3 // This file is part of Moodle - http://moodle.org/
5 // Moodle is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation, either version 3 of the License, or
8 // (at your option) any later version.
10 // Moodle is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 // GNU General Public License for more details.
15 // You should have received a copy of the GNU General Public License
16 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
19 * Display profile for a particular user
21 * @copyright 1999 Martin Dougiamas http://dougiamas.com
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
26 require_once("../config.php");
27 require_once($CFG->dirroot.'/user/profile/lib.php');
28 require_once($CFG->dirroot.'/tag/lib.php');
30 $id = optional_param('id', 0, PARAM_INT); // user id
31 $course = optional_param('course', SITEID, PARAM_INT); // course id (defaults to Site)
32 $enable = optional_param('enable', 0, PARAM_BOOL); // enable email
33 $disable = optional_param('disable', 0, PARAM_BOOL); // disable email
35 if (empty($id)) { // See your own profile by default
40 $url = new moodle_url($CFG->wwwroot.'/user/view.php', array('id'=>$id));
42 $url->param('course', $course);
45 $url->param('enable', $enable);
48 $url->param('disable', $disable);
52 if (! $user = $DB->get_record("user", array("id"=>$id))) {
53 print_error('invaliduserid');
56 if (! $course = $DB->get_record("course", array("id"=>$course))) {
57 print_error('invalidcourseid');
60 // special hack for cli installer - continue to site settings
61 $systemcontext = get_context_instance(CONTEXT_SYSTEM);
62 if ($SITE->shortname === '' and has_capability('moodle/site:config', $systemcontext)) {
63 redirect($CFG->wwwroot .'/'. $CFG->admin .'/index.php');
66 /// Set up page URL for blocks etc
67 if ($course->id == SITEID) {
68 $PAGE->set_url('user/view.php', array('id' => $user->id));
70 $PAGE->set_url('user/view.php', array('id' => $user->id, 'course' => $course->id));
73 /// Make sure the current user is allowed to see this user
75 if (empty($USER->id)) {
78 $currentuser = ($user->id == $USER->id);
81 if ($course->id == SITEID) {
82 $coursecontext = $systemcontext; // SYSTEM context
84 $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); // Course context
86 $usercontext = get_context_instance(CONTEXT_USER, $user->id); // User context
88 $PAGE->set_context($usercontext);
90 if (!empty($CFG->forcelogin) || $course->id != SITEID) {
91 // do not force parents to enrol
92 if (!$DB->get_record('role_assignments', array('userid'=>$USER->id, 'contextid'=>$usercontext->id))) {
93 require_login($course->id);
97 if (!empty($CFG->forceloginforprofiles)) {
99 if (has_capability('moodle/legacy:guest', $systemcontext, 0, false)) {
100 redirect(get_login_url());
104 $strpersonalprofile = get_string('personalprofile');
105 $strparticipants = get_string("participants");
106 $struser = get_string("user");
108 $fullname = fullname($user, has_capability('moodle/site:viewfullnames', $coursecontext));
111 if (has_capability('moodle/course:viewparticipants', $coursecontext) || has_capability('moodle/site:viewparticipants', $systemcontext)) {
112 $link = new moodle_url($CFG->wwwroot."/user/index.php", array('id'=>$course->id));
114 if ($course->id===SITEID) {
115 $PAGE->navbar->ignore_active();
117 $PAGE->navbar->add($strparticipants, $link);
119 /// If the user being shown is not ourselves, then make sure we are allowed to see them!
123 $PAGE->set_title("$strpersonalprofile: ");
124 $PAGE->set_heading("$strpersonalprofile: ");
126 if ($course->id == SITEID) { // Reduce possibility of "browsing" userbase at site level
127 if ($CFG->forceloginforprofiles and !isteacherinanycourse()
128 and !isteacherinanycourse($user->id)
129 and !has_capability('moodle/user:viewdetails', $usercontext)) { // Teachers can browse and be browsed at site level. If not forceloginforprofiles, allow access (bug #4366)
131 $PAGE->navbar->add($struser);
132 echo $OUTPUT->header();
133 echo $OUTPUT->heading(get_string('usernotavailable', 'error'));
134 echo $OUTPUT->footer();
137 } else { // Normal course
138 // check capabilities
139 if (!has_capability('moodle/user:viewdetails', $coursecontext) &&
140 !has_capability('moodle/user:viewdetails', $usercontext)) {
141 print_error('cannotviewprofile');
144 if (!has_capability('moodle/course:view', $coursecontext, $user->id, false)) {
145 if (has_capability('moodle/course:view', $coursecontext)) {
146 $PAGE->navbar->add($fullname);
147 echo $OUTPUT->heading(get_string('notenrolled', $fullname));
149 $PAGE->navbar->add($struser);
150 echo $OUTPUT->heading(get_string('notenrolledprofile'));
152 echo $OUTPUT->continue_button($_SERVER['HTTP_REFERER']);
153 echo $OUTPUT->footer();
159 // If groups are in use, make sure we can see that group
160 if (groups_get_course_groupmode($course) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $coursecontext)) {
162 ///this is changed because of mygroupid
163 $gtrue = (bool)groups_get_all_groups($course->id, $user->id);
165 print_error("groupnotamember", '', "../course/view.php?id=$course->id");
171 /// We've established they can see the user's name at least, so what about the rest?
173 $PAGE->navbar->add($struser);
174 $PAGE->set_title("$course->fullname: $strpersonalprofile: $fullname");
175 $PAGE->set_heading($course->fullname);
176 echo $OUTPUT->header();
178 if (($course->id != SITEID) and ! has_capability('moodle/legacy:guest', $systemcontext, 0, false) ) { // Need to have access to a course to see that info
179 if (!has_capability('moodle/course:view', $coursecontext, $user->id)) {
180 echo $OUTPUT->heading(get_string('notenrolled', '', $fullname));
181 echo $OUTPUT->footer();
186 if ($user->deleted) {
187 echo $OUTPUT->heading(get_string('userdeleted'));
188 if (!has_capability('moodle/user:update', $coursecontext)) {
189 echo $OUTPUT->footer();
194 /// OK, security out the way, now we are showing the user
196 add_to_log($course->id, "user", "view", "view.php?id=$user->id&course=$course->id", "$user->id");
198 if ($course->id != SITEID) {
199 $user->lastaccess = false;
200 if ($lastaccess = $DB->get_record('user_lastaccess', array('userid'=>$user->id, 'courseid'=>$course->id))) {
201 $user->lastaccess = $lastaccess->timeaccess;
206 /// Get the hidden field list
207 if (has_capability('moodle/user:viewhiddendetails', $coursecontext)) {
208 $hiddenfields = array();
210 $hiddenfields = array_flip(explode(',', $CFG->hiddenuserfields));
213 /// Print tabs at top
214 /// This same call is made in:
219 $currenttab = 'profile';
221 if (!$user->deleted) {
225 if (is_mnet_remote_user($user)) {
227 SELECT DISTINCT h.id, h.name, h.wwwroot,
228 a.name as application, a.display_name
229 FROM {mnet_host} h, {mnet_application} a
230 WHERE h.id = ? AND h.applicationid = a.id
231 ORDER BY a.display_name, h.name";
233 $remotehost = $DB->get_record_sql($sql, array($user->mnethostid));
235 echo '<p class="errorboxcontent">'.get_string('remoteappuser', $remotehost->application)." <br />\n";
236 if ($USER->id == $user->id) {
237 if ($remotehost->application =='moodle') {
238 echo "Remote {$remotehost->display_name}: <a href=\"{$remotehost->wwwroot}/user/edit.php\">{$remotehost->name}</a> ".get_string('editremoteprofile')." </p>\n";
240 echo "Remote {$remotehost->display_name}: <a href=\"{$remotehost->wwwroot}/\">{$remotehost->name}</a> ".get_string('gotoyourserver')." </p>\n";
243 echo "Remote {$remotehost->display_name}: <a href=\"{$remotehost->wwwroot}/\">{$remotehost->name}</a></p>\n";
247 echo '<table width="80%" class="userinfobox" summary="">';
249 echo '<td class="side">';
250 $userpic = moodle_user_picture::make($user, $course->id);
251 $userpic->size = 100;
252 echo $OUTPUT->user_picture($userpic);
253 echo '</td><td class="content">';
255 // Print the description
257 if ($user->description && !isset($hiddenfields['description'])) {
258 $has_courseid = ($course->id != SITEID);
259 if (!$has_courseid && !empty($CFG->profilesforenrolledusersonly) && !$DB->record_exists('role_assignments', array('userid'=>$id))) {
260 echo get_string('profilenotshown', 'moodle').'<hr />';
262 echo format_text($user->description, FORMAT_MOODLE)."<hr />";
266 // Print all the little details in a list
268 echo '<table class="list">';
270 if (! isset($hiddenfields['country']) && $user->country) {
271 $countries = get_list_of_countries();
272 print_row(get_string('country') . ':', $countries[$user->country]);
275 if (! isset($hiddenfields['city']) && $user->city) {
276 print_row(get_string('city') . ':', $user->city);
279 if (has_capability('moodle/user:viewhiddendetails', $coursecontext)) {
280 if ($user->address) {
281 print_row(get_string("address").":", "$user->address");
284 print_row(get_string("phone").":", "$user->phone1");
287 print_row(get_string("phone2").":", "$user->phone2");
291 if ($user->maildisplay == 1 or
292 ($user->maildisplay == 2 and ($course->id != SITEID) and !isguest()) or
293 has_capability('moodle/course:useremail', $coursecontext)) {
297 if (has_capability('moodle/course:useremail', $coursecontext) or $currentuser) { /// Can use the enable/disable email stuff
298 if (!empty($enable)) { /// Recieved a parameter to enable the email address
299 $DB->set_field('user', 'emailstop', 0, array('id'=>$user->id));
300 $user->emailstop = 0;
302 if (!empty($disable)) { /// Recieved a parameter to disable the email address
303 $DB->set_field('user', 'emailstop', 1, array('id'=>$user->id));
304 $user->emailstop = 1;
308 if (has_capability('moodle/course:useremail', $coursecontext)) { /// Can use the enable/disable email stuff
309 if ($user->emailstop) {
310 $switchparam = 'enable';
311 $switchtitle = get_string('emaildisable');
312 $switchclick = get_string('emailenableclick');
313 $switchpix = 't/emailno';
315 $switchparam = 'disable';
316 $switchtitle = get_string('emailenable');
317 $switchclick = get_string('emaildisableclick');
318 $switchpix = 't/email';
320 $emailswitch = " <a title=\"$switchclick\" ".
321 "href=\"view.php?id=$user->id&course=$course->id&$switchparam=1\">".
322 "<img src=\"" . $OUTPUT->old_icon_url("$switchpix") . "\" alt=\"$switchclick\" /></a>";
324 } else if ($currentuser) { /// Can only re-enable an email this way
325 if ($user->emailstop) { // Include link that tells how to re-enable their email
326 $switchparam = 'enable';
327 $switchtitle = get_string('emaildisable');
328 $switchclick = get_string('emailenableclick');
330 $emailswitch = " (<a title=\"$switchclick\" ".
331 "href=\"view.php?id=$user->id&course=$course->id&enable=1\">$switchtitle</a>)";
335 print_row(get_string("email").":", obfuscate_mailto($user->email, '', $user->emailstop)."$emailswitch");
338 if ($user->url && !isset($hiddenfields['webpage'])) {
340 if (strpos($user->url, '://') === false) {
341 $url = 'http://'. $url;
343 print_row(get_string("webpage") .":", "<a href=\"$url\">$user->url</a>");
346 if ($user->icq && !isset($hiddenfields['icqnumber'])) {
347 print_row(get_string('icqnumber').':',"<a href=\"http://web.icq.com/wwp?uin=$user->icq\">$user->icq <img src=\"http://web.icq.com/whitepages/online?icq=$user->icq&img=5\" alt=\"\" /></a>");
350 if ($user->skype && !isset($hiddenfields['skypeid'])) {
351 print_row(get_string('skypeid').':','<a href="callto:'.urlencode($user->skype).'">'.s($user->skype).
352 ' <img src="http://mystatus.skype.com/smallicon/'.urlencode($user->skype).'" alt="'.get_string('status').'" '.
355 if ($user->yahoo && !isset($hiddenfields['yahooid'])) {
356 print_row(get_string('yahooid').':', '<a href="http://edit.yahoo.com/config/send_webmesg?.target='.urlencode($user->yahoo).'&.src=pg">'.s($user->yahoo)." <img src=\"http://opi.yahoo.com/online?u=".urlencode($user->yahoo)."&m=g&t=0\" alt=\"\"></a>");
358 if ($user->aim && !isset($hiddenfields['aimid'])) {
359 print_row(get_string('aimid').':', '<a href="aim:goim?screenname='.s($user->aim).'">'.s($user->aim).'</a>');
361 if ($user->msn && !isset($hiddenfields['msnid'])) {
362 print_row(get_string('msnid').':', s($user->msn));
365 /// Print the Custom User Fields
366 profile_display_fields($user->id);
369 if (!isset($hiddenfields['mycourses'])) {
370 if ($mycourses = get_my_courses($user->id, 'visible DESC,sortorder ASC', null, false, 21)) {
373 foreach ($mycourses as $mycourse) {
374 if ($mycourse->category) {
375 if ($mycourse->id != $course->id){
377 if ($mycourse->visible == 0) {
378 // get_my_courses will filter courses $USER cannot see
379 // if we get one with visible 0 it just means it's hidden
380 // ... but not from $USER
381 $class = 'class="dimmed"';
383 $courselisting .= "<a href=\"{$CFG->wwwroot}/user/view.php?id={$user->id}&course={$mycourse->id}\" $class >"
384 . format_string($mycourse->fullname) . "</a>, ";
387 $courselisting .= format_string($mycourse->fullname) . ", ";
392 $courselisting.= "...";
396 print_row(get_string('courses').':', rtrim($courselisting,', '));
399 if (!isset($hiddenfields['firstaccess'])) {
400 if ($user->firstaccess) {
401 $datestring = userdate($user->firstaccess)." (".format_time(time() - $user->firstaccess).")";
403 $datestring = get_string("never");
405 print_row(get_string("firstaccess").":", $datestring);
407 if (!isset($hiddenfields['lastaccess'])) {
408 if ($user->lastaccess) {
409 $datestring = userdate($user->lastaccess)." (".format_time(time() - $user->lastaccess).")";
411 $datestring = get_string("never");
413 print_row(get_string("lastaccess").":", $datestring);
417 if ($rolestring = get_user_roles_in_context($id, $coursecontext)) {
418 print_row(get_string('roles').':', format_string($rolestring, false));
422 if (!isset($hiddenfields['groups'])) {
423 $isseparategroups = ($course->groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $coursecontext));
424 if (!$isseparategroups){
425 if ($usergroups = groups_get_all_groups($course->id, $user->id)){
427 foreach ($usergroups as $group){
428 $groupstr .= ' <a href="'.$CFG->wwwroot.'/user/index.php?id='.$course->id.'&group='.$group->id.'">'.format_string($group->name).'</a>,';
430 print_row(get_string("group").":", rtrim($groupstr, ', '));
434 /// End of printing groups
436 /// Printing Interests
437 if( !empty($CFG->usetags)) {
438 if ( $interests = tag_get_tags_csv('user', $user->id) ) {
439 print_row(get_string('interests') .": ", $interests);
442 /// End of Printing Interests
446 echo "</td></tr></table>";
448 $userauth = get_auth_plugin($user->auth);
450 $passwordchangeurl = false;
451 if ($currentuser and $userauth->can_change_password() and !isguestuser() and has_capability('moodle/user:changeownpassword', $systemcontext)) {
452 if (!$passwordchangeurl = $userauth->change_password_url()) {
453 if (empty($CFG->loginhttps)) {
454 $passwordchangeurl = "$CFG->wwwroot/login/change_password.php";
456 $passwordchangeurl = str_replace('http:', 'https:', $CFG->wwwroot.'/login/change_password.php');
461 // Print other functions
462 echo '<div class="buttons">';
464 if ($passwordchangeurl) {
465 $params = array('id'=>$course->id);
467 if (session_is_loggedinas()) {
468 $passwordchangeurl = ''; // do not use actual change password url - might contain sensitive data
470 $parts = explode('?', $passwordchangeurl);
471 $passwordchangeurl = reset($parts);
472 $after = next($parts);
473 preg_match_all('/([^&=]+)=([^&=]+)/', $after, $matches);
474 if (count($matches)) {
475 foreach($matches[0] as $key=>$match) {
476 $params[$matches[1][$key]] = $matches[2][$key];
480 echo "<form action=\"$passwordchangeurl\" method=\"get\">";
482 foreach($params as $key=>$value) {
483 echo '<input type="hidden" name="'.$key.'" value="'.s($value).'" />';
485 if (session_is_loggedinas()) {
486 // changing of password when "Logged in as" is not allowed
487 echo "<input type=\"submit\" value=\"".get_string("changepassword")."\" disabled=\"disabled\" />";
489 echo "<input type=\"submit\" value=\"".get_string("changepassword")."\" />";
495 if ($course->id != SITEID && empty($course->metacourse)) { // Mostly only useful at course level
499 if ($user->id == $USER->id) { // Myself
500 $canunenrol = has_capability('moodle/course:view', $coursecontext, NULL) && // Course participant
501 has_capability('moodle/role:unassignself', $coursecontext, NULL, false) && // Can unassign myself
502 get_user_roles($coursecontext, $user->id, false); // Must have role in course
504 } else if (has_capability('moodle/role:assign', $coursecontext, NULL)) { // I can assign roles
505 if ($roles = get_user_roles($coursecontext, $user->id, false)) {
507 foreach($roles as $role) {
508 if (!user_can_assign($coursecontext, $role->roleid)) {
509 $canunenrol = false; // I can not unassign all roles in this course :-(
517 echo '<form action="'.$CFG->wwwroot.'/course/unenrol.php" method="get">';
519 echo '<input type="hidden" name="id" value="'.$course->id.'" />';
520 echo '<input type="hidden" name="user" value="'.$user->id.'" />';
521 echo '<input type="submit" value="'.s(get_string('unenrolme', '', $course->shortname)).'" />';
527 if (!$user->deleted and $USER->id != $user->id && !session_is_loggedinas() && has_capability('moodle/user:loginas', $coursecontext) &&
528 ! has_capability('moodle/site:doanything', $coursecontext, $user->id, false)) {
529 echo '<form action="'.$CFG->wwwroot.'/course/loginas.php" method="get">';
531 echo '<input type="hidden" name="id" value="'.$course->id.'" />';
532 echo '<input type="hidden" name="user" value="'.$user->id.'" />';
533 echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
534 echo '<input type="submit" value="'.get_string('loginas').'" />';
539 if (!$user->deleted and !empty($CFG->messaging) and !isguest() and has_capability('moodle/site:sendmessage', $systemcontext)) {
540 if (!empty($USER->id) and ($USER->id == $user->id)) {
541 if ($countmessages = $DB->count_records('message', array('useridto'=>$user->id))) {
542 $messagebuttonname = get_string("messages", "message")."($countmessages)";
544 $messagebuttonname = get_string("messages", "message");
546 echo "<form onclick=\"this.target='message'\" action=\"../message/index.php\" method=\"get\">";
548 echo "<input type=\"submit\" value=\"$messagebuttonname\" onclick=\"return openpopup('/message/index.php', 'message', 'menubar=0,location=0,scrollbars,status,resizable,width=400,height=500', 0);\" />";
552 echo "<form onclick=\"this.target='message$user->id'\" action=\"../message/discussion.php\" method=\"get\">";
554 echo "<input type=\"hidden\" name=\"id\" value=\"$user->id\" />";
555 echo "<input type=\"submit\" value=\"".get_string("sendmessage", "message")."\" onclick=\"return openpopup('/message/discussion.php?id=$user->id', 'message_$user->id', 'menubar=0,location=0,scrollbars,status,resizable,width=400,height=500', 0);\" />";
560 // Authorize.net: User Payments
561 if ($course->enrol == 'authorize' || (empty($course->enrol) && $CFG->enrol == 'authorize')) {
562 echo "<form action=\"../enrol/authorize/index.php\" method=\"get\">";
564 echo "<input type=\"hidden\" name=\"course\" value=\"$course->id\" />";
565 echo "<input type=\"hidden\" name=\"user\" value=\"$user->id\" />";
566 echo "<input type=\"submit\" value=\"".get_string('payments')."\" />";
572 if ($CFG->debugdisplay && debugging('', DEBUG_DEVELOPER) && $USER->id == $user->id) { // Show user object
574 echo $OUTPUT->heading('DEBUG MODE: User session variables');
578 echo $OUTPUT->footer();
580 /// Functions ///////
582 function print_row($left, $right) {
583 echo "\n<tr><td class=\"label c0\">$left</td><td class=\"info c1\">$right</td></tr>\n";
