/** * The CSV file is parsed here so validation errors can be returned to the * user. The data from a successful parsing is stored in the <var>$CVSDATA</var> * array so it can be accessed by the submit function * * @param Pieform $form The form to validate * @param array $values The values submitted */ function uploadcsv_validate(Pieform $form, $values) { global $CSVDATA, $ALLOWEDKEYS, $FORMAT, $USER, $CSVERRORS; // Don't even start attempting to parse if there are previous errors if ($form->has_errors()) { return; } if ($values['file']['size'] == 0) { $form->set_error('file', $form->i18n('rule', 'required', 'required', array())); return; } require_once 'csvfile.php'; $authinstance = (int) $values['authinstance']; $institution = get_field('auth_instance', 'institution', 'id', $authinstance); if (!$USER->can_edit_institution($institution)) { $form->set_error('authinstance', get_string('notadminforinstitution', 'admin')); return; } $usernames = array(); $emails = array(); $csvusers = new CsvFile($values['file']['tmp_name']); $csvusers->set('allowedkeys', $ALLOWEDKEYS); // Now we know all of the field names are valid, we need to make // sure that the required fields are included $mandatoryfields = array('username', 'password'); $mandatoryfields = array_merge($mandatoryfields, array_keys(ArtefactTypeProfile::get_mandatory_fields())); if ($lockedprofilefields = get_column('institution_locked_profile_field', 'profilefield', 'name', $institution)) { $mandatoryfields = array_merge($mandatoryfields, $lockedprofilefields); } $csvusers->set('mandatoryfields', $mandatoryfields); $csvdata = $csvusers->get_data(); if (!empty($csvdata->errors['file'])) { $form->set_error('file', $csvdata->errors['file']); return; } foreach ($csvdata->data as $key => $line) { // If headers exists, increment i = key + 2 for actual line number $i = $csvusers->get('headerExists') ? $key + 2 : $key + 1; // Trim non-breaking spaces -- they get left in place by File_CSV foreach ($line as &$field) { $field = preg_replace('/^(\\s|\\xc2\\xa0)*(.*?)(\\s|\\xc2\\xa0)*$/', '$2', $field); } // We have a line with the correct number of fields, but should validate these fields // Note: This validation should really be methods on each profile class, that way // it can be used in the profile screen as well. $formatkeylookup = array_flip($csvdata->format); $username = $line[$formatkeylookup['username']]; $password = $line[$formatkeylookup['password']]; $email = $line[$formatkeylookup['email']]; $authobj = AuthFactory::create($authinstance); if (method_exists($authobj, 'is_username_valid') && !$authobj->is_username_valid($username)) { $CSVERRORS[] = get_string('uploadcsverrorinvalidusername', 'admin', $i); } if (record_exists_select('usr', 'LOWER(username) = ?', strtolower($username)) || isset($usernames[strtolower($username)])) { $CSVERRORS[] = get_string('uploadcsverroruseralreadyexists', 'admin', $i, $username); } if (record_exists('usr', 'email', $email) || record_exists('artefact_internal_profile_email', 'email', $email) || isset($emails[$email])) { $CSVERRORS[] = get_string('uploadcsverroremailaddresstaken', 'admin', $i, $email); } // Note: only checks for valid form are done here, none of the checks // like whether the password is too easy. The user is going to have to // change their password on first login anyway. if (method_exists($authobj, 'is_password_valid') && !$authobj->is_password_valid($password)) { $CSVERRORS[] = get_string('uploadcsverrorinvalidpassword', 'admin', $i); } $usernames[strtolower($username)] = 1; $emails[$email] = 1; } if (!empty($CSVERRORS)) { $form->set_error('file', implode("<br />\n", $CSVERRORS)); return; } $FORMAT = $csvdata->format; $CSVDATA = $csvdata->data; }
public function render_profile_element() { $data = self::get_social_profiles(); // Build pagination for 'socialprofile' artefacts table $baseurl = get_config('wwwroot') . 'artefact/internal/index.php' . '?' . http_build_query(array('fs' => 'social')); $count = count($data); $limit = 500; $offset = 0; $pagination = build_pagination(array('id' => 'socialprofiles_pagination', 'url' => $baseurl, 'datatable' => 'socialprofilelist', 'count' => $count, 'limit' => $limit, 'offset' => $offset)); // User may delete social profile if: // - there is more than 1 social profile and 'socialprofile' is a mandatory field. // - 'socialprofile' is not mandatory. $candelete = true; $mandatory_fields = ArtefactTypeProfile::get_mandatory_fields(); if (isset($mandatory_fields['socialprofile']) && count($data) <= 1) { $candelete = false; } $smarty = smarty_core(); $smarty->assign('controls', true); $smarty->assign('rows', $data); $smarty->assign('candelete', $candelete); $smarty->assign('pagination', $pagination); return array('type' => 'html', 'value' => $smarty->fetch('artefact:internal:socialprofiles.tpl')); }
/** * Checks that all the required fields are set, and handles setting them if required. * * Checks whether the current user needs to change their password, and handles * the password changing if it's required. */ function auth_check_required_fields() { global $USER, $SESSION; if (defined('NOCHECKREQUIREDFIELDS')) { return; } $changepassword = true; $elements = array(); if (!$USER->get('passwordchange') || $USER->get('parentuser') && $USER->get('loginanyway') || defined('NOCHECKPASSWORDCHANGE')) { $changepassword = false; } // Check if the user wants to log in anyway if ($USER->get('passwordchange') && $USER->get('parentuser') && isset($_GET['loginanyway'])) { $USER->loginanyway = true; $changepassword = false; } // Do not force password change on JSON request. if (defined('JSON') && JSON == true) { $changepassword = false; } if ($changepassword) { $authobj = AuthFactory::create($USER->authinstance); if ($authobj->changepasswordurl) { redirect($authobj->changepasswordurl); exit; } if (method_exists($authobj, 'change_password')) { if ($SESSION->get('resetusername')) { $elements['username'] = array('type' => 'text', 'defaultvalue' => $USER->get('username'), 'title' => get_string('changeusername', 'account'), 'description' => get_string('changeusernamedesc', 'account', hsc(get_config('sitename')))); } $elements['password1'] = array('type' => 'password', 'title' => get_string('newpassword') . ':', 'description' => get_string('yournewpassword'), 'rules' => array('required' => true)); $elements['password2'] = array('type' => 'password', 'title' => get_string('confirmpassword') . ':', 'description' => get_string('yournewpasswordagain'), 'rules' => array('required' => true)); $elements['country'] = array('type' => 'select', 'title' => "Country", 'options' => array("ca" => "Canada", "us" => "United States"), 'defaultvalue' => "us", 'description' => "Country", 'rules' => array('required' => true)); $elements['state'] = array('type' => 'select', 'title' => "State", 'options' => array('AL' => "Alabama", 'AK' => "Alaska", 'AZ' => "Arizona", 'AR' => "Arkansas", 'CA' => "California", 'CO' => "Colorado", 'CT' => "Connecticut", 'DE' => "Delaware", 'DC' => "District of Columbia", 'FL' => "Florida", 'GA' => "Georgia", 'HI' => "Hawaii", 'ID' => "Idaho", 'IL' => "Illinois", 'IN' => "Indiana", 'IA' => "Iowa", 'KS' => "Kansas", 'KY' => "Kentucky", 'LA' => "Louisiana", 'ME' => "Maine", 'MD' => "Maryland", 'MA' => "Massachusetts", 'MI' => "Michigan", 'MN' => "Minnesota", 'MS' => "Mississippi", 'MO' => "Missouri", 'MT' => "Montana", 'NE' => "Nebraska", 'NV' => "Nevada", 'NH' => "New Hampshire", 'NJ' => "New Jersey", 'NM' => "New Mexico", 'NY' => "New York", 'NC' => "North Carolina", 'ND' => "North Dakota", 'OH' => "Ohio", 'OK' => "Oklahoma", 'OR' => "Oregon", 'PA' => "Pennsylvania", 'RI' => "Rhode Island", 'SC' => "South Carolina", 'SD' => "South Dakota", 'TN' => "Tennessee", 'TX' => "Texas", 'UT' => "Utah", 'VT' => "Vermont", 'VA' => "Virginia", 'WA' => "Washington", 'WV' => "West Virginia", 'WI' => "Wisconsin", 'WY' => "Wyoming", 'AB' => "Alberta", 'BC' => "British Columbia", 'MB' => "Manitoba", 'NB' => "New Brunswick", 'NL' => "Newfoundland and Labrador", 'NT' => "Northwest Territories", 'NS' => "Nova Scotia", 'NU' => "Nunavut", 'ON' => "Ontario", 'PE' => "Prince Edward Island", 'QC' => "Quebec", 'SK' => "Saskatchewan", 'YT' => "Yukon"), 'description' => "State", 'rules' => array('required' => true)); $elements['email'] = array('type' => 'text', 'title' => get_string('principalemailaddress', 'artefact.internal'), 'ignore' => trim($USER->get('email')) != '' && !preg_match('/@example\\.org$/', $USER->get('email')), 'rules' => array('required' => true, 'email' => true)); } } else { if (defined('JSON')) { // Don't need to check this for json requests return; } } safe_require('artefact', 'internal'); require_once 'pieforms/pieform.php'; $alwaysmandatoryfields = array_keys(ArtefactTypeProfile::get_always_mandatory_fields()); foreach (ArtefactTypeProfile::get_mandatory_fields() as $field => $type) { // Always mandatory fields are stored in the usr table, so are part of // the user session object. We can save a query by grabbing them from // the session. if (in_array($field, $alwaysmandatoryfields) && $USER->get($field) != null) { continue; } // Not cached? Get value the standard way. if (get_profile_field($USER->get('id'), $field) != null) { continue; } if ($field == 'email') { if (isset($elements['email'])) { continue; } // Use a text field for their first e-mail address, not the // emaillist element $type = 'text'; } $elements[$field] = array('type' => $type, 'title' => get_string($field, 'artefact.internal'), 'rules' => array('required' => true)); if ($field == 'socialprofile') { $elements[$field] = ArtefactTypeSocialprofile::get_new_profile_elements(); // add an element to flag that socialprofile is in the list of fields. $elements['socialprofile_hidden'] = array('type' => 'hidden', 'value' => 1); } // @todo ruthlessly stolen from artefact/internal/index.php, could be merged if ($type == 'wysiwyg') { $elements[$field]['rows'] = 10; $elements[$field]['cols'] = 60; } if ($type == 'textarea') { $elements[$field]['rows'] = 4; $elements[$field]['cols'] = 60; } if ($field == 'country') { $elements[$field]['options'] = getoptions_country(); $elements[$field]['defaultvalue'] = get_config('country'); } if ($field == 'email') { // Check if a validation email has been sent if (record_exists('artefact_internal_profile_email', 'owner', $USER->get('id'))) { $elements['email']['type'] = 'html'; $elements['email']['value'] = get_string('validationprimaryemailsent', 'auth'); $elements['email']['disabled'] = true; $elements['email']['rules'] = array('required' => false); } else { $elements[$field]['rules']['email'] = true; $elements[$field]['description'] = get_string('primaryemaildescription', 'auth'); } } } if (empty($elements)) { // No mandatory fields that aren't set return; } if (count($elements) == 1 && isset($elements['email']) && $elements['email']['type'] == 'html') { // Display a message if there is only 1 required field and this field is email whose validation has been sent $elements['submit'] = array('type' => 'submit', 'value' => get_string('continue', 'admin')); $form = pieform(array('name' => 'requiredfields', 'method' => 'post', 'action' => get_config('wwwroot') . '?logout', 'elements' => $elements)); } else { $elements['submit'] = array('type' => 'submit', 'value' => get_string('submit')); $form = pieform(array('name' => 'requiredfields', 'method' => 'post', 'action' => '', 'elements' => $elements)); } $smarty = smarty(); if ($USER->get('parentuser')) { $smarty->assign('loginasoverridepasswordchange', get_string('loginasoverridepasswordchange', 'admin', '<a class="btn" href="' . get_config('wwwroot') . '?loginanyway">', '</a>')); } $smarty->assign('changepassword', $changepassword); $smarty->assign('changeusername', $SESSION->get('resetusername')); $smarty->assign('form', $form); $smarty->display('requiredfields.tpl'); exit; }
* @copyright For copyright information on Mahara, please see the README file distributed with this software. * */ define('INTERNAL', 1); define('MENUITEM', 'content/profile'); define('SECTION_PLUGINTYPE', 'artefact'); define('SECTION_PLUGINNAME', 'internal'); define('SECTION_PAGE', 'index'); require dirname(dirname(dirname(__FILE__))) . '/init.php'; define('TITLE', get_string('profile', 'artefact.internal')); require_once 'pieforms/pieform.php'; safe_require('artefact', 'internal'); $fieldset = param_alpha('fs', 'aboutme'); $element_list = ArtefactTypeProfile::get_all_fields(); $element_data = ArtefactTypeProfile::get_field_element_data(); $element_required = ArtefactTypeProfile::get_mandatory_fields(); // load existing profile fields $profilefields = array(); $profile_data = get_records_select_array('artefact', "owner=? AND artefacttype IN (" . join(",", array_map(create_function('$a', 'return db_quote($a);'), array_keys($element_list))) . ")", array($USER->get('id'))); if ($profile_data) { foreach ($profile_data as $field) { $profilefields[$field->artefacttype] = $field->title; } } $lockedfields = locked_profile_fields(); $profilefields['email'] = array(); $profilefields['email']['all'] = get_records_array('artefact_internal_profile_email', 'owner', $USER->get('id')); $profilefields['email']['validated'] = array(); $profilefields['email']['unvalidated'] = array(); $profilefields['email']['unsent'] = array(); if ($profilefields['email']['all']) {
/** * Checks that all the required fields are set, and handles setting them if required. * * Checks whether the current user needs to change their password, and handles * the password changing if it's required. */ function auth_check_required_fields() { global $USER, $SESSION; if (defined('NOCHECKREQUIREDFIELDS')) { return; } $changepassword = true; $elements = array(); if (!$USER->get('passwordchange') || $USER->get('parentuser') && $USER->get('loginanyway') || defined('NOCHECKPASSWORDCHANGE')) { $changepassword = false; } // Check if the user wants to log in anyway if ($USER->get('passwordchange') && $USER->get('parentuser') && isset($_GET['loginanyway'])) { $USER->loginanyway = true; $changepassword = false; } // Do not force password change on JSON request. if (defined('JSON') && JSON == true) { $changepassword = false; } if ($changepassword) { $authobj = AuthFactory::create($USER->authinstance); if ($authobj->changepasswordurl) { redirect($authobj->changepasswordurl); exit; } if (method_exists($authobj, 'change_password')) { if ($SESSION->get('resetusername')) { $elements['username'] = array('type' => 'text', 'defaultvalue' => $USER->get('username'), 'title' => get_string('changeusername', 'account'), 'description' => get_string('changeusernamedesc', 'account', hsc(get_config('sitename')))); } $elements['password1'] = array('type' => 'password', 'title' => get_string('newpassword') . ':', 'description' => get_string('yournewpassword'), 'rules' => array('required' => true)); $elements['password2'] = array('type' => 'password', 'title' => get_string('confirmpassword') . ':', 'description' => get_string('yournewpasswordagain'), 'rules' => array('required' => true)); $elements['email'] = array('type' => 'text', 'title' => get_string('principalemailaddress', 'artefact.internal'), 'ignore' => trim($USER->get('email')) != '' && !preg_match('/@example\\.org$/', $USER->get('email')), 'rules' => array('required' => true, 'email' => true)); } } else { if (defined('JSON')) { // Don't need to check this for json requests return; } } safe_require('artefact', 'internal'); require_once 'pieforms/pieform.php'; $alwaysmandatoryfields = array_keys(ArtefactTypeProfile::get_always_mandatory_fields()); foreach (ArtefactTypeProfile::get_mandatory_fields() as $field => $type) { // Always mandatory fields are stored in the usr table, so are part of // the user session object. We can save a query by grabbing them from // the session. if (in_array($field, $alwaysmandatoryfields) && $USER->get($field) != null) { continue; } // Not cached? Get value the standard way. if (get_profile_field($USER->get('id'), $field) != null) { continue; } if ($field == 'email') { if (isset($elements['email'])) { continue; } // Use a text field for their first e-mail address, not the // emaillist element $type = 'text'; } $elements[$field] = array('type' => $type, 'title' => get_string($field, 'artefact.internal'), 'rules' => array('required' => true)); if ($field == 'socialprofile') { $elements[$field] = ArtefactTypeSocialprofile::get_new_profile_elements(); // add an element to flag that socialprofile is in the list of fields. $elements['socialprofile_hidden'] = array('type' => 'hidden', 'value' => 1); } // @todo ruthlessly stolen from artefact/internal/index.php, could be merged if ($type == 'wysiwyg') { $elements[$field]['rows'] = 10; $elements[$field]['cols'] = 60; } if ($type == 'textarea') { $elements[$field]['rows'] = 4; $elements[$field]['cols'] = 60; } if ($field == 'country') { $elements[$field]['options'] = getoptions_country(); $elements[$field]['defaultvalue'] = get_config('country'); } if ($field == 'email') { // Check if a validation email has been sent if (record_exists('artefact_internal_profile_email', 'owner', $USER->get('id'))) { $elements['email']['type'] = 'html'; $elements['email']['value'] = get_string('validationprimaryemailsent', 'auth'); $elements['email']['disabled'] = true; $elements['email']['rules'] = array('required' => false); } else { $elements[$field]['rules']['email'] = true; $elements[$field]['description'] = get_string('primaryemaildescription', 'auth'); } } } if (empty($elements)) { // No mandatory fields that aren't set return; } if (count($elements) == 1 && isset($elements['email']) && $elements['email']['type'] == 'html') { // Display a message if there is only 1 required field and this field is email whose validation has been sent $elements['submit'] = array('type' => 'submit', 'value' => get_string('continue', 'admin')); $form = pieform(array('name' => 'requiredfields', 'method' => 'post', 'action' => get_config('wwwroot') . '?logout', 'elements' => $elements)); } else { $elements['submit'] = array('type' => 'submit', 'class' => 'btn-success', 'value' => get_string('submit')); $form = pieform(array('name' => 'requiredfields', 'method' => 'post', 'action' => '', 'elements' => $elements, 'dieaftersubmit' => FALSE, 'backoutaftersubmit' => TRUE)); } // Has the form been successfully submitted? Back out and let the requested URL continue. if ($form === FALSE) { return; } $smarty = smarty(); if ($USER->get('parentuser')) { $smarty->assign('loginasoverridepasswordchange', get_string('loginasoverridepasswordchange', 'admin', '<a class="" href="' . get_config('wwwroot') . '?loginanyway">', '</a>')); } $smarty->assign('changepassword', $changepassword); $smarty->assign('changeusername', $SESSION->get('resetusername')); $smarty->assign('form', $form); $smarty->display('requiredfields.tpl'); exit; }
define('SECTION_PAGE', 'social'); define('INTERNAL_SUBPAGE', 'social'); require_once dirname(dirname(dirname(__FILE__))) . '/init.php'; define('TITLE', get_string('profile', 'artefact.internal')); require_once 'pieforms/pieform.php'; safe_require('artefact', 'internal'); if (!get_record('blocktype_installed', 'active', 1, 'name', 'socialprofile')) { // This block type is not installed. The user is not allowed in this form. throw new AccessDeniedException(get_string('accessdenied', 'error')); } $id = param_integer('id', 0); $delete = param_integer('delete', 0); if ($delete) { // Check if social profile is a mandatory system field // and if this is the last field, they can't delete it. $mandatory_fields = ArtefactTypeProfile::get_mandatory_fields(); if (isset($mandatory_fields['socialprofile'])) { $social_profiles = ArtefactTypeSocialprofile::get_social_profiles(); if (count($social_profiles) <= 1) { // they can't delete. $SESSION->add_error_msg(get_string('socialprofilerequired', 'artefact.internal')); redirect('/artefact/internal/index.php?fs=social'); } } $todelete = new ArtefactTypeSocialprofile($id); if (!$USER->can_edit_artefact($todelete)) { throw new AccessDeniedException(get_string('accessdenied', 'error')); } $deleteform = array('name' => 'deleteprofileform', 'plugintype' => 'artefact', 'pluginname' => 'internal', 'renderer' => 'div', 'elements' => array('submit' => array('type' => 'submitcancel', 'class' => 'btn-default', 'value' => array(get_string('deleteprofile', 'artefact.internal'), get_string('cancel')), 'goto' => get_config('wwwroot') . '/artefact/internal/index.php?fs=social'))); $form = pieform($deleteform); $message = get_string('deleteprofileconfirm', 'artefact.internal');
/** * The CSV file is parsed here so validation errors can be returned to the * user. The data from a successful parsing is stored in the <var>$CVSDATA</var> * array so it can be accessed by the submit function * * @param Pieform $form The form to validate * @param array $values The values submitted */ function uploadcsv_validate(Pieform $form, $values) { global $CSVDATA, $ALLOWEDKEYS, $FORMAT, $USER, $INSTITUTIONNAME, $UPDATES; // Don't even start attempting to parse if there are previous errors if ($form->has_errors()) { return; } if ($values['file']['size'] == 0) { $form->set_error('file', $form->i18n('rule', 'required', 'required', array())); return; } if ($USER->get('admin') || get_config_plugin('artefact', 'file', 'institutionaloverride')) { $maxquotaenabled = get_config_plugin('artefact', 'file', 'maxquotaenabled'); $maxquota = get_config_plugin('artefact', 'file', 'maxquota'); if ($maxquotaenabled && $values['quota'] > $maxquota) { $form->set_error('quota', get_string('maxquotaexceededform', 'artefact.file', display_size($maxquota))); } } require_once 'csvfile.php'; $authinstance = (int) $values['authinstance']; $institution = get_field('auth_instance', 'institution', 'id', $authinstance); if (!$USER->can_edit_institution($institution)) { $form->set_error('authinstance', get_string('notadminforinstitution', 'admin')); return; } //OVERWRITE 2: add $authname = get_field('auth_instance', 'authname', 'id', $authinstance); if ($authname != 'internal') { $form->set_error('authinstance', get_string('notadminforinstitution', 'admin')); return; } //END OVERWRITE 2 $authobj = AuthFactory::create($authinstance); $csvusers = new CsvFile($values['file']['tmp_name']); $csvusers->set('allowedkeys', $ALLOWEDKEYS); // Now we know all of the field names are valid, we need to make // sure that the required fields are included $mandatoryfields = array('username'); if (!$values['updateusers']) { $mandatoryfields[] = 'password'; } $mandatoryfields = array_merge($mandatoryfields, array_keys(ArtefactTypeProfile::get_mandatory_fields())); if ($lockedprofilefields = get_column('institution_locked_profile_field', 'profilefield', 'name', $institution)) { $mandatoryfields = array_merge($mandatoryfields, $lockedprofilefields); } $csvusers->set('mandatoryfields', $mandatoryfields); $csvdata = $csvusers->get_data(); if (!empty($csvdata->errors['file'])) { $form->set_error('file', $csvdata->errors['file']); return; } $csverrors = new CSVErrors(); $formatkeylookup = array_flip($csvdata->format); // First pass validates usernames & passwords in the file, and builds // up a list indexed by username. $emails = array(); if (isset($formatkeylookup['remoteuser'])) { $remoteusers = array(); } $maxcsvlines = get_config('maxusercsvlines'); if ($maxcsvlines && $maxcsvlines < count($csvdata->data)) { $form->set_error('file', get_string('uploadcsverrortoomanyusers', 'admin', get_string('nusers', 'mahara', $maxcsvlines))); return; } foreach ($csvdata->data as $key => $line) { // If headers exists, increment i = key + 2 for actual line number $i = $csvusers->get('headerExists') ? $key + 2 : $key + 1; // Trim non-breaking spaces -- they get left in place by File_CSV foreach ($line as &$field) { $field = preg_replace('/^(\\s|\\xc2\\xa0)*(.*?)(\\s|\\xc2\\xa0)*$/', '$2', $field); } if (count($line) != count($csvdata->format)) { $csverrors->add($i, get_string('uploadcsverrorwrongnumberoffields', 'admin', $i)); continue; } // We have a line with the correct number of fields, but should validate these fields // Note: This validation should really be methods on each profile class, that way // it can be used in the profile screen as well. $username = $line[$formatkeylookup['username']]; $password = isset($formatkeylookup['password']) ? $line[$formatkeylookup['password']] : null; $email = $line[$formatkeylookup['email']]; if (isset($remoteusers)) { $remoteuser = strlen($line[$formatkeylookup['remoteuser']]) ? $line[$formatkeylookup['remoteuser']] : null; } if (method_exists($authobj, 'is_username_valid_admin')) { if (!$authobj->is_username_valid_admin($username)) { $csverrors->add($i, get_string('uploadcsverrorinvalidusername', 'admin', $i)); } } else { if (method_exists($authobj, 'is_username_valid')) { if (!$authobj->is_username_valid($username)) { $csverrors->add($i, get_string('uploadcsverrorinvalidusername', 'admin', $i)); } } } if (!$values['updateusers']) { // Note: only checks for valid form are done here, none of the checks // like whether the password is too easy. The user is going to have to // change their password on first login anyway. if (method_exists($authobj, 'is_password_valid') && !$authobj->is_password_valid($password)) { $csverrors->add($i, get_string('uploadcsverrorinvalidpassword', 'admin', $i)); } } // OVERWRITE 3: replacement, changed from: //if (isset($emails[$email])) { // // Duplicate email within this file. // $csverrors->add($i, get_string('uploadcsverroremailaddresstaken', 'admin', $i, $email)); //} //else if (!PHPMailer::ValidateAddress($email)) { // $csverrors->add($i, get_string('uploadcsverrorinvalidemail', 'admin', $i, $email)); //} //else if (!$values['updateusers']) { // // The email address must be new // if (record_exists('usr', 'email', $email) || record_exists('artefact_internal_profile_email', 'email', $email, 'verified', 1)) { // $csverrors->add($i, get_string('uploadcsverroremailaddresstaken', 'admin', $i, $email)); // } //} //$emails[$email] = 1; // TO: if (isset($emails[strtolower($email)])) { // Duplicate email within this file. $csverrors->add($i, get_string('uploadcsverroremailaddresstaken', 'admin', $i, $email)); } else { if (!PHPMailer::ValidateAddress($email)) { $csverrors->add($i, get_string('uploadcsverrorinvalidemail', 'admin', $i, $email)); } else { if (!$values['updateusers']) { // The email address must be new if (GcrInstitutionTable::isEmailAddressUsed($email)) { $csverrors->add($i, get_string('uploadcsverroremailaddresstaken', 'admin', $i, $email)); } } } } $emails[strtolower($email)] = 1; // END OVERWRITE 3 if (isset($remoteusers) && $remoteuser) { if (isset($remoteusers[$remoteuser])) { $csverrors->add($i, get_string('uploadcsverrorduplicateremoteuser', 'admin', $i, $remoteuser)); } else { if (!$values['updateusers']) { if ($remoteuserowner = get_record_sql(' SELECT u.username FROM {auth_remote_user} aru JOIN {usr} u ON aru.localusr = u.id WHERE aru.remoteusername = ? AND aru.authinstance = ?', array($remoteuser, $authinstance))) { $csverrors->add($i, get_string('uploadcsverrorremoteusertaken', 'admin', $i, $remoteuser, $remoteuserowner->username)); } } } $remoteusers[$remoteuser] = true; } // If we didn't even get a username, we can't check for duplicates, so move on. if (strlen($username) < 1) { continue; } if (isset($usernames[strtolower($username)])) { // Duplicate username within this file. $csverrors->add($i, get_string('uploadcsverroruseralreadyexists', 'admin', $i, $username)); } else { if (!$values['updateusers'] && record_exists_select('usr', 'LOWER(username) = ?', strtolower($username))) { $csverrors->add($i, get_string('uploadcsverroruseralreadyexists', 'admin', $i, $username)); } $usernames[strtolower($username)] = array('username' => $username, 'password' => $password, 'email' => $email, 'lineno' => $i, 'raw' => $line); if (!empty($remoteuser) && !empty($remoteusers[$remoteuser])) { $usernames[strtolower($username)]['remoteuser'] = $remoteuser; } } } // If the admin is trying to overwrite existing users, identified by username, // this second pass performs some additional checks if ($values['updateusers']) { foreach ($usernames as $lowerusername => $data) { $line = $data['lineno']; $username = $data['username']; $password = $data['password']; $email = $data['email']; // If the user already exists, they must already be in this institution. $userinstitutions = get_records_sql_assoc("\n SELECT COALESCE(ui.institution, 'mahara') AS institution, u.id\n FROM {usr} u LEFT JOIN {usr_institution} ui ON u.id = ui.usr\n WHERE LOWER(u.username) = ?", array($lowerusername)); if ($userinstitutions) { if (!isset($userinstitutions[$institution])) { if ($institution == 'mahara') { $institutiondisplay = array(); foreach ($userinstitutions as $i) { $institutiondisplay[] = $INSTITUTIONNAME[$i->institution]; } $institutiondisplay = join(', ', $institutiondisplay); $message = get_string('uploadcsverroruserinaninstitution', 'admin', $line, $username, $institutiondisplay); } else { $message = get_string('uploadcsverrorusernotininstitution', 'admin', $line, $username, $INSTITUTIONNAME[$institution]); } $csverrors->add($line, $message); } else { // Remember that this user is being updated $UPDATES[$username] = 1; } } else { // New user, check the password if (method_exists($authobj, 'is_password_valid') && !$authobj->is_password_valid($password)) { $csverrors->add($line, get_string('uploadcsverrorinvalidpassword', 'admin', $line)); } } // Check if the email already exists and if it's owned by this user. This query can return more // than one row when there are duplicate emails already on the site. If that happens, things are // already a bit out of hand, and we'll just allow an update if this user is one of the users who // owns the email. $emailowned = get_records_sql_assoc(' SELECT LOWER(u.username) AS lowerusername, ae.principal FROM {usr} u LEFT JOIN {artefact_internal_profile_email} ae ON u.id = ae.owner AND ae.verified = 1 AND ae.email = ? WHERE ae.owner IS NOT NULL OR u.email = ?', array($email, $email)); // If the email is owned by someone else, it could still be okay provided // that other user's email is also being changed in this csv file. if ($emailowned && !isset($emailowned[$lowerusername])) { foreach ($emailowned as $e) { // Only primary emails can be set in uploadcsv, so it's an error when someone else // owns the email as a secondary. if (!$e->principal) { $csverrors->add($line, get_string('uploadcsverroremailaddresstaken', 'admin', $line, $email)); break; } // It's also an error if the email owner is not being updated in this file if (!isset($usernames[$e->lowerusername])) { $csverrors->add($line, get_string('uploadcsverroremailaddresstaken', 'admin', $line, $email)); break; } // If the other user is being updated in this file, but isn't changing their // email address, it's ok, we've already notified duplicate emails within the file. } } if (isset($remoteusers) && !empty($data['remoteuser'])) { $remoteuser = $data['remoteuser']; $remoteuserowner = get_field_sql(' SELECT LOWER(u.username) FROM {usr} u JOIN {auth_remote_user} aru ON u.id = aru.localusr WHERE aru.remoteusername = ? AND aru.authinstance = ?', array($remoteuser, $authinstance)); if ($remoteuserowner && $remoteuserowner != $lowerusername && !isset($usernames[$remoteuserowner])) { // The remote username is owned by some other user who is not being updated in this file $csverrors->add($line, get_string('uploadcsverrorremoteusertaken', 'admin', $line, $remoteuser, $remoteuserowner)); } } } } if ($errors = $csverrors->process()) { $form->set_error('file', clean_html($errors)); return; } $FORMAT = $csvdata->format; $CSVDATA = $csvdata->data; }
/** * Checks that all the required fields are set, and handles setting them if required. */ function auth_check_required_fields() { global $USER; if (defined('JSON')) { // Don't need to check this for json requests return; } safe_require('artefact', 'internal'); require_once 'pieforms/pieform.php'; $elements = array(); $alwaysmandatoryfields = array_keys(ArtefactTypeProfile::get_always_mandatory_fields()); foreach (ArtefactTypeProfile::get_mandatory_fields() as $field => $type) { // Always mandatory fields are stored in the usr table, so are part of // the user session object. We can save a query by grabbing them from // the session. if (in_array($field, $alwaysmandatoryfields) && $USER->get($field) != null) { continue; } // Not cached? Get value the standard way. if (get_profile_field($USER->get('id'), $field) != null) { continue; } if ($field == 'email') { // Use a text field for their first e-mail address, not the // emaillist element $type = 'text'; } $elements[$field] = array('type' => $type, 'title' => get_string($field, 'artefact.internal'), 'rules' => array('required' => true)); // @todo ruthlessly stolen from artefact/internal/index.php, could be merged if ($type == 'wysiwyg') { $elements[$field]['rows'] = 10; $elements[$field]['cols'] = 60; } if ($type == 'textarea') { $elements[$field]['rows'] = 4; $elements[$field]['cols'] = 60; } if ($field == 'country') { $elements[$field]['options'] = getoptions_country(); $elements[$field]['defaultvalue'] = 'nz'; } if ($field == 'email') { $elements[$field]['rules']['email'] = true; } } if (empty($elements)) { // No mandatory fields that aren't set return; } $elements['submit'] = array('type' => 'submit', 'value' => get_string('submit')); $form = pieform(array('name' => 'requiredfields', 'method' => 'post', 'action' => '', 'elements' => $elements)); $smarty = smarty(); $smarty->assign('form', $form); $smarty->display('requiredfields.tpl'); exit; }
/** * Checks that all the required fields are set, and handles setting them if required. * * Checks whether the current user needs to change their password, and handles * the password changing if it's required. */ function auth_check_required_fields() { global $USER, $SESSION; $changepassword = true; $elements = array(); if (!$USER->get('passwordchange') || $USER->get('parentuser') && $USER->get('loginanyway') || defined('NOCHECKPASSWORDCHANGE')) { $changepassword = false; } // Check if the user wants to log in anyway if ($USER->get('passwordchange') && $USER->get('parentuser') && isset($_GET['loginanyway'])) { $USER->loginanyway = true; $changepassword = false; } if ($changepassword) { $authobj = AuthFactory::create($USER->authinstance); if ($authobj->changepasswordurl) { redirect($authobj->changepasswordurl); exit; } if (method_exists($authobj, 'change_password')) { if ($SESSION->get('resetusername')) { $elements['username'] = array('type' => 'text', 'defaultvalue' => $USER->get('username'), 'title' => get_string('changeusername', 'account'), 'description' => get_string('changeusernamedesc', 'account', hsc(get_config('sitename')))); } $elements['password1'] = array('type' => 'password', 'title' => get_string('newpassword') . ':', 'description' => get_string('yournewpassword'), 'rules' => array('required' => true)); $elements['password2'] = array('type' => 'password', 'title' => get_string('confirmpassword') . ':', 'description' => get_string('yournewpasswordagain'), 'rules' => array('required' => true)); $elements['email'] = array('type' => 'text', 'title' => get_string('principalemailaddress', 'artefact.internal'), 'ignore' => trim($USER->get('email')) != '' && !preg_match('/@example\\.org$/', $USER->get('email')), 'rules' => array('required' => true, 'email' => true)); } } else { if (defined('JSON')) { // Don't need to check this for json requests return; } } safe_require('artefact', 'internal'); require_once 'pieforms/pieform.php'; $alwaysmandatoryfields = array_keys(ArtefactTypeProfile::get_always_mandatory_fields()); foreach (ArtefactTypeProfile::get_mandatory_fields() as $field => $type) { // Always mandatory fields are stored in the usr table, so are part of // the user session object. We can save a query by grabbing them from // the session. if (in_array($field, $alwaysmandatoryfields) && $USER->get($field) != null) { continue; } // Not cached? Get value the standard way. if (get_profile_field($USER->get('id'), $field) != null) { continue; } if ($field == 'email') { if (isset($elements['email'])) { continue; } // Use a text field for their first e-mail address, not the // emaillist element $type = 'text'; } $elements[$field] = array('type' => $type, 'title' => get_string($field, 'artefact.internal'), 'rules' => array('required' => true)); // @todo ruthlessly stolen from artefact/internal/index.php, could be merged if ($type == 'wysiwyg') { $elements[$field]['rows'] = 10; $elements[$field]['cols'] = 60; } if ($type == 'textarea') { $elements[$field]['rows'] = 4; $elements[$field]['cols'] = 60; } if ($field == 'country') { $elements[$field]['options'] = getoptions_country(); $elements[$field]['defaultvalue'] = get_config('country'); } if ($field == 'email') { $elements[$field]['rules']['email'] = true; } } if (empty($elements)) { // No mandatory fields that aren't set return; } $elements['submit'] = array('type' => 'submit', 'value' => get_string('submit')); $form = pieform(array('name' => 'requiredfields', 'method' => 'post', 'action' => '', 'elements' => $elements)); $smarty = smarty(); if ($USER->get('parentuser')) { $smarty->assign('loginasoverridepasswordchange', get_string('loginasoverridepasswordchange', 'admin', '<a href="' . get_config('wwwroot') . '?loginanyway">', '</a>')); } $smarty->assign('changepassword', $changepassword); $smarty->assign('changeusername', $SESSION->get('resetusername')); $smarty->assign('form', $form); $smarty->display('requiredfields.tpl'); exit; }
/** * The CSV file is parsed here so validation errors can be returned to the * user. The data from a successful parsing is stored in the <var>$CVSDATA</var> * array so it can be accessed by the submit function * * @param Pieform $form The form to validate * @param array $values The values submitted */ function uploadcsv_validate(Pieform $form, $values) { global $CSVDATA, $ALLOWEDKEYS, $FORMAT, $USER; // Don't even start attempting to parse if there are previous errors if ($form->has_errors()) { return; } if ($values['file']['size'] == 0) { $form->set_error('file', $form->i18n('rule', 'required', 'required', array())); return; } require_once 'pear/File.php'; require_once 'pear/File/CSV.php'; // Don't be tempted to use 'explode' here. There may be > 1 underscore. $break = strpos($values['authinstance'], '_'); $authinstance = substr($values['authinstance'], 0, $break); $institution = substr($values['authinstance'], $break + 1); if (!$USER->can_edit_institution($institution)) { $form->set_error('authinstance', get_string('notadminforinstitution', 'admin')); return; } $usernames = array(); $emails = array(); $conf = File_CSV::discoverFormat($values['file']['tmp_name']); $i = 0; while ($line = File_CSV::readQuoted($values['file']['tmp_name'], $conf)) { $i++; if (!is_array($line)) { // Note: the CSV parser returns true on some errors and false on // others! Yes that's retarded. No I didn't write it :( $form->set_error('file', get_string('uploadcsverrorincorrectnumberoffields', 'admin', $i)); return; } // Get the format of the file if ($i == 1) { foreach ($line as &$potentialkey) { $potentialkey = trim($potentialkey); if (!in_array($potentialkey, $ALLOWEDKEYS)) { $form->set_error('file', get_string('uploadcsverrorinvalidfieldname', 'admin', $potentialkey)); return; } } // Now we know all of the field names are valid, we need to make // sure that the required fields are included $mandatoryfields = array('username', 'password'); $mandatoryfields = array_merge($mandatoryfields, array_keys(ArtefactTypeProfile::get_mandatory_fields())); if ($lockedprofilefields = get_column('institution_locked_profile_field', 'profilefield', 'name', $institution)) { $mandatoryfields = array_merge($mandatoryfields, $lockedprofilefields); } // Add in the locked profile fields for this institution foreach ($mandatoryfields as $field) { if (!in_array($field, $line)) { $form->set_error('file', get_string('uploadcsverrorrequiredfieldnotspecified', 'admin', $field)); return; } } // The format line is valid $FORMAT = $line; log_info('FORMAT:'); log_info($FORMAT); } else { // Trim non-breaking spaces -- they get left in place by File_CSV foreach ($line as &$field) { $field = preg_replace('/^(\\s|\\xc2\\xa0)*(.*?)(\\s|\\xc2\\xa0)*$/', '$2', $field); } // We have a line with the correct number of fields, but should validate these fields // Note: This validation should really be methods on each profile class, that way // it can be used in the profile screen as well. $formatkeylookup = array_flip($FORMAT); $username = $line[$formatkeylookup['username']]; $password = $line[$formatkeylookup['password']]; $email = $line[$formatkeylookup['email']]; $authobj = AuthFactory::create($authinstance); if (method_exists($authobj, 'is_username_valid') && !$authobj->is_username_valid($username)) { $form->set_error('file', get_string('uploadcsverrorinvalidusername', 'admin', $i)); return; } if (record_exists_select('usr', 'LOWER(username) = ?', strtolower($username)) || isset($usernames[strtolower($username)])) { $form->set_error('file', get_string('uploadcsverroruseralreadyexists', 'admin', $i, $username)); return; } if (record_exists('usr', 'email', $email) || isset($emails[$email])) { $form->set_error('file', get_string('uploadcsverroremailaddresstaken', 'admin', $i, $email)); } // Note: only checks for valid form are done here, none of the checks // like whether the password is too easy. The user is going to have to // change their password on first login anyway. if (method_exists($authobj, 'is_password_valid') && !$authobj->is_password_valid($password)) { $form->set_error('file', get_string('uploadcsverrorinvalidpassword', 'admin', $i)); return; } $usernames[strtolower($username)] = 1; $emails[$email] = 1; // All OK! $CSVDATA[] = $line; } } if ($i == 1) { // There was only the title row :( $form->set_error('file', get_string('uploadcsverrornorecords', 'admin')); return; } if ($CSVDATA === null) { // Oops! Couldn't get CSV data for some reason $form->set_error('file', get_string('uploadcsverrorunspecifiedproblem', 'admin')); } }