function edituser_site_submit(Pieform $form, $values)
{
global $USER, $authobj, $SESSION;
if (!($user = get_record('usr', 'id', $values['id']))) {
return false;
}
if (is_using_probation()) {
// Value should be between 0 and 10 inclusive
$user->probation = ensure_valid_probation_points($values['probationpoints']);
}
if ($USER->get('admin') || get_config_plugin('artefact', 'file', 'institutionaloverride')) {
$user->quota = $values['quota'];
// check if the user has gone over the quota notify limit
$quotanotifylimit = get_config_plugin('artefact', 'file', 'quotanotifylimit');
if ($quotanotifylimit <= 0 || $quotanotifylimit >= 100) {
$quotanotifylimit = 100;
}
$user->quotausedpercent = $user->quotaused / $user->quota * 100;
$overlimit = false;
if ($quotanotifylimit <= $user->quotausedpercent) {
$overlimit = true;
}
$notified = get_field('usr_account_preference', 'value', 'field', 'quota_exceeded_notified', 'usr', $user->id);
if ($overlimit && '1' !== $notified) {
require_once get_config('docroot') . 'artefact/file/lib.php';
ArtefactTypeFile::notify_users_threshold_exceeded(array($user), false);
// no need to email admin as we can alert them right now
$SESSION->add_error_msg(get_string('useroverquotathreshold', 'artefact.file', display_name($user)));
} else {
if ($notified && !$overlimit) {
set_account_preference($user->id, 'quota_exceeded_notified', false);
}
}
}
$unexpire = $user->expiry && strtotime($user->expiry) < time() && (empty($values['expiry']) || $values['expiry'] > time());
$newexpiry = db_format_timestamp($values['expiry']);
if ($user->expiry != $newexpiry) {
$user->expiry = $newexpiry;
if ($unexpire) {
$user->expirymailsent = 0;
$user->lastaccess = db_format_timestamp(time());
}
}
// Try to kick the user from any active login sessions, before saving data.
require_once get_config('docroot') . 'auth/session.php';
remove_user_sessions($user->id);
if ($USER->get('admin')) {
// Not editable by institutional admins
$user->staff = (int) ($values['staff'] == 'on');
$user->admin = (int) ($values['admin'] == 'on');
if ($user->admin) {
activity_add_admin_defaults(array($user->id));
}
}
if ($values['maildisabled'] == 0 && get_account_preference($user->id, 'maildisabled') == 1) {
// Reset the sent and bounce counts otherwise mail will be disabled
// on the next send attempt
$u = new StdClass();
$u->email = $user->email;
$u->id = $user->id;
update_bounce_count($u, true);
update_send_count($u, true);
}
set_account_preference($user->id, 'maildisabled', $values['maildisabled']);
// process the change of the authinstance and or the remoteuser
if (isset($values['authinstance']) && isset($values['remoteusername'])) {
// Authinstance can be changed by institutional admins if both the
// old and new authinstances belong to the admin's institutions
$authinst = get_records_select_assoc('auth_instance', 'id = ? OR id = ?', array($values['authinstance'], $user->authinstance));
// But don't bother if the auth instance doesn't take a remote username
$authobj = AuthFactory::create($values['authinstance']);
if ($USER->get('admin') || $USER->is_institutional_admin($authinst[$values['authinstance']]->institution) && ($USER->is_institutional_admin($authinst[$user->authinstance]->institution) || $user->authinstance == 1)) {
if ($authobj->needs_remote_username()) {
// determine the current remoteuser
$current_remotename = get_field('auth_remote_user', 'remoteusername', 'authinstance', $user->authinstance, 'localusr', $user->id);
if (!$current_remotename) {
$current_remotename = $user->username;
}
// if the remoteuser is empty
if (strlen(trim($values['remoteusername'])) == 0) {
delete_records('auth_remote_user', 'authinstance', $user->authinstance, 'localusr', $user->id);
}
// what should the new remoteuser be
$new_remoteuser = get_field('auth_remote_user', 'remoteusername', 'authinstance', $values['authinstance'], 'localusr', $user->id);
// save the remotename for the target existence check
$target_remotename = $new_remoteuser;
if (!$new_remoteuser) {
$new_remoteuser = $user->username;
}
if (strlen(trim($values['remoteusername'])) > 0) {
// value changed on page - use it
if ($values['remoteusername'] != $current_remotename) {
$new_remoteuser = $values['remoteusername'];
}
}
// only update remote name if the input actually changed on the page or it doesn't yet exist
if ($current_remotename != $new_remoteuser || !$target_remotename) {
// only remove the ones related to this traget authinstance as we now allow multiple
// for dual login mechanisms
delete_records('auth_remote_user', 'authinstance', $values['authinstance'], 'localusr', $user->id);
insert_record('auth_remote_user', (object) array('authinstance' => $values['authinstance'], 'remoteusername' => $new_remoteuser, 'localusr' => $user->id));
}
}
// update the ai on the user master
$user->authinstance = $values['authinstance'];
// update the global $authobj to match the new authinstance
// this is used by the password/username change methods
// if either/both has been requested at the same time
$authobj = AuthFactory::create($user->authinstance);
}
}
// Only change the pw if the new auth instance allows for it
if (method_exists($authobj, 'change_password')) {
$user->passwordchange = (int) (isset($values['passwordchange']) && $values['passwordchange'] == 'on' ? 1 : 0);
if (isset($values['password']) && $values['password'] !== '') {
$userobj = new User();
$userobj = $userobj->find_by_id($user->id);
$user->password = $authobj->change_password($userobj, $values['password']);
$user->salt = $userobj->salt;
unset($userobj);
}
} else {
// inform the user that the chosen auth instance doesn't allow password changes
// but only if they tried changing it
if (isset($values['password']) && $values['password'] !== '') {
$SESSION->add_error_msg(get_string('passwordchangenotallowed', 'admin'));
// Set empty pw with salt
$user->password = '';
$user->salt = auth_get_random_salt();
}
}
if (isset($values['username']) && $values['username'] !== '') {
$userobj = new User();
$userobj = $userobj->find_by_id($user->id);
if ($userobj->username != $values['username']) {
// Only change the username if the auth instance allows for it
if (method_exists($authobj, 'change_username')) {
// check the existence of the chosen username
try {
if ($authobj->user_exists($values['username'])) {
// set an error message if it is already in use
$SESSION->add_error_msg(get_string('usernameexists', 'account'));
}
} catch (AuthUnknownUserException $e) {
// update the username otherwise
$user->username = $authobj->change_username($userobj, $values['username']);
}
} else {
// inform the user that the chosen auth instance doesn't allow username changes
$SESSION->add_error_msg(get_string('usernamechangenotallowed', 'admin'));
}
}
unset($userobj);
}
// OVERWRITE 4: insert
if (isset($values['email']) && !empty($values['email']) && $values['email'] != $user->email) {
global $CFG;
$user->email = $values['email'];
$mhr_user = $CFG->current_app->getUserById($user->id);
$mhr_user->setEmailAddress($values['email']);
}
// END OVERWRITE 4
db_begin();
update_record('usr', $user);
delete_records('usr_tag', 'usr', $user->id);
if (is_array($values['tags'])) {
$values['tags'] = check_case_sensitive($values['tags'], 'usr_tag');
foreach (array_unique($values['tags']) as $tag) {
if (empty($tag)) {
continue;
}
insert_record('usr_tag', (object) array('usr' => $user->id, 'tag' => strtolower($tag)));
}
}
db_commit();
$SESSION->add_ok_msg(get_string('usersitesettingschanged', 'admin'));
redirect('/admin/users/edit.php?id=' . $user->id);
}
/** @todo document this method */
public function set_account_preference($field, $value)
{
if ($id = $this->get('id')) {
set_account_preference($id, $field, $value);
}
$accountprefs = $this->get('accountprefs');
$accountprefs[$field] = $value;
$this->set('accountprefs', $accountprefs);
}
public static function views_by_owner($group = null, $institution = null)
{
global $USER;
// Pagination configuration
$setlimit = true;
$limit = param_integer('limit', 0);
$userlimit = get_account_preference($USER->get('id'), 'viewsperpage');
if ($limit > 0 && $limit != $userlimit) {
$USER->set_account_preference('viewsperpage', $limit);
} else {
$limit = $userlimit;
}
$offset = param_integer('offset', 0);
// load default page order from user settings as default and overwrite, if changed
$usersettingorderby = get_account_preference($USER->get('id'), 'orderpagesby');
$orderby = param_variable('orderby', $usersettingorderby);
if ($usersettingorderby !== $orderby) {
set_account_preference($USER->get('id'), 'orderpagesby', $orderby);
}
$query = param_variable('query', null);
$tag = param_variable('tag', null);
$searchoptions = array('titleanddescription' => get_string('titleanddescription', 'view'), 'tagsonly' => get_string('tagsonly', 'view'));
if (!empty($tag)) {
$searchtype = 'tagsonly';
$searchdefault = $tag;
$query = null;
} else {
$searchtype = 'titleanddescription';
$searchdefault = $query;
}
$searchform = array('name' => 'searchviews', 'checkdirtychange' => false, 'class' => 'with-heading form-inline', 'elements' => array('searchwithin' => array('type' => 'fieldset', 'class' => 'dropdown-group js-dropdown-group', 'elements' => array('query' => array('type' => 'text', 'title' => get_string('search') . ': ', 'class' => 'with-dropdown js-with-dropdown', 'defaultvalue' => $searchdefault), 'type' => array('title' => get_string('searchwithin') . ': ', 'class' => 'dropdown-connect js-dropdown-connect searchviews-type', 'type' => 'select', 'options' => $searchoptions, 'defaultvalue' => $searchtype))), 'setlimit' => array('type' => 'hidden', 'value' => $setlimit), 'orderbygroup' => array('type' => 'fieldset', 'class' => 'input-group', 'elements' => array('orderby' => array('type' => 'select', 'class' => 'input-small', 'title' => get_string('sortby'), 'options' => array('atoz' => get_string('defaultsort', 'view'), 'latestcreated' => get_string('latestcreated', 'view'), 'latestmodified' => get_string('latestmodified', 'view'), 'latestviewed' => get_string('latestviewed', 'view'), 'mostvisited' => get_string('mostvisited', 'view'), 'mostcomments' => get_string('mostcomments', 'view')), 'defaultvalue' => $orderby), 'submit' => array('type' => 'button', 'usebuttontag' => true, 'class' => 'btn-primary input-group-btn no-label', 'value' => get_string('search'))))));
if ($group) {
$searchform['elements']['group'] = array('type' => 'hidden', 'name' => 'group', 'value' => $group);
} else {
if ($institution) {
$searchform['elements']['institution'] = array('type' => 'hidden', 'name' => 'institution', 'value' => $institution);
}
}
$searchform = pieform($searchform);
$data = self::get_myviews_data($limit, $offset, $query, $tag, $group, $institution, $orderby);
$url = self::get_myviews_url($group, $institution, $query, $tag, $orderby);
$pagination = build_pagination(array('url' => $url, 'count' => $data->count, 'limit' => $limit, 'setlimit' => $setlimit, 'offset' => $offset, 'jumplinks' => 6, 'numbersincludeprevnext' => 2));
return array($searchform, $data, $pagination);
}
/**
* Check whether an email account is over the site-wide bounce threshold.
* If the user is over threshold, then e-mail is disabled for their
* account, and they are sent a notification to notify them of the change.
*
* @param object $mailinfo The row from artefact_internal_profile_email for
* the user being processed.
* @return boolean false if the user is not over threshold, true if they
* are.
*/
function check_overcount($mailinfo)
{
// if we don't handle bounce e-mails, then we can't be over threshold
if (!get_config('bounces_handle')) {
return false;
}
if (!($minbounces = get_config('bounces_min')) || !($bounceratio = get_config('bounces_ratio'))) {
return false;
}
if ($mailinfo->mailssent == 0) {
return false;
}
// If the bouncecount is larger than the allowed amount
// and the bounce count ratio (bounces/total sent) is larger than the
// bounceratio, then disable email
$overlimit = $mailinfo->mailsbounced >= $minbounces && $mailinfo->mailsbounced / $mailinfo->mailssent >= $bounceratio;
if ($overlimit) {
if (get_account_preference($mailinfo->owner, 'maildisabled') != 1) {
// Disable the e-mail account
db_begin();
set_account_preference($mailinfo->owner, 'maildisabled', 1);
$lang = get_user_language($mailinfo->owner);
// Send a notification that e-mail has been disabled
$message = new StdClass();
$message->users = array($mailinfo->owner);
$message->subject = get_string_from_language($lang, 'maildisabled', 'account');
$message->message = get_string_from_language($lang, 'maildisabledbounce', 'account', get_config('wwwroot') . 'account/');
require_once 'activity.php';
activity_occurred('maharamessage', $message);
db_commit();
}
return true;
}
return false;
}
/**
* Given a user and their remote user record, attempt to populate some of
* the user's profile fields and account settings from the remote data.
*
* This does not change the first name, last name or e-mail fields, as these are
* dealt with differently depending on whether we are creating the user
* record or updating it.
*
* This method attempts to set:
*
* * City
* * Country
* * Language
* * Introduction
* * WYSIWYG editor setting
*
* @param User $user
* @param stdClass $remoteuser
*/
private function import_user_settings($user, $remoteuser)
{
$imported = array();
// City
if (!empty($remoteuser->city)) {
if (get_profile_field($user->id, 'town') != $remoteuser->city) {
set_profile_field($user->id, 'town', $remoteuser->city);
}
$imported[] = 'town';
}
// Country
if (!empty($remoteuser->country)) {
$validcountries = array_keys(getoptions_country());
$newcountry = strtolower($remoteuser->country);
if (in_array($newcountry, $validcountries)) {
set_profile_field($user->id, 'country', $newcountry);
}
$imported[] = 'country';
}
// Language
if (!empty($remoteuser->lang)) {
$validlanguages = array_keys(get_languages());
$newlanguage = str_replace('_utf8', '', strtolower($remoteuser->lang)) . '.utf8';
if (in_array($newlanguage, $validlanguages)) {
set_account_preference($user->id, 'lang', $newlanguage);
$user->set_account_preference('lang', $newlanguage);
}
}
// Description
if (isset($remoteuser->description)) {
if (get_profile_field($user->id, 'introduction') != $remoteuser->description) {
set_profile_field($user->id, 'introduction', $remoteuser->description);
}
$imported[] = 'introduction';
}
// HTML Editor setting
if (isset($remoteuser->htmleditor)) {
$htmleditor = $remoteuser->htmleditor ? 1 : 0;
if ($htmleditor != get_account_preference($user->id, 'wysiwyg')) {
set_account_preference($user->id, 'wysiwyg', $htmleditor);
$user->set_account_preference('wysiwyg', $htmleditor);
}
}
return $imported;
}
function create_registered_user($profilefields = array())
{
global $registration, $SESSION, $USER;
require_once get_config('libroot') . 'user.php';
db_begin();
// Move the user record to the usr table from the registration table
$registrationid = $registration->id;
unset($registration->id);
unset($registration->expiry);
if ($expirytime = get_config('defaultregistrationexpirylifetime')) {
$registration->expiry = db_format_timestamp(time() + $expirytime);
}
$registration->lastlogin = db_format_timestamp(time());
$authinstance = get_record('auth_instance', 'institution', $registration->institution, 'authname', $registration->authtype ? $registration->authtype : 'internal');
if (false == $authinstance) {
throw new ConfigException('No ' . ($registration->authtype ? $registration->authtype : 'internal') . ' auth instance for institution');
}
if (!empty($registration->extra)) {
// Additional user settings were added during confirmation
$extrafields = unserialize($registration->extra);
}
$user = new User();
$user->active = 1;
$user->authinstance = $authinstance->id;
$user->firstname = $registration->firstname;
$user->lastname = $registration->lastname;
$user->email = $registration->email;
$user->username = get_new_username($user->firstname . $user->lastname);
$user->passwordchange = 1;
// Points that indicate the user is a "new user" who should be restricted from spammy activities.
// We count these down when they do good things; when they have 0 they're no longer a "new user"
if (is_using_probation()) {
$user->probation = get_config('probationstartingpoints');
} else {
$user->probation = 0;
}
if ($registration->institution != 'mahara') {
if (count_records_select('institution', "name != 'mahara'") == 1 || $registration->pending == 2) {
if (get_config_plugin('artefact', 'file', 'institutionaloverride')) {
$user->quota = get_field('institution', 'defaultquota', 'name', $registration->institution);
}
}
}
create_user($user, $profilefields);
// If the institution is 'mahara' then don't do anything
if ($registration->institution != 'mahara') {
$institutions = get_records_select_array('institution', "name != 'mahara'");
// If there is only one available, join it without requiring approval
if (count($institutions) == 1) {
$user->join_institution($registration->institution);
} else {
if ($registration->pending == 2) {
if (get_config('requireregistrationconfirm') || get_field('institution', 'registerconfirm', 'name', $registration->institution)) {
$user->join_institution($registration->institution);
}
} else {
if ($registration->authtype && $registration->authtype != 'internal') {
$auth = AuthFactory::create($authinstance->id);
if ($auth->weautocreateusers) {
$user->join_institution($registration->institution);
} else {
$user->add_institution_request($registration->institution);
}
} else {
$user->add_institution_request($registration->institution);
}
}
}
if (!empty($extrafields->institutionstaff)) {
// If the user isn't a member yet, this does nothing, but that's okay, it'll
// only be set after successful confirmation.
set_field('usr_institution', 'staff', 1, 'usr', $user->id, 'institution', $registration->institution);
}
}
if (!empty($registration->lang) && $registration->lang != 'default') {
set_account_preference($user->id, 'lang', $registration->lang);
}
// Delete the old registration record
delete_records('usr_registration', 'id', $registrationid);
db_commit();
// Log the user in and send them to the homepage
$USER = new LiveUser();
$USER->reanimate($user->id, $authinstance->id);
if (function_exists('local_post_register')) {
local_post_register($registration);
}
$SESSION->add_ok_msg(get_string('registrationcomplete', 'mahara', get_config('sitename')));
$SESSION->set('resetusername', true);
redirect();
}
/**
* Update user
*
* @param object $user stdclass for the usr table
* @param object $profile profile field/values to set
* @param string $remotename username on the remote site
* @param array $accountprefs user account preferences to set
* @param bool $forceupdateremote force delete of remotename before update attempted
* @return array list of updated fields
*/
function update_user($user, $profile, $remotename = null, $accountprefs = array(), $forceupdateremote = false, $quickhash = false)
{
require_once get_config('docroot') . 'auth/session.php';
if (!empty($user->id)) {
$oldrecord = get_record('usr', 'id', $user->id);
} else {
$oldrecord = get_record('usr', 'username', $user->username);
}
$userid = $oldrecord->id;
db_begin();
// Log the user out, otherwise they can overwrite all this on the next request
remove_user_sessions($userid);
$updated = array();
$newrecord = new StdClass();
foreach (get_object_vars($user) as $k => $v) {
if (!empty($v) && ($k == 'password' || empty($oldrecord->{$k}) || $oldrecord->{$k} != $v)) {
$newrecord->{$k} = $v;
$updated[$k] = $v;
}
if (!empty($v) && $k === 'email' && $oldrecord->{$k} != $v) {
set_user_primary_email($userid, $v);
}
}
if (count(get_object_vars($newrecord))) {
$newrecord->id = $userid;
update_record('usr', $newrecord);
if (!empty($newrecord->password)) {
$newrecord->authinstance = $user->authinstance;
reset_password($newrecord, false, $quickhash);
}
}
foreach (get_object_vars($profile) as $k => $v) {
if (get_profile_field($userid, $k) != $v) {
set_profile_field($userid, $k, $v);
$updated[$k] = $v;
}
}
if ($remotename) {
$oldremote = get_field('auth_remote_user', 'remoteusername', 'authinstance', $oldrecord->authinstance, 'localusr', $userid);
if ($remotename != $oldremote) {
$updated['remoteuser'] = $remotename;
}
delete_records('auth_remote_user', 'authinstance', $user->authinstance, 'localusr', $userid);
// force the update of the remoteuser - for the case of a series of user updates swapping the remoteuser name
if ($forceupdateremote) {
delete_records('auth_remote_user', 'authinstance', $user->authinstance, 'remoteusername', $remotename);
} else {
// remote username must not already exist
if (record_exists('auth_remote_user', 'remoteusername', $remotename, 'authinstance', $user->authinstance)) {
throw new InvalidArgumentException("user_update: remoteusername already in use: " . $remotename);
}
}
insert_record('auth_remote_user', (object) array('authinstance' => $user->authinstance, 'remoteusername' => $remotename, 'localusr' => $userid));
}
// Update account preferences
if (!empty($accountprefs)) {
$expectedprefs = expected_account_preferences();
foreach ($expectedprefs as $eprefkey => $epref) {
if (isset($accountprefs[$eprefkey]) && $accountprefs[$eprefkey] != get_account_preference($userid, $eprefkey)) {
set_account_preference($userid, $eprefkey, $accountprefs[$eprefkey]);
$updated[$eprefkey] = $accountprefs[$eprefkey];
}
}
}
db_commit();
return $updated;
}
function edituser_site_submit(Pieform $form, $values)
{
if (!($user = get_record('usr', 'id', $values['id']))) {
return false;
}
if (isset($values['password']) && $values['password'] !== '') {
$user->password = $values['password'];
$user->salt = '';
}
$user->passwordchange = (int) ($values['passwordchange'] == 'on');
$user->quota = $values['quota'];
$user->expiry = db_format_timestamp($values['expiry']);
global $USER;
if ($USER->get('admin')) {
// Not editable by institutional admins
$user->staff = (int) ($values['staff'] == 'on');
$user->admin = (int) ($values['admin'] == 'on');
if ($user->admin) {
activity_add_admin_defaults(array($user->id));
}
}
if ($values['maildisabled'] == 0 && get_account_preference($user->id, 'maildisabled') == 1) {
// Reset the sent and bounce counts otherwise mail will be disabled
// on the next send attempt
$u = new StdClass();
$u->email = $user->email;
$u->id = $user->id;
update_bounce_count($u, true);
update_send_count($u, true);
}
set_account_preference($user->id, 'maildisabled', $values['maildisabled']);
// Authinstance can be changed by institutional admins if both the
// old and new authinstances belong to the admin's institutions
$remotename = get_field('auth_remote_user', 'remoteusername', 'authinstance', $user->authinstance, 'localusr', $user->id);
if (!$remotename) {
$remotename = $user->username;
}
if (isset($values['authinstance']) && ($values['authinstance'] != $user->authinstance || isset($values['remoteusername']) && $values['remoteusername'] != $remotename)) {
$authinst = get_records_select_assoc('auth_instance', 'id = ? OR id = ?', array($values['authinstance'], $user->authinstance));
if ($USER->get('admin') || $USER->is_institutional_admin($authinst[$values['authinstance']]->institution) && $USER->is_institutional_admin($authinst[$user->authinstance]->institution)) {
delete_records('auth_remote_user', 'localusr', $user->id);
if ($authinst[$values['authinstance']]->authname != 'internal') {
if (isset($values['remoteusername']) && strlen($values['remoteusername']) > 0) {
$un = $values['remoteusername'];
} else {
$un = $remotename;
}
insert_record('auth_remote_user', (object) array('authinstance' => $values['authinstance'], 'remoteusername' => $un, 'localusr' => $user->id));
}
$user->authinstance = $values['authinstance'];
}
}
update_record('usr', $user);
redirect('/admin/users/edit.php?id=' . $user->id);
}
/**
* During the copying of a view, we might be allowed to copy
* blogposts but not the containing blog. We need to create a new
* blog to hold the copied posts.
*/
public function default_parent_for_copy(&$view, &$template, $artefactstoignore)
{
static $blogids;
global $USER, $SESSION;
$viewid = $view->get('id');
if (isset($blogids[$viewid])) {
return $blogids[$viewid];
}
$blogname = get_string('viewposts', 'artefact.blog', $viewid);
$data = (object) array('title' => $blogname, 'description' => get_string('postscopiedfromview', 'artefact.blog', $template->get('title')), 'owner' => $view->get('owner'), 'group' => $view->get('group'), 'institution' => $view->get('institution'));
$blog = new ArtefactTypeBlog(0, $data);
$blog->commit();
$blogids[$viewid] = $blog->get('id');
if (!empty($data->group) || !empty($data->institution)) {
$SESSION->add_ok_msg(get_string('copiedblogpoststonewjournal', 'collection'));
} else {
try {
$user = get_user($view->get('owner'));
set_account_preference($user->id, 'multipleblogs', 1);
$SESSION->add_ok_msg(get_string('copiedblogpoststonewjournal', 'collection'));
} catch (Exception $e) {
$SESSION->add_error_msg(get_string('unabletosetmultipleblogs', 'error', $user->username, $viewid, get_config('wwwroot') . 'account/index.php'), false);
}
try {
$USER->accountprefs = load_account_preferences($user->id);
} catch (Exception $e) {
$SESSION->add_error_msg(get_string('pleaseloginforjournals', 'error'));
}
}
return $blogids[$viewid];
}
/**
* Notify users if their quota is above the quota threshold.
* And notify admins if required as well
*
* @param $users array of user objects - the $user object needs to include a quotausedpercent
* that is set by: (quotaused / quota) * 100
* @param $notifyadmins bool
*/
function notify_users_threshold_exceeded($users, $notifyadmins = false)
{
// if we have just been given a $user object
if (is_object($users)) {
$users[] = $users;
}
require_once get_config('docroot') . 'lib/activity.php';
safe_require('notification', 'internal');
foreach ($users as $user) {
// check that they have not already been notified about being over the limit
if (!get_record('usr_account_preference', 'usr', $user->id, 'field', 'quota_exceeded_notified', 'value', '1')) {
$data = array('subject' => get_string('usernotificationsubject', 'artefact.file'), 'message' => get_string('usernotificationmessage', 'artefact.file', ceil((int) $user->quotausedpercent), display_size($user->quota)), 'users' => array($user->id), 'type' => 1);
$activity = new ActivityTypeMaharamessage($data);
$activity->notify_users();
// notify admins
if ($notifyadmins) {
$data = array('subject' => get_string('adm_notificationsubject', 'artefact.file'), 'message' => get_string('adm_notificationmessage', 'artefact.file', display_name($user), ceil((int) $user->quotausedpercent), display_size($user->quota)), 'users' => get_column('usr', 'id', 'admin', 1), 'url' => 'admin/users/edit.php?id=' . $user->id, 'urltext' => get_string('textlinktouser', 'artefact.file', display_name($user)), 'type' => 1);
$activity = new ActivityTypeMaharamessage($data);
$activity->notify_users();
}
set_account_preference($user->id, 'quota_exceeded_notified', true);
}
}
}
<?php
define('INTERNAL', 1);
require dirname(dirname(dirname(__FILE__))) . '/init.php';
define('TITLE', get_string('mobile_login'));
echo "\n\t<script language='javascript'>\n\tvar config = {\n\t\tloggedin:1\n\t\t\t\t};\n\t</script>";
$new_token = md5(openssl_random_pseudo_bytes(8));
$old_tokenstring = $USER->get_account_preference('mobileuploadtoken');
$tokenarray = explode('|', trim($old_tokenstring, '|'));
array_push($tokenarray, $new_token);
$new_tokenstring = empty($tokenarray) ? null : '|' . join('|', $tokenarray) . '|';
set_account_preference($USER->id, 'mobileuploadtoken', $new_tokenstring);
$arr = array('token' => $new_token, 'user' => $USER->get('username'));
$USER->commit();
echo json_encode($arr);
function institution_submit(Pieform $form, $values)
{
global $SESSION, $institution, $add, $instancearray, $USER, $authinstances, $customthemedefaults;
db_begin();
// Update the basic institution record...
if ($add) {
$newinstitution = new Institution();
$newinstitution->initialise($values['name'], $values['displayname']);
$institution = $newinstitution->name;
} else {
$newinstitution = new Institution($institution);
$newinstitution->displayname = $values['displayname'];
$oldinstitution = get_record('institution', 'name', $institution);
// Clear out any cached menus for this institution
clear_menu_cache($institution);
}
$newinstitution->showonlineusers = !isset($values['showonlineusers']) ? 2 : $values['showonlineusers'];
if (get_config('usersuniquebyusername')) {
// Registering absolutely not allowed when this setting is on, it's a
// security risk. See the documentation for the usersuniquebyusername
// setting for more information
$newinstitution->registerallowed = 0;
} else {
$newinstitution->registerallowed = $values['registerallowed'] ? 1 : 0;
$newinstitution->registerconfirm = $values['registerconfirm'] ? 1 : 0;
}
if (!empty($values['lang'])) {
if ($values['lang'] == 'sitedefault') {
$newinstitution->lang = null;
} else {
$newinstitution->lang = $values['lang'];
}
}
$newinstitution->theme = empty($values['theme']) || $values['theme'] == 'sitedefault' ? null : $values['theme'];
$newinstitution->dropdownmenu = !empty($values['dropdownmenu']) ? 1 : 0;
$newinstitution->skins = !empty($values['skins']) ? 1 : 0;
require_once get_config('docroot') . 'artefact/comment/lib.php';
$commentoptions = ArtefactTypeComment::get_comment_options();
$newinstitution->commentsortorder = empty($values['commentsortorder']) ? $commentoptions->sort : $values['commentsortorder'];
$newinstitution->commentthreaded = !empty($values['commentthreaded']) ? 1 : 0;
if ($newinstitution->theme == 'custom') {
if (!empty($oldinstitution->style)) {
$styleid = $oldinstitution->style;
delete_records('style_property', 'style', $styleid);
} else {
$record = (object) array('title' => get_string('customstylesforinstitution', 'admin', $newinstitution->displayname));
$styleid = insert_record('style', $record, 'id', true);
}
$properties = array();
$record = (object) array('style' => $styleid);
foreach (array_keys($customthemedefaults) as $name) {
$record->field = $name;
$record->value = $values[$name];
insert_record('style_property', $record);
$properties[$name] = $values[$name];
}
// Cache the css
$smarty = smarty_core();
$smarty->assign('data', $properties);
set_field('style', 'css', $smarty->fetch('customcss.tpl'), 'id', $styleid);
$newinstitution->style = $styleid;
} else {
$newinstitution->style = null;
}
if (get_config('licensemetadata')) {
$newinstitution->licensemandatory = !empty($values['licensemandatory']) ? 1 : 0;
$newinstitution->licensedefault = isset($values['licensedefault']) ? $values['licensedefault'] : '';
}
if (!empty($values['resetcustom']) && !empty($oldinstitution->style)) {
$newinstitution->style = null;
}
if ($USER->get('admin') || get_config_plugin('artefact', 'file', 'institutionaloverride')) {
if (!empty($values['updateuserquotas']) && !empty($values['defaultquota'])) {
execute_sql("UPDATE {usr} SET quota = ? WHERE id IN (SELECT usr FROM {usr_institution} WHERE institution = ?)", array($values['defaultquota'], $institution));
// get all the users from the institution and make sure that they are still below
// their quota threshold
if ($users = get_records_sql_array('SELECT * FROM {usr} u LEFT JOIN {usr_institution} ui ON u.id = ui.usr AND ui.institution = ?', array($institution))) {
$quotanotifylimit = get_config_plugin('artefact', 'file', 'quotanotifylimit');
if ($quotanotifylimit <= 0 || $quotanotifylimit >= 100) {
$quotanotifylimit = 100;
}
foreach ($users as $user) {
$user->quota = $values['defaultquota'];
// check if the user has gone over the quota notify limit
$user->quotausedpercent = $user->quotaused / $user->quota * 100;
$overlimit = false;
if ($quotanotifylimit <= $user->quotausedpercent) {
$overlimit = true;
}
$notified = get_field('usr_account_preference', 'value', 'field', 'quota_exceeded_notified', 'usr', $user->id);
if ($overlimit && '1' !== $notified) {
require_once get_config('docroot') . 'artefact/file/lib.php';
ArtefactTypeFile::notify_users_threshold_exceeded(array($user), false);
// no need to email admin as we can alert them right now
$SESSION->add_error_msg(get_string('useroverquotathreshold', 'artefact.file', display_name($user)));
} else {
if ($notified && !$overlimit) {
set_account_preference($user->id, 'quota_exceeded_notified', false);
}
}
}
}
}
$newinstitution->defaultquota = empty($values['defaultquota']) ? get_config_plugin('artefact', 'file', 'defaultquota') : $values['defaultquota'];
}
if ($institution != 'mahara') {
$newinstitution->defaultmembershipperiod = $values['defaultmembershipperiod'] ? intval($values['defaultmembershipperiod']) : null;
if ($USER->get('admin')) {
$newinstitution->maxuseraccounts = $values['maxuseraccounts'] ? intval($values['maxuseraccounts']) : null;
$newinstitution->expiry = db_format_timestamp($values['expiry']);
}
}
$newinstitution->allowinstitutionpublicviews = isset($values['allowinstitutionpublicviews']) && $values['allowinstitutionpublicviews'] ? 1 : 0;
// TODO: Move handling of authentication instances within the Institution class as well?
if (!empty($values['authplugin'])) {
$allinstances = array_merge($values['authplugin']['instancearray'], $values['authplugin']['deletearray']);
if (array_diff($allinstances, $instancearray)) {
throw new ConfigException('Attempt to delete or update another institution\'s auth instance');
}
if (array_diff($instancearray, $allinstances)) {
throw new ConfigException('One of your instances is unaccounted for in this transaction');
}
foreach ($values['authplugin']['instancearray'] as $priority => $instanceid) {
if (in_array($instanceid, $values['authplugin']['deletearray'])) {
// Should never happen:
throw new SystemException('Attempt to update AND delete an auth instance');
}
$record = new StdClass();
$record->priority = $priority;
$record->id = $instanceid;
update_record('auth_instance', $record, array('id' => $instanceid));
}
foreach ($values['authplugin']['deletearray'] as $instanceid) {
// If this authinstance is the only xmlrpc authinstance that references a host, delete the host record.
$hostwwwroot = null;
foreach ($authinstances as $ai) {
if ($ai->id == $instanceid && $ai->authname == 'xmlrpc') {
$hostwwwroot = get_field_sql("SELECT \"value\" FROM {auth_instance_config} WHERE \"instance\" = ? AND field = 'wwwroot'", array($instanceid));
if ($hostwwwroot && count_records_select('auth_instance_config', "field = 'wwwroot' AND \"value\" = ?", array($hostwwwroot)) == 1) {
// Unfortunately, it's possible that this host record could belong to a different institution,
// so specify the institution here.
delete_records('host', 'wwwroot', $hostwwwroot, 'institution', $institution);
// We really need to fix this, either by removing the institution from the host table, or refusing to allow the
// institution to be changed in the host record when another institution's authinstance is still pointing at it.
}
break;
}
}
delete_records('auth_remote_user', 'authinstance', $instanceid);
delete_records('auth_instance_config', 'instance', $instanceid);
delete_records('auth_instance', 'id', $instanceid);
// Make it no longer be the parent authority to any auth instances
delete_records('auth_instance_config', 'field', 'parent', 'value', $instanceid);
}
}
// Store plugin settings.
plugin_institution_prefs_submit($form, $values, $newinstitution);
// Save the changes to the DB
$newinstitution->commit();
if ($add) {
// Automatically create an internal authentication authinstance
$authinstance = (object) array('instancename' => 'internal', 'priority' => 0, 'institution' => $newinstitution->name, 'authname' => 'internal');
insert_record('auth_instance', $authinstance);
// We need to add the default lines to the site_content table for this institution
// We also need to set the institution to be using default static pages to begin with
// so that using custom institution pages is an opt-in situation
$pages = site_content_pages();
$now = db_format_timestamp(time());
foreach ($pages as $name) {
$page = new stdClass();
$page->name = $name;
$page->ctime = $now;
$page->mtime = $now;
$page->content = get_string($page->name . 'defaultcontent', 'install', get_string('staticpageconfiginstitution', 'install'));
$page->institution = $newinstitution->name;
insert_record('site_content', $page);
$institutionconfig = new stdClass();
$institutionconfig->institution = $newinstitution->name;
$institutionconfig->field = 'sitepages_' . $name;
$institutionconfig->value = 'mahara';
insert_record('institution_config', $institutionconfig);
}
}
if (is_null($newinstitution->style) && !empty($oldinstitution->style)) {
delete_records('style_property', 'style', $oldinstitution->style);
delete_records('style', 'id', $oldinstitution->style);
}
// Set the logo after updating the institution, because the institution
// needs to exist before it can own the logo artefact.
if (!empty($values['logo'])) {
safe_require('artefact', 'file');
// Entry in artefact table
$data = (object) array('institution' => $institution, 'title' => 'logo', 'description' => 'Institution logo', 'note' => $values['logo']['name'], 'size' => $values['logo']['size']);
$imageinfo = getimagesize($values['logo']['tmp_name']);
$data->width = $imageinfo[0];
$data->height = $imageinfo[1];
$data->filetype = $imageinfo['mime'];
$artefact = new ArtefactTypeProfileIcon(0, $data);
if (preg_match("/\\.([^\\.]+)\$/", $values['logo']['name'], $saved)) {
$artefact->set('oldextension', $saved[1]);
}
$artefact->commit();
$id = $artefact->get('id');
// Move the file into the correct place.
$directory = get_config('dataroot') . 'artefact/file/profileicons/originals/' . $id % 256 . '/';
check_dir_exists($directory);
move_uploaded_file($values['logo']['tmp_name'], $directory . $id);
// Delete the old logo
if (!empty($oldinstitution->logo)) {
$oldlogo = new ArtefactTypeProfileIcon($oldinstitution->logo);
$oldlogo->delete();
}
set_field('institution', 'logo', $id, 'name', $institution);
}
if (!empty($values['deletelogo'])) {
execute_sql("UPDATE {institution} SET logo = NULL WHERE name = ?", array($institution));
}
delete_records('institution_locked_profile_field', 'name', $institution);
foreach (ArtefactTypeProfile::get_all_fields() as $field => $type) {
if ($values[$field]) {
$profilefield = new StdClass();
$profilefield->name = $institution;
$profilefield->profilefield = $field;
insert_record('institution_locked_profile_field', $profilefield);
}
}
db_commit();
if ($add) {
if (!$newinstitution->registerallowed) {
// If registration is not allowed, then an authinstance will not
// have been created, and thus cause the institution page to add
// its own error message on the next page load
$SESSION->add_ok_msg(get_string('institutionaddedsuccessfully2', 'admin'));
}
$nexturl = '/admin/users/institutions.php?i=' . urlencode($institution);
} else {
$message = get_string('institutionupdatedsuccessfully', 'admin');
if (isset($values['theme'])) {
$changedtheme = $oldinstitution->theme != $values['theme'] && (!empty($oldinstitution->theme) || $values['theme'] != 'sitedefault');
if ($changedtheme || $values['theme'] == 'custom') {
$message .= ' ' . get_string('usersseenewthemeonlogin', 'admin');
}
$USER->reset_institutions();
}
$SESSION->add_ok_msg($message);
$nexturl = '/admin/users/institutions.php';
}
redirect($nexturl);
}
function create_registered_user($profilefields = array())
{
global $registration, $SESSION, $USER;
require_once get_config('libroot') . 'user.php';
db_begin();
// Move the user record to the usr table from the registration table
$registrationid = $registration->id;
unset($registration->id);
unset($registration->expiry);
if ($expirytime = get_config('defaultaccountlifetime')) {
$registration->expiry = db_format_timestamp(time() + $expirytime);
}
$registration->lastlogin = db_format_timestamp(time());
$authinstance = get_record('auth_instance', 'institution', $registration->institution, 'authname', 'internal');
if (false == $authinstance) {
// TODO: Specify exception
throw new Exception('No internal auth instance for institution');
}
$user = new User();
$user->username = $registration->username;
$user->password = $registration->password;
$user->salt = $registration->salt;
$user->passwordchange = 0;
$user->active = 1;
$user->authinstance = $authinstance->id;
$user->firstname = $registration->firstname;
$user->lastname = $registration->lastname;
$user->email = $registration->email;
create_user($user, $profilefields);
$user->add_institution_request($registration->institution);
if (!empty($registration->lang) && $registration->lang != 'default') {
set_account_preference($user->id, 'lang', $registration->lang);
}
// Delete the old registration record
delete_records('usr_registration', 'id', $registrationid);
db_commit();
// Log the user in and send them to the homepage
$USER = new LiveUser();
$USER->reanimate($user->id, $authinstance->id);
// A special greeting for special people
if (in_array($user->username, array('waawaamilk', 'Mjollnir`', 'Ned', 'richardm', 'fmarier'))) {
$SESSION->add_ok_msg('MAMA!!! Maharababy happy to see you :D :D!');
} else {
if ($user->username == 'htaccess') {
$SESSION->add_ok_msg('Welcome B-Quack, htaccess!');
} else {
$SESSION->add_ok_msg(get_string('registrationcomplete', 'mahara', get_config('sitename')));
}
}
redirect();
}
/**
* Deletes the default blog that is created for all users
*/
public static function cleanup(PluginImportLeap $importer)
{
if (self::$importedablog && self::$firstblogid) {
$blog = artefact_instance_from_id(self::$firstblogid);
if (!$blog->has_children()) {
// TODO see #544160
$blog->delete();
}
}
$userid = $importer->get('usr');
if (count_records('artefact', 'artefacttype', 'blog', 'owner', $userid) != 1) {
set_account_preference($userid, 'multipleblogs', 1);
}
}
function create_registered_user($profilefields = array())
{
global $registration, $SESSION, $USER;
require_once get_config('libroot') . 'user.php';
db_begin();
// Move the user record to the usr table from the registration table
$registrationid = $registration->id;
unset($registration->id);
unset($registration->expiry);
if ($expirytime = get_config('defaultaccountlifetime')) {
$registration->expiry = db_format_timestamp(time() + $expirytime);
}
$registration->lastlogin = db_format_timestamp(time());
$authinstance = get_record('auth_instance', 'institution', $registration->institution, 'authname', 'internal');
if (false == $authinstance) {
throw new ConfigException('No internal auth instance for institution');
}
$user = new User();
$user->active = 1;
$user->authinstance = $authinstance->id;
$user->firstname = $registration->firstname;
$user->lastname = $registration->lastname;
$user->email = $registration->email;
$user->username = get_new_username($user->firstname . $user->lastname);
$user->passwordchange = 1;
$user->salt = substr(md5(rand(1000000, 9999999)), 2, 8);
create_user($user, $profilefields);
// If the institution is 'mahara' then don't do anything
if ($registration->institution != 'mahara') {
$institutions = get_records_select_array('institution', "name != 'mahara'");
// If there is only one available, join it without requiring approval
if (count($institutions) == 1) {
$user->join_institution($registration->institution);
} else {
$user->add_institution_request($registration->institution);
}
}
if (!empty($registration->lang) && $registration->lang != 'default') {
set_account_preference($user->id, 'lang', $registration->lang);
}
// Delete the old registration record
delete_records('usr_registration', 'id', $registrationid);
db_commit();
// Log the user in and send them to the homepage
$USER = new LiveUser();
$USER->reanimate($user->id, $authinstance->id);
// A special greeting for special people
if (in_array($user->username, array('waawaamilk', 'Mjollnir`', 'Ned', 'richardm', 'fmarier', 'naveg'))) {
$SESSION->add_ok_msg('MAMA!!! Maharababy happy to see you :D :D!');
} else {
if ($user->username == 'htaccess') {
$SESSION->add_ok_msg('Welcome B-Quack, htaccess!');
} else {
$SESSION->add_ok_msg(get_string('registrationcomplete', 'mahara', get_config('sitename')));
}
}
$SESSION->set('resetusername', true);
redirect();
}