index.php 11.5 KB
Newer Older
1
2
3
4
5
<?php
/**
 *
 * @package    mahara
 * @subpackage core
6
 * @author     Catalyst IT Ltd
7
8
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
 * @copyright  For copyright information on Mahara, please see the README file distributed with this software.
9
10
11
12
 *
 */

define('INTERNAL', 1);
13
define('MENUITEM', 'settings/account');
14
15
16
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'account');
define('SECTION_PAGE', 'preferences');
17
18

require(dirname(dirname(__FILE__)) . '/init.php');
19
define('TITLE', get_string('account'));
20

Penny Leach's avatar
Penny Leach committed
21
// load up user preferences
22
$prefs = (object) load_account_preferences($USER->id);
Penny Leach's avatar
Penny Leach committed
23

24
$authobj = AuthFactory::create($USER->authinstance);
25
26

// @todo auth preference for a password change screen for all auth methods other than internal
27
if (method_exists($authobj, 'change_password')) {
Gregor Anzelj's avatar
Gregor Anzelj committed
28

29
30
    $elements = array(
        'changepassworddesc' => array(
31
            'value' => '<tr><td colspan="2"><h3>' . get_string('changepassworddesc', 'account') . '</h3></td></tr>'
32
        ),
33
34
35
36
37
38
39
40
41
        // HACK: A decoy password field to prevent Firefox from trying to autofill the "oldpassword" field.
        // (FF will fill in this one instead, because it comes first. Then we can just ignore it.
        // TODO: move the password reset form to a separate screen
        'password' => array(
            'type' => 'password',
            'title' => '',
            'class' => 'hidden',
            'value' => 'decoypassword',
        ),
Gregor Anzelj's avatar
Gregor Anzelj committed
42
43
        'oldpassword' => array(
            'type' => 'password',
44
            'title' => get_string('oldpassword'),
45
            'help'  => true,
46
            'autocomplete' => 'off',
47
48
49
50
        ),
        'password1' => array(
            'type' => 'password',
            'title' => get_string('newpassword'),
Gregor Anzelj's avatar
Gregor Anzelj committed
51
52
            'description' => get_password_policy_description(),
            'showstrength' => true
53
54
55
56
57
58
59
        ),
        'password2' => array(
            'type' => 'password',
            'title' => get_string('confirmpassword')
        ),
    );
}
60
else if ($url = get_config_plugin_instance('auth', $USER->authinstance, 'changepasswordurl')) {
61
    // @todo contextual help
62
63
    $elements = array(
        'changepasswordotherinterface' => array(
64
            'value' => '<tr><td colspan="2"><h3>' . get_string('changepasswordotherinterface', 'account', $url) . '</h3></td></tr>'
65
66
67
68
69
70
71
        )
    );
}
else {
    $elements = array();
}

72
73
if ($authobj->authname == 'internal') {
    $elements['changeusernameheading'] = array(
74
        'value' => '<tr><td colspan="2"><h3>' . get_string('changeusernameheading', 'account') . '</h3></td></tr>'
75
76
77
78
79
    );
    $elements['username'] = array(
        'type' => 'text',
        'defaultvalue' => $USER->get('username'),
        'title' => get_string('changeusername', 'account'),
80
        'description' => get_string('changeusernamedesc', 'account', hsc(get_config('sitename'))),
81
82
83
    );
}

84
if (get_config('cleanurls') && get_config('cleanurlusereditable')) {
85
86
87
    $elements['changeprofileurl'] = array(
        'value' => '<tr><td colspan="2"><h3>' . get_string('changeprofileurl', 'account') . '</h3></td></tr>'
    );
88
89
90
91
92
93
94
95
96
    if (get_config('cleanurlusersubdomains')) {
        list($proto, $rest) = explode('://', get_config('wwwroot'));
        $prehtml = $proto . ':// ';
        $posthtml = ' .' . $rest;
    }
    else {
        $prehtml = get_config('wwwroot') . get_config('cleanurluserdefault') . '/ ';
        $posthtml = '';
    }
97
98
99
100
    $elements['urlid'] = array(
        'type'         => 'text',
        'defaultvalue' => $USER->get('urlid'),
        'title'        => get_string('profileurl', 'account'),
101
102
        'prehtml'      => '<span class="description">' . $prehtml . '</span>',
        'posthtml'     => '<span class="description">' . $posthtml . '</span>',
103
104
105
106
107
        'description'  => get_string('profileurldescription', 'account') . ' ' . get_string('cleanurlallowedcharacters'),
        'rules'        => array('maxlength' => 30, 'regex' => get_config('cleanurlvalidate')),
    );
}

108
$elements['accountoptionsdesc'] = array(
109
    'value' => '<tr><td colspan="2"><h3>' . get_string('accountoptionsdesc', 'account') . '</h3></td></tr>'
110
);
111
112
113

// Add general account options
$elements = array_merge($elements, general_account_prefs_form_elements($prefs));
114

115
116
117
// Add plugins account options.
$elements = array_merge($elements, plugin_account_prefs_form_elements($prefs));

118
119
$blogcount = count_records('artefact', 'artefacttype', 'blog', 'owner', $USER->get('id')) ;
if ($blogcount != 1 && $prefs->multipleblogs == 1) {
120
    $elements['multipleblogs']['readonly'] = true;
121
}
122

123

124
125
$elements['submit'] = array(
    'type' => 'submit',
126
    'class' => 'btn-primary',
127
128
129
    'value' => get_string('save')
);

Penny Leach's avatar
Penny Leach committed
130
131
$prefsform = array(
    'name'        => 'accountprefs',
Pat Kira's avatar
Pat Kira committed
132
    'renderer'    => 'div',
Penny Leach's avatar
Penny Leach committed
133
    'method'      => 'post',
134
    'jsform'      => true,
135
    'plugintype'  => 'core',
Penny Leach's avatar
Penny Leach committed
136
    'pluginname'  => 'account',
137
    'jssuccesscallback' => 'clearPasswords',
138
    'elements'    => $elements
Penny Leach's avatar
Penny Leach committed
139
);
140

141
function accountprefs_validate(Pieform $form, $values) {
142
143
144
145
    global $USER;

    $authobj = AuthFactory::create($USER->authinstance);

146
147
148
    if (isset($values['oldpassword'])) {
        if ($values['oldpassword'] !== '') {
            global $USER, $authtype, $authclass;
149
150
151
152
153
154
155
156
157
158
159
            try {
                if (!$authobj->authenticate_user_account($USER, $values['oldpassword'])) {
                    $form->set_error('oldpassword', get_string('oldpasswordincorrect', 'account'));
                    return;
                }
            }
            // propagate error correctly for User validation issues - this should
            // be catching AuthUnknownUserException and AuthInstanceException
             catch  (UserException $e) {
                 $form->set_error('oldpassword', $e->getMessage());
                 return;
160
161
162
163
164
            }
            password_validate($form, $values, $USER);
        }
        else if ($values['password1'] !== '' || $values['password2'] !== '') {
            $form->set_error('oldpassword', get_string('mustspecifyoldpassword'));
165
166
        }
    }
167
168
169
170
171

    if ($authobj->authname == 'internal' && $values['username'] != $USER->get('username')) {
        if (!AuthInternal::is_username_valid($values['username'])) {
            $form->set_error('username', get_string('usernameinvalidform', 'auth.internal'));
        }
172
        if (!$form->get_error('username') && record_exists_select('usr', 'LOWER(username) = ?', array(strtolower($values['username'])))) {
173
174
175
            $form->set_error('username', get_string('usernamealreadytaken', 'auth.internal'));
        }
    }
176

177
    if (isset($values['urlid']) && get_config('cleanurls') && $values['urlid'] != $USER->get('urlid')) {
178
179
180
181
182
183
184
        if (strlen($values['urlid']) < 3) {
            $form->set_error('urlid', get_string('rule.minlength.minlength', 'pieforms', 3));
        }
        else if (record_exists('usr', 'urlid', $values['urlid'])) {
            $form->set_error('urlid', get_string('urlalreadytaken', 'account'));
        }
    }
185

186
    plugin_account_prefs_validate($form, $values);
187
188
}

189
function accountprefs_submit(Pieform $form, $values) {
190
    global $USER, $SESSION;
191

192
193
    $authobj = AuthFactory::create($USER->authinstance);

194
    db_begin();
195
    $ispasswordchanged = false;
196
    if (isset($values['password1']) && $values['password1'] !== '') {
197
        global $authclass;
198
199
200
201
        $password = $authobj->change_password($USER, $values['password1']);
        $USER->password = $password;
        $USER->passwordchange = 0;
        $USER->commit();
202
        $ispasswordchanged = true;
203
204
    }

205
    // use this as looping through values is not safe.
Aaron Wells's avatar
Aaron Wells committed
206
    $expectedprefs = expected_account_preferences();
207
208
209
210
211
212
213
214
215
216
    if ($values['maildisabled'] == 0 && get_account_preference($USER->get('id'), 'maildisabled') == 1) {
        // Reset the sent and bounce counts otherwise mail will be disabled
        // on the next send attempt
        $u = new StdClass;
        $u->email = $USER->get('email');
        $u->id = $USER->get('id');
        update_bounce_count($u,true);
        update_send_count($u,true);
    }

217
    // Remember the user's language & theme prefs, so we can reload the page if they change them
218
    $oldlang = $USER->get_account_preference('lang');
219
    $oldtheme = $USER->get_account_preference('theme');
220
    $oldgroupsideblockmaxgroups = $USER->get_account_preference('groupsideblockmaxgroups');
221
    $oldgroupsideblocksortby = $USER->get_account_preference('groupsideblocksortby');
222

223
224
    // Set user account preferences
    foreach ($expectedprefs as $eprefkey => $epref) {
225
        if (isset($values[$eprefkey]) && $values[$eprefkey] !== get_account_preference($USER->get('id'), $eprefkey)) {
226
            $USER->set_account_preference($eprefkey, $values[$eprefkey]);
227
        }
228
    }
229

230
    if (isset($values['theme']) && $values['theme'] == 'sitedefault') {
231
232
233
        $USER->set_account_preference('theme', '');
    }

234
    $returndata = array();
235
236
237
    if (isset($values['username']) && $values['username'] != $USER->get('username')) {
        $USER->username = $values['username'];
        $USER->commit();
238
        $returndata['username'] = $values['username'];
239
240
    }

241
    $reload = false;
242
243
244
    if (get_config('cleanurls') && isset($values['urlid']) && $values['urlid'] != $USER->get('urlid')) {
        $USER->urlid = $values['urlid'];
        $USER->commit();
245
        $reload = true;
246
247
    }

248
249
250
251
252
253
    if ($ispasswordchanged) {
        // Destroy other sessions of the user
        require_once(get_config('docroot') . 'auth/session.php');
        remove_user_sessions($USER->get('id'));
    }

254
    db_commit();
255

256
    $returndata['message'] = get_string('prefssaved', 'account');
257

258
    if (isset($values['theme']) && $values['theme'] != $oldtheme) {
259
        $USER->update_theme();
260
        $reload = true;
261
    }
262
263

    if (isset($values['lang']) && $values['lang'] != $oldlang) {
264
265
266
        // The session language pref is used when the user has no user pref,
        // and when logged out.
        $SESSION->set('lang', $values['lang']);
267
268
        $returndata['message'] = get_string_from_language($values['lang'], 'prefssaved', 'account');
        $reload = true;
269
    }
270
271
272
    if (isset($values['groupsideblockmaxgroups']) && $values['groupsideblockmaxgroups'] != $oldgroupsideblockmaxgroups) {
        $reload = true;
    }
273
274
275
    if ($values['groupsideblocksortby'] != $oldgroupsideblocksortby) {
        $reload = true;
    }
276

277
278
    $reload = plugin_account_prefs_submit($form, $values) || $reload;

279
    if (!empty($reload)) {
280
281
        // Use PIEFORM_CANCEL here to force a page reload and show the new language.
        $returndata['location'] = get_config('wwwroot') . 'account/index.php';
282
        $SESSION->add_ok_msg($returndata['message']);
283
284
285
        $form->json_reply(PIEFORM_CANCEL, $returndata);
    }

286
    $form->json_reply(PIEFORM_OK, $returndata);
Penny Leach's avatar
Penny Leach committed
287
288
}

Richard Mansfield's avatar
Richard Mansfield committed
289
$prefsform = pieform($prefsform);
290

291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
$ijs = <<< EOF
var clearPasswords = (function($) {
  return function (form, data) {
      formSuccess(form, data);
      if (jQuery('#accountprefs_oldpassword')) {
          jQuery('#accountprefs_oldpassword').val('');
          jQuery('#accountprefs_password1').val('');
          jQuery('#accountprefs_password2').val('');
      }
      if (data.username) {
          var username = $('#profile-sideblock-username a:first');
          if (username) {
              $(username).empty().append(data.username);
          }
      }
  }
}(jQuery))
EOF;
309
310
311

$request = get_record('usr_pendingdeletion', 'usr', $USER->id);

312
$smarty = smarty();
Richard Mansfield's avatar
Richard Mansfield committed
313
$smarty->assign('form', $prefsform);
314
$smarty->assign('candeleteself', $USER->can_delete_self());
315
316
$smarty->assign('deletionsent', !empty($request));
$smarty->assign('requestdate', !empty($request) ? format_date(strtotime($request->ctime)) : '');
317
$smarty->assign('INLINEJAVASCRIPT', $ijs);
318
$smarty->display('account/index.tpl');