MDL-22388 Added some checks to kill these scripts dead with an unequivocal notice...
[moodle.git] / user / editadvanced_form.php
1 <?php
3 if (!defined('MOODLE_INTERNAL')) {
4     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
5 }
7 require_once($CFG->dirroot.'/lib/formslib.php');
9 class user_editadvanced_form extends moodleform {
11     // Define the form
12     function definition() {
13         global $USER, $CFG, $COURSE;
15         $mform =& $this->_form;
17         if (is_array($this->_customdata) && array_key_exists('editoroptions', $this->_customdata)) {
18             $editoroptions = $this->_customdata['editoroptions'];
19         } else {
20             $editoroptions = null;
21         }
23         //Accessibility: "Required" is bad legend text.
24         $strgeneral  = get_string('general');
25         $strrequired = get_string('required');
27         /// Add some extra hidden fields
28         $mform->addElement('hidden', 'id');
29         $mform->setType('id', PARAM_INT);
30         $mform->addElement('hidden', 'course', $COURSE->id);
31         $mform->setType('course', PARAM_INT);
33         /// Print the required moodle fields first
34         $mform->addElement('header', 'moodle', $strgeneral);
36         $mform->addElement('text', 'username', get_string('username'), 'size="20"');
37         $mform->addRule('username', $strrequired, 'required', null, 'client');
38         $mform->setType('username', PARAM_RAW);
40         $auths = get_plugin_list('auth');
41         $auth_options = array();
42         foreach ($auths as $auth => $unused) {
43             $auth_options[$auth] = get_string('pluginname', "auth_{$auth}");
44         }
45         $mform->addElement('select', 'auth', get_string('chooseauthmethod','auth'), $auth_options);
46         $mform->addHelpButton('auth', 'chooseauthmethod', 'auth');
47         $mform->setAdvanced('auth');
49         if (!empty($CFG->passwordpolicy)){
50             $mform->addElement('static', 'passwordpolicyinfo', '', print_password_policy());
51         }
52         $mform->addElement('passwordunmask', 'newpassword', get_string('newpassword'), 'size="20"');
53         $mform->addHelpButton('newpassword', 'newpassword');
54         $mform->setType('newpassword', PARAM_RAW);
56         $mform->addElement('advcheckbox', 'preference_auth_forcepasswordchange', get_string('forcepasswordchange'));
57         $mform->addHelpButton('preference_auth_forcepasswordchange', 'forcepasswordchange');
58         /// shared fields
59         useredit_shared_definition($mform, $editoroptions);
61         /// Next the customisable profile fields
62         profile_definition($mform);
64         $this->add_action_buttons(false, get_string('updatemyprofile'));
65     }
67     function definition_after_data() {
68         global $USER, $CFG, $DB, $OUTPUT;
70         $mform =& $this->_form;
71         if ($userid = $mform->getElementValue('id')) {
72             $user = $DB->get_record('user', array('id'=>$userid));
73         } else {
74             $user = false;
75         }
77         // if language does not exist, use site default lang
78         if ($langsel = $mform->getElementValue('lang')) {
79             $lang = reset($langsel);
80             // check lang exists
81             if (!get_string_manager()->translation_exists($lang, false)) {
82                 $lang_el =& $mform->getElement('lang');
83                 $lang_el->setValue($CFG->lang);
84             }
85         }
87         // user can not change own auth method
88         if ($userid == $USER->id) {
89             $mform->hardFreeze('auth');
90             $mform->hardFreeze('preference_auth_forcepasswordchange');
91         }
93         // admin must choose some password and supply correct email
94         if (!empty($USER->newadminuser)) {
95             $mform->addRule('newpassword', get_string('required'), 'required', null, 'client');
96         }
98         // require password for new users
99         if ($userid == -1) {
100             $mform->addRule('newpassword', get_string('required'), 'required', null, 'client');
101         }
103         // print picture
104         if (!empty($CFG->gdversion)) {
105             $image_el =& $mform->getElement('currentpicture');
106             if ($user and $user->picture) {
107                 $image_el->setValue($OUTPUT->user_picture($user, array('courseid'=>SITEID)));
108             } else {
109                 $image_el->setValue(get_string('none'));
110             }
111         }
113         /// Next the customisable profile fields
114         profile_definition_after_data($mform, $userid);
115     }
117     function validation($usernew, $files) { 
118         global $CFG, $DB;
120         $usernew = (object)$usernew;
121         $usernew->username = trim($usernew->username);
123         $user = $DB->get_record('user', array('id'=>$usernew->id));
124         $err = array();
126         if (!empty($usernew->newpassword)) {
127             $errmsg = '';//prevent eclipse warning
128             if (!check_password_policy($usernew->newpassword, $errmsg)) {
129                 $err['newpassword'] = $errmsg;
130             }
131         }
133         if (empty($usernew->username)) {
134             //might be only whitespace
135             $err['username'] = get_string('required');
136         } else if (!$user or $user->username !== $usernew->username) {
137             //check new username does not exist
138             if ($DB->record_exists('user', array('username'=>$usernew->username, 'mnethostid'=>$CFG->mnet_localhost_id))) {
139                 $err['username'] = get_string('usernameexists');
140             }
141             //check allowed characters
142             if ($usernew->username !== moodle_strtolower($usernew->username)) {
143                 $err['username'] = get_string('usernamelowercase');
144             } else {                
145                 $string = clean_param($usernew->username, PARAM_USERNAME);
146                 if ($usernew->username !== $string) {
147                     $err['username'] = get_string('invalidusername');
148                 }
149             }
150         }
152         if (!$user or $user->email !== $usernew->email) {
153             if (!validate_email($usernew->email)) {
154                 $err['email'] = get_string('invalidemail');
155             } else if ($DB->record_exists('user', array('email'=>$usernew->email, 'mnethostid'=>$CFG->mnet_localhost_id))) {
156                 $err['email'] = get_string('emailexists');
157             }
158         }
160         /// Next the customisable profile fields
161         $err += profile_validation($usernew, $files);
163         if (count($err) == 0){
164             return true;
165         } else {
166             return $err;
167         }
168     }
170     function get_um() {
171         return $this->_upload_manager;
172     }