chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use extra fields to validate user add/edit on registration

Browse Source
pull/5541/head
Juan Cortizas Ponte 1 year ago
parent e8e5949917
commit 3aba815f57
2 changed files with 310 additions and 232 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 271
      main/admin/user_add.php
  2. 271
      main/admin/user_edit.php

271
main/admin/user_add.php
Unescape View File

@ -368,137 +368,176 @@ $html_results_enabled[] = $form->createElement('button', 'submit_plus', get_lang
$form->addGroup($html_results_enabled);
// Validate form
if ($form->validate()) {
$formValid = $form->validate();
if ($formValid) {
$check = Security::check_token('post');
if ($check) {
$user = $form->exportValues();
$lastname = $user['lastname'];
$firstname = $user['firstname'];
$official_code = $user['official_code'];
$email = $user['email'];
$phone = $user['phone'];
$username = $user['username'];
$status = (int) $user['status'];
$language = $user['language'];
$picture = $_FILES['picture'];
$platform_admin = (int) $user['admin']['platform_admin'];
$send_mail = (int) $user['mail']['send_mail'];
$hr_dept_id = isset($user['hr_dept_id']) ? (int) $user['hr_dept_id'] : 0;
if (isset($extAuthSource) && count($extAuthSource) > 0 &&
$user['password']['password_auto'] == '2'
) {
$auth_source = $user['password']['auth_source'];
$password = 'PLACEHOLDER';
} else {
$auth_source = PLATFORM_AUTH_SOURCE;
$password = $user['password']['password_auto'] == '1' ? api_generate_password() : $user['password']['password'];
}
if ($user['radio_expiration_date'] == '1') {
$expiration_date = $user['expiration_date'];
} else {
$expiration_date = null;
}
$active = (int) $user['active'];
if (api_get_setting('login_is_email') == 'true') {
$username = $email;
}
$extra = [];
foreach ($user as $key => $value) {
if (substr($key, 0, 6) == 'extra_') {
// An extra field
$extra[substr($key, 6)] = $value;
$extraFields = api_get_configuration_value('extra_fields_to_validate_on_user_registration');
if (!empty($extraFields) && isset($extraFields['extra_fields'])) {
$extraFieldList = $extraFields['extra_fields'];
foreach ($user as $key => $value) {
if (substr($key, 0, 6) == 'extra_') {
$extra_value = Security::remove_XSS($value);
$extra_field = substr($key,6);
if(!empty($extra_value)) {
if (in_array($extra_field, $extraFieldList)) {
$extraValueExists = api_user_extra_field_validation($extra_field, $extra_value);
if ($extraValueExists) {
$formValid = false;
$element = $form->getElement($key);
if ($element) {
$attrs = ['style' => 'border-color: #a94442;'];
$form->updateElementAttr([$element], $attrs);
}
Display::addFlash(
Display::return_message(
get_lang('TheValueEntered ').$extra_field.get_lang('AlreadyExists'),
'error',
false
)
);
}
}
}
}
}
}
$template = isset($user['email_template_option']) ? $user['email_template_option'] : [];
$user_id = UserManager::create_user(
$firstname,
$lastname,
$status,
$email,
$username,
$password,
$official_code,
$language,
$phone,
null,
$auth_source,
$expiration_date,
$active,
$hr_dept_id,
$extra,
null,
$send_mail,
$platform_admin,
'',
false,
null,
0,
$template
);
if ($formValid) {
$lastname = $user['lastname'];
$firstname = $user['firstname'];
$official_code = $user['official_code'];
$email = $user['email'];
$phone = $user['phone'];
$username = $user['username'];
$status = (int) $user['status'];
$language = $user['language'];
$picture = $_FILES['picture'];
$platform_admin = (int) $user['admin']['platform_admin'];
$send_mail = (int) $user['mail']['send_mail'];
$hr_dept_id = isset($user['hr_dept_id']) ? (int) $user['hr_dept_id'] : 0;
if (isset($extAuthSource) && count($extAuthSource) > 0 &&
$user['password']['password_auto'] == '2'
) {
$auth_source = $user['password']['auth_source'];
$password = 'PLACEHOLDER';
} else {
$auth_source = PLATFORM_AUTH_SOURCE;
$password = $user['password']['password_auto'] == '1' ? api_generate_password() : $user['password']['password'];
}
Security::clear_token();
$tok = Security::get_token();
if (!empty($user_id)) {
if (!empty($picture['name'])) {
$picture_uri = UserManager::update_user_picture(
$user_id,
$_FILES['picture']['name'],
$_FILES['picture']['tmp_name'],
$user['picture_crop_result']
);
UserManager::update_user(
$user_id,
$firstname,
$lastname,
$username,
$password,
$auth_source,
$email,
$status,
$official_code,
$phone,
$picture_uri,
$expiration_date,
$active,
null,
$hr_dept_id,
null,
$language
);
if ($user['radio_expiration_date'] == '1') {
$expiration_date = $user['expiration_date'];
} else {
$expiration_date = null;
}
$extraFieldValues = new ExtraFieldValue('user');
$user['item_id'] = $user_id;
$extraFieldValues->saveFieldValues($user);
$message = get_lang('UserAdded').': '.
Display::url(
api_get_person_name($firstname, $lastname),
api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id
);
}
$active = (int) $user['active'];
if (api_get_setting('login_is_email') == 'true') {
$username = $email;
}
Display::addFlash(Display::return_message($message, 'normal', false));
$extra = [];
foreach ($user as $key => $value) {
if (substr($key, 0, 6) == 'extra_') {
// An extra field
$extra[substr($key, 6)] = $value;
}
}
if (isset($_POST['submit_plus'])
|| (api_is_session_admin() && api_get_configuration_value('limit_session_admin_list_users'))
) {
//we want to add more. Prepare report message and redirect to the same page (to clean the form)
header('Location: user_add.php?sec_token='.$tok);
exit;
} else {
$template = isset($user['email_template_option']) ? $user['email_template_option'] : [];
$user_id = UserManager::create_user(
$firstname,
$lastname,
$status,
$email,
$username,
$password,
$official_code,
$language,
$phone,
null,
$auth_source,
$expiration_date,
$active,
$hr_dept_id,
$extra,
null,
$send_mail,
$platform_admin,
'',
false,
null,
0,
$template
);
Security::clear_token();
$tok = Security::get_token();
header('Location: user_list.php?sec_token='.$tok);
exit;
if (!empty($user_id)) {
if (!empty($picture['name'])) {
$picture_uri = UserManager::update_user_picture(
$user_id,
$_FILES['picture']['name'],
$_FILES['picture']['tmp_name'],
$user['picture_crop_result']
);
UserManager::update_user(
$user_id,
$firstname,
$lastname,
$username,
$password,
$auth_source,
$email,
$status,
$official_code,
$phone,
$picture_uri,
$expiration_date,
$active,
null,
$hr_dept_id,
null,
$language
);
}
$extraFieldValues = new ExtraFieldValue('user');
$user['item_id'] = $user_id;
$extraFieldValues->saveFieldValues($user);
$message = get_lang('UserAdded').': '.
Display::url(
api_get_person_name($firstname, $lastname),
api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id
);
}
Display::addFlash(Display::return_message($message, 'normal', false));
if (isset($_POST['submit_plus'])
|| (api_is_session_admin() && api_get_configuration_value('limit_session_admin_list_users'))
) {
//we want to add more. Prepare report message and redirect to the same page (to clean the form)
header('Location: user_add.php?sec_token='.$tok);
exit;
} else {
$tok = Security::get_token();
header('Location: user_list.php?sec_token='.$tok);
exit;
}
}
}
} else {
}
if (!$formValid) {
if (isset($_POST['submit'])) {
Security::clear_token();
}

271
main/admin/user_edit.php
Unescape View File

@ -432,142 +432,181 @@ $error_drh = false;
// Validate form
if ($form->validate()) {
$user = $form->getSubmitValues(1);
$reset_password = (int) $user['reset_password'];
if ($reset_password == 2 && empty($user['password'])) {
Display::addFlash(Display::return_message(get_lang('PasswordIsTooShort')));
header('Location: '.api_get_self().'?user_id='.$user_id);
exit();
}
$is_user_subscribed_in_course = CourseManager::is_user_subscribed_in_course($user['user_id']);
$picture_element = $form->getElement('picture');
$picture = $picture_element->getValue();
$picture_uri = $user_data['picture_uri'];
if (isset($user['delete_picture']) && $user['delete_picture']) {
$picture_uri = UserManager::deleteUserPicture($user_id);
} elseif (!empty($picture['name'])) {
$picture_uri = UserManager::update_user_picture(
$user_id,
$_FILES['picture']['name'],
$_FILES['picture']['tmp_name'],
$user['picture_crop_result']
);
}
$lastname = $user['lastname'];
$firstname = $user['firstname'];
$password = $user['password'];
$auth_source = isset($user['auth_source']) ? $user['auth_source'] : $userInfo['auth_source'];
$official_code = $user['official_code'];
$email = $user['email'];
$phone = $user['phone'];
$username = isset($user['username']) ? $user['username'] : $userInfo['username'];
$status = (int) $user['status'];
$platform_admin = 0;
// Only platform admin can change user status to admin.
if (api_is_platform_admin()) {
$platform_admin = (int) $user['platform_admin'];
$formValid = true;
$extraFields = api_get_configuration_value('extra_fields_to_validate_on_user_registration');
if (!empty($extraFields) && isset($extraFields['extra_fields'])) {
$extraFieldList = $extraFields['extra_fields'];
foreach ($user as $key => $value) {
if (substr($key, 0, 6) == 'extra_') {
$extra_value = Security::remove_XSS($value);
$extra_field = substr($key,6);
if(!empty($extra_value)) {
if (in_array($extra_field, $extraFieldList)) {
$extraValueExists = api_user_extra_field_validation($extra_field, $extra_value);
if ($extraValueExists) {
$formValid = false;
$element = $form->getElement($key);
if ($element) {
$attrs = ['style' => 'border-color: #a94442;'];
$form->updateElementAttr([$element], $attrs);
}
Display::addFlash(
Display::return_message(
get_lang('TheValueEntered ').$extra_field.get_lang('AlreadyExists'),
'error',
false
)
);
}
}
}
}
}
}
$send_mail = (int) $user['send_mail'];
$reset_password = (int) $user['reset_password'];
$hr_dept_id = isset($user['hr_dept_id']) ? intval($user['hr_dept_id']) : null;
$language = $user['language'];
$address = isset($user['address']) ? $user['address'] : null;
$expiration_date = null;
if (!$user_data['platform_admin'] && $user['radio_expiration_date'] == '1') {
if (empty($user['expiration_date'])) {
Display::addFlash(Display::return_message(get_lang('EmptyExpirationDate')));
if ($formValid) {
$reset_password = (int) $user['reset_password'];
if ($reset_password == 2 && empty($user['password'])) {
Display::addFlash(Display::return_message(get_lang('PasswordIsTooShort')));
header('Location: '.api_get_self().'?user_id='.$user_id);
exit();
}
$expiration_date = $user['expiration_date'];
}
$active = $user_data['platform_admin'] ? 1 : intval($user['active']);
$is_user_subscribed_in_course = CourseManager::is_user_subscribed_in_course($user['user_id']);
$picture_element = $form->getElement('picture');
$picture = $picture_element->getValue();
$picture_uri = $user_data['picture_uri'];
if (isset($user['delete_picture']) && $user['delete_picture']) {
$picture_uri = UserManager::deleteUserPicture($user_id);
} elseif (!empty($picture['name'])) {
$picture_uri = UserManager::update_user_picture(
$user_id,
$_FILES['picture']['name'],
$_FILES['picture']['tmp_name'],
$user['picture_crop_result']
);
}
//If the user is set to admin the status will be overwrite by COURSEMANAGER = 1
if ($platform_admin == 1) {
$status = COURSEMANAGER;
}
$lastname = $user['lastname'];
$firstname = $user['firstname'];
$password = $user['password'];
$auth_source = isset($user['auth_source']) ? $user['auth_source'] : $userInfo['auth_source'];
$official_code = $user['official_code'];
$email = $user['email'];
$phone = $user['phone'];
$username = isset($user['username']) ? $user['username'] : $userInfo['username'];
$status = (int) $user['status'];
$platform_admin = 0;
// Only platform admin can change user status to admin.
if (api_is_platform_admin()) {
$platform_admin = (int) $user['platform_admin'];
}
if (api_get_setting('login_is_email') === 'true') {
$username = $email;
}
$send_mail = (int) $user['send_mail'];
$reset_password = (int) $user['reset_password'];
$hr_dept_id = isset($user['hr_dept_id']) ? intval($user['hr_dept_id']) : null;
$language = $user['language'];
$address = isset($user['address']) ? $user['address'] : null;
$expiration_date = null;
if (!$user_data['platform_admin'] && $user['radio_expiration_date'] == '1') {
if (empty($user['expiration_date'])) {
Display::addFlash(Display::return_message(get_lang('EmptyExpirationDate')));
header('Location: '.api_get_self().'?user_id='.$user_id);
exit();
}
$expiration_date = $user['expiration_date'];
}
$template = isset($user['email_template_option']) ? $user['email_template_option'] : [];
$active = $user_data['platform_admin'] ? 1 : intval($user['active']);
UserManager::update_user(
$user_id,
$firstname,
$lastname,
$username,
$password,
$auth_source,
$email,
$status,
$official_code,
$phone,
$picture_uri,
$expiration_date,
$active,
null,
$hr_dept_id,
null,
$language,
null,
$send_mail,
$reset_password,
$address,
$template
);
//If the user is set to admin the status will be overwrite by COURSEMANAGER = 1
if ($platform_admin == 1) {
$status = COURSEMANAGER;
}
$studentBossListSent = isset($user['student_boss']) ? $user['student_boss'] : [];
UserManager::subscribeUserToBossList(
$user_id,
$studentBossListSent,
true
);
if (api_get_setting('login_is_email') === 'true') {
$username = $email;
}
if (api_get_setting('openid_authentication') === 'true' && !empty($user['openid'])) {
$up = UserManager::update_openid($user_id, $user['openid']);
}
$template = isset($user['email_template_option']) ? $user['email_template_option'] : [];
$currentUserId = api_get_user_id();
if ($user_id != $currentUserId) {
$userObj = api_get_user_entity($user_id);
if ($platform_admin == 1) {
UserManager::addUserAsAdmin($userObj);
} else {
UserManager::removeUserAdmin($userObj);
UserManager::update_user(
$user_id,
$firstname,
$lastname,
$username,
$password,
$auth_source,
$email,
$status,
$official_code,
$phone,
$picture_uri,
$expiration_date,
$active,
null,
$hr_dept_id,
null,
$language,
null,
$send_mail,
$reset_password,
$address,
$template
);
$studentBossListSent = isset($user['student_boss']) ? $user['student_boss'] : [];
UserManager::subscribeUserToBossList(
$user_id,
$studentBossListSent,
true
);
if (api_get_setting('openid_authentication') === 'true' && !empty($user['openid'])) {
$up = UserManager::update_openid($user_id, $user['openid']);
}
}
// It updates course relation type as EX-LEARNER if project name (extra field from user_edition_extra_field_to_check) is changed
if (false !== api_get_configuration_value('user_edition_extra_field_to_check')) {
$extraToCheck = api_get_configuration_value('user_edition_extra_field_to_check');
if (isset($user['extra_'.$extraToCheck])) {
$extraValueToCheck = $user['extra_'.$extraToCheck];
UserManager::updateCourseRelationTypeExLearner($user_id, $extraValueToCheck);
$currentUserId = api_get_user_id();
if ($user_id != $currentUserId) {
$userObj = api_get_user_entity($user_id);
if ($platform_admin == 1) {
UserManager::addUserAsAdmin($userObj);
} else {
UserManager::removeUserAdmin($userObj);
}
}
}
$extraFieldValue = new ExtraFieldValue('user');
$extraFieldValue->saveFieldValues($user);
$userInfo = api_get_user_info($user_id);
$message = get_lang('UserUpdated').': '.Display::url(
$userInfo['complete_name_with_username'],
api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id
);
// It updates course relation type as EX-LEARNER if project name (extra field from user_edition_extra_field_to_check) is changed
if (false !== api_get_configuration_value('user_edition_extra_field_to_check')) {
$extraToCheck = api_get_configuration_value('user_edition_extra_field_to_check');
if (isset($user['extra_'.$extraToCheck])) {
$extraValueToCheck = $user['extra_'.$extraToCheck];
UserManager::updateCourseRelationTypeExLearner($user_id, $extraValueToCheck);
}
}
Session::erase('system_timezone');
$extraFieldValue = new ExtraFieldValue('user');
$extraFieldValue->saveFieldValues($user);
$userInfo = api_get_user_info($user_id);
$message = get_lang('UserUpdated').': '.Display::url(
$userInfo['complete_name_with_username'],
api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id
);
Display::addFlash(Display::return_message($message, 'normal', false));
header('Location: user_list.php');
exit();
Session::erase('system_timezone');
Display::addFlash(Display::return_message($message, 'normal', false));
header('Location: user_list.php');
exit();
}
}
$actions = [

Write Preview
Loading…
Cancel
Save