PageRenderTime 25ms CodeModel.GetById 5ms RepoModel.GetById 0ms app.codeStats 0ms

/admin/user.php

https://bitbucket.org/kudutest1/moodlegit
PHP | 391 lines | 323 code | 55 blank | 13 comment | 103 complexity | e8cc719001992a6ed9a44e4d25e7b28c MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3.     require_once('../config.php');
    4. 

  4.     require_once($CFG->libdir.'/adminlib.php');
    5. 

  5.     require_once($CFG->libdir.'/authlib.php');
    6. 

  6.     require_once($CFG->dirroot.'/user/filters/lib.php');
    7. 

  7. 

  8.     $delete       = optional_param('delete', 0, PARAM_INT);
    9. 

  9.     $confirm      = optional_param('confirm', '', PARAM_ALPHANUM);   //md5 confirmation hash
    10. 

  10.     $confirmuser  = optional_param('confirmuser', 0, PARAM_INT);
    11. 

  11.     $sort         = optional_param('sort', 'name', PARAM_ALPHANUM);
    12. 

  12.     $dir          = optional_param('dir', 'ASC', PARAM_ALPHA);
    13. 

  13.     $page         = optional_param('page', 0, PARAM_INT);
    14. 

  14.     $perpage      = optional_param('perpage', 30, PARAM_INT);        // how many per page
    15. 

  15.     $ru           = optional_param('ru', '2', PARAM_INT);            // show remote users
    16. 

  16.     $lu           = optional_param('lu', '2', PARAM_INT);            // show local users
    17. 

  17.     $acl          = optional_param('acl', '0', PARAM_INT);           // id of user to tweak mnet ACL (requires $access)
    18. 

  18.     $suspend      = optional_param('suspend', 0, PARAM_INT);
    19. 

  19.     $unsuspend    = optional_param('unsuspend', 0, PARAM_INT);
    20. 

  20.     $unlock       = optional_param('unlock', 0, PARAM_INT);
    21. 

  21. 

  22.     admin_externalpage_setup('editusers');
    23. 

  23. 

  24.     $sitecontext = context_system::instance();
    25. 

  25.     $site = get_site();
    26. 

  26. 

  27.     if (!has_capability('moodle/user:update', $sitecontext) and !has_capability('moodle/user:delete', $sitecontext)) {
    28. 

  28.         print_error('nopermissions', 'error', '', 'edit/delete users');
    29. 

  29.     }
    30. 

  30. 

  31.     $stredit   = get_string('edit');
    32. 

  32.     $strdelete = get_string('delete');
    33. 

  33.     $strdeletecheck = get_string('deletecheck');
    34. 

  34.     $strshowallusers = get_string('showallusers');
    35. 

  35.     $strsuspend = get_string('suspenduser', 'admin');
    36. 

  36.     $strunsuspend = get_string('unsuspenduser', 'admin');
    37. 

  37.     $strunlock = get_string('unlockaccount', 'admin');
    38. 

  38.     $strconfirm = get_string('confirm');
    39. 

  39. 

  40.     if (empty($CFG->loginhttps)) {
    41. 

  41.         $securewwwroot = $CFG->wwwroot;
    42. 

  42.     } else {
    43. 

  43.         $securewwwroot = str_replace('http:','https:',$CFG->wwwroot);
    44. 

  44.     }
    45. 

  45. 

  46.     $returnurl = new moodle_url('/admin/user.php', array('sort' => $sort, 'dir' => $dir, 'perpage' => $perpage, 'page'=>$page));
    47. 

  47. 

  48.     if ($confirmuser and confirm_sesskey()) {
    49. 

  49.         require_capability('moodle/user:update', $sitecontext);
    50. 

  50.         if (!$user = $DB->get_record('user', array('id'=>$confirmuser, 'mnethostid'=>$CFG->mnet_localhost_id))) {
    51. 

  51.             print_error('nousers');
    52. 

  52.         }
    53. 

  53. 

  54.         $auth = get_auth_plugin($user->auth);
    55. 

  55. 

  56.         $result = $auth->user_confirm($user->username, $user->secret);
    57. 

  57. 

  58.         if ($result == AUTH_CONFIRM_OK or $result == AUTH_CONFIRM_ALREADY) {
    59. 

  59.             redirect($returnurl);
    60. 

  60.         } else {
    61. 

  61.             echo $OUTPUT->header();
    62. 

  62.             redirect($returnurl, get_string('usernotconfirmed', '', fullname($user, true)));
    63. 

  63.         }
    64. 

  64. 

  65.     } else if ($delete and confirm_sesskey()) {              // Delete a selected user, after confirmation
    66. 

  66.         require_capability('moodle/user:delete', $sitecontext);
    67. 

  67. 

  68.         $user = $DB->get_record('user', array('id'=>$delete, 'mnethostid'=>$CFG->mnet_localhost_id), '*', MUST_EXIST);
    69. 

  69. 

  70.         if (is_siteadmin($user->id)) {
    71. 

  71.             print_error('useradminodelete', 'error');
    72. 

  72.         }
    73. 

  73. 

  74.         if ($confirm != md5($delete)) {
    75. 

  75.             echo $OUTPUT->header();
    76. 

  76.             $fullname = fullname($user, true);
    77. 

  77.             echo $OUTPUT->heading(get_string('deleteuser', 'admin'));
    78. 

  78.             $optionsyes = array('delete'=>$delete, 'confirm'=>md5($delete), 'sesskey'=>sesskey());
    79. 

  79.             echo $OUTPUT->confirm(get_string('deletecheckfull', '', "'$fullname'"), new moodle_url($returnurl, $optionsyes), $returnurl);
    80. 

  80.             echo $OUTPUT->footer();
    81. 

  81.             die;
    82. 

  82.         } else if (data_submitted() and !$user->deleted) {
    83. 

  83.             if (delete_user($user)) {
    84. 

  84.                 session_gc(); // remove stale sessions
    85. 

  85.                 redirect($returnurl);
    86. 

  86.             } else {
    87. 

  87.                 session_gc(); // remove stale sessions
    88. 

  88.                 echo $OUTPUT->header();
    89. 

  89.                 echo $OUTPUT->notification($returnurl, get_string('deletednot', '', fullname($user, true)));
    90. 

  90.             }
    91. 

  91.         }
    92. 

  92.     } else if ($acl and confirm_sesskey()) {
    93. 

  93.         if (!has_capability('moodle/user:update', $sitecontext)) {
    94. 

  94.             print_error('nopermissions', 'error', '', 'modify the NMET access control list');
    95. 

  95.         }
    96. 

  96.         if (!$user = $DB->get_record('user', array('id'=>$acl))) {
    97. 

  97.             print_error('nousers', 'error');
    98. 

  98.         }
    99. 

  99.         if (!is_mnet_remote_user($user)) {
    100. 

  100.             print_error('usermustbemnet', 'error');
    101. 

  101.         }
    102. 

  102.         $accessctrl = strtolower(required_param('accessctrl', PARAM_ALPHA));
    103. 

  103.         if ($accessctrl != 'allow' and $accessctrl != 'deny') {
    104. 

  104.             print_error('invalidaccessparameter', 'error');
    105. 

  105.         }
    106. 

  106.         $aclrecord = $DB->get_record('mnet_sso_access_control', array('username'=>$user->username, 'mnet_host_id'=>$user->mnethostid));
    107. 

  107.         if (empty($aclrecord)) {
    108. 

  108.             $aclrecord = new stdClass();
    109. 

  109.             $aclrecord->mnet_host_id = $user->mnethostid;
    110. 

  110.             $aclrecord->username = $user->username;
    111. 

  111.             $aclrecord->accessctrl = $accessctrl;
    112. 

  112.             $DB->insert_record('mnet_sso_access_control', $aclrecord);
    113. 

  113.         } else {
    114. 

  114.             $aclrecord->accessctrl = $accessctrl;
    115. 

  115.             $DB->update_record('mnet_sso_access_control', $aclrecord);
    116. 

  116.         }
    117. 

  117.         $mnethosts = $DB->get_records('mnet_host', null, 'id', 'id,wwwroot,name');
    118. 

  118.         redirect($returnurl);
    119. 

  119. 

  120.     } else if ($suspend and confirm_sesskey()) {
    121. 

  121.         require_capability('moodle/user:update', $sitecontext);
    122. 

  122. 

  123.         if ($user = $DB->get_record('user', array('id'=>$suspend, 'mnethostid'=>$CFG->mnet_localhost_id, 'deleted'=>0))) {
    124. 

  124.             if (!is_siteadmin($user) and $USER->id != $user->id and $user->suspended != 1) {
    125. 

  125.                 $user->suspended = 1;
    126. 

  126.                 $user->timemodified = time();
    127. 

  127.                 $DB->set_field('user', 'suspended', $user->suspended, array('id'=>$user->id));
    128. 

  128.                 $DB->set_field('user', 'timemodified', $user->timemodified, array('id'=>$user->id));
    129. 

  129.                 // force logout
    130. 

  130.                 session_kill_user($user->id);
    131. 

  131.                 events_trigger('user_updated', $user);
    132. 

  132.             }
    133. 

  133.         }
    134. 

  134.         redirect($returnurl);
    135. 

  135. 

  136.     } else if ($unsuspend and confirm_sesskey()) {
    137. 

  137.         require_capability('moodle/user:update', $sitecontext);
    138. 

  138. 

  139.         if ($user = $DB->get_record('user', array('id'=>$unsuspend, 'mnethostid'=>$CFG->mnet_localhost_id, 'deleted'=>0))) {
    140. 

  140.             if ($user->suspended != 0) {
    141. 

  141.                 $user->suspended = 0;
    142. 

  142.                 $user->timemodified = time();
    143. 

  143.                 $DB->set_field('user', 'suspended', $user->suspended, array('id'=>$user->id));
    144. 

  144.                 $DB->set_field('user', 'timemodified', $user->timemodified, array('id'=>$user->id));
    145. 

  145.                 events_trigger('user_updated', $user);
    146. 

  146.             }
    147. 

  147.         }
    148. 

  148.         redirect($returnurl);
    149. 

  149. 

  150.     } else if ($unlock and confirm_sesskey()) {
    151. 

  151.         require_capability('moodle/user:update', $sitecontext);
    152. 

  152. 

  153.         if ($user = $DB->get_record('user', array('id'=>$unlock, 'mnethostid'=>$CFG->mnet_localhost_id, 'deleted'=>0))) {
    154. 

  154.             login_unlock_account($user);
    155. 

  155.         }
    156. 

  156.         redirect($returnurl);
    157. 

  157.     }
    158. 

  158. 

  159.     // create the user filter form
    160. 

  160.     $ufiltering = new user_filtering();
    161. 

  161.     echo $OUTPUT->header();
    162. 

  162. 

  163.     // Carry on with the user listing
    164. 

  164.     $context = context_system::instance();
    165. 

  165.     $extracolumns = get_extra_user_fields($context);
    166. 

  166.     $columns = array_merge(array('firstname', 'lastname'), $extracolumns,
    167. 

  167.             array('city', 'country', 'lastaccess'));
    168. 

  168. 

  169.     foreach ($columns as $column) {
    170. 

  170.         $string[$column] = get_user_field_name($column);
    171. 

  171.         if ($sort != $column) {
    172. 

  172.             $columnicon = "";
    173. 

  173.             if ($column == "lastaccess") {
    174. 

  174.                 $columndir = "DESC";
    175. 

  175.             } else {
    176. 

  176.                 $columndir = "ASC";
    177. 

  177.             }
    178. 

  178.         } else {
    179. 

  179.             $columndir = $dir == "ASC" ? "DESC":"ASC";
    180. 

  180.             if ($column == "lastaccess") {
    181. 

  181.                 $columnicon = ($dir == "ASC") ? "sort_desc" : "sort_asc";
    182. 

  182.             } else {
    183. 

  183.                 $columnicon = ($dir == "ASC") ? "sort_asc" : "sort_desc";
    184. 

  184.             }
    185. 

  185.             $columnicon = "<img class='iconsort' src=\"" . $OUTPUT->pix_url('t/' . $columnicon) . "\" alt=\"\" />";
    186. 

  186. 

  187.         }
    188. 

  188.         $$column = "<a href=\"user.php?sort=$column&amp;dir=$columndir\">".$string[$column]."</a>$columnicon";
    189. 

  189.     }
    190. 

  190. 

  191.     $override = new stdClass();
    192. 

  192.     $override->firstname = 'firstname';
    193. 

  193.     $override->lastname = 'lastname';
    194. 

  194.     $fullnamelanguage = get_string('fullnamedisplay', '', $override);
    195. 

  195.     if (($CFG->fullnamedisplay == 'firstname lastname') or
    196. 

  196.         ($CFG->fullnamedisplay == 'firstname') or
    197. 

  197.         ($CFG->fullnamedisplay == 'language' and $fullnamelanguage == 'firstname lastname' )) {
    198. 

  198.         $fullnamedisplay = "$firstname / $lastname";
    199. 

  199.         if ($sort == "name") { // If sort has already been set to something else then ignore.
    200. 

  200.             $sort = "firstname";
    201. 

  201.         }
    202. 

  202.     } else { // ($CFG->fullnamedisplay == 'language' and $fullnamelanguage == 'lastname firstname').
    203. 

  203.         $fullnamedisplay = "$lastname / $firstname";
    204. 

  204.         if ($sort == "name") { // This should give the desired sorting based on fullnamedisplay.
    205. 

  205.             $sort = "lastname";
    206. 

  206.         }
    207. 

  207.     }
    208. 

  208. 

  209.     list($extrasql, $params) = $ufiltering->get_sql_filter();
    210. 

  210.     $users = get_users_listing($sort, $dir, $page*$perpage, $perpage, '', '', '',
    211. 

  211.             $extrasql, $params, $context);
    212. 

  212.     $usercount = get_users(false);
    213. 

  213.     $usersearchcount = get_users(false, '', false, null, "", '', '', '', '', '*', $extrasql, $params);
    214. 

  214. 

  215.     if ($extrasql !== '') {
    216. 

  216.         echo $OUTPUT->heading("$usersearchcount / $usercount ".get_string('users'));
    217. 

  217.         $usercount = $usersearchcount;
    218. 

  218.     } else {
    219. 

  219.         echo $OUTPUT->heading("$usercount ".get_string('users'));
    220. 

  220.     }
    221. 

  221. 

  222.     $strall = get_string('all');
    223. 

  223. 

  224.     $baseurl = new moodle_url('/admin/user.php', array('sort' => $sort, 'dir' => $dir, 'perpage' => $perpage));
    225. 

  225.     echo $OUTPUT->paging_bar($usercount, $page, $perpage, $baseurl);
    226. 

  226. 

  227.     flush();
    228. 

  228. 

  229. 

  230.     if (!$users) {
    231. 

  231.         $match = array();
    232. 

  232.         echo $OUTPUT->heading(get_string('nousersfound'));
    233. 

  233. 

  234.         $table = NULL;
    235. 

  235. 

  236.     } else {
    237. 

  237. 

  238.         $countries = get_string_manager()->get_list_of_countries(false);
    239. 

  239.         if (empty($mnethosts)) {
    240. 

  240.             $mnethosts = $DB->get_records('mnet_host', null, 'id', 'id,wwwroot,name');
    241. 

  241.         }
    242. 

  242. 

  243.         foreach ($users as $key => $user) {
    244. 

  244.             if (isset($countries[$user->country])) {
    245. 

  245.                 $users[$key]->country = $countries[$user->country];
    246. 

  246.             }
    247. 

  247.         }
    248. 

  248.         if ($sort == "country") {  // Need to resort by full country name, not code
    249. 

  249.             foreach ($users as $user) {
    250. 

  250.                 $susers[$user->id] = $user->country;
    251. 

  251.             }
    252. 

  252.             asort($susers);
    253. 

  253.             foreach ($susers as $key => $value) {
    254. 

  254.                 $nusers[] = $users[$key];
    255. 

  255.             }
    256. 

  256.             $users = $nusers;
    257. 

  257.         }
    258. 

  258. 

  259.         $table = new html_table();
    260. 

  260.         $table->head = array ();
    261. 

  261.         $table->colclasses = array();
    262. 

  262.         $table->head[] = $fullnamedisplay;
    263. 

  263.         $table->attributes['class'] = 'admintable generaltable';
    264. 

  264.         $table->colclasses[] = 'leftalign';
    265. 

  265.         foreach ($extracolumns as $field) {
    266. 

  266.             $table->head[] = ${$field};
    267. 

  267.             $table->colclasses[] = 'leftalign';
    268. 

  268.         }
    269. 

  269.         $table->head[] = $city;
    270. 

  270.         $table->colclasses[] = 'leftalign';
    271. 

  271.         $table->head[] = $country;
    272. 

  272.         $table->colclasses[] = 'leftalign';
    273. 

  273.         $table->head[] = $lastaccess;
    274. 

  274.         $table->colclasses[] = 'leftalign';
    275. 

  275.         $table->head[] = get_string('edit');
    276. 

  276.         $table->colclasses[] = 'centeralign';
    277. 

  277.         $table->head[] = "";
    278. 

  278.         $table->colclasses[] = 'centeralign';
    279. 

  279. 

  280.         $table->id = "users";
    281. 

  281.         foreach ($users as $user) {
    282. 

  282.             $buttons = array();
    283. 

  283.             $lastcolumn = '';
    284. 

  284. 

  285.             // delete button
    286. 

  286.             if (has_capability('moodle/user:delete', $sitecontext)) {
    287. 

  287.                 if (is_mnet_remote_user($user) or $user->id == $USER->id or is_siteadmin($user)) {
    288. 

  288.                     // no deleting of self, mnet accounts or admins allowed
    289. 

  289.                 } else {
    290. 

  290.                     $buttons[] = html_writer::link(new moodle_url($returnurl, array('delete'=>$user->id, 'sesskey'=>sesskey())), html_writer::empty_tag('img', array('src'=>$OUTPUT->pix_url('t/delete'), 'alt'=>$strdelete, 'class'=>'iconsmall')), array('title'=>$strdelete));
    291. 

  291.                 }
    292. 

  292.             }
    293. 

  293. 

  294.             // suspend button
    295. 

  295.             if (has_capability('moodle/user:update', $sitecontext)) {
    296. 

  296.                 if (is_mnet_remote_user($user)) {
    297. 

  297.                     // mnet users have special access control, they can not be deleted the standard way or suspended
    298. 

  298.                     $accessctrl = 'allow';
    299. 

  299.                     if ($acl = $DB->get_record('mnet_sso_access_control', array('username'=>$user->username, 'mnet_host_id'=>$user->mnethostid))) {
    300. 

  300.                         $accessctrl = $acl->accessctrl;
    301. 

  301.                     }
    302. 

  302.                     $changeaccessto = ($accessctrl == 'deny' ? 'allow' : 'deny');
    303. 

  303.                     $buttons[] = " (<a href=\"?acl={$user->id}&amp;accessctrl=$changeaccessto&amp;sesskey=".sesskey()."\">".get_string($changeaccessto, 'mnet') . " access</a>)";
    304. 

  304. 

  305.                 } else {
    306. 

  306.                     if ($user->suspended) {
    307. 

  307.                         $buttons[] = html_writer::link(new moodle_url($returnurl, array('unsuspend'=>$user->id, 'sesskey'=>sesskey())), html_writer::empty_tag('img', array('src'=>$OUTPUT->pix_url('t/show'), 'alt'=>$strunsuspend, 'class'=>'iconsmall')), array('title'=>$strunsuspend));
    308. 

  308.                     } else {
    309. 

  309.                         if ($user->id == $USER->id or is_siteadmin($user)) {
    310. 

  310.                             // no suspending of admins or self!
    311. 

  311.                         } else {
    312. 

  312.                             $buttons[] = html_writer::link(new moodle_url($returnurl, array('suspend'=>$user->id, 'sesskey'=>sesskey())), html_writer::empty_tag('img', array('src'=>$OUTPUT->pix_url('t/hide'), 'alt'=>$strsuspend, 'class'=>'iconsmall')), array('title'=>$strsuspend));
    313. 

  313.                         }
    314. 

  314.                     }
    315. 

  315. 

  316.                     if (login_is_lockedout($user)) {
    317. 

  317.                         $buttons[] = html_writer::link(new moodle_url($returnurl, array('unlock'=>$user->id, 'sesskey'=>sesskey())), html_writer::empty_tag('img', array('src'=>$OUTPUT->pix_url('t/unlock'), 'alt'=>$strunlock, 'class'=>'iconsmall')), array('title'=>$strunlock));
    318. 

  318.                     }
    319. 

  319.                 }
    320. 

  320.             }
    321. 

  321. 

  322.             // edit button
    323. 

  323.             if (has_capability('moodle/user:update', $sitecontext)) {
    324. 

  324.                 // prevent editing of admins by non-admins
    325. 

  325.                 if (is_siteadmin($USER) or !is_siteadmin($user)) {
    326. 

  326.                     $buttons[] = html_writer::link(new moodle_url($securewwwroot.'/user/editadvanced.php', array('id'=>$user->id, 'course'=>$site->id)), html_writer::empty_tag('img', array('src'=>$OUTPUT->pix_url('t/edit'), 'alt'=>$stredit, 'class'=>'iconsmall')), array('title'=>$stredit));
    327. 

  327.                 }
    328. 

  328.             }
    329. 

  329. 

  330.             // the last column - confirm or mnet info
    331. 

  331.             if (is_mnet_remote_user($user)) {
    332. 

  332.                 // all mnet users are confirmed, let's print just the name of the host there
    333. 

  333.                 if (isset($mnethosts[$user->mnethostid])) {
    334. 

  334.                     $lastcolumn = get_string($accessctrl, 'mnet').': '.$mnethosts[$user->mnethostid]->name;
    335. 

  335.                 } else {
    336. 

  336.                     $lastcolumn = get_string($accessctrl, 'mnet');
    337. 

  337.                 }
    338. 

  338. 

  339.             } else if ($user->confirmed == 0) {
    340. 

  340.                 if (has_capability('moodle/user:update', $sitecontext)) {
    341. 

  341.                     $lastcolumn = html_writer::link(new moodle_url($returnurl, array('confirmuser'=>$user->id, 'sesskey'=>sesskey())), $strconfirm);
    342. 

  342.                 } else {
    343. 

  343.                     $lastcolumn = "<span class=\"dimmed_text\">".get_string('confirm')."</span>";
    344. 

  344.                 }
    345. 

  345.             }
    346. 

  346. 

  347.             if ($user->lastaccess) {
    348. 

  348.                 $strlastaccess = format_time(time() - $user->lastaccess);
    349. 

  349.             } else {
    350. 

  350.                 $strlastaccess = get_string('never');
    351. 

  351.             }
    352. 

  352.             $fullname = fullname($user, true);
    353. 

  353. 

  354.             $row = array ();
    355. 

  355.             $row[] = "<a href=\"../user/view.php?id=$user->id&amp;course=$site->id\">$fullname</a>";
    356. 

  356.             foreach ($extracolumns as $field) {
    357. 

  357.                 $row[] = $user->{$field};
    358. 

  358.             }
    359. 

  359.             $row[] = $user->city;
    360. 

  360.             $row[] = $user->country;
    361. 

  361.             $row[] = $strlastaccess;
    362. 

  362.             if ($user->suspended) {
    363. 

  363.                 foreach ($row as $k=>$v) {
    364. 

  364.                     $row[$k] = html_writer::tag('span', $v, array('class'=>'usersuspended'));
    365. 

  365.                 }
    366. 

  366.             }
    367. 

  367.             $row[] = implode(' ', $buttons);
    368. 

  368.             $row[] = $lastcolumn;
    369. 

  369.             $table->data[] = $row;
    370. 

  370.         }
    371. 

  371.     }
    372. 

  372. 

  373.     // add filters
    374. 

  374.     $ufiltering->display_add();
    375. 

  375.     $ufiltering->display_active();
    376. 

  376. 

  377.     if (has_capability('moodle/user:create', $sitecontext)) {
    378. 

  378.         echo $OUTPUT->heading('<a href="'.$securewwwroot.'/user/editadvanced.php?id=-1">'.get_string('addnewuser').'</a>');
    379. 

  379.     }
    380. 

  380.     if (!empty($table)) {
    381. 

  381.         echo html_writer::table($table);
    382. 

  382.         echo $OUTPUT->paging_bar($usercount, $page, $perpage, $baseurl);
    383. 

  383.         if (has_capability('moodle/user:create', $sitecontext)) {
    384. 

  384.             echo $OUTPUT->heading('<a href="'.$securewwwroot.'/user/editadvanced.php?id=-1">'.get_string('addnewuser').'</a>');
    385. 

  385.         }
    386. 

  386.     }
    387. 

  387. 

  388.     echo $OUTPUT->footer();
    389. 

  389. 

  390. 

  391. 

  392.