edit.php 21.2 KB
Newer Older
1 2
<?php
/**
3
 * Mahara: Electronic portfolio, weblog, resume builder and social networking
4 5
 * Copyright (C) 2006-2009 Catalyst IT Ltd and others; see:
 *                         http://wiki.mahara.org/Contributors
6
 *
7 8 9 10
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
11
 *
12 13 14 15
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
16
 *
17 18
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
19 20 21
 *
 * @package    mahara
 * @subpackage admin
22
 * @author     Catalyst IT Ltd
23
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL
24
 * @copyright  (C) 2006-2009 Catalyst IT Ltd http://catalyst.net.nz
25 26 27 28
 *
 */

define('INTERNAL', 1);
29
define('INSTITUTIONALADMIN', 1);
30
define('MENUITEM', 'configusers/usersearch');
31
require(dirname(dirname(dirname(__FILE__))) . '/init.php');
32
define('TITLE', get_string('accountsettings', 'admin'));
33 34 35
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'admin');
require_once('pieforms/pieform.php');
36
require_once('activity.php');
37 38

$id = param_integer('id');
39 40
$user = new User;
$user->find_by_id($id);
41
$authobj = AuthFactory::create($user->authinstance);
42

43
if (!$USER->is_admin_for_user($user)) {
44 45
    $SESSION->add_error_msg(get_string('youcannotadministerthisuser', 'admin'));
    redirect('/user/view.php?id=' . $id);
46
}
47 48 49


// Site-wide account settings
50
$currentdate = getdate();
Richard Mansfield's avatar
Richard Mansfield committed
51
$elements = array();
52 53 54 55 56
$elements['id'] = array(
    'type'    => 'hidden',
    'rules'   => array('integer' => true),
    'value'   => $id,
);
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72

if (method_exists($authobj, 'change_password')) {
    // Only show the password options if the plugin allows for the functionality
    $elements['password'] = array(
        'type'         => 'text',
        'title'        => get_string('resetpassword','admin'),
        'description'  => get_string('resetpassworddescription','admin'),
    );

    $elements['passwordchange'] = array(
        'type'         => 'checkbox',
        'title'        => get_string('forcepasswordchange','admin'),
        'description'  => get_string('forcepasswordchangedescription','admin'),
        'defaultvalue' => $user->passwordchange,
    );
}
73 74 75 76 77
if ($USER->get('admin')) {
    $elements['staff'] = array(
        'type'         => 'checkbox',
        'title'        => get_string('sitestaff','admin'),
        'defaultvalue' => $user->staff,
78
        'help'         => true,
79 80 81 82 83
    );
    $elements['admin'] = array(
        'type'         => 'checkbox',
        'title'        => get_string('siteadmin','admin'),
        'defaultvalue' => $user->admin,
84
        'help'         => true,
85 86
    );
}
87
$elements['maildisabled'] = array(
88
    'type' => 'checkbox',
89 90 91 92
    'defaultvalue' => get_account_preference($user->id, 'maildisabled'),
    'title' => get_string('email'),
    'help' => true,
);
93 94 95 96 97 98 99 100
$elements['expiry'] = array(
    'type'         => 'date',
    'title'        => get_string('accountexpiry', 'admin'),
    'description'  => get_string('accountexpirydescription', 'admin'),
    'minyear'      => $currentdate['year'] - 2,
    'maxyear'      => $currentdate['year'] + 20,
    'defaultvalue' => $user->expiry
);
101
$elements['quota'] = array(
102
    'type'         => 'bytes',
103
    'title'        => get_string('filequota','admin'),
104
    'description'  => get_string('filequotadescription','admin'),
105
    'rules'        => array('integer' => true),
106
    'defaultvalue' => $user->quota,
107
);
108 109 110 111 112

$authinstances = auth_get_auth_instances();
if (count($authinstances) > 1) {
    $options = array();

113 114 115 116 117 118 119 120
    // NOTE: This is a little broken at the moment. The "username in the remote 
    // system" setting is only actively used by the XMLRPC authentication 
    // plugin, and thus only makes sense when the user is authenticating in 
    // this manner.
    //
    // We hope to one day make it possible for users to get into accounts via 
    // multiple methods, at which time we can tie the username-in-remote-system 
    // setting to the XMLRPC plugin only, making the UI a bit more consistent
121
    $external = false;
122
    foreach ($authinstances as $authinstance) {
Richard Mansfield's avatar
Richard Mansfield committed
123
        if ($USER->can_edit_institution($authinstance->name)) {
124
            $options[$authinstance->id] = $authinstance->instancename . ' (' . $authinstance->displayname . ')';
125 126 127
            if ($authinstance->authname != 'internal') {
                $external = true;
            }
128
        }
129 130
    }

131 132
    if (isset($options[$user->authinstance])) {
        $elements['authinstance'] = array(
133 134
            'type'         => 'select',
            'title'        => get_string('authenticatedby', 'admin'),
135
            'description'  => get_string('authenticatedbydescription', 'admin'),
136
            'options'      => $options,
137
            'defaultvalue' => $user->authinstance,
138
            'help'         => true,
139
        );
140 141 142
        if ($external) {
            $un = get_field('auth_remote_user', 'remoteusername', 'authinstance', $user->authinstance, 'localusr', $user->id);
            $elements['remoteusername'] = array(
143 144
                'type'         => 'text',
                'title'        => get_string('remoteusername', 'admin'),
145
                'description'  => get_string('remoteusernamedescription', 'admin', hsc(get_config('sitename'))),
146 147 148
                'defaultvalue' => $un ? $un : $user->username,
            );
        }
149
    }
150

151 152
}

153 154 155 156 157
$elements['submit'] = array(
    'type'  => 'submit',
    'value' => get_string('savechanges','admin'),
);

Richard Mansfield's avatar
Richard Mansfield committed
158 159
$siteform = pieform(array(
    'name'       => 'edituser_site',
160 161 162 163 164 165
    'renderer'   => 'table',
    'plugintype' => 'core',
    'pluginname' => 'admin',
    'elements'   => $elements,
));

166 167
function edituser_site_validate(Pieform $form, $values) {
    global $USER, $SESSION;
168 169 170
    if (!$user = get_record('usr', 'id', $values['id'])) {
        return false;
    }
171 172 173 174 175 176
    $maxquotaenabled = get_config_plugin('artefact', 'file', 'maxquotaenabled');
    $maxquota = get_config_plugin('artefact', 'file', 'maxquota');
    if ($maxquotaenabled && $values['quota'] > $maxquota) {
        $form->set_error('quota', get_string('maxquotaexceededform', 'artefact.file', display_size($maxquota)));
        $SESSION->add_error_msg(get_string('maxquotaexceeded', 'artefact.file', display_size($maxquota)));
    }
177 178

    // Check that the external username isn't already in use
179 180
    if (isset($values['remoteusername']) &&
        $usedby = get_record_select('auth_remote_user',
181 182 183 184 185 186 187
        'authinstance = ? AND remoteusername = ? AND localusr != ?',
        array($values['authinstance'], $values['remoteusername'], $values['id']))
    ) {
        $usedbyuser = get_field('usr', 'username', 'id', $usedby->localusr);
        $SESSION->add_error_msg(get_string('duplicateremoteusername', 'auth', $usedbyuser));
        $form->set_error('remoteusername', get_string('duplicateremoteusernameformerror', 'auth'));
    }
188
}
189

Richard Mansfield's avatar
Richard Mansfield committed
190
function edituser_site_submit(Pieform $form, $values) {
191
    global $USER, $authobj;
192

193 194 195 196
    if (!$user = get_record('usr', 'id', $values['id'])) {
        return false;
    }

197 198 199
    if (method_exists($authobj, 'change_password')) {
        $user->passwordchange = (int) ($values['passwordchange'] == 'on');
    }
200
    $user->quota = $values['quota'];
201
    $user->expiry = db_format_timestamp($values['expiry']);
202

203 204 205 206 207

    // Try to kick the user from any active login sessions, before saving data.
    require_once(get_config('docroot') . 'auth/session.php');
    remove_user_sessions($user->id);

208 209 210
    if ($USER->get('admin')) {  // Not editable by institutional admins
        $user->staff = (int) ($values['staff'] == 'on');
        $user->admin = (int) ($values['admin'] == 'on');
211 212 213
        if ($user->admin) {
            activity_add_admin_defaults(array($user->id));
        }
214 215
    }

216 217 218 219
    if ($values['maildisabled'] == 0 && get_account_preference($user->id, 'maildisabled') == 1) {
        // Reset the sent and bounce counts otherwise mail will be disabled
        // on the next send attempt
        $u = new StdClass;
220 221
        $u->email = $user->email;
        $u->id = $user->id;
222 223 224 225 226
        update_bounce_count($u,true);
        update_send_count($u,true);
    }
    set_account_preference($user->id, 'maildisabled', $values['maildisabled']);

227 228
    // Authinstance can be changed by institutional admins if both the
    // old and new authinstances belong to the admin's institutions
229 230 231 232
    $remotename = get_field('auth_remote_user', 'remoteusername', 'authinstance', $user->authinstance, 'localusr', $user->id);
    if (!$remotename) {
        $remotename = $user->username;
    }
233 234 235
    if (isset($values['authinstance'])
        && ($values['authinstance'] != $user->authinstance
            || (isset($values['remoteusername']) && $values['remoteusername'] != $remotename))) {
236 237 238 239 240
        $authinst = get_records_select_assoc('auth_instance', 'id = ? OR id = ?', 
                                             array($values['authinstance'], $user->authinstance));
        if ($USER->get('admin') || 
            ($USER->is_institutional_admin($authinst[$values['authinstance']]->institution) &&
             $USER->is_institutional_admin($authinst[$user->authinstance]->institution))) {
241
            delete_records('auth_remote_user', 'localusr', $user->id);
242
            if ($authinst[$values['authinstance']]->authname != 'internal') {
243 244 245 246 247 248
                if (isset($values['remoteusername']) && strlen($values['remoteusername']) > 0) {
                    $un = $values['remoteusername'];
                }
                else {
                    $un = $remotename;
                }
249 250
                insert_record('auth_remote_user', (object) array(
                    'authinstance'   => $values['authinstance'],
251
                    'remoteusername' => $un,
252 253 254 255 256
                    'localusr'       => $user->id,
                ));
            }
            $user->authinstance = $values['authinstance'];
        }
257
    }
258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274
    if (isset($values['password']) && $values['password'] !== '') {
        $userobj = new User();
        $userobj = $userobj->find_by_id($user->id);
        $authobj = AuthFactory::create($user->authinstance);

        if (method_exists($authobj, 'change_password')) {
            // Only change the pw if the new auth instance allows for it
            $user->password = $authobj->change_password($userobj, $values['password']);
            $user->salt = $userobj->salt;
        } else {
            // Set empty pw with salt
            $user->password = '';
            $user->salt = auth_get_random_salt();
        }

        unset($userobj, $authobj);
    }
275 276 277 278 279 280 281

    update_record('usr', $user);

    redirect('/admin/users/edit.php?id='.$user->id);
}


282 283 284 285 286 287 288 289 290 291 292 293 294 295 296
// Suspension/deletion controls
$suspended = $user->get('suspendedcusr');
if (empty($suspended)) {
    $suspendform = pieform(array(
        'name'       => 'edituser_suspend',
        'plugintype' => 'core',
        'pluginname' => 'admin',
        'elements'   => array(
            'id' => array(
                 'type'    => 'hidden',
                 'value'   => $id,
            ),
            'reason' => array(
                'type'        => 'textarea',
                'rows'        => 5,
297
                'cols'        => 28,
298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337
                'title'       => get_string('reason'),
                'description' => get_string('suspendedreasondescription', 'admin'),
            ),
            'submit' => array(
                'type'  => 'submit',
                'value' => get_string('suspenduser','admin'),
            ),
        )
    ));
}
else {
    $suspendformdef = array(
        'name'       => 'edituser_unsuspend',
        'plugintype' => 'core',
        'pluginname' => 'admin',
        'renderer'   => 'oneline',
        'elements'   => array(
            'id' => array(
                 'type'    => 'hidden',
                 'value'   => $id,
            ),
            'submit' => array(
                'type'  => 'submit',
                'value' => get_string('unsuspenduser','admin'),
            ),
        )
    );

    // Create two forms for unsuspension - one in the suspend message and the 
    // other where the 'suspend' button normally goes. This keeps the HTML IDs 
    // unique
    $suspendform  = pieform($suspendformdef);
    $suspendformdef['name'] = 'edituser_suspend2';
    $suspendformdef['successcallback'] = 'edituser_unsuspend_submit';
    $suspendform2 = pieform($suspendformdef);

    $suspender = display_name(get_record('usr', 'id', $suspended));
}

function edituser_suspend_submit(Pieform $form, $values) {
338 339 340 341 342 343 344 345 346
    global $SESSION, $USER, $user;
    if (!$USER->get('admin') && ($user->get('admin') || $user->get('staff'))) {
        $SESSION->add_error_msg(get_string('errorwhilesuspending', 'admin'));
    }
    else {
        suspend_user($user->get('id'), $values['reason']);
        $SESSION->add_ok_msg(get_string('usersuspended', 'admin'));
    }
    redirect('/admin/users/edit.php?id=' . $user->get('id'));
347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373
}

function edituser_unsuspend_submit(Pieform $form, $values) {
    global $SESSION;
    unsuspend_user($values['id']);
    $SESSION->add_ok_msg(get_string('userunsuspended', 'admin'));
    redirect('/admin/users/edit.php?id=' . $values['id']);
}

$deleteform = pieform(array(
    'name' => 'edituser_delete',
    'plugintype' => 'core',
    'pluginname' => 'admin',
    'renderer' => 'oneline',
    'elements'   => array(
        'id' => array(
            'type' => 'hidden',
            'value' => $id,
        ),
        'submit' => array(
            'type' => 'submit',
            'value' => get_string('deleteuser', 'admin'),
            'confirm' => get_string('confirmdeleteuser', 'admin'),
        ),
    ),
));

374 375 376 377 378 379 380 381
function edituser_delete_validate(Pieform $form, $values) {
    global $USER, $SESSION;
    if (!$USER->get('admin')) {
        $form->set_error('submit', get_string('deletefailed', 'admin'));
        $SESSION->add_error_msg(get_string('deletefailed', 'admin'));
    }
}

382
function edituser_delete_submit(Pieform $form, $values) {
383 384 385 386 387
    global $SESSION, $USER;
    if ($USER->get('admin')) {
        delete_user($values['id']);
        $SESSION->add_ok_msg(get_string('userdeletedsuccessfully', 'admin'));
    }
388 389 390
    redirect('/admin/users/search.php');
}

Richard Mansfield's avatar
Richard Mansfield committed
391

392
// Institution settings form
Richard Mansfield's avatar
Richard Mansfield committed
393 394 395 396 397 398 399
$elements = array(
    'id' => array(
         'type'    => 'hidden',
         'value'   => $id,
     ),
);

400
$allinstitutions = get_records_assoc('institution', '', '', 'displayname');
401 402 403 404 405 406 407
foreach ($user->get('institutions') as $i) {
    $elements[$i->institution.'_settings'] = array(
        'type' => 'fieldset',
        'legend' => $allinstitutions[$i->institution]->displayname,
        'elements' => array(
            $i->institution.'_expiry' => array(
                'type'         => 'date',
408 409
                'title'        => get_string('membershipexpiry', 'admin'),
                'description'  => get_string('membershipexpirydescription', 'admin'),
410 411
                'minyear'      => $currentdate['year'],
                'maxyear'      => $currentdate['year'] + 20,
412
                'defaultvalue' => $i->membership_expiry
413 414 415
            ),
            $i->institution.'_studentid' => array(
                'type'         => 'text',
416 417
                'title'        => get_string('studentid', 'admin'),
                'description'  => get_string('institutionstudentiddescription', 'admin'),
418 419
                'defaultvalue' => $i->studentid,
            ),
420
            $i->institution.'_staff' => array(
421 422 423
                'type'         => 'checkbox',
                'title'        => get_string('institutionstaff','admin'),
                'defaultvalue' => $i->staff,
424
            ),
425 426 427
            $i->institution.'_admin' => array(
                'type'         => 'checkbox',
                'title'        => get_string('institutionadmin','admin'),
428
                'description'  => get_string('institutionadmindescription','admin'),
429 430 431 432 433 434
                'defaultvalue' => $i->admin,
            ),
            $i->institution.'_submit' => array(
                'type'  => 'submit',
                'value' => get_string('update'),
            ),
435 436 437 438 439
            $i->institution.'_remove' => array(
                'type'  => 'submit',
                'value' => get_string('removeuserfrominstitution', 'admin'),
                'confirm' => get_string('confirmremoveuserfrominstitution', 'admin'),
            ),
440
        ),
Richard Mansfield's avatar
Richard Mansfield committed
441 442
    );
}
443

444 445 446 447 448 449 450 451 452 453
// Only site admins can add institutions; institutional admins must invite
if ($USER->get('admin') 
    && (get_config('usersallowedmultipleinstitutions') || count($user->institutions) == 0)) {
    $options = array();
    foreach ($allinstitutions as $i) {
        if (!$user->in_institution($i->name) && $i->name != 'mahara') {
            $options[$i->name] = $i->displayname;
        }
    }
    if (!empty($options)) {
454 455 456 457
        $elements['addinstitutionheader'] = array(
            'type'  => 'markup',
            'value' => '<tr><td colspan="2"><h4>' . get_string('addusertoinstitution', 'admin') . '</h4></td></tr>',
        );
458 459
        $elements['addinstitution'] = array(
            'type'         => 'select',
460
            'title'        => get_string('institution'),
461 462 463 464
            'options'      => $options,
        );
        $elements['add'] = array(
            'type'  => 'submit',
465
            'value' => get_string('addusertoinstitution', 'admin'),
466 467 468 469
        );
    }
}

Richard Mansfield's avatar
Richard Mansfield committed
470 471 472 473 474 475 476 477 478
$institutionform = pieform(array(
    'name'       => 'edituser_institution',
    'renderer'   => 'table',
    'plugintype' => 'core',
    'pluginname' => 'admin',
    'elements'   => $elements,
));

function edituser_institution_submit(Pieform $form, $values) {
479 480
    $user = new User;
    if (!$user->find_by_id($values['id'])) {
Richard Mansfield's avatar
Richard Mansfield committed
481 482
        return false;
    }
483
    $userinstitutions = $user->get('institutions');
Richard Mansfield's avatar
Richard Mansfield committed
484

485
    global $USER;
486
    foreach ($userinstitutions as $i) {
Richard Mansfield's avatar
Richard Mansfield committed
487
        if ($USER->can_edit_institution($i->institution)) {
488 489 490 491
            if (isset($values[$i->institution.'_submit'])) {
                $newuser = (object) array(
                    'usr'         => $user->id,
                    'institution' => $i->institution,
492
                    'ctime'       => db_format_timestamp($i->ctime),
493
                    'studentid'   => $values[$i->institution . '_studentid'],
494
                    'staff'       => (int) ($values[$i->institution . '_staff'] == 'on'),
495 496 497 498 499 500 501 502
                    'admin'       => (int) ($values[$i->institution . '_admin'] == 'on'),
                );
                if ($values[$i->institution . '_expiry']) {
                    $newuser->expiry = db_format_timestamp($values[$i->institution . '_expiry']);
                }
                db_begin();
                delete_records('usr_institution', 'usr', $user->id, 'institution', $i->institution);
                insert_record('usr_institution', $newuser);
503 504 505
                if ($newuser->admin) {
                    activity_add_admin_defaults(array($user->id));
                }
506 507 508 509
                handle_event('updateuser', $user->id);
                db_commit();
                break;
            } else if (isset($values[$i->institution.'_remove'])) {
510 511 512 513 514
                if ($user->id == $USER->id) {
                    $USER->leave_institution($i->institution);
                } else {
                    $user->leave_institution($i->institution);
                }
515 516 517 518
                // Institutional admins can no longer access this page
                // if they remove the user from the institution, so
                // send them back to user search.
                if (!$USER->get('admin')) {
519 520 521
                    if (!$USER->is_institutional_admin()) {
                        redirect(get_config('wwwroot'));
                    }
522 523 524 525 526
                    redirect('/admin/users/search.php');
                }
                break;
            }
        }
527 528
    }

529 530
    if (isset($values['add']) && $USER->get('admin')
        && (empty($userinstitutions) || get_config('usersallowedmultipleinstitutions'))) {
531 532 533 534 535 536 537
        if ($user->id == $USER->id) {
            $USER->join_institution($values['addinstitution']);
            $USER->commit();
        }
        else {
            $user->join_institution($values['addinstitution']);
        }
Richard Mansfield's avatar
Richard Mansfield committed
538 539 540 541
    }

    redirect('/admin/users/edit.php?id='.$user->id);
}
542 543 544

$smarty = smarty();
$smarty->assign('user', $user);
545 546 547 548
$smarty->assign('suspended', $suspended);
if ($suspended) {
    $smarty->assign('suspendedby', get_string('suspendedby', 'admin', $suspender));
}
549
$smarty->assign('suspendform', $suspendform);
550 551 552 553
if (isset($suspendform2)) {
    $smarty->assign('suspendform2', $suspendform2);
}
$smarty->assign('deleteform', $deleteform);
Richard Mansfield's avatar
Richard Mansfield committed
554
$smarty->assign('siteform', $siteform);
555
$smarty->assign('institutions', count($allinstitutions) > 1);
Richard Mansfield's avatar
Richard Mansfield committed
556
$smarty->assign('institutionform', $institutionform);
Richard Mansfield's avatar
Richard Mansfield committed
557

558
$smarty->assign('loginas', $id != $USER->get('id') && is_null($USER->get('parentuser')));
559
$smarty->assign('PAGEHEADING', TITLE . ': ' . display_name($user));
560 561 562 563 564 565 566 567 568

# Only allow deletion and suspension of a user if the viewed user is not
# the current user; or if they are the current user, they're not the only
# admin
if ($id != $USER->get('id') || count_records('usr', 'admin', 1, 'deleted', 0) > 1) {
    $smarty->assign('suspendable', ($USER->get('admin') || !$user->get('admin') && !$user->get('staff')));
    $smarty->assign('deletable', $USER->get('admin'));
}

569 570 571
$smarty->display('admin/users/edit.tpl');

?>