mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-02-02 14:19:07 +01:00
Code Issues Projects Releases Wiki Activity
moodle/user/edit.php
mjollnir_ bb64b51aa3 First cut of email to module (or core) processing. 
This patch contains:

* email_to_user will set the envelope sender to a special bounce processing address (based on $CFG settings)
* email_to_user will accept (and set) a reply-to header, to be generated by the module calling the function.

* new functions:

	* generate_email_processing_address - ALWAYS use this to generate the reply-to header. reply-to header will look like this:

	(LIMIT: 64 chars total)
	prefix - EXACTLY four chars
	encodeded, packed, moduleid (0 for core) (2 chars)
	up to 42 chars for the modules to put anything they want it (can contain userid (or, eg for forum, postids to reply to), or anything really. 42 chars is ABSOLUTE LIMIT)
	16 char hash (half an md5) of the first part of the address, together with a site "secret"

	* moodle_process_email - any non-module email processing goes here (currently used for processing bounces)

* bounce handling:

	* config settings for bounce threshold and ratio (and whether to handle bounces at all)
	* if too many bounces occur against any given user, user_not_fully_set_up will force an email address change
	* associated functions (over_bounce_threshold, set_send_count, set_bounce_count)

* handling emails to noreply address (see below)

* new script - admin/process_email.php

	This script needs to be called from your mail program for anything starting with the 4 char prefix described above (and optionally, the noreply address)
	It will bounce emails to the noreplyaddress, with a friendly "this is not a real email address" message

	It will break down and unencode the email address into moduleid and validate the half md5 hash, and call $modname_process_email (if it exists). Arguments to these functions are: $modargs (any part of the email address that isn't the prefix, modid or the hash) and the contents of the email (read from STDIN).

* associated string changes/additions

* changes in config-dist.php to give clues as to how to set this up.

MODULE WRITERS!

take a look at new functions moodle_process_email and generate_email_processing_address  in moodlelib.php for ideas about how to

	* encode and unencode the arguments your module needs to do the processing
	* how to deal with multiple "actions" for any given module.

Martin Langhoff <martin@catalyst.net.nz> will be writing up some PROPER documentation, containing amongst other things config settings for different mail servers (this was developed against Postfix).  Feel free to email me with any feedback on the code or design, penny@catalyst.net.nz.  Or post on the developer fourm.
2005-02-08 02:57:14 +00:00

376 lines
13 KiB
PHP
Raw Blame History

<?php // $Id$
require_once("../config.php");
require_once("$CFG->libdir/gdlib.php");
$id = optional_param('id', PARAM_INT); // user id
$course = optional_param('course', PARAM_INT); // course id
if (empty($id)) { // See your own profile by default
require_login();
$id = $USER->id;
}
if (empty($course)) { // See it at site level by default
$course = SITEID;
}
if (! $user = get_record("user", "id", $id)) {
error("User ID was incorrect");
}
if (! $course = get_record("course", "id", $course)) {
error("Course ID was incorrect");
}
if ($user->confirmed and user_not_fully_set_up($user)) {
// Special case which can only occur when a new account
// has just been created by EXTERNAL authentication
// This is the only page in Moodle that has the exception
// so that users can set up their accounts
$newaccount = true;
if (empty($USER->id)) {
error("Sessions don't seem to be working on this server!");
}
} else {
$newaccount = false;
require_login($course->id);
}
if (($USER->id <> $user->id) && !isadmin()) {
error("You can only edit your own information");
}
if (isguest()) {
error("The guest user cannot edit their profile.");
}
if (isguest($user->id)) {
error("Sorry, the guest user cannot be edited.");
}
// load the relevant auth libraries
if ($user->auth) {
$auth = $user->auth;
if (!file_exists("$CFG->dirroot/auth/$auth/lib.php")) {
$auth = "manual"; // Can't find auth module, default to internal
}
require_once("$CFG->dirroot/auth/$auth/lib.php");
}
/// If data submitted, then process and store.
if ($usernew = data_submitted()) {
if (($USER->id <> $usernew->id) && !isadmin()) {
error("You can only edit your own information");
}
if (isset($USER->username)) {
check_for_restricted_user($USER->username, "$CFG->wwwroot/course/view.php?id=$course->id");
}
// data cleanup
// username is validated in find_form_errors
$usernew->country = clean_param($usernew->country, PARAM_ALPHA);
$usernew->lang = clean_param($usernew->lang, PARAM_FILE);
$usernew->url = clean_param($usernew->url, PARAM_URL);
$usernew->icq = clean_param($usernew->icq, PARAM_INT);
$usernew->maildisplay = clean_param($usernew->maildisplay, PARAM_INT);
$usernew->mailformat = clean_param($usernew->mailformat, PARAM_INT);
$usernew->maildigest = clean_param($usernew->maildigest, PARAM_INT);
$usernew->autosubscribe = clean_param($usernew->autosubscribe, PARAM_INT);
$usernew->htmleditor = clean_param($usernew->htmleditor, PARAM_INT);
$usernew->emailstop = clean_param($usernew->emailstop, PARAM_INT);
foreach ($usernew as $key => $data) {
$usernew->$key = addslashes(clean_text(stripslashes($usernew->$key), FORMAT_MOODLE));
}
$usernew->firstname = trim(strip_tags($usernew->firstname));
$usernew->lastname = trim(strip_tags($usernew->lastname));
if (isset($usernew->username)) {
$usernew->username = trim(moodle_strtolower($usernew->username));
}
require_once($CFG->dirroot.'/lib/uploadlib.php');
$um = new upload_manager('imagefile',false,false,null,false,0,true,true);
if (find_form_errors($user, $usernew, $err, $um)) {
if (empty($err['imagefile']) && $usernew->picture = save_profile_image($user->id, $um,'users')) {
set_field('user', 'picture', $usernew->picture, 'id', $user->id); /// Note picture in DB
} else {
if (!empty($usernew->deletepicture)) {
set_field('user', 'picture', 0, 'id', $user->id); /// Delete picture
$usernew->picture = 0;
}
}
$usernew->auth = $user->auth;
$user = $usernew;
} else {
$timenow = time();
if (!$usernew->picture = save_profile_image($user->id,$um,'users')) {
if (!empty($usernew->deletepicture)) {
set_field('user', 'picture', 0, 'id', $user->id); /// Delete picture
$usernew->picture = 0;
} else {
$usernew->picture = $user->picture;
}
}
$usernew->timemodified = time();
if (isadmin()) {
if (!empty($usernew->newpassword)) {
$usernew->password = md5($usernew->newpassword);
// update external passwords
if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) {
if (function_exists('auth_user_update_password')){
if (!auth_user_update_password($user->username, $usernew->newpassword)){
error('Failed to update password on external auth: ' . $user->auth .
'. See the server logs for more details.');
}
} else {
error('Your external authentication module is misconfigued!');
}
}
}
// store forcepasswordchange in user's preferences
if (!empty($usernew->forcepasswordchange)){
set_user_preference('auth_forcepasswordchange', 1, $user->id);
} else {
unset_user_preference('auth_forcepasswordchange', $user->id);
}
} else {
if (isset($usernew->newpassword)) {
error("You can not change the password like that");
}
}
if ($usernew->url and !(substr($usernew->url, 0, 4) == "http")) {
$usernew->url = "http://".$usernew->url;
}
if (update_record("user", $usernew)) {
if (function_exists("auth_user_update")){
// pass a true $userold here
auth_user_update($userold, $usernew);
};
if ($userold->email != $usernew->email) {
set_bounce_count($usernew,true);
set_send_count($usernew,true);
}
add_to_log($course->id, "user", "update", "view.php?id=$user->id&course=$course->id", "");
if ($user->id == $USER->id) {
// Copy data into $USER session variable
$usernew = (array)$usernew;
foreach ($usernew as $variable => $value) {
$USER->$variable = stripslashes($value);
}
if (isset($USER->newadminuser)) {
unset($USER->newadminuser);
redirect("$CFG->wwwroot/", get_string("changessaved"));
}
redirect("$CFG->wwwroot/user/view.php?id=$user->id&course=$course->id", get_string("changessaved"));
} else {
redirect("$CFG->wwwroot/$CFG->admin/user.php", get_string("changessaved"));
}
} else {
error("Could not update the user record ($user->id)");
}
}
}
/// Otherwise fill and print the form.
$streditmyprofile = get_string("editmyprofile");
$strparticipants = get_string("participants");
$strnewuser = get_string("newuser");
if (over_bounce_threshold($user) && empty($err['email'])) {
$err['email'] = get_string('toomanybounces');
}
if (($user->firstname and $user->lastname) or $newaccount) {
if ($newaccount) {
$userfullname = $strnewuser;
} else {
$userfullname = fullname($user, isteacher($course->id));
}
if ($course->category) {
print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile",
"<a href=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</a>
-> <a href=\"index.php?id=$course->id\">$strparticipants</a>
-> <a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a>
-> $streditmyprofile", "");
} else {
if (isset($USER->newadminuser)) {
print_header();
} else {
print_header("$course->shortname: $streditmyprofile", "$course->fullname",
"<a href=\"view.php?id=$user->id&amp;course=$course->id\">$userfullname</a>
-> $streditmyprofile", "");
}
}
} else {
$userfullname = $strnewuser;
$straddnewuser = get_string("addnewuser");
$stradministration = get_string("administration");
print_header("$course->shortname: $streditmyprofile", "$course->fullname",
"<a href=\"$CFG->wwwroot/$CFG->admin/\">$stradministration</a> -> ".
"<a href=\"$CFG->wwwroot/$CFG->admin/users.php\">$strusers</a> -> $straddnewuser", "");
}
$teacher = strtolower($course->teacher);
if (!isadmin()) {
$teacheronly = "(".get_string("teacheronly", "", $teacher).")";
} else {
$teacheronly = "";
}
print_heading( get_string("userprofilefor", "", "$userfullname") );
if (isset($USER->newadminuser)) {
print_simple_box(get_string("configintroadmin"), "center", "50%");
echo "<br />";
}
print_simple_box_start("center");
if (!empty($err)) {
echo "<center>";
notify(get_string("someerrorswerefound"));
echo "</center>";
}
include("edit.html");
if (!isadmin()) { /// Lock all the locked fields using Javascript
$fields = get_user_fieldnames();
echo '<script type="text/javascript">'."\n";
echo '<!--'."\n";
foreach ($fields as $field) {
$configvariable = 'auth_user_'.$field.'_editlock';
if (!empty($CFG->$configvariable)) {
echo "eval('document.form.$field.disabled=true');\n";
}
}
echo '-->'."\n";
echo '</script>'."\n";
}
print_simple_box_end();
if (!isset($USER->newadminuser)) {
print_footer($course);
}
exit;
/// FUNCTIONS ////////////////////
function find_form_errors(&$user, &$usernew, &$err, &$um) {
global $CFG;
if (isadmin()) {
if (empty($usernew->username)) {
$err["username"] = get_string("missingusername");
} else if (record_exists("user", "username", $usernew->username) and $user->username == "changeme") {
$err["username"] = get_string("usernameexists");
} else {
if (empty($CFG->extendedusernamechars)) {
$string = eregi_replace("[^(-\.[:alnum:])]", "", $usernew->username);
if (strcmp($usernew->username, $string)) {
$err["username"] = get_string("alphanumerical");
}
}
}
if (empty($usernew->newpassword) and empty($user->password) and is_internal_auth() )
$err["newpassword"] = get_string("missingpassword");
if (($usernew->newpassword == "admin") or ($user->password == md5("admin") and empty($usernew->newpassword)) ) {
$err["newpassword"] = get_string("unsafepassword");
}
}
if (empty($usernew->email))
$err["email"] = get_string("missingemail");
if (over_bounce_threshold($user) && $user->email == $usernew->email)
$err['email'] = get_string('toomanybounces');
if (empty($usernew->description) and !isadmin())
$err["description"] = get_string("missingdescription");
if (empty($usernew->city))
$err["city"] = get_string("missingcity");
if (empty($usernew->firstname))
$err["firstname"] = get_string("missingfirstname");
if (empty($usernew->lastname))
$err["lastname"] = get_string("missinglastname");
if (empty($usernew->country))
$err["country"] = get_string("missingcountry");
if (! validate_email($usernew->email)) {
$err["email"] = get_string("invalidemail");
} else if ($otheruser = get_record("user", "email", $usernew->email)) {
if ($otheruser->id <> $user->id) {
$err["email"] = get_string("emailexists");
}
}
if (empty($err["email"]) and !isadmin()) {
if ($error = email_is_not_allowed($usernew->email)) {
$err["email"] = $error;
}
}
if (!$um->preprocess_files()) {
$err['imagefile'] = $um->notify;
}
if (!isadmin()) { /// Make sure that locked fields are not being edited
$fields = get_user_fieldnames();
foreach ($fields as $field) {
$configvariable = 'auth_user_'.$field.'_editlock';
if (!empty($CFG->$configvariable)) {
if ($user->$field !== $usernew->$field) {
$err[$field] = get_string("editlock");
}
}
}
}
$user->email = $usernew->email;
return count($err);
}
?>
Reference in New Issue View Git Blame Copy Permalink