MDL-29320 user: Make email query case-insensitive
[moodle.git] / user / editadvanced_form.php
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
17 /**
18  * Form for editing a users profile
19  *
20  * @copyright 1999 Martin Dougiamas  http://dougiamas.com
21  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
22  * @package core_user
23  */
25 if (!defined('MOODLE_INTERNAL')) {
26     die('Direct access to this script is forbidden.');    //  It must be included from a Moodle page.
27 }
29 require_once($CFG->dirroot.'/lib/formslib.php');
30 require_once($CFG->dirroot.'/user/lib.php');
32 /**
33  * Class user_editadvanced_form.
34  *
35  * @copyright 1999 Martin Dougiamas  http://dougiamas.com
36  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
37  */
38 class user_editadvanced_form extends moodleform {
40     /**
41      * Define the form.
42      */
43     public function definition() {
44         global $USER, $CFG, $COURSE;
46         $mform = $this->_form;
47         $editoroptions = null;
48         $filemanageroptions = null;
50         if (!is_array($this->_customdata)) {
51             throw new coding_exception('invalid custom data for user_edit_form');
52         }
53         $editoroptions = $this->_customdata['editoroptions'];
54         $filemanageroptions = $this->_customdata['filemanageroptions'];
55         $user = $this->_customdata['user'];
56         $userid = $user->id;
58         // Accessibility: "Required" is bad legend text.
59         $strgeneral  = get_string('general');
60         $strrequired = get_string('required');
62         // Add some extra hidden fields.
63         $mform->addElement('hidden', 'id');
64         $mform->setType('id', core_user::get_property_type('id'));
65         $mform->addElement('hidden', 'course', $COURSE->id);
66         $mform->setType('course', PARAM_INT);
68         // Print the required moodle fields first.
69         $mform->addElement('header', 'moodle', $strgeneral);
71         $auths = core_component::get_plugin_list('auth');
72         $enabled = get_string('pluginenabled', 'core_plugin');
73         $disabled = get_string('plugindisabled', 'core_plugin');
74         $authoptions = array($enabled => array(), $disabled => array());
75         $cannotchangepass = array();
76         $cannotchangeusername = array();
77         foreach ($auths as $auth => $unused) {
78             $authinst = get_auth_plugin($auth);
80             if (!$authinst->is_internal()) {
81                 $cannotchangeusername[] = $auth;
82             }
84             $passwordurl = $authinst->change_password_url();
85             if (!($authinst->can_change_password() && empty($passwordurl))) {
86                 if ($userid < 1 and $authinst->is_internal()) {
87                     // This is unlikely but we can not create account without password
88                     // when plugin uses passwords, we need to set it initially at least.
89                 } else {
90                     $cannotchangepass[] = $auth;
91                 }
92             }
93             if (is_enabled_auth($auth)) {
94                 $authoptions[$enabled][$auth] = get_string('pluginname', "auth_{$auth}");
95             } else {
96                 $authoptions[$disabled][$auth] = get_string('pluginname', "auth_{$auth}");
97             }
98         }
100         $purpose = user_edit_map_field_purpose($userid, 'username');
101         $mform->addElement('text', 'username', get_string('username'), 'size="20"' . $purpose);
102         $mform->addHelpButton('username', 'username', 'auth');
103         $mform->setType('username', PARAM_RAW);
105         if ($userid !== -1) {
106             $mform->disabledIf('username', 'auth', 'in', $cannotchangeusername);
107         }
109         $mform->addElement('selectgroups', 'auth', get_string('chooseauthmethod', 'auth'), $authoptions);
110         $mform->addHelpButton('auth', 'chooseauthmethod', 'auth');
112         $mform->addElement('advcheckbox', 'suspended', get_string('suspended', 'auth'));
113         $mform->addHelpButton('suspended', 'suspended', 'auth');
115         $mform->addElement('checkbox', 'createpassword', get_string('createpassword', 'auth'));
116         $mform->disabledIf('createpassword', 'auth', 'in', $cannotchangepass);
118         if (!empty($CFG->passwordpolicy)) {
119             $mform->addElement('static', 'passwordpolicyinfo', '', print_password_policy());
120         }
122         $purpose = user_edit_map_field_purpose($userid, 'password');
123         $mform->addElement('passwordunmask', 'newpassword', get_string('newpassword'), 'size="20"' . $purpose);
124         $mform->addHelpButton('newpassword', 'newpassword');
125         $mform->setType('newpassword', core_user::get_property_type('password'));
126         $mform->disabledIf('newpassword', 'createpassword', 'checked');
128         $mform->disabledIf('newpassword', 'auth', 'in', $cannotchangepass);
130         // Check if the user has active external tokens.
131         if ($userid and empty($CFG->passwordchangetokendeletion)) {
132             if ($tokens = webservice::get_active_tokens($userid)) {
133                 $services = '';
134                 foreach ($tokens as $token) {
135                     $services .= format_string($token->servicename) . ',';
136                 }
137                 $services = get_string('userservices', 'webservice', rtrim($services, ','));
138                 $mform->addElement('advcheckbox', 'signoutofotherservices', get_string('signoutofotherservices'), $services);
139                 $mform->addHelpButton('signoutofotherservices', 'signoutofotherservices');
140                 $mform->disabledIf('signoutofotherservices', 'newpassword', 'eq', '');
141                 $mform->setDefault('signoutofotherservices', 1);
142             }
143         }
145         $mform->addElement('advcheckbox', 'preference_auth_forcepasswordchange', get_string('forcepasswordchange'));
146         $mform->addHelpButton('preference_auth_forcepasswordchange', 'forcepasswordchange');
147         $mform->disabledIf('preference_auth_forcepasswordchange', 'createpassword', 'checked');
149         // Shared fields.
150         useredit_shared_definition($mform, $editoroptions, $filemanageroptions, $user);
152         // Next the customisable profile fields.
153         profile_definition($mform, $userid);
155         if ($userid == -1) {
156             $btnstring = get_string('createuser');
157         } else {
158             $btnstring = get_string('updatemyprofile');
159         }
161         $this->add_action_buttons(true, $btnstring);
163         $this->set_data($user);
164     }
166     /**
167      * Extend the form definition after data has been parsed.
168      */
169     public function definition_after_data() {
170         global $USER, $CFG, $DB, $OUTPUT;
172         $mform = $this->_form;
174         // Trim required name fields.
175         foreach (useredit_get_required_name_fields() as $field) {
176             $mform->applyFilter($field, 'trim');
177         }
179         if ($userid = $mform->getElementValue('id')) {
180             $user = $DB->get_record('user', array('id' => $userid));
181         } else {
182             $user = false;
183         }
185         // User can not change own auth method.
186         if ($userid == $USER->id) {
187             $mform->hardFreeze('auth');
188             $mform->hardFreeze('preference_auth_forcepasswordchange');
189         }
191         // Admin must choose some password and supply correct email.
192         if (!empty($USER->newadminuser)) {
193             $mform->addRule('newpassword', get_string('required'), 'required', null, 'client');
194             if ($mform->elementExists('suspended')) {
195                 $mform->removeElement('suspended');
196             }
197         }
199         // Require password for new users.
200         if ($userid > 0) {
201             if ($mform->elementExists('createpassword')) {
202                 $mform->removeElement('createpassword');
203             }
204         }
206         if ($user and is_mnet_remote_user($user)) {
207             // Only local accounts can be suspended.
208             if ($mform->elementExists('suspended')) {
209                 $mform->removeElement('suspended');
210             }
211         }
212         if ($user and ($user->id == $USER->id or is_siteadmin($user))) {
213             // Prevent self and admin mess ups.
214             if ($mform->elementExists('suspended')) {
215                 $mform->hardFreeze('suspended');
216             }
217         }
219         // Print picture.
220         if (empty($USER->newadminuser)) {
221             if ($user) {
222                 $context = context_user::instance($user->id, MUST_EXIST);
223                 $fs = get_file_storage();
224                 $hasuploadedpicture = ($fs->file_exists($context->id, 'user', 'icon', 0, '/', 'f2.png') || $fs->file_exists($context->id, 'user', 'icon', 0, '/', 'f2.jpg'));
225                 if (!empty($user->picture) && $hasuploadedpicture) {
226                     $imagevalue = $OUTPUT->user_picture($user, array('courseid' => SITEID, 'size' => 64));
227                 } else {
228                     $imagevalue = get_string('none');
229                 }
230             } else {
231                 $imagevalue = get_string('none');
232             }
233             $imageelement = $mform->getElement('currentpicture');
234             $imageelement->setValue($imagevalue);
236             if ($user && $mform->elementExists('deletepicture') && !$hasuploadedpicture) {
237                 $mform->removeElement('deletepicture');
238             }
239         }
241         // Next the customisable profile fields.
242         profile_definition_after_data($mform, $userid);
243     }
245     /**
246      * Validate the form data.
247      * @param array $usernew
248      * @param array $files
249      * @return array|bool
250      */
251     public function validation($usernew, $files) {
252         global $CFG, $DB;
254         $usernew = (object)$usernew;
255         $usernew->username = trim($usernew->username);
257         $user = $DB->get_record('user', array('id' => $usernew->id));
258         $err = array();
260         if (!$user and !empty($usernew->createpassword)) {
261             if ($usernew->suspended) {
262                 // Show some error because we can not mail suspended users.
263                 $err['suspended'] = get_string('error');
264             }
265         } else {
266             if (!empty($usernew->newpassword)) {
267                 $errmsg = ''; // Prevent eclipse warning.
268                 if (!check_password_policy($usernew->newpassword, $errmsg)) {
269                     $err['newpassword'] = $errmsg;
270                 }
271             } else if (!$user) {
272                 $auth = get_auth_plugin($usernew->auth);
273                 if ($auth->is_internal()) {
274                     // Internal accounts require password!
275                     $err['newpassword'] = get_string('required');
276                 }
277             }
278         }
280         if (empty($usernew->username)) {
281             // Might be only whitespace.
282             $err['username'] = get_string('required');
283         } else if (!$user or $user->username !== $usernew->username) {
284             // Check new username does not exist.
285             if ($DB->record_exists('user', array('username' => $usernew->username, 'mnethostid' => $CFG->mnet_localhost_id))) {
286                 $err['username'] = get_string('usernameexists');
287             }
288             // Check allowed characters.
289             if ($usernew->username !== core_text::strtolower($usernew->username)) {
290                 $err['username'] = get_string('usernamelowercase');
291             } else {
292                 if ($usernew->username !== core_user::clean_field($usernew->username, 'username')) {
293                     $err['username'] = get_string('invalidusername');
294                 }
295             }
296         }
298         if (!$user or (isset($usernew->email) && $user->email !== $usernew->email)) {
299             if (!validate_email($usernew->email)) {
300                 $err['email'] = get_string('invalidemail');
301             } else if (empty($CFG->allowaccountssameemail)) {
302                 // Make a case-insensitive query for the given email address.
303                 $select = $DB->sql_equal('email', ':email', false) . ' AND mnethostid = :mnethostid AND id <> :userid';
304                 $params = array(
305                     'email' => $usernew->email,
306                     'mnethostid' => $CFG->mnet_localhost_id,
307                     'userid' => $usernew->id
308                 );
309                 // If there are other user(s) that already have the same email, show an error.
310                 if ($DB->record_exists_select('user', $select, $params)) {
311                     $err['email'] = get_string('emailexists');
312                 }
313             }
314         }
316         // Next the customisable profile fields.
317         $err += profile_validation($usernew, $files);
319         if (count($err) == 0) {
320             return true;
321         } else {
322             return $err;
323         }
324     }