Merge "Add verification to username change on admin page"

htdocs/admin/users/add.php

@@ -88,7 +88,10 @@ $elements = array(
     'username' => array(
         'type' => 'text',
         'title' => get_string('username'),
-        'rules' => array('required' => true),
+        'rules' => array(
+            'required' => true,
+            'maxlength' => 236,
+        ),
     ),
     'password' => array(
         'type' => 'text',
@@ -172,8 +175,15 @@ function adduser_validate(Pieform $form, $values) {
     $email     = $values['email'];
     $password  = $values['password'];
 
-    if (method_exists($authobj, 'is_username_valid') && !$authobj->is_username_valid($username)) {
-        $form->set_error('username', get_string('usernameinvalidform', 'auth.internal'));
+    if (method_exists($authobj, 'is_username_valid_admin')) {
+        if (!$authobj->is_username_valid_admin($username)) {
+            $form->set_error('username', get_string('usernameinvalidadminform', 'auth.internal'));
+        }
+    }
+    else if (method_exists($authobj, 'is_username_valid')) {
+        if (!$authobj->is_username_valid($username)) {
+            $form->set_error('username', get_string('usernameinvalidform', 'auth.internal'));
+        }
     }
     if (!$form->get_error('username') && record_exists_select('usr', 'LOWER(username) = ?', strtolower($username))) {
         $form->set_error('username', get_string('usernamealreadytaken', 'auth.internal'));

htdocs/admin/users/edit.php

@@ -61,6 +61,9 @@ if (method_exists($authobj, 'change_username')) {
         'title'        => get_string('changeusername', 'admin'),
         'description'  => get_string('changeusernamedescription', 'admin'),
         'defaultvalue' => $user->username,
+        'rules' => array(
+            'maxlength' => 236,
+         ),
     );
 }
 
@@ -184,6 +187,40 @@ function edituser_site_validate(Pieform $form, $values) {
         $SESSION->add_error_msg(get_string('maxquotaexceeded', 'artefact.file', display_size($maxquota)));
     }
 
+    $userobj = new User();
+    $userobj = $userobj->find_by_id($user->id);
+
+    if (isset($values['username']) && !empty($values['username']) && $values['username'] != $userobj->username) {
+
+        if (!isset($values['authinstance'])) {
+            $authobj = AuthFactory::create($userobj->authinstance);
+        }
+        else {
+            $authobj = AuthFactory::create($values['authinstance']);
+        }
+
+        if (method_exists($authobj, 'change_username')) {
+
+            if (method_exists($authobj, 'is_username_valid_admin')) {
+                if (!$authobj->is_username_valid_admin($values['username'])) {
+                    $form->set_error('username', get_string('usernameinvalidadminform', 'auth.internal'));
+                }
+            }
+            else if (method_exists($authobj, 'is_username_valid')) {
+                if (!$authobj->is_username_valid($values['username'])) {
+                    $form->set_error('username', get_string('usernameinvalidform', 'auth.internal'));
+                }
+            }
+
+            if (!$form->get_error('username') && record_exists_select('usr', 'LOWER(username) = ?', strtolower($values['username']))) {
+                $form->set_error('username', get_string('usernamealreadytaken', 'auth.internal'));
+            }
+        }
+        else {
+            $form->set_error('username', get_string('usernamechangenotallowed', 'admin'));
+        }
+    }
+
     // Check that the external username isn't already in use
     if (isset($values['remoteusername']) &&
         $usedby = get_record_select('auth_remote_user',

htdocs/admin/users/uploadcsv.php

@@ -208,8 +208,15 @@ function uploadcsv_validate(Pieform $form, $values) {
 
         $authobj = AuthFactory::create($authinstance);
 
-        if (method_exists($authobj, 'is_username_valid') && !$authobj->is_username_valid($username)) {
-            $CSVERRORS[] = get_string('uploadcsverrorinvalidusername', 'admin', $i);
+        if (method_exists($authobj, 'is_username_valid_admin')) {
+            if (!$authobj->is_username_valid_admin($username)) {
+                $CSVERRORS[] = get_string('uploadcsverrorinvalidusername', 'admin', $i);
+            }
+        }
+        else if (method_exists($authobj, 'is_username_valid')) {
+            if (!$authobj->is_username_valid($username)) {
+                $CSVERRORS[] = get_string('uploadcsverrorinvalidusername', 'admin', $i);
+            }
         }
         if (record_exists_select('usr', 'LOWER(username) = ?', strtolower($username)) || isset($usernames[strtolower($username)])) {
             $CSVERRORS[] = get_string('uploadcsverroruseralreadyexists', 'admin', $i, $username);

htdocs/auth/internal/lang/en.utf8/auth.internal.php

@@ -63,4 +63,5 @@ $string['registrationnosuchkey'] = 'Sorry, there does not seem to be a registrat
 $string['registrationunsuccessful'] = 'Sorry, your registration attempt was unsuccessful. This is our fault, not yours. Please try again later.';
 $string['usernamealreadytaken'] = 'Sorry, this username is already taken';
 $string['usernameinvalidform'] = 'Usernames may contain letters, numbers and most common symbols, and must be from 3 to 30 characters in length.  Spaces are not allowed.';
+$string['usernameinvalidadminform'] = 'Usernames may contain letters, numbers and most common symbols, and must be from 3 to 236 characters in length.  Spaces are not allowed.';
 $string['youmaynotregisterwithouttandc'] = 'You may not register unless you agree to abide by the <a href="terms.php">Terms and Conditions</a>';