user_edit.php 6.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. // including necessary libraries
  4. $cidReset = true;
  5. require_once __DIR__.'/../inc/global.inc.php';
  6. // user permissions
  7. api_block_anonymous_users();
  8. if (!api_is_platform_admin()) {
  9. if (!api_is_drh()) {
  10. api_not_allowed(true);
  11. }
  12. } else {
  13. api_protect_admin_script();
  14. }
  15. $userId = isset($_REQUEST['user_id']) ? intval($_REQUEST['user_id']) : '';
  16. $userInfo = api_get_user_info($userId);
  17. if (empty($userInfo)) {
  18. api_not_allowed(true);
  19. }
  20. $userIsFollowed = UserManager::is_user_followed_by_drh($userId, api_get_user_id());
  21. if (api_drh_can_access_all_session_content()) {
  22. $students = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus(
  23. 'drh_all',
  24. api_get_user_id(),
  25. false,
  26. 0, //$from,
  27. null, //$limit,
  28. null, //$column,
  29. 'desc', //$direction,
  30. null, //$keyword,
  31. null, //$active,
  32. null, //$lastConnectionDate,
  33. null,
  34. null,
  35. STUDENT
  36. );
  37. if (empty($students)) {
  38. api_not_allowed(true);
  39. }
  40. $userIdList = [];
  41. foreach ($students as $student) {
  42. $userIdList[] = $student['user_id'];
  43. }
  44. if (!in_array($userId, $userIdList)) {
  45. api_not_allowed(true);
  46. }
  47. } else {
  48. if (!api_is_platform_admin() && !$userIsFollowed) {
  49. api_not_allowed(true);
  50. }
  51. }
  52. $url = api_get_self().'?user_id='.$userId;
  53. $tool_name = get_lang('Edit user information');
  54. // Create the form
  55. $form = new FormValidator('user_edit', 'post', $url);
  56. // Username
  57. $usernameInput = $form->addElement('text', 'username', get_lang('Login'));
  58. $usernameInput->freeze();
  59. // Password
  60. $group = [];
  61. $auth_sources = 0; //make available wider as we need it in case of form reset (see below)
  62. $group[] = &$form->createElement('radio', 'password_auto', get_lang('Password'), get_lang('Automatically generate a new password').'<br />', 1);
  63. $group[] = &$form->createElement('radio', 'password_auto', 'id="radio_user_password"', null, 0);
  64. $group[] = &$form->createElement('password', 'password', null, ['onkeydown' => 'javascript: password_switch_radio_button(document.user_add,"password[password_auto]");']);
  65. $form->addGroup($group, 'password', get_lang('Password'));
  66. // Send email
  67. $group = [];
  68. $group[] = &$form->createElement('radio', 'send_mail', null, get_lang('Yes'), 1);
  69. $group[] = &$form->createElement('radio', 'send_mail', null, get_lang('No'), 0);
  70. $form->addGroup($group, 'mail', get_lang('Send mail to new user'));
  71. // Set default values
  72. $defaults = [];
  73. $defaults['username'] = $userInfo['username'];
  74. $defaults['mail']['send_mail'] = 0;
  75. $defaults['password']['password_auto'] = 1;
  76. $form->setDefaults($defaults);
  77. // Submit button
  78. $select_level = [];
  79. $html_results_enabled[] = $form->addButtonUpdate(get_lang('Update'), 'submit', true);
  80. $form->addGroup($html_results_enabled);
  81. // Validate form
  82. if ($form->validate()) {
  83. $check = Security::check_token('post');
  84. if ($check) {
  85. $user = $form->exportValues();
  86. $email = $userInfo['email'];
  87. $username = $userInfo['username'];
  88. $send_mail = intval($user['mail']['send_mail']);
  89. $auth_source = PLATFORM_AUTH_SOURCE;
  90. $resetPassword = $user['password']['password_auto'] == '1' ? 0 : 2;
  91. $auth_source = $userInfo['auth_source'];
  92. $password = $user['password']['password_auto'] == '1' ? api_generate_password() : $user['password']['password'];
  93. UserManager::update_user(
  94. $userId,
  95. $userInfo['firstname'],
  96. $userInfo['lastname'],
  97. $userInfo['username'],
  98. $password,
  99. $auth_source,
  100. $userInfo['email'],
  101. $userInfo['status'],
  102. $userInfo['official_code'],
  103. $userInfo['phone'],
  104. $userInfo['picture_uri'],
  105. $userInfo['expiration_date'],
  106. $userInfo['active'],
  107. $userInfo['creator_id'],
  108. $userInfo['hr_dept_id'],
  109. null, //$extra =
  110. $userInfo['language'],
  111. null, //$encrypt_method
  112. false,
  113. $resetPassword
  114. );
  115. if (!empty($email) && $send_mail) {
  116. $emailsubject = '['.api_get_setting('siteName').'] '.get_lang('Your registration on').' '.api_get_setting('siteName');
  117. $portal_url = api_get_path(WEB_PATH);
  118. if (api_is_multiple_url_enabled()) {
  119. $access_url_id = api_get_current_access_url_id();
  120. if ($access_url_id != -1) {
  121. $url = api_get_access_url($access_url_id);
  122. $portal_url = $url['url'];
  123. }
  124. }
  125. $emailbody = get_lang('Dear')." ".stripslashes(api_get_person_name($userInfo['firstname'], $userInfo['lastname'])).",\n\n".
  126. get_lang('You are registered to')." ".api_get_setting('siteName')." ".get_lang('with the following settings:')."\n\n".
  127. get_lang('Username')." : ".$username."\n".get_lang('Pass')." : ".stripslashes($password)."\n\n".
  128. get_lang('The address of')." ".api_get_setting('siteName')." ".
  129. get_lang('is')." : ".$portal_url."\n\n".
  130. get_lang('In case of trouble, contact us.')."\n\n".
  131. get_lang('Sincerely').",\n\n".
  132. api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'))."\n".
  133. get_lang('Administrator')." ".
  134. api_get_setting('siteName')."\nT. ".
  135. api_get_setting('administratorTelephone')."\n".
  136. get_lang('e-mail')." : ".api_get_setting('emailAdministrator');
  137. $emailbody = nl2br($emailbody);
  138. api_mail_html(
  139. api_get_person_name($userInfo['firstname'], $userInfo['lastname'], null, PERSON_NAME_EMAIL_ADDRESS),
  140. $email,
  141. $emailsubject,
  142. $emailbody
  143. );
  144. }
  145. Security::clear_token();
  146. $tok = Security::get_token();
  147. header('Location: '.$url.'&message=1');
  148. exit();
  149. }
  150. } else {
  151. if (isset($_POST['submit'])) {
  152. Security::clear_token();
  153. }
  154. $token = Security::get_token();
  155. $form->addElement('hidden', 'sec_token');
  156. $form->setConstants(['sec_token' => $token]);
  157. }
  158. $interbreadcrumb[] = [
  159. 'url' => api_get_path(WEB_CODE_PATH)."mySpace/student.php",
  160. "name" => get_lang('User list'),
  161. ];
  162. if (isset($_REQUEST['message'])) {
  163. Display::addFlash(Display::return_message(get_lang('Update successful'), 'normal'));
  164. }
  165. Display::display_header($tool_name);
  166. // Display form
  167. $form->display();
  168. Display::display_footer();