullname") );
261     if (isset($USER->newadminuser)) {
262         print_simple_box(get_string("configintroadmin", 'admin'), "center", "50%");
263         echo "<br />";
264     }
266     print_simple_box_start("center");
268     if (!empty($err)) {
269         echo "<center>";
270         notify(get_string("someerrorswerefound"));
271         echo "</center>";
272     }
274     include("edit.html");
276     if (!isadmin()) {      /// Lock all the locked fields using Javascript
277         $fields = get_user_fieldnames();
279         echo '<script type="text/javascript">'."\n";
280         echo '<!--'."\n";
282         foreach ($fields as $field) {
283             $configvariable = 'auth_user_'.$field.'_editlock';
284             if (!empty($CFG->$configvariable)) {
285                 echo "eval('document.form.$field.disabled=true');\n";
286             }
287         }
289         echo '-->'."\n";
290         echo '</script>'."\n";
291     }
293     print_simple_box_end();
295     if (!isset($USER->newadminuser)) {
296         print_footer($course);
297     }
299     exit;
303 /// FUNCTIONS ////////////////////
305 function find_form_errors(&$user, &$usernew, &$err, &$um) {
306     global $CFG;
308     if (isadmin()) {
309         if (empty($usernew->username)) {
310             $err["username"] = get_string("missingusername");
312         } else if (record_exists("user", "username", $usernew->username) and $user->username == "changeme") {
313             $err["username"] = get_string("usernameexists");
315         } else {
316             if (empty($CFG->extendedusernamechars)) {
317                 $string = eregi_replace("[^(-\.[:alnum:])]", "", $usernew->username);
318                 if (strcmp($usernew->username, $string)) {
319                     $err["username"] = get_string("alphanumerical");
320                 }
321             }
322         }
324         if (empty($usernew->newpassword) and empty($user->password) and is_internal_auth() )
325             $err["newpassword"] = get_string("missingpassword");
327         if (($usernew->newpassword == "admin") or ($user->password == md5("admin") and empty($usernew->newpassword)) ) {
328             $err["newpassword"] = get_string("unsafepassword");
329         }
330     }
332     if (empty($usernew->email))
333         $err["email"] = get_string("missingemail");
335     if (over_bounce_threshold($user) && $user->email == $usernew->email) 
336         $err['email'] = get_string('toomanybounces');
338     if (empty($usernew->description) and !isadmin())
339         $err["description"] = get_string("missingdescription");
341     if (empty($usernew->city))
342         $err["city"] = get_string("missingcity");
344     if (empty($usernew->firstname))
345         $err["firstname"] = get_string("missingfirstname");
347     if (empty($usernew->lastname))
348         $err["lastname"] = get_string("missinglastname");
350     if (empty($usernew->country))
351         $err["country"] = get_string("missingcountry");
353     if (! validate_email($usernew->email)) {
354         $err["email"] = get_string("invalidemail");
356     } else if ($otheruser = get_record("user", "email", $usernew->email)) {
357         if ($otheruser->id <> $user->id) {
358             $err["email"] = get_string("emailexists");
359         }
360     }
362     if (empty($err["email"]) and !isadmin()) {
363         if ($error = email_is_not_allowed($usernew->email)) {
364             $err["email"] = $error;
365         }
366     }
368     if (!$um->preprocess_files()) {
369         $err['imagefile'] = $um->notify;
370     }
372     if (!isadmin()) {      /// Make sure that locked fields are not being edited
373         $fields = get_user_fieldnames();
375         foreach ($fields as $field) {
376             $configvariable = 'auth_user_'.$field.'_editlock';
377             if (!empty($CFG->$configvariable)) {
378                 if ($user->$field !== $usernew->$field) {
379                     $err[$field] = get_string("editlock");
380                 }
381             }
382         }
383     }
385     $user->email = $usernew->email;
387     return count($err);
391 ?>