moodle/user/edit.php

<?php // $Id$

    require_once('../config.php');
    require_once($CFG->libdir.'/gdlib.php');
    require_once($CFG->dirroot.'/user/edit_form.php');
    require_once($CFG->dirroot.'/user/editlib.php');
    require_once($CFG->dirroot.'/user/profile/lib.php');

    httpsrequired();

    $userid = optional_param('id', $USER->id, PARAM_INT);    // user id
    $course = optional_param('course', SITEID, PARAM_INT);   // course id (defaults to Site)
    $cancelemailchange = optional_param('cancelemailchange', false, PARAM_INT);   // course id (defaults to Site)

    if (!$course = $DB->get_record('course', array('id'=>$course))) {
        print_error('invalidcourseid');
    }

    if ($course->id != SITEID) {
        require_login($course);
    } else if (!isloggedin()) {
        if (empty($SESSION->wantsurl)) {
            $SESSION->wantsurl = $CFG->httpswwwroot.'/user/edit.php';
        }
        redirect($CFG->httpswwwroot.'/login/index.php');
    }

    // Guest can not edit
    if (isguestuser()) {
        print_error('guestnoeditprofile');
    }

    // The user profile we are editing
    if (!$user = $DB->get_record('user', array('id'=>$userid))) {
        print_error('invaliduserid');
    }

    // Guest can not be edited
    if (isguestuser($user)) {
        print_error('guestnoeditprofile');
    }

    // User interests separated by commas
    if (!empty($CFG->usetags)) {
        require_once($CFG->dirroot.'/tag/lib.php');
        $user->interests = tag_get_tags_csv('user', $user->id, TAG_RETURN_TEXT);
    }

    // remote users cannot be edited
    if (is_mnet_remote_user($user)) {
        redirect($CFG->wwwroot . "/user/view.php?course={$course->id}");
    }

    if ($course->id == SITEID) {
        $coursecontext = get_context_instance(CONTEXT_SYSTEM);   // SYSTEM context
    } else {
        $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id);   // Course context
    }
    $systemcontext   = get_context_instance(CONTEXT_SYSTEM);
    $personalcontext = get_context_instance(CONTEXT_USER, $user->id);

    // check access control
    if ($user->id == $USER->id) {
        //editing own profile - require_login() MUST NOT be used here, it would result in infinite loop!
        if (!has_capability('moodle/user:editownprofile', $systemcontext)) {
            print_error('cannotedityourprofile');
        }

    } else {
        // teachers, parents, etc.
        require_capability('moodle/user:editprofile', $personalcontext);
        // no editing of guest user account
        if (isguestuser($user->id)) {
            print_error('guestnoeditprofileother');
        }
        // no editing of primary admin!
        if (is_primary_admin($user->id)) {
            print_error('adminprimarynoedit');
        }
    }

    if ($user->deleted) {
        print_header();
        print_heading(get_string('userdeleted'));
        print_footer($course);
        die;
    }

    // Process email change cancellation
    if ($cancelemailchange) {
        cancel_email_update($user->id);
    }

    //load user preferences
    useredit_load_preferences($user);

    //Load custom profile fields data
    profile_load_data($user);


    //create form
    $userform = new user_edit_form();
    $userform->set_data($user);

    $email_changed = false;

    if ($usernew = $userform->get_data()) {

        add_to_log($course->id, 'user', 'update', "view.php?id=$user->id&course=$course->id", '');

        $email_changed_html = '';

        if ($CFG->emailchangeconfirmation) {
            // Handle change of email carefully for non-trusted users
            if ($user->email != $usernew->email && !has_capability('moodle/user:update', $systemcontext)) {
                $a = new stdClass();
                $a->newemail = $usernew->preference_newemail = $usernew->email;
                $usernew->preference_newemailkey = random_string(20);
                $usernew->preference_newemailattemptsleft = 3;
                $a->oldemail = $usernew->email = $user->email;

                $email_changed_html = print_box(get_string('auth_changingemailaddress', 'auth', $a), 'generalbox', 'notice', true);
                $email_changed_html .= print_continue("$CFG->wwwroot/user/view.php?id=$user->id&amp;course=$course->id", true);
                $email_changed = true;
            }
        }

        $authplugin = get_auth_plugin($user->auth);

        $usernew->timemodified = time();

        if (!$DB->update_record('user', $usernew)) {
            print_error('cannotupdateprofile');
        }

        // pass a true $userold here
        if (! $authplugin->user_update($user, $userform->get_data())) {
            // auth update failed, rollback for moodle
            $DB->update_record('user', $user);
            print_error('cannotupdateprofile');
        }

        //update preferences
        useredit_update_user_preference($usernew);

        //update interests
        if (!empty($CFG->usetags)) {
            useredit_update_interests($usernew, $usernew->interests);
        }

        //update user picture
        if (!empty($CFG->gdversion) and empty($CFG->disableuserimages)) {
            useredit_update_picture($usernew, $userform);
        }

        // update mail bounces
        useredit_update_bounces($user, $usernew);

        /// update forum track preference
        useredit_update_trackforums($user, $usernew);

        // save custom profile fields data
        profile_save_data($usernew);

        // If email was changed, send confirmation email now
        if ($email_changed && $CFG->emailchangeconfirmation) {
            $temp_user = fullclone($user);
            $temp_user->email = $usernew->preference_newemail;
            $temp_user->emailstop = NULL;

            $a = new stdClass();
            $a->url = $CFG->wwwroot . '/user/emailupdate.php?key=' . $usernew->preference_newemailkey . '&id=' . $user->id;
            $a->site = $SITE->fullname;
            $a->fullname = fullname($user, true);

            $emailupdatemessage = get_string('auth_emailupdatemessage', 'auth', $a);
            $emailupdatetitle = get_string('auth_emailupdatetitle', 'auth', $a);

            if (!$mail_results = email_to_user($temp_user, get_admin(), $emailupdatetitle, $emailupdatemessage)) {
                die("could not send email!");
            }
        }

        // reload from db
        $usernew = $DB->get_record('user', array('id'=>$user->id));
        events_trigger('user_updated', $usernew);

        if ($USER->id == $user->id) {
            // Override old $USER session variable if needed
            foreach ((array)$usernew as $variable => $value) {
                $USER->$variable = $value;
            }
        }

        if (!$email_changed || !$CFG->emailchangeconfirmation) {
            redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id");
        }
    }


/// Display page header
    $streditmyprofile = get_string('editmyprofile');
    $strparticipants  = get_string('participants');
    $userfullname     = fullname($user, true);

    $navlinks = array();
    if (has_capability('moodle/course:viewparticipants', $coursecontext) || has_capability('moodle/site:viewparticipants', $systemcontext)) {
        $navlinks[] = array('name' => $strparticipants, 'link' => "index.php?id=$course->id", 'type' => 'misc');
    }
    $navlinks[] = array('name' => $userfullname,
                        'link' => "view.php?id=$user->id&amp;course=$course->id",
                        'type' => 'misc');
    $navlinks[] = array('name' => $streditmyprofile, 'link' => null, 'type' => 'misc');
    $navigation = build_navigation($navlinks);
    print_header("$course->shortname: $streditmyprofile", $course->fullname, $navigation, "");

    /// Print tabs at the top
    $showroles = 1;
    $currenttab = 'editprofile';
    require('tabs.php');

    if ($email_changed) {
        echo $email_changed_html;
    } else {
    /// Finally display THE form
        $userform->display();
    }

/// and proper footer
    print_footer($course);

?>