1<?php
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * This file contains function used when editing a users profile and preferences.
19 *
20 * @copyright 1999 Martin Dougiamas  http://dougiamas.com
21 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
22 * @package core_user
23 */
24
25require_once($CFG->dirroot . '/user/lib.php');
26
27/**
28 * Cancels the requirement for a user to update their email address.
29 *
30 * @param int $userid
31 */
32function cancel_email_update($userid) {
33    unset_user_preference('newemail', $userid);
34    unset_user_preference('newemailkey', $userid);
35    unset_user_preference('newemailattemptsleft', $userid);
36}
37
38/**
39 * Performs the common access checks and page setup for all
40 * user preference pages.
41 *
42 * @param int $userid The user id to edit taken from the page params.
43 * @param int $courseid The optional course id if we came from a course context.
44 * @return array containing the user and course records.
45 */
46function useredit_setup_preference_page($userid, $courseid) {
47    global $PAGE, $SESSION, $DB, $CFG, $OUTPUT, $USER;
48
49    // Guest can not edit.
50    if (isguestuser()) {
51        print_error('guestnoeditprofile');
52    }
53
54    if (!$course = $DB->get_record('course', array('id' => $courseid))) {
55        print_error('invalidcourseid');
56    }
57
58    if ($course->id != SITEID) {
59        require_login($course);
60    } else if (!isloggedin()) {
61        if (empty($SESSION->wantsurl)) {
62            $SESSION->wantsurl = $CFG->wwwroot.'/user/preferences.php';
63        }
64        redirect(get_login_url());
65    } else {
66        $PAGE->set_context(context_system::instance());
67    }
68
69    // The user profile we are editing.
70    if (!$user = $DB->get_record('user', array('id' => $userid))) {
71        print_error('invaliduserid');
72    }
73
74    // Guest can not be edited.
75    if (isguestuser($user)) {
76        print_error('guestnoeditprofile');
77    }
78
79    // Remote users cannot be edited.
80    if (is_mnet_remote_user($user)) {
81        if (user_not_fully_set_up($user, false)) {
82            $hostwwwroot = $DB->get_field('mnet_host', 'wwwroot', array('id' => $user->mnethostid));
83            print_error('usernotfullysetup', 'mnet', '', $hostwwwroot);
84        }
85        redirect($CFG->wwwroot . "/user/view.php?course={$course->id}");
86    }
87
88    $systemcontext   = context_system::instance();
89    $personalcontext = context_user::instance($user->id);
90
91    // Check access control.
92    if ($user->id == $USER->id) {
93        // Editing own profile - require_login() MUST NOT be used here, it would result in infinite loop!
94        if (!has_capability('moodle/user:editownprofile', $systemcontext)) {
95            print_error('cannotedityourprofile');
96        }
97
98    } else {
99        // Teachers, parents, etc.
100        require_capability('moodle/user:editprofile', $personalcontext);
101
102        // No editing of primary admin!
103        if (is_siteadmin($user) and !is_siteadmin($USER)) {  // Only admins may edit other admins.
104            print_error('useradmineditadmin');
105        }
106    }
107
108    if ($user->deleted) {
109        echo $OUTPUT->header();
110        echo $OUTPUT->heading(get_string('userdeleted'));
111        echo $OUTPUT->footer();
112        die;
113    }
114
115    $PAGE->set_pagelayout('admin');
116    $PAGE->set_context($personalcontext);
117    if ($USER->id != $user->id) {
118        $PAGE->navigation->extend_for_user($user);
119    } else {
120        if ($node = $PAGE->navigation->find('myprofile', navigation_node::TYPE_ROOTNODE)) {
121            $node->force_open();
122        }
123    }
124
125    return array($user, $course);
126}
127
128/**
129 * Loads the given users preferences into the given user object.
130 *
131 * @param stdClass $user The user object, modified by reference.
132 * @param bool $reload
133 */
134function useredit_load_preferences(&$user, $reload=true) {
135    global $USER;
136
137    if (!empty($user->id)) {
138        if ($reload and $USER->id == $user->id) {
139            // Reload preferences in case it was changed in other session.
140            unset($USER->preference);
141        }
142
143        if ($preferences = get_user_preferences(null, null, $user->id)) {
144            foreach ($preferences as $name => $value) {
145                $user->{'preference_'.$name} = $value;
146            }
147        }
148    }
149}
150
151/**
152 * Updates the user preferences for the given user
153 *
154 * Only preference that can be updated directly will be updated here. This method is called from various WS
155 * updating users and should be used when updating user details. Plugins may list preferences that can
156 * be updated by defining 'user_preferences' callback, {@see core_user::fill_preferences_cache()}
157 *
158 * Some parts of code may use user preference table to store internal data, in these cases it is acceptable
159 * to call set_user_preference()
160 *
161 * @param stdClass|array $usernew object or array that has user preferences as attributes with keys starting with preference_
162 */
163function useredit_update_user_preference($usernew) {
164    global $USER;
165    $ua = (array)$usernew;
166    if (is_object($usernew) && isset($usernew->id) && isset($usernew->deleted) && isset($usernew->confirmed)) {
167        // This is already a full user object, maybe not completely full but these fields are enough.
168        $user = $usernew;
169    } else if (empty($ua['id']) || $ua['id'] == $USER->id) {
170        // We are updating current user.
171        $user = $USER;
172    } else {
173        // Retrieve user object.
174        $user = core_user::get_user($ua['id'], '*', MUST_EXIST);
175    }
176
177    foreach ($ua as $key => $value) {
178        if (strpos($key, 'preference_') === 0) {
179            $name = substr($key, strlen('preference_'));
180            if (core_user::can_edit_preference($name, $user)) {
181                $value = core_user::clean_preference($value, $name);
182                set_user_preference($name, $value, $user->id);
183            }
184        }
185    }
186}
187
188/**
189 * @deprecated since Moodle 3.2
190 * @see core_user::update_picture()
191 */
192function useredit_update_picture() {
193    throw new coding_exception('useredit_update_picture() can not be used anymore. Please use ' .
194        'core_user::update_picture() instead.');
195}
196
197/**
198 * Updates the user email bounce + send counts when the user is edited.
199 *
200 * @param stdClass $user The current user object.
201 * @param stdClass $usernew The updated user object.
202 */
203function useredit_update_bounces($user, $usernew) {
204    if (!isset($usernew->email)) {
205        // Locked field.
206        return;
207    }
208    if (!isset($user->email) || $user->email !== $usernew->email) {
209        set_bounce_count($usernew, true);
210        set_send_count($usernew, true);
211    }
212}
213
214/**
215 * Updates the forums a user is tracking when the user is edited.
216 *
217 * @param stdClass $user The original user object.
218 * @param stdClass $usernew The updated user object.
219 */
220function useredit_update_trackforums($user, $usernew) {
221    global $CFG;
222    if (!isset($usernew->trackforums)) {
223        // Locked field.
224        return;
225    }
226    if ((!isset($user->trackforums) || ($usernew->trackforums != $user->trackforums)) and !$usernew->trackforums) {
227        require_once($CFG->dirroot.'/mod/forum/lib.php');
228        forum_tp_delete_read_records($usernew->id);
229    }
230}
231
232/**
233 * Updates a users interests.
234 *
235 * @param stdClass $user
236 * @param array $interests
237 */
238function useredit_update_interests($user, $interests) {
239    core_tag_tag::set_item_tags('core', 'user', $user->id,
240            context_user::instance($user->id), $interests);
241}
242
243/**
244 * Powerful function that is used by edit and editadvanced to add common form elements/rules/etc.
245 *
246 * @param moodleform $mform
247 * @param array $editoroptions
248 * @param array $filemanageroptions
249 * @param stdClass $user
250 */
251function useredit_shared_definition(&$mform, $editoroptions, $filemanageroptions, $user) {
252    global $CFG, $USER, $DB;
253
254    if ($user->id > 0) {
255        useredit_load_preferences($user, false);
256    }
257
258    $strrequired = get_string('required');
259    $stringman = get_string_manager();
260
261    // Add the necessary names.
262    foreach (useredit_get_required_name_fields() as $fullname) {
263        $purpose = user_edit_map_field_purpose($user->id, $fullname);
264        $mform->addElement('text', $fullname,  get_string($fullname),  'maxlength="100" size="30"' . $purpose);
265        if ($stringman->string_exists('missing'.$fullname, 'core')) {
266            $strmissingfield = get_string('missing'.$fullname, 'core');
267        } else {
268            $strmissingfield = $strrequired;
269        }
270        $mform->addRule($fullname, $strmissingfield, 'required', null, 'client');
271        $mform->setType($fullname, PARAM_NOTAGS);
272    }
273
274    $enabledusernamefields = useredit_get_enabled_name_fields();
275    // Add the enabled additional name fields.
276    foreach ($enabledusernamefields as $addname) {
277        $purpose = user_edit_map_field_purpose($user->id, $addname);
278        $mform->addElement('text', $addname,  get_string($addname), 'maxlength="100" size="30"' . $purpose);
279        $mform->setType($addname, PARAM_NOTAGS);
280    }
281
282    // Do not show email field if change confirmation is pending.
283    if ($user->id > 0 and !empty($CFG->emailchangeconfirmation) and !empty($user->preference_newemail)) {
284        $notice = get_string('emailchangepending', 'auth', $user);
285        $notice .= '<br /><a href="edit.php?cancelemailchange=1&amp;id='.$user->id.'">'
286                . get_string('emailchangecancel', 'auth') . '</a>';
287        $mform->addElement('static', 'emailpending', get_string('email'), $notice);
288    } else {
289        $purpose = user_edit_map_field_purpose($user->id, 'email');
290        $mform->addElement('text', 'email', get_string('email'), 'maxlength="100" size="30"' . $purpose);
291        $mform->addRule('email', $strrequired, 'required', null, 'client');
292        $mform->setType('email', PARAM_RAW_TRIMMED);
293    }
294
295    $choices = array();
296    $choices['0'] = get_string('emaildisplayno');
297    $choices['1'] = get_string('emaildisplayyes');
298    $choices['2'] = get_string('emaildisplaycourse');
299    $mform->addElement('select', 'maildisplay', get_string('emaildisplay'), $choices);
300    $mform->setDefault('maildisplay', core_user::get_property_default('maildisplay'));
301    $mform->addHelpButton('maildisplay', 'emaildisplay');
302
303    $mform->addElement('text', 'moodlenetprofile', get_string('moodlenetprofile', 'user'));
304    $mform->setType('moodlenetprofile', PARAM_NOTAGS);
305    $mform->addHelpButton('moodlenetprofile', 'moodlenetprofile', 'user');
306
307    $mform->addElement('text', 'city', get_string('city'), 'maxlength="120" size="21"');
308    $mform->setType('city', PARAM_TEXT);
309    if (!empty($CFG->defaultcity)) {
310        $mform->setDefault('city', $CFG->defaultcity);
311    }
312
313    $purpose = user_edit_map_field_purpose($user->id, 'country');
314    $choices = get_string_manager()->get_list_of_countries();
315    $choices = array('' => get_string('selectacountry') . '...') + $choices;
316    $mform->addElement('select', 'country', get_string('selectacountry'), $choices, $purpose);
317    if (!empty($CFG->country)) {
318        $mform->setDefault('country', core_user::get_property_default('country'));
319    }
320
321    if (isset($CFG->forcetimezone) and $CFG->forcetimezone != 99) {
322        $choices = core_date::get_list_of_timezones($CFG->forcetimezone);
323        $mform->addElement('static', 'forcedtimezone', get_string('timezone'), $choices[$CFG->forcetimezone]);
324        $mform->addElement('hidden', 'timezone');
325        $mform->setType('timezone', core_user::get_property_type('timezone'));
326    } else {
327        $choices = core_date::get_list_of_timezones($user->timezone, true);
328        $mform->addElement('select', 'timezone', get_string('timezone'), $choices);
329    }
330
331    if ($user->id < 0) {
332        $purpose = user_edit_map_field_purpose($user->id, 'lang');
333        $translations = get_string_manager()->get_list_of_translations();
334        $mform->addElement('select', 'lang', get_string('preferredlanguage'), $translations, $purpose);
335        $lang = empty($user->lang) ? $CFG->lang : $user->lang;
336        $mform->setDefault('lang', $lang);
337    }
338
339    if (!empty($CFG->allowuserthemes)) {
340        $choices = array();
341        $choices[''] = get_string('default');
342        $themes = get_list_of_themes();
343        foreach ($themes as $key => $theme) {
344            if (empty($theme->hidefromselector)) {
345                $choices[$key] = get_string('pluginname', 'theme_'.$theme->name);
346            }
347        }
348        $mform->addElement('select', 'theme', get_string('preferredtheme'), $choices);
349    }
350
351    $mform->addElement('editor', 'description_editor', get_string('userdescription'), null, $editoroptions);
352    $mform->setType('description_editor', PARAM_RAW);
353    $mform->addHelpButton('description_editor', 'userdescription');
354
355    if (empty($USER->newadminuser)) {
356        $mform->addElement('header', 'moodle_picture', get_string('pictureofuser'));
357        $mform->setExpanded('moodle_picture', true);
358
359        if (!empty($CFG->enablegravatar)) {
360            $mform->addElement('html', html_writer::tag('p', get_string('gravatarenabled')));
361        }
362
363        $mform->addElement('static', 'currentpicture', get_string('currentpicture'));
364
365        $mform->addElement('checkbox', 'deletepicture', get_string('deletepicture'));
366        $mform->setDefault('deletepicture', 0);
367
368        $mform->addElement('filemanager', 'imagefile', get_string('newpicture'), '', $filemanageroptions);
369        $mform->addHelpButton('imagefile', 'newpicture');
370
371        $mform->addElement('text', 'imagealt', get_string('imagealt'), 'maxlength="100" size="30"');
372        $mform->setType('imagealt', PARAM_TEXT);
373
374    }
375
376    // Display user name fields that are not currenlty enabled here if there are any.
377    $disabledusernamefields = useredit_get_disabled_name_fields($enabledusernamefields);
378    if (count($disabledusernamefields) > 0) {
379        $mform->addElement('header', 'moodle_additional_names', get_string('additionalnames'));
380        foreach ($disabledusernamefields as $allname) {
381            $purpose = user_edit_map_field_purpose($user->id, $allname);
382            $mform->addElement('text', $allname, get_string($allname), 'maxlength="100" size="30"' . $purpose);
383            $mform->setType($allname, PARAM_NOTAGS);
384        }
385    }
386
387    if (core_tag_tag::is_enabled('core', 'user') and empty($USER->newadminuser)) {
388        $mform->addElement('header', 'moodle_interests', get_string('interests'));
389        $mform->addElement('tags', 'interests', get_string('interestslist'),
390            array('itemtype' => 'user', 'component' => 'core'));
391        $mform->addHelpButton('interests', 'interestslist');
392    }
393
394    // Moodle optional fields.
395    $mform->addElement('header', 'moodle_optional', get_string('optional', 'form'));
396
397    $mform->addElement('text', 'idnumber', get_string('idnumber'), 'maxlength="255" size="25"');
398    $mform->setType('idnumber', core_user::get_property_type('idnumber'));
399
400    $mform->addElement('text', 'institution', get_string('institution'), 'maxlength="255" size="25"');
401    $mform->setType('institution', core_user::get_property_type('institution'));
402
403    $mform->addElement('text', 'department', get_string('department'), 'maxlength="255" size="25"');
404    $mform->setType('department', core_user::get_property_type('department'));
405
406    $mform->addElement('text', 'phone1', get_string('phone1'), 'maxlength="20" size="25"');
407    $mform->setType('phone1', core_user::get_property_type('phone1'));
408    $mform->setForceLtr('phone1');
409
410    $mform->addElement('text', 'phone2', get_string('phone2'), 'maxlength="20" size="25"');
411    $mform->setType('phone2', core_user::get_property_type('phone2'));
412    $mform->setForceLtr('phone2');
413
414    $mform->addElement('text', 'address', get_string('address'), 'maxlength="255" size="25"');
415    $mform->setType('address', core_user::get_property_type('address'));
416}
417
418/**
419 * Return required user name fields for forms.
420 *
421 * @return array required user name fields in order according to settings.
422 */
423function useredit_get_required_name_fields() {
424    global $CFG;
425
426    // Get the name display format.
427    $nameformat = $CFG->fullnamedisplay;
428
429    // Names that are required fields on user forms.
430    $necessarynames = array('firstname', 'lastname');
431    $languageformat = get_string('fullnamedisplay');
432
433    // Check that the language string and the $nameformat contain the necessary names.
434    foreach ($necessarynames as $necessaryname) {
435        $pattern = "/$necessaryname\b/";
436        if (!preg_match($pattern, $languageformat)) {
437            // If the language string has been altered then fall back on the below order.
438            $languageformat = 'firstname lastname';
439        }
440        if (!preg_match($pattern, $nameformat)) {
441            // If the nameformat doesn't contain the necessary name fields then use the languageformat.
442            $nameformat = $languageformat;
443        }
444    }
445
446    // Order all of the name fields in the postion they are written in the fullnamedisplay setting.
447    $necessarynames = order_in_string($necessarynames, $nameformat);
448    return $necessarynames;
449}
450
451/**
452 * Gets enabled (from fullnameformate setting) user name fields in appropriate order.
453 *
454 * @return array Enabled user name fields.
455 */
456function useredit_get_enabled_name_fields() {
457    global $CFG;
458
459    // Get all of the other name fields which are not ranked as necessary.
460    $additionalusernamefields = array_diff(\core_user\fields::get_name_fields(), array('firstname', 'lastname'));
461    // Find out which additional name fields are actually being used from the fullnamedisplay setting.
462    $enabledadditionalusernames = array();
463    foreach ($additionalusernamefields as $enabledname) {
464        if (strpos($CFG->fullnamedisplay, $enabledname) !== false) {
465            $enabledadditionalusernames[] = $enabledname;
466        }
467    }
468
469    // Order all of the name fields in the postion they are written in the fullnamedisplay setting.
470    $enabledadditionalusernames = order_in_string($enabledadditionalusernames, $CFG->fullnamedisplay);
471    return $enabledadditionalusernames;
472}
473
474/**
475 * Gets user name fields not enabled from the setting fullnamedisplay.
476 *
477 * @param array $enabledadditionalusernames Current enabled additional user name fields.
478 * @return array Disabled user name fields.
479 */
480function useredit_get_disabled_name_fields($enabledadditionalusernames = null) {
481    // If we don't have enabled additional user name information then go and fetch it (try to avoid).
482    if (!isset($enabledadditionalusernames)) {
483        $enabledadditionalusernames = useredit_get_enabled_name_fields();
484    }
485
486    // These are the additional fields that are not currently enabled.
487    $nonusednamefields = array_diff(\core_user\fields::get_name_fields(),
488            array_merge(array('firstname', 'lastname'), $enabledadditionalusernames));
489
490    // It may not be significant anywhere, but for compatibility, this used to return an array
491    // with keys and values the same.
492    $result = [];
493    foreach ($nonusednamefields as $field) {
494        $result[$field] = $field;
495    }
496    return $result;
497}
498