Chamilo is a learning management system focused on ease of use and accessibility
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
chamilo-lms/main/auth/profile.php

596 lines
19 KiB

<?php
// $Id: profile.php 10204 2006-11-26 20:46:53Z pcool $
/*
==============================================================================
Dokeos - elearning and course management software
Copyright (c) 2004 Dokeos S.A.
Copyright (c) 2003 Ghent University (UGent)
Copyright (c) 2001 Universite catholique de Louvain (UCL)
Copyright (c) Roan Embrechts (Vrije Universiteit Brussel)
For a full list of contributors, see "credits.txt".
The full license can be read in "license.txt".
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
See the GNU General Public License for more details.
Contact address: Dokeos, 44 rue des palais, B-1030 Brussels, Belgium
Mail: info@dokeos.com
==============================================================================
*/
/**
==============================================================================
* This file displays the user's profile,
* optionally it allows users to modify their profile as well.
*
* See inc/conf/profile.conf.inc.php to modify settings
*
* @package dokeos.auth
==============================================================================
*/
/*
==============================================================================
INIT SECTION
==============================================================================
*/
// name of the language file that needs to be included
$language_file = 'registration';
$cidReset = true;
require ('../inc/global.inc.php');
require_once (api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php');
$this_section = SECTION_MYPROFILE;
api_block_anonymous_users();
$htmlHeadXtra[] = '<script type="text/javascript">
function confirmation(name)
{
if (confirm("'.get_lang('AreYouSureToDelete').' " + name + " ?"))
{return true;}
else
{return false;}
}
</script>';
if (!empty ($_GET['coursePath']))
{
$course_url = api_get_path(WEB_COURSE_PATH).$_GET['coursePath'].'/index.php';
$interbreadcrumb[] = array ('url' => $course_url, 'name' => $_GET['courseCode']);
}
/*
-----------------------------------------------------------
Configuration file
-----------------------------------------------------------
*/
require_once (api_get_path(CONFIGURATION_PATH).'profile.conf.inc.php');
/*
-----------------------------------------------------------
Libraries
-----------------------------------------------------------
*/
include_once (api_get_path(LIBRARY_PATH).'fileManage.lib.php');
include_once (api_get_path(LIBRARY_PATH).'fileUpload.lib.php');
if (is_profile_editable())
$tool_name = get_lang('ModifProfile');
else
$tool_name = get_lang('ViewProfile');
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
/*
-----------------------------------------------------------
Form
-----------------------------------------------------------
*/
/*
* Get initial values for all fields.
*/
$sql = "SELECT * FROM $table_user WHERE user_id = '".$_user['user_id']."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
if ($result)
{
$user_data = mysql_fetch_array($result, MYSQL_ASSOC);
if (is_null($user_data['language']))
$user_data['language'] = api_get_setting('platformLanguage');
}
/*
* Initialize the form.
*/
$form = new FormValidator('profile', 'post', "{$_SERVER['PHP_SELF']}?{$_SERVER['QUERY_STRING']}", null, array('style' => 'width: 60%; float: '.($text_dir=='rtl'?'right;':'left;')));
/* Make sure this is the first submit on the form, even though it is hidden!
* Otherwise, if a user has productions and presses ENTER to submit, he will
* attempt to delete the first production in the list. */
if (is_profile_editable())
$form->addElement('submit', null, get_lang('Ok'), array('style' => 'visibility:hidden;'));
// LAST NAME and FIRST NAME
$form->addElement('text', 'lastname', get_lang('Lastname'), array('size' => 40));
$form->addElement('text', 'firstname', get_lang('Firstname'), array('size' => 40));
if (api_get_setting('profile', 'name') !== 'true')
$form->freeze(array('lastname', 'firstname'));
$form->applyFilter(array('lastname', 'firstname'), 'stripslashes');
$form->applyFilter(array('lastname', 'firstname'), 'trim');
$form->addRule('lastname' , get_lang('ThisFieldIsRequired'), 'required');
$form->addRule('firstname', get_lang('ThisFieldIsRequired'), 'required');
// OFFICIAL CODE
if (CONFVAL_ASK_FOR_OFFICIAL_CODE)
{
$form->addElement('text', 'official_code', get_lang('OfficialCode'), array('size' => 40));
if (api_get_setting('profile', 'officialcode') !== 'true')
$form->freeze('official_code');
$form->applyFilter('official_code', 'stripslashes');
$form->applyFilter('official_code', 'trim');
if (api_get_setting('registration', 'officialcode') == 'true')
$form->addRule('official_code', get_lang('ThisFieldIsRequired'), 'required');
}
// EMAIL
$form->addElement('text', 'email', get_lang('Email'), array('size' => 40));
if (api_get_setting('profile', 'email') !== 'true')
$form->freeze('email');
$form->applyFilter('email', 'stripslashes');
$form->applyFilter('email', 'trim');
if (api_get_setting('registration', 'email') == 'true')
$form->addRule('email', get_lang('ThisFieldIsRequired'), 'required');
$form->addRule('email', get_lang('EmailWrong'), 'email');
// PHONE
$form->addElement('text', 'phone', get_lang('phone'), array('size' => 20));
if (api_get_setting('profile', 'phone') !== 'true')
$form->freeze('phone');
$form->applyFilter('phone', 'stripslashes');
$form->applyFilter('phone', 'trim');
/*if (api_get_setting('registration', 'phone') == 'true')
$form->addRule('phone', get_lang('ThisFieldIsRequired'), 'required');
$form->addRule('phone', get_lang('EmailWrong'), 'email');*/
// PICTURE
if (is_profile_editable() && api_get_setting('profile', 'picture') == 'true')
{
$form->addElement('file', 'picture', (get_user_image($_user['user_id']) != '' ? get_lang('UpdateImage') : get_lang('AddImage')));
$form->add_progress_bar();
if( strlen($user_data['picture_uri']) > 0)
{
$form->addElement('checkbox', 'remove_picture', null, get_lang('DelImage'));
}
$form->addRule('picture', get_lang('OnlyImagesAllowed'), 'mimetype', array('image/gif', 'image/jpeg', 'image/png'));
}
// USERNAME
$form->addElement('text', 'username', get_lang('Username'), array('size' => 40));
if (api_get_setting('profile', 'login') !== 'true')
$form->freeze('username');
$form->applyFilter('username', 'stripslashes');
$form->applyFilter('username', 'trim');
$form->addRule('username', get_lang('ThisFieldIsRequired'), 'required');
$form->addRule('username', get_lang('UsernameWrong'), 'username');
$form->addRule('username', get_lang('UserTaken'), 'username_available', $user_data['username']);
// LANGUAGE
$form->addElement('select_language', 'language', get_lang('Language'));
if (api_get_setting('profile', 'language') !== 'true')
$form->freeze('language');
// EXTENDED PROFILE
if (api_get_setting('extended_profile') == 'true')
{
$form->addElement('static', null, '<em>'.get_lang('OptionalTextFields').'</em>');
// MY COMPETENCES
$form->addElement('textarea', 'competences', get_lang('MyCompetences'), array('cols' => 30, 'rows' => 2));
// MY DIPLOMAS
$form->addElement('textarea', 'diplomas', get_lang('MyDiplomas'), array('cols' => 30, 'rows' => 2));
// WHAT I AM ABLE TO TEACH
$form->addElement('textarea', 'teach', get_lang('MyTeach'), array('cols' => 30, 'rows' => 2));
// MY PRODUCTIONS
$form->addElement('file', 'production', get_lang('MyProductions'));
if ($production_list = build_production_list($_user['user_id']))
$form->addElement('static', 'productions', null, $production_list);
// MY PERSONAL OPEN AREA
$form->add_html_editor('openarea', get_lang('MyPersonalOpenArea'), false);
$form->applyFilter(array('competences', 'diplomas', 'teach', 'openarea'), 'stripslashes');
$form->applyFilter(array('competences', 'diplomas', 'teach'), 'trim'); // openarea is untrimmed for maximum openness
}
// PASSWORD
if (is_profile_editable() && api_get_setting('profile', 'password') == 'true')
{
$form->addElement('static', null, null, '<em>'.get_lang('Enter2passToChange').'</em>');
$form->addElement('password', 'password1', get_lang('Pass'), array('size' => 40));
$form->addElement('password', 'password2', get_lang('Confirmation'), array('size' => 40));
// user must enter identical password twice so we can prevent some user errors
$form->addRule(array('password1', 'password2'), get_lang('PassTwo'), 'compare');
if (CHECK_PASS_EASY_TO_FIND)
$form->addRule('password1', get_lang('PassTooEasy').': '.api_generate_password(), 'callback', 'api_check_password');
}
// SUBMIT
if (is_profile_editable())
{
$form->addElement('submit', 'apply_change', get_lang('Ok'));
}
else
{
$form->freeze();
}
/*
* Set initial values for all fields.
*/
$form->setDefaults($user_data);
/*
==============================================================================
FUNCTIONS
==============================================================================
*/
/*
-----------------------------------------------------------
LOGIC FUNCTIONS
-----------------------------------------------------------
*/
/**
* Can a user edit his/her profile?
*
* @return boolean Editability of the profile
*/
function is_profile_editable()
{
return $GLOBALS['profileIsEditable'];
}
/*
-----------------------------------------------------------
USER IMAGE FUNCTIONS
-----------------------------------------------------------
*/
/**
* Get a user's display picture. If the user doesn't have a picture, this
* function will return an empty string.
*
* @param $user_id User id
* @return The uri to the picture
*/
function get_user_image($user_id)
{
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT picture_uri FROM $table_user WHERE user_id = '$user_id'";
$result = api_sql_query($sql, __FILE__, __LINE__);
if ($result && $row = mysql_fetch_array($result, MYSQL_ASSOC))
$image = trim($row['picture_uri']);
else
$image = '';
return $image;
}
/**
* Upload a submitted user image.
*
* @param $user_id User id
* @return The filename of the new picture or FALSE if the upload has failed
*/
function upload_user_image($user_id)
{
/* Originally added by Miguel (miguel@cesga.es) - 2003-11-04
* Code Refactoring by Hugues Peeters (hugues.peeters@claroline.net) - 2003-11-24
* Moved inside a function and refactored by Thomas Corthals - 2005-11-04
*/
$image_repository = api_get_path(SYS_CODE_PATH).'upload/users/';
$existing_image = get_user_image($user_id);
$file_extension = explode('.', $_FILES['picture']['name']);
$file_extension = strtolower($file_extension[sizeof($file_extension) - 1]);
if (!file_exists($image_repository))
mkpath($image_repository);
if ($existing_image != '')
{
if (KEEP_THE_NAME_WHEN_CHANGE_IMAGE)
{
$picture_filename = $existing_image;
$old_picture_filename = 'saved_'.date('Y_m_d_H_i_s').'_'.uniqid('').'_'.$existing_image;
}
else
{
$old_picture_filename = $existing_image;
$picture_filename = (PREFIX_IMAGE_FILENAME_WITH_UID ? 'u'.$user_id.'_' : '').uniqid('').'.'.$file_extension;
}
if (KEEP_THE_OLD_IMAGE_AFTER_CHANGE)
rename($image_repository.$existing_image, $image_repository.$old_picture_filename);
else
unlink($image_repository.$existing_image);
}
else
{
$picture_filename = (PREFIX_IMAGE_FILENAME_WITH_UID ? $user_id.'_' : '').uniqid('').'.'.$file_extension;
}
if (move_uploaded_file($_FILES['picture']['tmp_name'], $image_repository.$picture_filename))
return $picture_filename;
return false; // this should be returned if anything went wrong with the upload
}
/**
* Remove an existing user image.
*
* @param $user_id User id
*/
function remove_user_image($user_id)
{
$image_repository = api_get_path(SYS_CODE_PATH).'upload/users/';
$image = get_user_image($user_id);
if ($image != '')
{
if (KEEP_THE_OLD_IMAGE_AFTER_CHANGE)
rename($image_repository.$image, $image_repository.'deleted_'.date('Y_m_d_H_i_s').'_'.$image);
else
unlink($image_repository.$image);
}
}
/*
-----------------------------------------------------------
PRODUCTIONS FUNCTIONS
-----------------------------------------------------------
*/
/**
* Returns an XHTML formatted list of productions for a user, or FALSE if he
* doesn't have any.
*
* If there has been a request to remove a production, the function will return
* without building the list unless forced to do so by the optional second
* parameter. This increases performance by avoiding to read through the
* productions on the filesystem before the removal request has been carried
* out because they'll have to be re-read afterwards anyway.
*
* @param $user_id User id
* @param $force Optional parameter to force building after a removal request
* @return A string containing the XHTML code to dipslay the production list, or FALSE
*/
function build_production_list($user_id, $force = false)
{
if (!$force && $_POST['remove_production'])
return true; // postpone reading from the filesystem
$productions = get_user_productions($user_id);
if (empty($productions))
return false;
$production_dir = api_get_path(WEB_CODE_PATH)."upload/users/$user_id/";
$del_image = api_get_path(WEB_CODE_PATH).'img/delete.gif';
$del_text = get_lang('Delete');
$production_list = '<ul id="productions">';
foreach ($productions as $file)
{
$production_list .= '<li><a href="'.$production_dir.urlencode($file).'" target="_blank">'.htmlentities($file).'</a>';
$production_list .= '<input type="image" name="remove_production['.urlencode($file).']" src="'.$del_image.'" alt="'.$del_text.'" title="'.$del_text.' '.htmlentities($file).'" onclick="return confirmation(\''.htmlentities($file).'\');" /></li>';
}
$production_list .= '</ul>';
return $production_list;
}
/**
* Returns an array with the user's productions.
*
* @param $user_id User id
* @return An array containing the user's productions
*/
function get_user_productions($user_id)
{
$production_repository = api_get_path(SYS_CODE_PATH)."upload/users/$user_id/";
$productions = array();
if (is_dir($production_repository))
{
$handle = opendir($production_repository);
while ($file = readdir($handle))
{
if ($file == '.' || $file == '..' || $file == '.htaccess')
continue; // skip current/parent directory and .htaccess
$productions[] = $file;
}
}
return $productions; // can be an empty array
}
/**
* Upload a submitted user production.
*
* @param $user_id User id
* @return The filename of the new production or FALSE if the upload has failed
*/
function upload_user_production($user_id)
{
$production_repository = api_get_path(SYS_CODE_PATH)."upload/users/$user_id/";
if (!file_exists($production_repository))
mkpath($production_repository);
$filename = replace_dangerous_char($_FILES['production']['name']);
$filename = php2phps($filename);
if (move_uploaded_file($_FILES['production']['tmp_name'], $production_repository.$filename))
return $filename;
return false; // this should be returned if anything went wrong with the upload
}
/**
* Remove a user production.
*
* @param $user_id User id
* @param $production The production to remove
*/
function remove_user_production($user_id, $production)
{
unlink(api_get_path(SYS_CODE_PATH)."upload/users/$user_id/$production");
}
/*
==============================================================================
MAIN CODE
==============================================================================
*/
if ($_SESSION['profile_update'])
{
$update_success = ($_SESSION['profile_update'] == 'success');
unset($_SESSION['profile_update']);
}
elseif ($_POST['remove_production'])
{
foreach (array_keys($_POST['remove_production']) as $production)
remove_user_production($_user['user_id'], urldecode($production));
if ($production_list = build_production_list($_user['user_id'], true))
$form->insertElementBefore($form->createElement('static', null, null, $production_list), 'productions');
$form->removeElement('productions');
$file_deleted = true;
}
elseif ($form->validate())
{
$user_data = $form->exportValues();
// set password if a new one was provided
if ($user_data['password1'])
$password = $user_data['password1'];
// upload picture if a new one is provided
if ($_FILES['picture']['size'])
{
if ($new_picture = upload_user_image($_user['user_id']))
$user_data['picture_uri'] = $new_picture;
}
// remove existing picture if asked
elseif ($user_data['remove_picture'])
{
remove_user_image($_user['user_id']);
$user_data['picture_uri'] = '';
}
// upload production if a new one is provided
if ($_FILES['production']['size'])
upload_user_production($_user['user_id']);
// remove values that shouldn't go in the database
unset($user_data['password1'], $user_data['password2'], $user_data['MAX_FILE_SIZE'],
$user_data['remove_picture'], $user_data['apply_change']);
// build SQL query
$sql = "UPDATE $table_user SET";
foreach($user_data as $key => $value)
{
$sql .= " $key = '".addslashes($value)."',";
}
if (isset($password))
{
if ($userPasswordCrypted)
{
$sql .= " password = MD5('".addslashes($password)."')";
}
else
{
$sql .= " password = '".addslashes($password)."'";
}
}
else // remove trailing , from the query we have so far
{
$sql = rtrim($sql, ',');
}
$sql .= " WHERE user_id = '".$_user['user_id']."'";
api_sql_query($sql, __FILE__, __LINE__);
// re-init the system to take new settings into account
$uidReset = true;
include (api_get_path(INCLUDE_PATH).'local.inc.php');
$_SESSION['profile_update'] = 'success';
header("Location: http://{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}?{$_SERVER['QUERY_STRING']}");
exit;
}
/*
==============================================================================
MAIN DISPLAY SECTION
==============================================================================
*/
Display :: display_header(get_lang('ModifyProfile'));
if ($file_deleted)
{
Display :: display_normal_message(get_lang('FileDeleted'));
}
elseif ($update_success)
{
Display :: display_normal_message(get_lang('ProfileReg'));
}
// USER PICTURE
$image = get_user_image($_user['user_id']);
$image_file = ($image != '' ? api_get_path(WEB_CODE_PATH)."upload/users/$image" : api_get_path(WEB_CODE_PATH).'img/unknown.jpg');
$image_size = @getimagesize($image_file);
$img_attributes = 'src="'.$image_file.'?rand='.time().'" '
.'alt="'.$user_data['lastname'].' '.$user_data['firstname'].'" '
.'style="float:'.($text_dir == 'rtl' ? 'left' : 'right').'; padding:5px;" ';
if ($image_size[0] > 300) //limit display width to 300px
$img_attributes .= 'width="300" ';
echo '<img '.$img_attributes.'/>';
$form->display();
echo '<div style="clear:both; border-top:thin solid; padding-top:2px;">
<a href="'.api_get_path(WEB_CODE_PATH).'tracking/personnalLog.php">'.get_lang('MyStats').'</a>
| <a href="'.api_get_path(WEB_CODE_PATH).'auth/courses.php">'.get_lang('MyCourses').'</a></div>';
Display :: display_footer();
?>