user_add.php 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. /**
  4. * @package chamilo.admin
  5. */
  6. $cidReset = true;
  7. // Including necessary libraries.
  8. require_once __DIR__.'/../inc/global.inc.php';
  9. // Section for the tabs
  10. $this_section = SECTION_PLATFORM_ADMIN;
  11. // User permissions
  12. api_protect_admin_script(true);
  13. api_protect_limit_for_session_admin();
  14. $is_platform_admin = api_is_platform_admin() ? 1 : 0;
  15. $message = null;
  16. $htmlHeadXtra[] = api_get_password_checker_js('#username', '#password');
  17. $htmlHeadXtra[] = api_get_css_asset('cropper/dist/cropper.min.css');
  18. $htmlHeadXtra[] = api_get_asset('cropper/dist/cropper.min.js');
  19. $htmlHeadXtra[] = '
  20. <script>
  21. $("#status_select").ready(function() {
  22. if ($(this).attr("value") != '.STUDENT.') {
  23. $("#id_platform_admin").hide();
  24. }
  25. });
  26. function enable_expiration_date() { //v2.0
  27. document.user_add.radio_expiration_date[0].checked=false;
  28. document.user_add.radio_expiration_date[1].checked=true;
  29. }
  30. function password_switch_radio_button() {
  31. var input_elements = document.getElementsByTagName("input");
  32. for (var i = 0; i < input_elements.length; i++) {
  33. if (input_elements.item(i).name == "password[password_auto]" && input_elements.item(i).value == "0") {
  34. input_elements.item(i).checked = true;
  35. }
  36. }
  37. }
  38. var is_platform_id = "'.$is_platform_admin.'";
  39. function display_drh_list(){
  40. if (document.getElementById("status_select").value=='.STUDENT.') {
  41. document.getElementById("drh_list").style.display="block";
  42. if (is_platform_id == 1)
  43. document.getElementById("id_platform_admin").style.display="none";
  44. } else if (document.getElementById("status_select").value=='.COURSEMANAGER.') {
  45. document.getElementById("drh_list").style.display="none";
  46. if (is_platform_id == 1)
  47. document.getElementById("id_platform_admin").style.display="block";
  48. } else {
  49. document.getElementById("drh_list").style.display="none";
  50. if (is_platform_id == 1)
  51. document.getElementById("id_platform_admin").style.display="none";
  52. }
  53. }
  54. </script>';
  55. if (!empty($_GET['message'])) {
  56. $message = urldecode($_GET['message']);
  57. }
  58. $interbreadcrumb[] = ['url' => 'index.php', 'name' => get_lang('PlatformAdmin')];
  59. $interbreadcrumb[] = ["url" => 'user_list.php', "name" => get_lang('UserList')];
  60. $tool_name = get_lang('AddUsers');
  61. // Create the form
  62. $form = new FormValidator('user_add');
  63. $form->addElement('header', '', $tool_name);
  64. if (api_is_western_name_order()) {
  65. // Firstname
  66. $form->addElement(
  67. 'text',
  68. 'firstname',
  69. get_lang('FirstName'),
  70. [
  71. 'id' => 'firstname',
  72. ]
  73. );
  74. $form->applyFilter('firstname', 'html_filter');
  75. $form->applyFilter('firstname', 'trim');
  76. $form->addRule('firstname', get_lang('ThisFieldIsRequired'), 'required');
  77. // Lastname
  78. $form->addElement(
  79. 'text',
  80. 'lastname',
  81. get_lang('LastName'),
  82. [
  83. 'id' => 'lastname',
  84. ]
  85. );
  86. $form->applyFilter('lastname', 'html_filter');
  87. $form->applyFilter('lastname', 'trim');
  88. $form->addRule('lastname', get_lang('ThisFieldIsRequired'), 'required');
  89. } else {
  90. // Lastname
  91. $form->addElement(
  92. 'text',
  93. 'lastname',
  94. get_lang('LastName'),
  95. [
  96. 'id' => 'lastname',
  97. ]
  98. );
  99. $form->applyFilter('lastname', 'html_filter');
  100. $form->applyFilter('lastname', 'trim');
  101. $form->addRule('lastname', get_lang('ThisFieldIsRequired'), 'required');
  102. // Firstname
  103. $form->addElement(
  104. 'text',
  105. 'firstname',
  106. get_lang('FirstName'),
  107. [
  108. 'id' => 'firstname',
  109. ]
  110. );
  111. $form->applyFilter('firstname', 'html_filter');
  112. $form->applyFilter('firstname', 'trim');
  113. $form->addRule('firstname', get_lang('ThisFieldIsRequired'), 'required');
  114. }
  115. // Official code
  116. $form->addElement(
  117. 'text',
  118. 'official_code',
  119. get_lang('OfficialCode'),
  120. [
  121. 'size' => '40',
  122. 'id' => 'official_code',
  123. ]
  124. );
  125. $form->applyFilter('official_code', 'html_filter');
  126. $form->applyFilter('official_code', 'trim');
  127. // Email
  128. $form->addElement('text', 'email', get_lang('Email'), ['size' => '40', 'autocomplete' => 'off', 'id' => 'email']);
  129. $form->addRule('email', get_lang('EmailWrong'), 'email');
  130. if (api_get_setting('registration', 'email') == 'true') {
  131. $form->addRule('email', get_lang('EmailWrong'), 'required');
  132. }
  133. if (api_get_setting('login_is_email') == 'true') {
  134. $form->addRule('email', sprintf(get_lang('UsernameMaxXCharacters'), (string) USERNAME_MAX_LENGTH), 'maxlength', USERNAME_MAX_LENGTH);
  135. $form->addRule('email', get_lang('UserTaken'), 'username_available');
  136. }
  137. // Phone
  138. $form->addElement('text', 'phone', get_lang('PhoneNumber'), ['autocomplete' => 'off', 'id' => 'phone']);
  139. // Picture
  140. $form->addFile(
  141. 'picture',
  142. get_lang('AddImage'),
  143. ['id' => 'picture', 'class' => 'picture-form', 'crop_image' => true, 'crop_ratio' => '1 / 1']
  144. );
  145. $allowed_picture_types = api_get_supported_image_extensions(false);
  146. $form->addRule('picture', get_lang('OnlyImagesAllowed').' ('.implode(',', $allowed_picture_types).')', 'filetype', $allowed_picture_types);
  147. // Username
  148. if (api_get_setting('login_is_email') != 'true') {
  149. $form->addElement('text', 'username', get_lang('LoginName'), ['id' => 'username', 'maxlength' => USERNAME_MAX_LENGTH, 'autocomplete' => 'off']);
  150. $form->addRule('username', get_lang('ThisFieldIsRequired'), 'required');
  151. $form->addRule('username', sprintf(get_lang('UsernameMaxXCharacters'), (string) USERNAME_MAX_LENGTH), 'maxlength', USERNAME_MAX_LENGTH);
  152. $form->addRule('username', get_lang('OnlyLettersAndNumbersAllowed'), 'username');
  153. $form->addRule('username', get_lang('UserTaken'), 'username_available');
  154. }
  155. // Password
  156. $group = [];
  157. $auth_sources = 0; //make available wider as we need it in case of form reset (see below)
  158. $nb_ext_auth_source_added = 0;
  159. if (isset($extAuthSource) && count($extAuthSource) > 0) {
  160. $auth_sources = [];
  161. foreach ($extAuthSource as $key => $info) {
  162. // @todo : make uniform external authentification configuration (ex : cas and external_login ldap)
  163. // Special case for CAS. CAS is activated from Chamilo > Administration > Configuration > CAS
  164. // extAuthSource always on for CAS even if not activated
  165. // same action for file user_edit.php
  166. if (($key == CAS_AUTH_SOURCE && api_get_setting('cas_activate') === 'true') || ($key != CAS_AUTH_SOURCE)) {
  167. $auth_sources[$key] = $key;
  168. $nb_ext_auth_source_added++;
  169. }
  170. }
  171. if ($nb_ext_auth_source_added > 0) {
  172. $group[] = $form->createElement('radio', 'password_auto', null, get_lang('ExternalAuthentication').' ', 2);
  173. $group[] = $form->createElement('select', 'auth_source', null, $auth_sources);
  174. $group[] = $form->createElement('static', '', '', '<br />');
  175. }
  176. }
  177. $group[] = $form->createElement(
  178. 'radio',
  179. 'password_auto',
  180. get_lang('Password'),
  181. get_lang('AutoGeneratePassword').'<br />',
  182. 1
  183. );
  184. $group[] = $form->createElement(
  185. 'radio',
  186. 'password_auto',
  187. 'id="radio_user_password"',
  188. get_lang('EnterPassword'),
  189. 0
  190. );
  191. $group[] = $form->createElement(
  192. 'password',
  193. 'password',
  194. null,
  195. [
  196. 'id' => 'password',
  197. 'autocomplete' => 'off',
  198. 'onkeydown' => 'javascript: password_switch_radio_button();',
  199. //'required' => 'required'
  200. ]
  201. );
  202. $form->addGroup($group, 'password', get_lang('Password'));
  203. $form->addPasswordRule('password', 'password');
  204. $form->addGroupRule('password', get_lang('EnterPassword'), 'required', null, 1);
  205. // Status
  206. $status = [];
  207. $status[COURSEMANAGER] = get_lang('Teacher');
  208. $status[STUDENT] = get_lang('Learner');
  209. $status[DRH] = get_lang('Drh');
  210. $status[SESSIONADMIN] = get_lang('SessionsAdmin');
  211. $status[STUDENT_BOSS] = get_lang('RoleStudentBoss');
  212. $status[INVITEE] = get_lang('Invitee');
  213. $form->addElement(
  214. 'select',
  215. 'status',
  216. get_lang('Profile'),
  217. $status,
  218. [
  219. 'id' => 'status_select',
  220. 'onchange' => 'javascript: display_drh_list();',
  221. ]
  222. );
  223. //drh list (display only if student)
  224. $display = (isset($_POST['status']) && $_POST['status'] == STUDENT) || !isset($_POST['status']) ? 'block' : 'none';
  225. //@todo remove the drh list here. This code is unused
  226. $form->addElement('html', '<div id="drh_list" style="display:'.$display.';">');
  227. if (isset($drh_list) && is_array($drh_list)) {
  228. foreach ($drh_list as $drh) {
  229. $drh_select->addOption(
  230. api_get_person_name($drh['firstname'], $drh['lastname']),
  231. $drh['user_id']
  232. );
  233. }
  234. }
  235. $form->addElement('html', '</div>');
  236. if (api_is_platform_admin()) {
  237. // Platform admin
  238. $group = [];
  239. $group[] = $form->createElement('radio', 'platform_admin', 'id="id_platform_admin"', get_lang('Yes'), 1);
  240. $group[] = $form->createElement('radio', 'platform_admin', 'id="id_platform_admin"', get_lang('No'), 0);
  241. $form->addElement('html', '<div id="id_platform_admin" style="display:'.$display.';">');
  242. $form->addGroup($group, 'admin', get_lang('PlatformAdmin'));
  243. $form->addElement('html', '</div>');
  244. }
  245. $form->addSelectLanguage('language', get_lang('Language'), null);
  246. // Send email
  247. $group = [];
  248. $group[] = $form->createElement('radio', 'send_mail', null, get_lang('Yes'), 1);
  249. $group[] = $form->createElement('radio', 'send_mail', null, get_lang('No'), 0);
  250. $form->addGroup($group, 'mail', get_lang('SendMailToNewUser'));
  251. // Expiration Date
  252. $form->addElement('radio', 'radio_expiration_date', get_lang('ExpirationDate'), get_lang('NeverExpires'), 0);
  253. $group = [];
  254. $group[] = $form->createElement('radio', 'radio_expiration_date', null, get_lang('Enabled'), 1);
  255. $group[] = $form->createElement(
  256. 'DateTimePicker',
  257. 'expiration_date',
  258. null,
  259. [
  260. 'onchange' => 'javascript: enable_expiration_date();',
  261. ]
  262. );
  263. $form->addGroup($group, 'max_member_group', null, null, false);
  264. // Active account or inactive account
  265. $form->addElement('radio', 'active', get_lang('ActiveAccount'), get_lang('Active'), 1);
  266. $form->addElement('radio', 'active', '', get_lang('Inactive'), 0);
  267. $extraField = new ExtraField('user');
  268. $returnParams = $extraField->addElements(
  269. $form,
  270. null,
  271. [],
  272. false,
  273. false,
  274. [],
  275. [],
  276. [],
  277. false,
  278. true
  279. );
  280. $allowEmailTemplate = api_get_configuration_value('mail_template_system');
  281. if ($allowEmailTemplate) {
  282. $form->addEmailTemplate(
  283. [
  284. 'subject_registration_platform.tpl',
  285. 'content_registration_platform.tpl',
  286. 'new_user_first_email_confirmation.tpl',
  287. 'new_user_second_email_confirmation.tpl',
  288. ]
  289. );
  290. }
  291. $jquery_ready_content = $returnParams['jquery_ready_content'];
  292. // the $jquery_ready_content variable collects all functions that will be load in the $(document).ready javascript function
  293. $htmlHeadXtra[] = '<script>
  294. $(document).ready(function(){
  295. '.$jquery_ready_content.'
  296. });
  297. </script>';
  298. // Set default values
  299. $defaults['admin']['platform_admin'] = 0;
  300. $defaults['mail']['send_mail'] = 1;
  301. $defaults['password']['password_auto'] = 1;
  302. $defaults['active'] = 1;
  303. $days = api_get_setting('account_valid_duration');
  304. $defaults['expiration_date'] = api_get_local_time('+'.$days.' day');
  305. $defaults['extra_mail_notify_invitation'] = 1;
  306. $defaults['extra_mail_notify_message'] = 1;
  307. $defaults['extra_mail_notify_group_message'] = 1;
  308. $defaults['radio_expiration_date'] = 0;
  309. $defaults['status'] = STUDENT;
  310. $form->setDefaults($defaults);
  311. // Submit button
  312. $html_results_enabled[] = $form->createElement('button', 'submit', get_lang('Add'), 'plus', 'primary');
  313. $html_results_enabled[] = $form->createElement('button', 'submit_plus', get_lang('Add').'+', 'plus', 'primary');
  314. $form->addGroup($html_results_enabled);
  315. // Validate form
  316. if ($form->validate()) {
  317. $check = Security::check_token('post');
  318. if ($check) {
  319. $user = $form->exportValues();
  320. $lastname = $user['lastname'];
  321. $firstname = $user['firstname'];
  322. $official_code = $user['official_code'];
  323. $email = $user['email'];
  324. $phone = $user['phone'];
  325. $username = $user['username'];
  326. $status = (int) $user['status'];
  327. $language = $user['language'];
  328. $picture = $_FILES['picture'];
  329. $platform_admin = (int) $user['admin']['platform_admin'];
  330. $send_mail = (int) $user['mail']['send_mail'];
  331. $hr_dept_id = isset($user['hr_dept_id']) ? (int) $user['hr_dept_id'] : 0;
  332. if (isset($extAuthSource) && count($extAuthSource) > 0 &&
  333. $user['password']['password_auto'] == '2'
  334. ) {
  335. $auth_source = $user['password']['auth_source'];
  336. $password = 'PLACEHOLDER';
  337. } else {
  338. $auth_source = PLATFORM_AUTH_SOURCE;
  339. $password = $user['password']['password_auto'] == '1' ? api_generate_password() : $user['password']['password'];
  340. }
  341. if ($user['radio_expiration_date'] == '1') {
  342. $expiration_date = $user['expiration_date'];
  343. } else {
  344. $expiration_date = null;
  345. }
  346. $active = (int) $user['active'];
  347. if (api_get_setting('login_is_email') == 'true') {
  348. $username = $email;
  349. }
  350. $extra = [];
  351. foreach ($user as $key => $value) {
  352. if (substr($key, 0, 6) == 'extra_') {
  353. // An extra field
  354. $extra[substr($key, 6)] = $value;
  355. }
  356. }
  357. $template = isset($user['email_template_option']) ? $user['email_template_option'] : [];
  358. $user_id = UserManager::create_user(
  359. $firstname,
  360. $lastname,
  361. $status,
  362. $email,
  363. $username,
  364. $password,
  365. $official_code,
  366. $language,
  367. $phone,
  368. null,
  369. $auth_source,
  370. $expiration_date,
  371. $active,
  372. $hr_dept_id,
  373. $extra,
  374. null,
  375. $send_mail,
  376. $platform_admin,
  377. '',
  378. false,
  379. null,
  380. 0,
  381. $template
  382. );
  383. Security::clear_token();
  384. $tok = Security::get_token();
  385. if (!empty($user_id)) {
  386. if (!empty($picture['name'])) {
  387. $picture_uri = UserManager::update_user_picture(
  388. $user_id,
  389. $_FILES['picture']['name'],
  390. $_FILES['picture']['tmp_name'],
  391. $user['picture_crop_result']
  392. );
  393. UserManager::update_user(
  394. $user_id,
  395. $firstname,
  396. $lastname,
  397. $username,
  398. $password,
  399. $auth_source,
  400. $email,
  401. $status,
  402. $official_code,
  403. $phone,
  404. $picture_uri,
  405. $expiration_date,
  406. $active,
  407. null,
  408. $hr_dept_id,
  409. null,
  410. $language
  411. );
  412. }
  413. $extraFieldValues = new ExtraFieldValue('user');
  414. $user['item_id'] = $user_id;
  415. $extraFieldValues->saveFieldValues($user);
  416. $message = get_lang('UserAdded').': '.
  417. Display::url(
  418. api_get_person_name($firstname, $lastname),
  419. api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id
  420. );
  421. }
  422. Display::addFlash(Display::return_message($message, 'normal', false));
  423. if (isset($_POST['submit_plus'])) {
  424. //we want to add more. Prepare report message and redirect to the same page (to clean the form)
  425. header('Location: user_add.php?sec_token='.$tok);
  426. exit;
  427. } else {
  428. $tok = Security::get_token();
  429. header('Location: user_list.php?sec_token='.$tok);
  430. exit;
  431. }
  432. }
  433. } else {
  434. if (isset($_POST['submit'])) {
  435. Security::clear_token();
  436. }
  437. $token = Security::get_token();
  438. $form->addElement('hidden', 'sec_token');
  439. $form->setConstants(['sec_token' => $token]);
  440. }
  441. if (!empty($message)) {
  442. $message = Display::return_message(stripslashes($message));
  443. }
  444. $content = $form->returnForm();
  445. $tpl = new Template($tool_name);
  446. $tpl->assign('message', $message);
  447. $tpl->assign('content', $content);
  448. $tpl->display_one_col_template();