MDL-22388 Added some checks to kill these scripts dead with an unequivocal notice...
[moodle.git] / user / edit_form.php
1 <?php
3 if (!defined('MOODLE_INTERNAL')) {
4     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
5 }
7 require_once($CFG->dirroot.'/lib/formslib.php');
9 class user_edit_form extends moodleform {
11     // Define the form
12     function definition () {
13         global $CFG, $COURSE;
15         $mform =& $this->_form;
16         if (is_array($this->_customdata) && array_key_exists('editoroptions', $this->_customdata)) {
17             $editoroptions = $this->_customdata['editoroptions'];
18         } else {
19             $editoroptions = null;
20         }
21         //Accessibility: "Required" is bad legend text.
22         $strgeneral  = get_string('general');
23         $strrequired = get_string('required');
25         /// Add some extra hidden fields
26         $mform->addElement('hidden', 'id');
27         $mform->setType('id', PARAM_INT);
28         $mform->addElement('hidden', 'course', $COURSE->id);
29         $mform->setType('course', PARAM_INT);
31         /// Print the required moodle fields first
32         $mform->addElement('header', 'moodle', $strgeneral);
34         /// shared fields
35         useredit_shared_definition($mform, $editoroptions);
37         /// extra settigs
38         $mform->addRule('description_editor', $strrequired, 'required', null, 'client');
39         if (!empty($CFG->gdversion) and !empty($CFG->disableuserimages)) {
40             $mform->removeElement('deletepicture');
41             $mform->removeElement('imagefile');
42             $mform->removeElement('imagealt');
43         }
45         /// Next the customisable profile fields
46         profile_definition($mform);
48         $this->add_action_buttons(false, get_string('updatemyprofile'));
49     }
51     function definition_after_data() {
52         global $CFG, $DB, $OUTPUT;
54         $mform =& $this->_form;
55         $userid = $mform->getElementValue('id');
57         // if language does not exist, use site default lang
58         if ($langsel = $mform->getElementValue('lang')) {
59             $lang = reset($langsel);
60             // check lang exists
61             if (!get_string_manager()->translation_exists($lang, false)) {
62                 $lang_el =& $mform->getElement('lang');
63                 $lang_el->setValue($CFG->lang);
64             }
65         }
68         if ($user = $DB->get_record('user', array('id'=>$userid))) {
70             // remove description
71             if (empty($user->description) && !empty($CFG->profilesforenrolledusersonly) && !$DB->record_exists('role_assignments', array('userid'=>$userid))) {
72                 $mform->removeElement('description_editor');
73             }
75             // print picture
76             if (!empty($CFG->gdversion)) {
77                 $image_el =& $mform->getElement('currentpicture');
78                 if ($user and $user->picture) {
79                     $image_el->setValue($OUTPUT->user_picture($user, array('courseid'=>SITEID, 'size'=>64)));
80                 } else {
81                     $image_el->setValue(get_string('none'));
82                 }
83             }
85             /// disable fields that are locked by auth plugins
86             $fields = get_user_fieldnames();
87             $authplugin = get_auth_plugin($user->auth);
88             foreach ($fields as $field) {
89                 if (!$mform->elementExists($field)) {
90                     continue;
91                 }
92                 $configvariable = 'field_lock_' . $field;
93                 if (isset($authplugin->config->{$configvariable})) {
94                     if ($authplugin->config->{$configvariable} === 'locked') {
95                         $mform->hardFreeze($field);
96                         $mform->setConstant($field, $user->$field);
97                     } else if ($authplugin->config->{$configvariable} === 'unlockedifempty' and $user->$field != '') {
98                         $mform->hardFreeze($field);
99                         $mform->setConstant($field, $user->$field);
100                     }
101                 }
102             }
104             /// Next the customisable profile fields
105             profile_definition_after_data($mform, $user->id);
107         } else {
108             profile_definition_after_data($mform, 0);
109         }
110     }
112     function validation($usernew, $files) {
113         global $CFG, $DB;
115         $errors = parent::validation($usernew, $files);
117         $usernew = (object)$usernew;
118         $user    = $DB->get_record('user', array('id'=>$usernew->id));
120         // validate email
121         if (!isset($usernew->email)) {
122             // mail not confirmed yet
123         } else if (!validate_email($usernew->email)) {
124             $errors['email'] = get_string('invalidemail');
125         } else if (($usernew->email !== $user->email) and $DB->record_exists('user', array('email'=>$usernew->email, 'mnethostid'=>$CFG->mnet_localhost_id))) {
126             $errors['email'] = get_string('emailexists');
127         }
129         if (isset($usernew->email) and $usernew->email === $user->email and over_bounce_threshold($user)) {
130             $errors['email'] = get_string('toomanybounces');
131         }
133         if (isset($usernew->email) and !empty($CFG->verifychangedemail) and !isset($errors['email']) and !has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM))) {
134             $errorstr = email_is_not_allowed($usernew->email);
135             if ($errorstr !== false) {
136                 $errors['email'] = $errorstr;
137             }
138         }
140         /// Next the customisable profile fields
141         $errors += profile_validation($usernew, $files);
143         return $errors;
144     }
146     function get_um() {
147         return $this->_upload_manager;
148     }