edit.php 38.5 KB
Newer Older
1
2
3
4
5
<?php
/**
 *
 * @package    mahara
 * @subpackage admin
6
 * @author     Catalyst IT Ltd
7
8
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
 * @copyright  For copyright information on Mahara, please see the README file distributed with this software.
9
10
11
12
 *
 */

define('INTERNAL', 1);
13
define('INSTITUTIONALADMIN', 1);
14
define('MENUITEM', 'configusers/usersearch');
15
require(dirname(dirname(dirname(__FILE__))) . '/init.php');
16
define('TITLE', get_string('accountsettings', 'admin'));
17
18
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'admin');
19
define('SECTION_PAGE', 'edit');
20
require_once('activity.php');
21
require_once(get_config('docroot') . 'lib/antispam.php');
22
23

$id = param_integer('id');
24
25
$user = new User;
$user->find_by_id($id);
26
$authobj = AuthFactory::create($user->authinstance);
27

28
if (!$USER->is_admin_for_user($user)) {
29
    $SESSION->add_error_msg(get_string('youcannotadministerthisuser', 'admin'));
30
    redirect(profile_url($user));
31
}
32

33
34
if ($user->deleted) {
    $smarty = smarty();
35
36
    $smarty->assign('PAGEHEADING', display_name($user));
    $smarty->assign('SUBSECTIONHEADING', TITLE);
37
38
39
40
    $smarty->assign('message', get_string('thisuserdeleted', 'admin'));
    $smarty->display('message.tpl');
    exit;
}
41
42

// Site-wide account settings
43
$currentdate = getdate();
Richard Mansfield's avatar
Richard Mansfield committed
44
$elements = array();
45
46
47
48
49
$elements['id'] = array(
    'type'    => 'hidden',
    'rules'   => array('integer' => true),
    'value'   => $id,
);
50

51
52
53
54
55
56
if (method_exists($authobj, 'change_username')) {
    $elements['username'] = array(
        'type'         => 'text',
        'title'        => get_string('changeusername', 'admin'),
        'description'  => get_string('changeusernamedescription', 'admin'),
        'defaultvalue' => $user->username,
57
58
59
        'rules' => array(
            'maxlength' => 236,
         ),
60
61
62
    );
}

Gregor Anzelj's avatar
Gregor Anzelj committed
63
// Only show the password options if the plugin allows for the functionality
64
65
if (method_exists($authobj, 'change_password')) {
    $elements['password'] = array(
66
        'type'         => 'password',
67
        'title'        => get_string('resetpassword','admin'),
Gregor Anzelj's avatar
Gregor Anzelj committed
68
69
        'description'  => get_string('resetpassworddescription', 'admin') . ' ' . get_password_policy_description(),
        'showstrength' => true
70
71
72
    );

    $elements['passwordchange'] = array(
73
        'type'         => 'switchbox',
74
75
76
77
78
        'title'        => get_string('forcepasswordchange','admin'),
        'description'  => get_string('forcepasswordchangedescription','admin'),
        'defaultvalue' => $user->passwordchange,
    );
}
79
80
if ($USER->get('admin')) {
    $elements['staff'] = array(
81
        'type'         => 'switchbox',
82
83
        'title'        => get_string('sitestaff','admin'),
        'defaultvalue' => $user->staff,
84
        'help'         => true,
85
86
    );
    $elements['admin'] = array(
87
        'type'         => 'switchbox',
88
89
        'title'        => get_string('siteadmin','admin'),
        'defaultvalue' => $user->admin,
90
        'help'         => true,
91
92
    );
}
93
94
95
96
97
98
99
100
101
102
$elements['email'] = array(
    'type'         => 'text',
    'title'        => get_string('primaryemail','admin'),
    'defaultvalue' => $user->email,
    'help'         => true,
    'rules'        => array(
        'required' => true,
        'email'    => true,
    ),
);
103
$elements['maildisabled'] = array(
104
    'type' => 'switchbox',
105
    'defaultvalue' => get_account_preference($user->id, 'maildisabled'),
106
    'title' => get_string('disableemail', 'admin'),
107
108
    'help' => true,
);
109
110
111
112
113
114
$elements['lastlogin'] = array(
    'type'          => 'html',
    'class'         => 'htmldescription',
    'title'         => get_string('lastlogin', 'admin'),
    'value'         => format_date($user->lastlogin),
);
115
116
$elements['expiry'] = array(
    'type'         => 'date',
117
    'class'        => 'form-condensed',
118
119
120
121
122
123
    'title'        => get_string('accountexpiry', 'admin'),
    'description'  => get_string('accountexpirydescription', 'admin'),
    'minyear'      => $currentdate['year'] - 2,
    'maxyear'      => $currentdate['year'] + 20,
    'defaultvalue' => $user->expiry
);
124
$quotaused = get_string('quotaused', 'admin') . ': ' . display_size($user->quotaused);
125
126
127
if ($USER->get('admin') || get_config_plugin('artefact', 'file', 'institutionaloverride')) {
    $elements['quota'] = array(
        'type'         => 'bytes',
128
        'title'        => get_string('filequota1','admin'),
129
        'description'  => get_string('filequotadescription','admin') . '<br>' . $quotaused,
130
131
        'rules'        => array('integer' => true,
                                'minvalue' => 1),
132
        'class'        => 'form-inline',
133
134
135
136
137
138
139
        'defaultvalue' => $user->quota,
    );
}
else {
    $elements['quota'] = array(
        'type'         => 'text',
        'disabled'     => true,
140
        'title'        => get_string('filequota1', 'admin'),
141
        'description'  => get_string('filequotadescription', 'admin') . '<br>' . $quotaused,
142
        'class'        => 'form-inline',
143
144
145
        'value'        => display_size($user->quota),
    );
}
146

147
148
149
150
151
152
// Probation points
if (is_using_probation($user->id)) {
    $elements['probationpoints'] = array(
        'type' => 'select',
        'title' => get_string('probationtitle', 'admin'),
        'help' => true,
153
154
        'options' => probation_form_options(),
        'defaultvalue' => ensure_valid_probation_points($user->probation),
155
156
157
    );
}

158
159
160
161
$authinstances = auth_get_auth_instances();
if (count($authinstances) > 1) {
    $options = array();

162
163
164
    // NOTE: This is a little broken at the moment. The "username in the remote
    // system" setting is only actively used by the XMLRPC authentication
    // plugin, and thus only makes sense when the user is authenticating in
165
166
    // this manner.
    //
167
168
    // We hope to one day make it possible for users to get into accounts via
    // multiple methods, at which time we can tie the username-in-remote-system
169
    // setting to the XMLRPC plugin only, making the UI a bit more consistent
170
    $external = false;
171
    $externalauthjs = array();
172
    foreach ($authinstances as $authinstance) {
173
174
175
176
        // If a user has a "No Institution" auth method (institution "mahara", id = 1) and he belongs to an Institution,
        // his Institution Admin will be able to change his auth method away to one of the Institution's auth methods
        // that's the second part of the "if"
        if ($USER->can_edit_institution($authinstance->name) || ($authinstance->id == 1 && $user->authinstance == 1)) {
177
            $options[$authinstance->id] = $authinstance->displayname . ': ' . $authinstance->instancename;
178
179
            $authobj = AuthFactory::create($authinstance->id);
            if ($authobj->needs_remote_username()) {
180
                $externalauthjs[] = $authinstance->id;
181
182
                $external = true;
            }
183
        }
184
185
    }

186
187
    if (isset($options[$user->authinstance])) {
        $elements['authinstance'] = array(
188
189
            'type'         => 'select',
            'title'        => get_string('authenticatedby', 'admin'),
190
            'description'  => get_string('authenticatedbydescription', 'admin'),
191
            'options'      => $options,
192
            'defaultvalue' => $user->authinstance,
193
            'help'         => true,
194
        );
195
196
197
198
199
200
201
        $un = get_field('auth_remote_user', 'remoteusername', 'authinstance', $user->authinstance, 'localusr', $user->id);
        $elements['remoteusername'] = array(
            'type'         => 'text',
            'title'        => get_string('remoteusername', 'admin'),
            'description'  => get_string('remoteusernamedescription1', 'admin', hsc(get_config('sitename'))),
            'help'         => true,
        );
202
203
204
        if ($un) {
            $elements['remoteusername']['defaultvalue'] = $un;
        }
205
    }
206
    $remoteusernames = json_encode(get_records_menu('auth_remote_user', 'localusr', $id));
207
    $js = "<script type='application/javascript'>
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
          var externalauths = ['" . implode("','", $externalauthjs) . "'];
          var remoteusernames = " . $remoteusernames . ";
          jQuery(document).ready(function() {
          // set up initial display
          var authinstanceid = jQuery('#edituser_site_authinstance :selected').val();
          is_external(authinstanceid);

          // update display as auth method dropdown changes
          jQuery('#edituser_site_authinstance').change(function() {
              authinstanceid = jQuery('#edituser_site_authinstance :selected').val();
              is_external(authinstanceid);
          });

          function is_external(id) {
              if (jQuery.inArray(authinstanceid,externalauths) != -1) {
                  // is external option so show external auth field and help text rows
224
225
                  jQuery('#edituser_site_remoteusername_container').css('display','block');
                  jQuery('#edituser_site_remoteusername_container').next('div').css('display','block');
226
227
228
229
                  if (remoteusernames[id]) {
                      // if value exists in auth_remote_user display it
                      jQuery('#edituser_site_remoteusername').val(remoteusernames[id]);
                  }
230
231
232
                  else {
                      jQuery('#edituser_site_remoteusername').val('');
                  }
233
234
235
236
              }
              else {
                  // is internal option so hide external auth field and help text rows
                  jQuery('#edituser_site_remoteusername_container').css('display','none');
237
                  jQuery('#edituser_site_remoteusername_container').next('div').css('display','none');
238
239
240
241
242
243
244
              }
          }
      });
      </script>";

    $elements['externalauthjs'] = array(
        'type'         => 'html',
245
        'class'        => 'hidden',
246
247
        'value'        => $js,
    );
248
249
}

250
$tags = get_column_sql('SELECT tag FROM {usr_tag} WHERE usr = ? AND NOT tag ' . db_ilike() . " 'lastinstitution:%'", array($user->id));
Hugh Davenport's avatar
Hugh Davenport committed
251
252
253
254
255
256
257
258
259

$elements['tags'] = array(
    'defaultvalue' => $tags,
    'type'         => 'tags',
    'title'        => get_string('tags'),
    'description'  => get_string('tagsdesc'),
    'help'         => true,
);

260
261
$elements['submit'] = array(
    'type'  => 'submit',
262
    'class' => 'btn-primary',
263
264
265
    'value' => get_string('savechanges','admin'),
);

Richard Mansfield's avatar
Richard Mansfield committed
266
267
$siteform = pieform(array(
    'name'       => 'edituser_site',
Pat Kira's avatar
Pat Kira committed
268
    'renderer'   => 'div',
269
270
    'plugintype' => 'core',
    'pluginname' => 'admin',
271
    'class' => 'form-group-nested',
272
273
274
    'elements'   => $elements,
));

275
276
function edituser_site_validate(Pieform $form, $values) {
    global $USER, $SESSION;
277
278
279
    if (!$user = get_record('usr', 'id', $values['id'])) {
        return false;
    }
280
281
282
283
284
285
286
    if ($USER->get('admin') || get_config_plugin('artefact', 'file', 'institutionaloverride')) {
        $maxquotaenabled = get_config_plugin('artefact', 'file', 'maxquotaenabled');
        $maxquota = get_config_plugin('artefact', 'file', 'maxquota');
        if ($maxquotaenabled && $values['quota'] > $maxquota) {
            $form->set_error('quota', get_string('maxquotaexceededform', 'artefact.file', display_size($maxquota)));
            $SESSION->add_error_msg(get_string('maxquotaexceeded', 'artefact.file', display_size($maxquota)));
        }
287
    }
288

289
290
291
    $userobj = new User();
    $userobj = $userobj->find_by_id($user->id);

Gregor Anzelj's avatar
Gregor Anzelj committed
292
293
294
295
296
297
    if (!isset($values['authinstance'])) {
        $authobj = AuthFactory::create($userobj->authinstance);
    }
    else {
        $authobj = AuthFactory::create($values['authinstance']);
    }
298

Gregor Anzelj's avatar
Gregor Anzelj committed
299
    if (isset($values['username']) && !empty($values['username']) && $values['username'] != $userobj->username) {
300
301
302
303
304
305
306
307
308
309
310
311
        if (method_exists($authobj, 'change_username')) {
            if (method_exists($authobj, 'is_username_valid_admin')) {
                if (!$authobj->is_username_valid_admin($values['username'])) {
                    $form->set_error('username', get_string('usernameinvalidadminform', 'auth.internal'));
                }
            }
            else if (method_exists($authobj, 'is_username_valid')) {
                if (!$authobj->is_username_valid($values['username'])) {
                    $form->set_error('username', get_string('usernameinvalidform', 'auth.internal'));
                }
            }

312
            if (!$form->get_error('username') && record_exists_select('usr', 'LOWER(username) = ?', array(strtolower($values['username'])))) {
313
314
315
316
317
318
319
                $form->set_error('username', get_string('usernamealreadytaken', 'auth.internal'));
            }
        }
        else {
            $form->set_error('username', get_string('usernamechangenotallowed', 'admin'));
        }
    }
Gregor Anzelj's avatar
Gregor Anzelj committed
320
321
322
323
324
325
326
327
328
329
330
    if (isset($values['password']) && !empty($values['password'])) {
        if (method_exists($authobj, 'is_password_valid') && !$authobj->is_password_valid($values['password'])) {
            if ($authobj->type == 'internal') {
                $form->set_error('password', get_password_policy_description('error'));
            }
            else {
                // Allow auth type to return their own error message - Currently not used
                $form->set_error('password', get_string('passwordinvalidform' . $authobj->type, 'auth.' . $authobj->type));
            }
        }
    }
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
    // Check that the external username isn't already in use by someone else
    if (isset($values['authinstance']) && isset($values['remoteusername'])) {
        // there are 4 cases for changes on the page
        // 1) ai and remoteuser have changed
        // 2) just ai has changed
        // 3) just remoteuser has changed
        // 4) the ai changes and the remoteuser is wiped - this is a delete of the old ai-remoteuser

        // determine the current remoteuser
        $current_remotename = get_field('auth_remote_user', 'remoteusername',
                                        'authinstance', $user->authinstance, 'localusr', $user->id);
        if (!$current_remotename) {
            $current_remotename = $user->username;
        }
        // what should the new remoteuser be
        $new_remoteuser = get_field('auth_remote_user', 'remoteusername',
                                    'authinstance', $values['authinstance'], 'localusr', $user->id);
        if (!$new_remoteuser) {
            $new_remoteuser = $user->username;
        }
        if (strlen(trim($values['remoteusername'])) > 0) {
            // value changed on page - use it
            if ($values['remoteusername'] != $current_remotename) {
                $new_remoteuser = $values['remoteusername'];
            }
        }

        // what really counts is who owns the target remoteuser slot
        $target_owner = get_field('auth_remote_user', 'localusr',
                                  'authinstance', $values['authinstance'], 'remoteusername', $new_remoteuser);
        // target remoteuser is owned by someone else
        if ($target_owner && $target_owner != $user->id) {
            $usedbyuser = get_field('usr', 'username', 'id', $target_owner);
            $SESSION->add_error_msg(get_string('duplicateremoteusername', 'auth', $usedbyuser));
            $form->set_error('remoteusername', get_string('duplicateremoteusernameformerror', 'auth'));
        }
367
    }
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389

    // Check if the new primary email address is valid
    if (isset($values['email']) &&
        ($values['email'] !== $user->email)) {
        $email = sanitize_email($values['email']);
        if (!$form->get_error('email')) {
            if (!$form->get_error('email') && empty($email)) {
                $form->set_error('email', get_string('invalidemailaddress', 'artefact.internal'));
            }

            if (record_exists_sql('
                    SELECT id
                    FROM {usr}
                    WHERE deleted != 1 AND email = ? AND id != ?', array($email, $user->id))
                || record_exists_sql('
                    SELECT owner
                    FROM {artefact_internal_profile_email}
                    WHERE email = ? AND owner != ?', array($email, $user->id))) {
                $form->set_error('email', get_string('emailalreadytakenbyothers', 'auth.internal'));
            }
        }
    }
390
}
391

Richard Mansfield's avatar
Richard Mansfield committed
392
function edituser_site_submit(Pieform $form, $values) {
393
    global $USER, $authobj, $SESSION;
394

395
396
397
398
    if (!$user = get_record('usr', 'id', $values['id'])) {
        return false;
    }

399
400
    if (is_using_probation()) {
        // Value should be between 0 and 10 inclusive
401
        $user->probation = ensure_valid_probation_points($values['probationpoints']);
402
403
    }

404
405
    if ($USER->get('admin') || get_config_plugin('artefact', 'file', 'institutionaloverride')) {
        $user->quota = $values['quota'];
406
407
408
409
410
        // check if the user has gone over the quota notify limit
        $quotanotifylimit = get_config_plugin('artefact', 'file', 'quotanotifylimit');
        if ($quotanotifylimit <= 0 || $quotanotifylimit >= 100) {
            $quotanotifylimit = 100;
        }
411
        $user->quotausedpercent = empty($user->quota) ? 0 : ($user->quotaused / $user->quota) * 100;
412
413
414
415
416
417
        $overlimit = false;
        if ($quotanotifylimit <= $user->quotausedpercent) {
            $overlimit = true;
        }
        $notified = get_field('usr_account_preference', 'value', 'field', 'quota_exceeded_notified', 'usr', $user->id);
        if ($overlimit && '1' !== $notified) {
418
            safe_require('artefact', 'file');
419
420
            ArtefactTypeFile::notify_users_threshold_exceeded(array($user), false);
            // no need to email admin as we can alert them right now
421
            $SESSION->add_error_msg(get_string('useroverquotathreshold', 'artefact.file', display_name($user), ceil((int) $user->quotausedpercent), display_size($user->quota)));
422
423
424
425
        }
        else if ($notified && !$overlimit) {
            set_account_preference($user->id, 'quota_exceeded_notified', false);
        }
426
    }
427

428
429
430
431
432
433
434
435
436
    $unexpire = $user->expiry && strtotime($user->expiry) < time() && (empty($values['expiry']) || $values['expiry'] > time());
    $newexpiry = db_format_timestamp($values['expiry']);
    if ($user->expiry != $newexpiry) {
        $user->expiry = $newexpiry;
        if ($unexpire) {
            $user->expirymailsent = 0;
            $user->lastaccess = db_format_timestamp(time());
        }
    }
437
438
439
440
441

    // Try to kick the user from any active login sessions, before saving data.
    require_once(get_config('docroot') . 'auth/session.php');
    remove_user_sessions($user->id);

442
443
444
    if ($USER->get('admin')) {  // Not editable by institutional admins
        $user->staff = (int) ($values['staff'] == 'on');
        $user->admin = (int) ($values['admin'] == 'on');
445
446
447
        if ($user->admin) {
            activity_add_admin_defaults(array($user->id));
        }
448
449
    }

450
451
452
453
    if ($values['maildisabled'] == 0 && get_account_preference($user->id, 'maildisabled') == 1) {
        // Reset the sent and bounce counts otherwise mail will be disabled
        // on the next send attempt
        $u = new StdClass;
454
455
        $u->email = $user->email;
        $u->id = $user->id;
456
457
458
459
460
        update_bounce_count($u,true);
        update_send_count($u,true);
    }
    set_account_preference($user->id, 'maildisabled', $values['maildisabled']);

461
462
463
464
465
    // process the change of the authinstance and or the remoteuser
    if (isset($values['authinstance']) && isset($values['remoteusername'])) {
        // Authinstance can be changed by institutional admins if both the
        // old and new authinstances belong to the admin's institutions
        $authinst = get_records_select_assoc('auth_instance', 'id = ? OR id = ?',
466
                                             array($values['authinstance'], $user->authinstance));
467
468
469
        // But don't bother if the auth instance doesn't take a remote username
        $authobj = AuthFactory::create($values['authinstance']);
        if (
470
471
472
473
474
475
            $USER->get('admin')
            || (
                $USER->is_institutional_admin($authinst[$values['authinstance']]->institution)
                && (
                    $USER->is_institutional_admin($authinst[$user->authinstance]->institution)
                    || $user->authinstance == 1
476
                )
477
            )
478
        ) {
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
            if ($authobj->needs_remote_username()) {
                // determine the current remoteuser
                $current_remotename = get_field('auth_remote_user', 'remoteusername',
                                                'authinstance', $user->authinstance, 'localusr', $user->id);
                if (!$current_remotename) {
                    $current_remotename = $user->username;
                }
                // if the remoteuser is empty
                if (strlen(trim($values['remoteusername'])) == 0) {
                    delete_records('auth_remote_user', 'authinstance', $user->authinstance, 'localusr', $user->id);
                }
                // what should the new remoteuser be
                $new_remoteuser = get_field('auth_remote_user', 'remoteusername',
                                            'authinstance', $values['authinstance'], 'localusr', $user->id);
                // save the remotename for the target existence check
                $target_remotename = $new_remoteuser;
                if (!$new_remoteuser) {
                    $new_remoteuser = $user->username;
                }
                if (strlen(trim($values['remoteusername'])) > 0) {
                    // value changed on page - use it
                    if ($values['remoteusername'] != $current_remotename) {
                        $new_remoteuser = $values['remoteusername'];
                    }
                }
                // only update remote name if the input actually changed on the page  or it doesn't yet exist
                if ($current_remotename != $new_remoteuser || !$target_remotename) {
                    // only remove the ones related to this traget authinstance as we now allow multiple
                    // for dual login mechanisms
                    delete_records('auth_remote_user', 'authinstance', $values['authinstance'], 'localusr', $user->id);
                    insert_record('auth_remote_user', (object) array(
                        'authinstance'   => $values['authinstance'],
                        'remoteusername' => $new_remoteuser,
                        'localusr'       => $user->id,
                    ));
514
                }
515
            }
516
            // update the ai on the user master
517
            $user->authinstance = $values['authinstance'];
518
519
520
521
522

            // update the global $authobj to match the new authinstance
            // this is used by the password/username change methods
            // if either/both has been requested at the same time
            $authobj = AuthFactory::create($user->authinstance);
523
        }
524
    }
525

526
527
    // Only change the pw if the new auth instance allows for it
    if (method_exists($authobj, 'change_password')) {
528
        $user->passwordchange = (int) (isset($values['passwordchange']) && $values['passwordchange'] == 'on' ? 1 : 0);
529
530
531
532
533

        if (isset($values['password']) && $values['password'] !== '') {
            $userobj = new User();
            $userobj = $userobj->find_by_id($user->id);

534
535
            $user->password = $authobj->change_password($userobj, $values['password']);
            $user->salt = $userobj->salt;
536
537
538
539
540
541
542
543
544

            unset($userobj);
        }
    } else {
        // inform the user that the chosen auth instance doesn't allow password changes
        // but only if they tried changing it
        if (isset($values['password']) && $values['password'] !== '') {
            $SESSION->add_error_msg(get_string('passwordchangenotallowed', 'admin'));

545
546
547
548
            // Set empty pw with salt
            $user->password = '';
            $user->salt = auth_get_random_salt();
        }
549
550
551
552
553
554
555
556
557
558
559
560
561
    }

    if (isset($values['username']) && $values['username'] !== '') {
        $userobj = new User();
        $userobj = $userobj->find_by_id($user->id);

        if ($userobj->username != $values['username']) {
            // Only change the username if the auth instance allows for it
            if (method_exists($authobj, 'change_username')) {
                // check the existence of the chosen username
                try {
                    if ($authobj->user_exists($values['username'])) {
                        // set an error message if it is already in use
562
                        $SESSION->add_error_msg(get_string('usernameexists1', 'account'));
563
564
565
566
567
568
569
570
571
572
                    }
                } catch (AuthUnknownUserException $e) {
                    // update the username otherwise
                    $user->username = $authobj->change_username($userobj, $values['username']);
                }
            } else {
                // inform the user that the chosen auth instance doesn't allow username changes
                $SESSION->add_error_msg(get_string('usernamechangenotallowed', 'admin'));
            }
        }
573

574
        unset($userobj);
575
    }
576

Hugh Davenport's avatar
Hugh Davenport committed
577
    db_begin();
578
579
    update_record('usr', $user);

580
581
582
    // Update user's primary email address
    set_user_primary_email($user->id, $values['email']);

Hugh Davenport's avatar
Hugh Davenport committed
583
584
    delete_records('usr_tag', 'usr', $user->id);
    if (is_array($values['tags'])) {
585
        $values['tags'] = check_case_sensitive($values['tags'], 'usr_tag');
Hugh Davenport's avatar
Hugh Davenport committed
586
587
588
589
590
591
592
593
594
595
596
597
598
599
        foreach(array_unique($values['tags']) as $tag) {
            if (empty($tag)) {
                continue;
            }
            insert_record(
                'usr_tag',
                (object) array(
                    'usr' => $user->id,
                    'tag' => strtolower($tag),
                )
            );
        }
    }
    db_commit();
600

601
    $SESSION->add_ok_msg(get_string('usersitesettingschanged', 'admin'));
602
603
604
605
    redirect('/admin/users/edit.php?id='.$user->id);
}


606
607
608
609
610
611
612
613
614
615
616
617
618
619
// Suspension/deletion controls
$suspended = $user->get('suspendedcusr');
if (empty($suspended)) {
    $suspendform = pieform(array(
        'name'       => 'edituser_suspend',
        'plugintype' => 'core',
        'pluginname' => 'admin',
        'elements'   => array(
            'id' => array(
                 'type'    => 'hidden',
                 'value'   => $id,
            ),
            'reason' => array(
                'type'        => 'textarea',
620
                'class'       => 'under-label',
621
                'rows'        => 5,
622
                'cols'        => 28,
623
624
625
626
627
                'title'       => get_string('reason'),
                'description' => get_string('suspendedreasondescription', 'admin'),
            ),
            'submit' => array(
                'type'  => 'submit',
628
                'class' => 'btn-default',
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
                'value' => get_string('suspenduser','admin'),
            ),
        )
    ));
}
else {
    $suspendformdef = array(
        'name'       => 'edituser_unsuspend',
        'plugintype' => 'core',
        'pluginname' => 'admin',
        'renderer'   => 'oneline',
        'elements'   => array(
            'id' => array(
                 'type'    => 'hidden',
                 'value'   => $id,
            ),
            'submit' => array(
                'type'  => 'submit',
647
                'class' => 'btn-default',
648
649
650
651
652
                'value' => get_string('unsuspenduser','admin'),
            ),
        )
    );

653
654
    // Create two forms for unsuspension - one in the suspend message and the
    // other where the 'suspend' button normally goes. This keeps the HTML IDs
655
656
657
658
659
660
661
    // unique
    $suspendform  = pieform($suspendformdef);
    $suspendformdef['name'] = 'edituser_suspend2';
    $suspendformdef['successcallback'] = 'edituser_unsuspend_submit';
    $suspendform2 = pieform($suspendformdef);

    $suspender = display_name(get_record('usr', 'id', $suspended));
662
    $suspendedtime = format_date($user->get('suspendedctime'), 'strftimedate');
663
664
665
}

function edituser_suspend_submit(Pieform $form, $values) {
666
667
668
669
670
671
672
673
674
    global $SESSION, $USER, $user;
    if (!$USER->get('admin') && ($user->get('admin') || $user->get('staff'))) {
        $SESSION->add_error_msg(get_string('errorwhilesuspending', 'admin'));
    }
    else {
        suspend_user($user->get('id'), $values['reason']);
        $SESSION->add_ok_msg(get_string('usersuspended', 'admin'));
    }
    redirect('/admin/users/edit.php?id=' . $user->get('id'));
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
}

function edituser_unsuspend_submit(Pieform $form, $values) {
    global $SESSION;
    unsuspend_user($values['id']);
    $SESSION->add_ok_msg(get_string('userunsuspended', 'admin'));
    redirect('/admin/users/edit.php?id=' . $values['id']);
}

$deleteform = pieform(array(
    'name' => 'edituser_delete',
    'plugintype' => 'core',
    'pluginname' => 'admin',
    'renderer' => 'oneline',
    'elements'   => array(
        'id' => array(
            'type' => 'hidden',
            'value' => $id,
        ),
        'submit' => array(
695
696
            'type' => 'button',
            'usebuttontag' => true,
697
            'class' => 'btn-default',
698
            'value'          => '<span class="icon icon-trash icon-lg text-danger left" role="presentation" aria-hidden="true"></span><span>'. get_string('deleteuser', 'admin') . '</span>',
699
700
701
702
703
            'confirm' => get_string('confirmdeleteuser', 'admin'),
        ),
    ),
));

704
705
706
707
708
709
function edituser_delete_validate(Pieform $form, $values) {
    global $USER, $SESSION;
    if (!$USER->get('admin')) {
        $form->set_error('submit', get_string('deletefailed', 'admin'));
        $SESSION->add_error_msg(get_string('deletefailed', 'admin'));
    }
710
711
712
713
714
715
    // Check to see if there are any pending archives in the export_queue for this user.
    // We can't delete them if there are.
    if ($results = count_records('export_queue', 'usr', $values['id'])) {
        $form->set_error('submit', get_string('deletefailed', 'admin'));
        $SESSION->add_error_msg(get_string('exportqueuenotempty', 'export'));
    }
716
717
}

718
function edituser_delete_submit(Pieform $form, $values) {
719
720
721
722
723
    global $SESSION, $USER;
    if ($USER->get('admin')) {
        delete_user($values['id']);
        $SESSION->add_ok_msg(get_string('userdeletedsuccessfully', 'admin'));
    }
724
725
726
    redirect('/admin/users/search.php');
}

Richard Mansfield's avatar
Richard Mansfield committed
727

728
// Institution settings form
Richard Mansfield's avatar
Richard Mansfield committed
729
730
731
732
733
734
735
$elements = array(
    'id' => array(
         'type'    => 'hidden',
         'value'   => $id,
     ),
);

736
737
738
739
740
741
742
743
744
745
746
function is_institute_admin($institution) {
    return $institution->admin;
}

$institutions = $user->get('institutions');
if ( !$USER->get('admin') ) { // for institution admins
    $admin_institutions = $USER->get('institutions');
    $admin_institutions = array_filter($admin_institutions, "is_institute_admin");
    $institutions = array_intersect_key($institutions, $admin_institutions);
}

747
$allinstitutions = get_records_assoc('institution', '', '', 'displayname', 'name, displayname');
748
749
$institutionloop = 0;
$institutionlength = count($institutions);
750
foreach ($institutions as $i) {
751
752
    $elements[$i->institution.'_settings'] = array(
        'type' => 'fieldset',
753
754
755
        'legend' => get_string('institutionsettings', 'admin').' - '.$i->displayname,
        'collapsible'  => true,
        'collapsed'    => true,
756
757
758
        'elements' => array(
            $i->institution.'_expiry' => array(
                'type'         => 'date',
759
760
                'title'        => get_string('membershipexpiry', 'admin'),
                'description'  => get_string('membershipexpirydescription', 'admin'),
761
                'class'        => 'form-condensed',
762
763
                'minyear'      => $currentdate['year'],
                'maxyear'      => $currentdate['year'] + 20,
764
                'defaultvalue' => $i->membership_expiry
765
766
767
            ),
            $i->institution.'_studentid' => array(
                'type'         => 'text',
768
769
                'title'        => get_string('studentid', 'admin'),
                'description'  => get_string('institutionstudentiddescription', 'admin'),
770
771
                'defaultvalue' => $i->studentid,
            ),
772
            $i->institution.'_staff' => array(
773
                'type'         => 'switchbox',
774
775
                'title'        => get_string('institutionstaff','admin'),
                'defaultvalue' => $i->staff,
776
            ),
777
            $i->institution.'_admin' => array(
778
                'type'         => 'switchbox',
779
                'title'        => get_string('institutionadmin','admin'),
780
                'description'  => get_string('institutionadmindescription1','admin'),
781
782
783
784
785
                'defaultvalue' => $i->admin,
            ),
            $i->institution.'_submit' => array(
                'type'  => 'submit',
                'value' => get_string('update'),
786
                'class' => 'btn-primary'
787
            ),
788
789
            $i->institution.'_remove' => array(
                'type'  => 'submit',
790
                'class' => 'btn-default',
791
792
                'value' => get_string('removeuserfrominstitution', 'admin'),
                'confirm' => get_string('confirmremoveuserfrominstitution', 'admin'),
793
794
            )
        )
Richard Mansfield's avatar
Richard Mansfield committed
795
    );
796
    if ($institutionloop == $institutionlength - 1) {
797
        $elements[$i->institution.'_settings']['class'] = 'last';
798
799
    }
    $institutionloop++;
Richard Mansfield's avatar
Richard Mansfield committed
800
}
801

802
// Only site admins can add institutions; institutional admins must invite
803
if ($USER->get('admin')
804
805
806
807
808
809
810
811
    && (get_config('usersallowedmultipleinstitutions') || count($user->institutions) == 0)) {
    $options = array();
    foreach ($allinstitutions as $i) {
        if (!$user->in_institution($i->name) && $i->name != 'mahara') {
            $options[$i->name] = $i->displayname;
        }
    }
    if (!empty($options)) {
812
813
        $elements['addinstitutionheader'] = array(
            'type'  => 'markup',
814
            'value' => '<h4>' . get_string('addusertoinstitution', 'admin') . '</h4>',
815
        );
816
817
        $elements['addinstitution'] = array(
            'type'         => 'select',
818
            'title'        => get_string('institution'),
819
820
821
822
            'options'      => $options,
        );
        $elements['add'] = array(
            'type'  => 'submit',
823
            'class' => 'btn-primary',
824
            'value' => get_string('addusertoinstitution', 'admin'),
825
826
827
828
        );
    }
}

Richard Mansfield's avatar
Richard Mansfield committed
829
830
$institutionform = pieform(array(
    'name'       => 'edituser_institution',
Pat Kira's avatar
Pat Kira committed
831
    'renderer'   => 'div',
Richard Mansfield's avatar
Richard Mansfield committed
832
833
834
835
836
    'plugintype' => 'core',
    'pluginname' => 'admin',
    'elements'   => $elements,
));

837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
function edituser_institution_validate(Pieform $form, $values) {
    $user = new User;
    if (!$user->find_by_id($values['id'])) {
        return false;
    }
    global $USER;

    $userinstitutions = $user->get('institutions');
    if (isset($values['add']) && $USER->get('admin')
        && (empty($userinstitutions) || get_config('usersallowedmultipleinstitutions'))) {
        // check if the institution is full
        require_once(get_config('docroot') . 'lib/institution.php');
        $institution = new Institution($values['addinstitution']);
        if ($institution->isFull()) {
            $institution->send_admin_institution_is_full_message();
            $form->set_error(null,get_string('institutionmaxusersexceeded', 'admin'));
        }
    }
}

Richard Mansfield's avatar
Richard Mansfield committed
857
function edituser_institution_submit(Pieform $form, $values) {
858
859
    $user = new User;
    if (!$user->find_by_id($values['id'])) {
Richard Mansfield's avatar
Richard Mansfield committed
860
861
        return false;
    }
862
    $userinstitutions = $user->get('institutions');
Richard Mansfield's avatar
Richard Mansfield committed
863

864
    global $USER, $SESSION;
865
    foreach ($userinstitutions as $i) {
Richard Mansfield's avatar
Richard Mansfield committed
866
        if ($USER->can_edit_institution($i->institution)) {
867
868
869
870
            if (isset($values[$i->institution.'_submit'])) {
                $newuser = (object) array(
                    'usr'         => $user->id,
                    'institution' => $i->institution,
871
                    'ctime'       => db_format_timestamp($i->ctime),
872
                    'studentid'   => $values[$i->institution . '_studentid'],
873
                    'staff'       => (int) ($values[$i->institution . '_staff'] == 'on'),
874
875
876
877
878
879
880
881
                    'admin'       => (int) ($values[$i->institution . '_admin'] == 'on'),
                );
                if ($values[$i->institution . '_expiry']) {
                    $newuser->expiry = db_format_timestamp($values[$i->institution . '_expiry']);
                }
                db_begin();
                delete_records('usr_institution', 'usr', $user->id, 'institution', $i->institution);
                insert_record('usr_institution', $newuser);
882
883
884
                if ($newuser->admin) {
                    activity_add_admin_defaults(array($user->id));
                }
885
886
                handle_event('updateuser', $user->id);
                db_commit();
887
                $SESSION->add_ok_msg(get_string('userinstitutionupdated', 'admin', $i->displayname));
888
                break;
889
890
            }
            else if (isset($values[$i->institution.'_remove'])) {
891
892
                if ($user->id == $USER->id) {
                    $USER->leave_institution($i->institution);
893
894
                }
                else {
895
896
                    $user->leave_institution($i->institution);
                }
897
                $SESSION->add_ok_msg(get_string('userinstitutionremoved', 'admin', $i->displayname));
898
899
900
901
                // Institutional admins can no longer access this page
                // if they remove the user from the institution, so
                // send them back to user search.
                if (!$USER->get('admin')) {
902
903
904
                    if (!$USER->is_institutional_admin()) {
                        redirect(get_config('wwwroot'));
                    }
905
906
907
908
909
                    redirect('/admin/users/search.php');
                }
                break;
            }
        }
910
911
    }

912
913
    if (isset($values['add']) && $USER->get('admin')
        && (empty($userinstitutions) || get_config('usersallowedmultipleinstitutions'))) {
914
915
916
        if ($user->id == $USER->id) {
            $USER->join_institution($values['addinstitution']);
            $USER->commit();
917
            $userinstitutions = $USER->get('institutions');
918
919
920
        }
        else {
            $user->join_institution($values['addinstitution']);
921
            $userinstitutions = $user->get('institutions');
922
        }
923
        $SESSION->add_ok_msg(get_string('userinstitutionjoined', 'admin', $userinstitutions[$values['addinstitution']]->displayname));
Richard Mansfield's avatar
Richard Mansfield committed
924
925
926
927
    }

    redirect('/admin/users/edit.php?id='.$user->id);
}
928
929
930

$smarty = smarty();
$smarty->assign('user', $user);
931
932
$smarty->assign('suspended', $suspended);
if ($suspended) {
933
    $smarty->assign('suspendedby', get_string('suspendedinfo', 'admin', $suspender, $suspendedtime));
934
}
935
$smarty->assign('suspendform', $suspendform);
936
937
938
939
if (isset($suspendform2)) {
    $smarty->assign('suspendform2', $suspendform2);
}
$smarty->assign('deleteform', $deleteform);
Richard Mansfield's avatar
Richard Mansfield committed
940
$smarty->assign('siteform', $siteform);
941
$smarty->assign('institutions', count($allinstitutions) > 1);
Richard Mansfield's avatar
Richard Mansfield committed
942
$smarty->assign('institutionform', $institutionform);
Richard Mansfield's avatar
Richard Mansfield committed
943

944
$smarty->assign('loginas', $id != $USER->get('id') && is_null($USER->get('parentuser')));
945
946
$smarty->assign('PAGEHEADING', display_name($user));
$smarty->assign('SUBSECTIONHEADING', TITLE);
947
948
949
950
951
952
953
954
955

# Only allow deletion and suspension of a user if the viewed user is not
# the current user; or if they are the current user, they're not the only
# admin
if ($id != $USER->get('id') || count_records('usr', 'admin', 1, 'deleted', 0) > 1) {
    $smarty->assign('suspendable', ($USER->get('admin') || !$user->get('admin') && !$user->get('staff')));
    $smarty->assign('deletable', $USER->get('admin'));
}

956
$smarty->display('admin/users/edit.tpl');