moodle/user/edit.php

<?php // $Id$

    require_once('../config.php');
    require_once($CFG->libdir.'/gdlib.php');
    require_once($CFG->dirroot.'/user/edit_form.php');
    require_once($CFG->dirroot.'/user/editlib.php');
    require_once($CFG->dirroot.'/user/profile/lib.php');

    httpsrequired();

    $userid = optional_param('id', $USER->id, PARAM_INT);    // user id
    $course = optional_param('course', SITEID, PARAM_INT);   // course id (defaults to Site)

    if (!$course = get_record('course', 'id', $course)) {
        error('Course ID was incorrect');
    }

    if ($course->id != SITEID) {
        require_login($course);
    } else if (!isloggedin()) {
        if (empty($SESSION->wantsurl)) {
            $SESSION->wantsurl = $CFG->httpswwwroot.'/edit/user.php';
        }
        redirect($CFG->httpswwwroot.'/login/index.php');
    }

    // Guest can not edit
    if (isguestuser()) {
        print_error('guestnoeditprofile');
    }

    // The user profile we are editing
    if (!$user = get_record('user', 'id', $userid)) {
        error('User ID was incorrect');
    }

    // Guest can not be edited
    if (isguestuser($user)) {  
        print_error('guestnoeditprofile');
    }

    // User interests separated by commas
    if (!empty($CFG->usetags)) {
        require_once($CFG->dirroot.'/tag/lib.php');
        $user->interests = tag_names_csv(get_item_tags('user', $user->id));
    }

    // remote users cannot be edited
    if (is_mnet_remote_user($user)) {
        redirect($CFG->wwwroot . "/user/view.php?course={$course->id}");
    }

    $systemcontext   = get_context_instance(CONTEXT_SYSTEM);
    $personalcontext = get_context_instance(CONTEXT_USER, $user->id);

    // check access control
    if ($user->id == $USER->id) {
        //editing own profile - require_login() MUST NOT be used here, it would result in infinite loop!
        if (!has_capability('moodle/user:editownprofile', $systemcontext)) {
            error('Can not edit own profile, sorry.');
        }

    } else {
        // teachers, parents, etc.
        require_capability('moodle/user:editprofile', $personalcontext);
        // no editing of guest user account
        if (isguestuser($user->id)) {
            print_error('guestnoeditprofileother');
        }
        // no editing of primary admin!
        $mainadmin = get_admin();
        if ($user->id == $mainadmin->id) {
            print_error('adminprimarynoedit');
        }
    }

    //load user preferences
    useredit_load_preferences($user);

    //Load custom profile fields data
    profile_load_data($user);


    //create form
    $userform = new user_edit_form();
    $userform->set_data($user);

    if ($usernew = $userform->get_data()) {

        add_to_log($course->id, 'user', 'update', "view.php?id=$user->id&course=$course->id", '');

        $authplugin = get_auth_plugin($user->auth);

        $usernew->timemodified = time();

        if (!update_record('user', $usernew)) {
            error('Error updating user record');
        }

        // pass a true $userold here
        if (! $authplugin->user_update($user, $userform->get_data(false))) {
            // auth update failed, rollback for moodle
            update_record('user', addslashes_object($user));
            error('Failed to update user data on external auth: '.$user->auth.
                    '. See the server logs for more details.');
        }

        //update preferences
        useredit_update_user_preference($usernew);

        //update interests
        if (!empty($CFG->usetags)) {
            useredit_update_interests($usernew, $usernew->interests);
        }

        //update user picture
        if (!empty($CFG->gdversion) and empty($CFG->disableuserimages)) {
            useredit_update_picture($usernew, $userform);
        }

        // update mail bounces
        useredit_update_bounces($user, $usernew);

        /// update forum track preference
        useredit_update_trackforums($user, $usernew);

        // save custom profile fields data
        profile_save_data($usernew);

        if ($USER->id == $user->id) {
            // Override old $USER session variable if needed
            $usernew = (array)get_record('user', 'id', $user->id); // reload from db
            foreach ($usernew as $variable => $value) {
                $USER->$variable = $value;
            }
        }
        events_trigger('user_updated', $usernew);
        redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id");
    }


/// Display page header
    $streditmyprofile = get_string('editmyprofile');
    $strparticipants  = get_string('participants');
    $userfullname     = fullname($user, true);

    $navlinks = array();
    $navlinks[] = array('name' => $strparticipants, 'link' => "index.php?id=$course->id", 'type' => 'misc');
    $navlinks[] = array('name' => $userfullname,
                        'link' => "view.php?id=$user->id&amp;course=$course->id",
                        'type' => 'misc');
    $navlinks[] = array('name' => $streditmyprofile, 'link' => null, 'type' => 'misc');
    $navigation = build_navigation($navlinks);
    print_header("$course->shortname: $streditmyprofile", $course->fullname, $navigation, "");

    /// Print tabs at the top
    $showroles = 1;
    $currenttab = 'editprofile';
    require('tabs.php');

/// Finally display THE form
    $userform->display();

/// and proper footer
    print_footer($course);

?>
Changed some conditions against the $USER variable to work fine under PHP5. Bug 2053 (http://moodle.org/bugs/bug.php?op=show&bugid=2053) Merged from MOODLE_14_STABLE 2004-10-06 16:52:24 +00:00			`<?php // $Id$`
Initial revision 2001-11-22 06:23:56 +00:00
MDL-8096 - rewritten standard edit form and other fixes; new custom profile fields still missing 2007-01-25 18:02:48 +00:00			`require_once('../config.php');`
			`require_once($CFG->libdir.'/gdlib.php');`
			`require_once($CFG->dirroot.'/user/edit_form.php');`
MDL-8096 user edit form - some more refactoring and fixes 2007-01-26 18:42:47 +00:00			`require_once($CFG->dirroot.'/user/editlib.php');`
MDL-8096 - rewritten standard edit form and other fixes; new custom profile fields still missing 2007-01-25 18:02:48 +00:00			`require_once($CFG->dirroot.'/user/profile/lib.php');`
Using the new forms class. Customisable user profile fields. 2007-01-05 02:18:53 +00:00
MDL-8323 Add proper setup of course $CFG variables, fix use of global $COURSE new function course_setup() thats does proper $CFG-> , locale and themes setup much sooner than print_header() originally (needed for MDL-8067), cleanup of forgotten global $course issues MDL-8067 Fixed several $HTTPSREQUIRED issues - html editor now loads from https (the old hack did not wotk with IE7, new hack is uglier but works), fixed formlibs images (we can not set them in library global scope, we must wait for httpsrequired() and require_login() and od that in function), fixed links in meta.php, fixed help images fixed setting of new $USER values in user edit forms 2007-01-27 19:56:08 +00:00			`httpsrequired();`

(MDL-8820) moodle/user:editprofile now works in user contexts - reverted previous fix, adding new one; merged from MOODLE_18_STABLE 2007-03-14 23:37:28 +00:00			`$userid = optional_param('id', $USER->id, PARAM_INT); // user id`
optional_param was being called wrong 2005-04-04 03:42:01 +00:00			`$course = optional_param('course', SITEID, PARAM_INT); // course id (defaults to Site)`
Initial revision 2001-11-22 06:23:56 +00:00
MDL-8096 - rewritten standard edit form and other fixes; new custom profile fields still missing 2007-01-25 18:02:48 +00:00			`if (!$course = get_record('course', 'id', $course)) {`
			`error('Course ID was incorrect');`
user id and course id are both now optional 2004-09-25 12:53:35 +00:00			`}`
Resolved problems with previous replacement of & to & and fixed redirect() to entity encode the inut where needed. Julian Sedding 2004-09-21 11:41:58 +00:00
fixed problem on user edit page when user not fully setup 2007-02-15 20:43:00 +00:00			`if ($course->id != SITEID) {`
			`require_login($course);`
			`} else if (!isloggedin()) {`
fixed problem on user edit page when user not fully setup 2007-02-15 20:46:39 +00:00			`if (empty($SESSION->wantsurl)) {`
			`$SESSION->wantsurl = $CFG->httpswwwroot.'/edit/user.php';`
fixed problem on user edit page when user not fully setup 2007-02-15 20:43:00 +00:00			`}`
fixed problem on user edit page when user not fully setup 2007-02-15 20:46:39 +00:00			`redirect($CFG->httpswwwroot.'/login/index.php');`
fixed problem on user edit page when user not fully setup 2007-02-15 20:43:00 +00:00			`}`
LIkely fix for MDL-8067 2007-01-09 04:59:56 +00:00
Don't let guests ever be edited 2007-09-03 08:36:31 +00:00			`// Guest can not edit`
MDL-9574 + MDL-9607 Add Change-own-password and Edit-own-profile capabilities 2007-04-26 21:41:08 +00:00			`if (isguestuser()) {`
MDL-8096 - rewritten standard edit form and other fixes; new custom profile fields still missing 2007-01-25 18:02:48 +00:00			`print_error('guestnoeditprofile');`
Initial revision 2001-11-22 06:23:56 +00:00			`}`
(MDL-8820) moodle/user:editprofile now works in user contexts - reverted previous fix, adding new one; merged from MOODLE_18_STABLE 2007-03-14 23:37:28 +00:00
Don't let guests ever be edited 2007-09-03 08:36:31 +00:00			`// The user profile we are editing`
(MDL-8820) moodle/user:editprofile now works in user contexts - reverted previous fix, adding new one; merged from MOODLE_18_STABLE 2007-03-14 23:37:28 +00:00			`if (!$user = get_record('user', 'id', $userid)) {`
MDL-8096 - rewritten standard edit form and other fixes; new custom profile fields still missing 2007-01-25 18:02:48 +00:00			`error('User ID was incorrect');`
First implementation of new authentication system, which can now use pluggable modules in the 'auth' directory. Everything is done through authentication_user_login in lib/moodlelib.php As well as the old default "email" confirmation, I added a new type of confirmation "none", which basically does no confirmation at all. 2002-09-26 07:03:22 +00:00			`}`
Initial revision 2001-11-22 06:23:56 +00:00
Don't let guests ever be edited 2007-09-03 08:36:31 +00:00			`// Guest can not be edited`
			`if (isguestuser($user)) {`
			`print_error('guestnoeditprofile');`
			`}`

			`// User interests separated by commas`
Changes to user profile pages to edit/display interest tags 2007-07-31 08:09:46 +00:00			`if (!empty($CFG->usetags)) {`
			`require_once($CFG->dirroot.'/tag/lib.php');`
MDL-9574 + MDL-9607 fixed undefined $user->id in personal context 2007-09-16 09:21:29 +00:00			`$user->interests = tag_names_csv(get_item_tags('user', $user->id));`
Changes to user profile pages to edit/display interest tags 2007-07-31 08:09:46 +00:00			`}`

mnet: user/* now handles remote users and multi-auth 2007-01-04 03:01:30 +00:00			`// remote users cannot be edited`
			`if (is_mnet_remote_user($user)) {`
MDL-8096 - rewritten standard edit form and other fixes; new custom profile fields still missing 2007-01-25 18:02:48 +00:00			`redirect($CFG->wwwroot . "/user/view.php?course={$course->id}");`
mnet: user/* now handles remote users and multi-auth 2007-01-04 03:01:30 +00:00			`}`

MDL-9574 + MDL-9607 fixed undefined $user->id in personal context 2007-09-16 09:21:29 +00:00			`$systemcontext = get_context_instance(CONTEXT_SYSTEM);`
			`$personalcontext = get_context_instance(CONTEXT_USER, $user->id);`

(MDL-8820) moodle/user:editprofile now works in user contexts - reverted previous fix, adding new one; merged from MOODLE_18_STABLE 2007-03-14 23:37:28 +00:00			`// check access control`
MDL-9574 + MDL-9607 Add Change-own-password and Edit-own-profile capabilities 2007-04-26 21:41:08 +00:00			`if ($user->id == $USER->id) {`
MDL-12580 fixed infinite redirect loop when editing profile for the first time; merged from MOODLE_19_STABLE 2007-12-15 16:57:20 +00:00			`//editing own profile - require_login() MUST NOT be used here, it would result in infinite loop!`
			`if (!has_capability('moodle/user:editownprofile', $systemcontext)) {`
			`error('Can not edit own profile, sorry.');`
			`}`
MDL-9574 + MDL-9607 Add Change-own-password and Edit-own-profile capabilities 2007-04-26 21:41:08 +00:00
			`} else {`
(MDL-8820) moodle/user:editprofile now works in user contexts - reverted previous fix, adding new one; merged from MOODLE_18_STABLE 2007-03-14 23:37:28 +00:00			`// teachers, parents, etc.`
			`require_capability('moodle/user:editprofile', $personalcontext);`
			`// no editing of guest user account`
			`if (isguestuser($user->id)) {`
			`print_error('guestnoeditprofileother');`
			`}`
			`// no editing of primary admin!`
			`$mainadmin = get_admin();`
			`if ($user->id == $mainadmin->id) {`
			`print_error('adminprimarynoedit');`
			`}`
			`}`

MDL-8096 user edit form - some more refactoring and fixes 2007-01-26 18:42:47 +00:00			`//load user preferences`
			`useredit_load_preferences($user);`

			`//Load custom profile fields data`
			`profile_load_data($user);`
Initial revision 2001-11-22 06:23:56 +00:00
MDL-10870 All files updated to new build_navigation() method. Most are untested, because they are not easily accessible within a moodle site. 2007-08-17 19:09:11 +00:00
MDL-8096 - rewritten standard edit form and other fixes; new custom profile fields still missing 2007-01-25 18:02:48 +00:00			`//create form`
			`$userform = new user_edit_form();`
MDL-8096 - advanced edit now mostly works, though still some parts missing; RIP changeme user :-) 2007-01-25 11:03:33 +00:00			`$userform->set_data($user);`
Using the new forms class. Customisable user profile fields. 2007-01-05 02:18:53 +00:00
MDL-8166 rename in/out methods in formslib - HQ consensus 2007-01-12 18:52:09 +00:00			`if ($usernew = $userform->get_data()) {`
Changes to user profile pages to edit/display interest tags 2007-07-31 08:09:46 +00:00
MDL-8096 - rewritten standard edit form and other fixes; new custom profile fields still missing 2007-01-25 18:02:48 +00:00			`add_to_log($course->id, 'user', 'update', "view.php?id=$user->id&course=$course->id", '');`
Initial revision 2001-11-22 06:23:56 +00:00
MDL-8096 - rewritten standard edit form and other fixes; new custom profile fields still missing 2007-01-25 18:02:48 +00:00			`$authplugin = get_auth_plugin($user->auth);`
Cleanup of the admin interface - especially the user management Bugs fixed, duplicate code removed, plus you can now add new users. Aaah much better. :-) 2002-08-08 14:17:55 +00:00
Using the new forms class. Customisable user profile fields. 2007-01-05 02:18:53 +00:00			`$usernew->timemodified = time();`
Resolved problems with previous replacement of & to & and fixed redirect() to entity encode the inut where needed. Julian Sedding 2004-09-21 11:41:58 +00:00
(MDL-8973) Fix OOP model of new multi auth plugins + some other auth related fixes, fixed change_password, ldap updates, etc.; TODO: fix docs 2007-03-22 12:27:52 +00:00			`if (!update_record('user', $usernew)) {`
MDL-8096 - rewritten standard edit form and other fixes; new custom profile fields still missing 2007-01-25 18:02:48 +00:00			`error('Error updating user record');`
			`}`
Using the new forms class. Customisable user profile fields. 2007-01-05 02:18:53 +00:00
(MDL-8973) Fix OOP model of new multi auth plugins + some other auth related fixes, fixed change_password, ldap updates, etc.; TODO: fix docs 2007-03-22 12:27:52 +00:00			`// pass a true $userold here`
			`if (! $authplugin->user_update($user, $userform->get_data(false))) {`
			`// auth update failed, rollback for moodle`
			`update_record('user', addslashes_object($user));`
MDL-10074 User profile edition uses wrong variable for the (fatal) error message.; patch by Iñaki Arenaza 2007-06-10 19:07:11 +00:00			`error('Failed to update user data on external auth: '.$user->auth.`
(MDL-8973) Fix OOP model of new multi auth plugins + some other auth related fixes, fixed change_password, ldap updates, etc.; TODO: fix docs 2007-03-22 12:27:52 +00:00			`'. See the server logs for more details.');`
			`}`

MDL-8096 - rewritten standard edit form and other fixes; new custom profile fields still missing 2007-01-25 18:02:48 +00:00			`//update preferences`
MDL-8096 user edit form - some more refactoring and fixes 2007-01-26 18:42:47 +00:00			`useredit_update_user_preference($usernew);`
MDL-10870 All files updated to new build_navigation() method. Most are untested, because they are not easily accessible within a moodle site. 2007-08-17 19:09:11 +00:00
Changes to user profile pages to edit/display interest tags 2007-07-31 08:09:46 +00:00			`//update interests`
			`if (!empty($CFG->usetags)) {`
			`useredit_update_interests($usernew, $usernew->interests);`
			`}`
MDL-10870 All files updated to new build_navigation() method. Most are untested, because they are not easily accessible within a moodle site. 2007-08-17 19:09:11 +00:00
MDL-8096 user edit form - some more refactoring and fixes 2007-01-26 18:42:47 +00:00			`//update user picture`
MDL-8096 - rewritten standard edit form and other fixes; new custom profile fields still missing 2007-01-25 18:02:48 +00:00			`if (!empty($CFG->gdversion) and empty($CFG->disableuserimages)) {`
MDL-8096 user edit form - some more refactoring and fixes 2007-01-26 18:42:47 +00:00			`useredit_update_picture($usernew, $userform);`
Don't process $usernew->username if it doesn't exist (prevents normal users from editing profile). 2003-04-27 14:50:03 +00:00			`}`
temporary workaround for bug #5534, html editor now disabled for IE when loginhttps on and wwwroot starts with http://; merged from MOODLE_16_STABLE 2006-05-21 20:21:35 +00:00
MDL-8096 - rewritten standard edit form and other fixes; new custom profile fields still missing 2007-01-25 18:02:48 +00:00			`// update mail bounces`
MDL-8096 user edit form - some more refactoring and fixes 2007-01-26 18:42:47 +00:00			`useredit_update_bounces($user, $usernew);`
Tidied up headers of user/edit.php 2002-08-14 01:51:58 +00:00
MDL-8096 user edit form - some more refactoring and fixes 2007-01-26 18:42:47 +00:00			`/// update forum track preference`
			`useredit_update_trackforums($user, $usernew);`
Initial revision 2001-11-22 06:23:56 +00:00
MDL-8096 user edit form - some more refactoring and fixes 2007-01-26 18:42:47 +00:00			`// save custom profile fields data`
			`profile_save_data($usernew);`
New user tabs from Shane and myself ... these bring together the profile interface a little better. There is also a new feature for showing all posts from a user, as well as all discussions from a user. 2005-03-20 12:02:14 +00:00
(MDL-8820) moodle/user:editprofile now works in user contexts - reverted previous fix, adding new one; merged from MOODLE_18_STABLE 2007-03-14 23:37:28 +00:00			`if ($USER->id == $user->id) {`
			`// Override old $USER session variable if needed`
			`$usernew = (array)get_record('user', 'id', $user->id); // reload from db`
			`foreach ($usernew as $variable => $value) {`
			`$USER->$variable = $value;`
			`}`
MDL-8096 - edit form session fix 2007-01-25 18:18:33 +00:00			`}`
MDL-9983, missing upser_updated event 2007-07-11 09:05:17 +00:00			`events_trigger('user_updated', $usernew);`
(MDL-8820) moodle/user:editprofile now works in user contexts - reverted previous fix, adding new one; merged from MOODLE_18_STABLE 2007-03-14 23:37:28 +00:00			`redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id");`
Cleaned up the initial setup process. It looks a bit smoother now. Hopefully this is also the end of the occasional errors we keep hearing about to do with never getting to setup the admin user. (I think admin/site.php had a redirect that didn't always work). The setup process is now much better at "trapping" you until it's all done. 2003-05-06 15:58:20 +00:00			`}`

OK, finished the fixes I wanted to add to the recent LDAP changes for user field locking and forcing of password changing - Locked user fields always apply (for any authentication method). Currently these can only be defined in the LDAP auth screen but later these can be brought out as part of the generic interface for defining user fields and their behaviour. - Fields are now locked using Javascript and will work for any user fields that exist (list is not hard coded anymore). - Admins can always edit locked fields. - Admins can always force a password change. The checkbox reflects the current status of this, and the admin can UNSET the checkbox if they want. It is no longer necessary for the admin to change the old password for this to take effect, either. 2004-09-23 03:56:53 +00:00
MDL-8096 - rewritten standard edit form and other fixes; new custom profile fields still missing 2007-01-25 18:02:48 +00:00			`/// Display page header`
			`$streditmyprofile = get_string('editmyprofile');`
			`$strparticipants = get_string('participants');`
			`$userfullname = fullname($user, true);`
MDL-10870 All files updated to new build_navigation() method. Most are untested, because they are not easily accessible within a moodle site. 2007-08-17 19:09:11 +00:00
			`$navlinks = array();`
			`$navlinks[] = array('name' => $strparticipants, 'link' => "index.php?id=$course->id", 'type' => 'misc');`
			`$navlinks[] = array('name' => $userfullname,`
			`'link' => "view.php?id=$user->id&course=$course->id",`
			`'type' => 'misc');`
			`$navlinks[] = array('name' => $streditmyprofile, 'link' => null, 'type' => 'misc');`
			`$navigation = build_navigation($navlinks);`
			`print_header("$course->shortname: $streditmyprofile", $course->fullname, $navigation, "");`

MDL-8096 - rewritten standard edit form and other fixes; new custom profile fields still missing 2007-01-25 18:02:48 +00:00			`/// Print tabs at the top`
			`$showroles = 1;`
			`$currenttab = 'editprofile';`
			`require('tabs.php');`
Don't show tabs when creating admin user 2006-04-16 16:49:28 +00:00
MDL-8096 - rewritten standard edit form and other fixes; new custom profile fields still missing 2007-01-25 18:02:48 +00:00			`/// Finally display THE form`
Using the new forms class. Customisable user profile fields. 2007-01-05 02:18:53 +00:00			`$userform->display();`
OK, finished the fixes I wanted to add to the recent LDAP changes for user field locking and forcing of password changing - Locked user fields always apply (for any authentication method). Currently these can only be defined in the LDAP auth screen but later these can be brought out as part of the generic interface for defining user fields and their behaviour. - Fields are now locked using Javascript and will work for any user fields that exist (list is not hard coded anymore). - Admins can always edit locked fields. - Admins can always force a password change. The checkbox reflects the current status of this, and the admin can UNSET the checkbox if they want. It is no longer necessary for the admin to change the old password for this to take effect, either. 2004-09-23 03:56:53 +00:00
MDL-8096 - rewritten standard edit form and other fixes; new custom profile fields still missing 2007-01-25 18:02:48 +00:00			`/// and proper footer`
			`print_footer($course);`
Cleaned up the initial setup process. It looks a bit smoother now. Hopefully this is also the end of the occasional errors we keep hearing about to do with never getting to setup the admin user. (I think admin/site.php had a redirect that didn't always work). The setup process is now much better at "trapping" you until it's all done. 2003-05-06 15:58:20 +00:00
Initial revision 2001-11-22 06:23:56 +00:00			`?>`