diff --git a/main/admin/user_add.php b/main/admin/user_add.php index 84f9d1c0f1..39d29d3797 100755 --- a/main/admin/user_add.php +++ b/main/admin/user_add.php @@ -368,137 +368,176 @@ $html_results_enabled[] = $form->createElement('button', 'submit_plus', get_lang $form->addGroup($html_results_enabled); // Validate form -if ($form->validate()) { +$formValid = $form->validate(); +if ($formValid) { $check = Security::check_token('post'); if ($check) { $user = $form->exportValues(); - $lastname = $user['lastname']; - $firstname = $user['firstname']; - $official_code = $user['official_code']; - $email = $user['email']; - $phone = $user['phone']; - $username = $user['username']; - $status = (int) $user['status']; - $language = $user['language']; - $picture = $_FILES['picture']; - $platform_admin = (int) $user['admin']['platform_admin']; - $send_mail = (int) $user['mail']['send_mail']; - $hr_dept_id = isset($user['hr_dept_id']) ? (int) $user['hr_dept_id'] : 0; - - if (isset($extAuthSource) && count($extAuthSource) > 0 && - $user['password']['password_auto'] == '2' - ) { - $auth_source = $user['password']['auth_source']; - $password = 'PLACEHOLDER'; - } else { - $auth_source = PLATFORM_AUTH_SOURCE; - $password = $user['password']['password_auto'] == '1' ? api_generate_password() : $user['password']['password']; - } - - if ($user['radio_expiration_date'] == '1') { - $expiration_date = $user['expiration_date']; - } else { - $expiration_date = null; - } - - $active = (int) $user['active']; - if (api_get_setting('login_is_email') == 'true') { - $username = $email; - } - - $extra = []; - foreach ($user as $key => $value) { - if (substr($key, 0, 6) == 'extra_') { - // An extra field - $extra[substr($key, 6)] = $value; + $extraFields = api_get_configuration_value('extra_fields_to_validate_on_user_registration'); + if (!empty($extraFields) && isset($extraFields['extra_fields'])) { + $extraFieldList = $extraFields['extra_fields']; + foreach ($user as $key => $value) { + if (substr($key, 0, 6) == 'extra_') { + $extra_value = Security::remove_XSS($value); + $extra_field = substr($key,6); + + if(!empty($extra_value)) { + if (in_array($extra_field, $extraFieldList)) { + $extraValueExists = api_user_extra_field_validation($extra_field, $extra_value); + if ($extraValueExists) { + $formValid = false; + + $element = $form->getElement($key); + if ($element) { + $attrs = ['style' => 'border-color: #a94442;']; + $form->updateElementAttr([$element], $attrs); + } + + Display::addFlash( + Display::return_message( + get_lang('TheValueEntered ').$extra_field.get_lang('AlreadyExists'), + 'error', + false + ) + ); + } + } + } + } } } - $template = isset($user['email_template_option']) ? $user['email_template_option'] : []; - - $user_id = UserManager::create_user( - $firstname, - $lastname, - $status, - $email, - $username, - $password, - $official_code, - $language, - $phone, - null, - $auth_source, - $expiration_date, - $active, - $hr_dept_id, - $extra, - null, - $send_mail, - $platform_admin, - '', - false, - null, - 0, - $template - ); + if ($formValid) { + $lastname = $user['lastname']; + $firstname = $user['firstname']; + $official_code = $user['official_code']; + $email = $user['email']; + $phone = $user['phone']; + $username = $user['username']; + $status = (int) $user['status']; + $language = $user['language']; + $picture = $_FILES['picture']; + $platform_admin = (int) $user['admin']['platform_admin']; + $send_mail = (int) $user['mail']['send_mail']; + $hr_dept_id = isset($user['hr_dept_id']) ? (int) $user['hr_dept_id'] : 0; + + if (isset($extAuthSource) && count($extAuthSource) > 0 && + $user['password']['password_auto'] == '2' + ) { + $auth_source = $user['password']['auth_source']; + $password = 'PLACEHOLDER'; + } else { + $auth_source = PLATFORM_AUTH_SOURCE; + $password = $user['password']['password_auto'] == '1' ? api_generate_password() : $user['password']['password']; + } - Security::clear_token(); - $tok = Security::get_token(); - if (!empty($user_id)) { - if (!empty($picture['name'])) { - $picture_uri = UserManager::update_user_picture( - $user_id, - $_FILES['picture']['name'], - $_FILES['picture']['tmp_name'], - $user['picture_crop_result'] - ); - UserManager::update_user( - $user_id, - $firstname, - $lastname, - $username, - $password, - $auth_source, - $email, - $status, - $official_code, - $phone, - $picture_uri, - $expiration_date, - $active, - null, - $hr_dept_id, - null, - $language - ); + if ($user['radio_expiration_date'] == '1') { + $expiration_date = $user['expiration_date']; + } else { + $expiration_date = null; } - $extraFieldValues = new ExtraFieldValue('user'); - $user['item_id'] = $user_id; - $extraFieldValues->saveFieldValues($user); - $message = get_lang('UserAdded').': '. - Display::url( - api_get_person_name($firstname, $lastname), - api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id - ); - } + $active = (int) $user['active']; + if (api_get_setting('login_is_email') == 'true') { + $username = $email; + } - Display::addFlash(Display::return_message($message, 'normal', false)); + $extra = []; + foreach ($user as $key => $value) { + if (substr($key, 0, 6) == 'extra_') { + // An extra field + $extra[substr($key, 6)] = $value; + } + } - if (isset($_POST['submit_plus']) - || (api_is_session_admin() && api_get_configuration_value('limit_session_admin_list_users')) - ) { - //we want to add more. Prepare report message and redirect to the same page (to clean the form) - header('Location: user_add.php?sec_token='.$tok); - exit; - } else { + $template = isset($user['email_template_option']) ? $user['email_template_option'] : []; + + $user_id = UserManager::create_user( + $firstname, + $lastname, + $status, + $email, + $username, + $password, + $official_code, + $language, + $phone, + null, + $auth_source, + $expiration_date, + $active, + $hr_dept_id, + $extra, + null, + $send_mail, + $platform_admin, + '', + false, + null, + 0, + $template + ); + + Security::clear_token(); $tok = Security::get_token(); - header('Location: user_list.php?sec_token='.$tok); - exit; + if (!empty($user_id)) { + if (!empty($picture['name'])) { + $picture_uri = UserManager::update_user_picture( + $user_id, + $_FILES['picture']['name'], + $_FILES['picture']['tmp_name'], + $user['picture_crop_result'] + ); + UserManager::update_user( + $user_id, + $firstname, + $lastname, + $username, + $password, + $auth_source, + $email, + $status, + $official_code, + $phone, + $picture_uri, + $expiration_date, + $active, + null, + $hr_dept_id, + null, + $language + ); + } + + $extraFieldValues = new ExtraFieldValue('user'); + $user['item_id'] = $user_id; + $extraFieldValues->saveFieldValues($user); + $message = get_lang('UserAdded').': '. + Display::url( + api_get_person_name($firstname, $lastname), + api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id + ); + } + + Display::addFlash(Display::return_message($message, 'normal', false)); + + if (isset($_POST['submit_plus']) + || (api_is_session_admin() && api_get_configuration_value('limit_session_admin_list_users')) + ) { + //we want to add more. Prepare report message and redirect to the same page (to clean the form) + header('Location: user_add.php?sec_token='.$tok); + exit; + } else { + $tok = Security::get_token(); + header('Location: user_list.php?sec_token='.$tok); + exit; + } } } -} else { +} + +if (!$formValid) { if (isset($_POST['submit'])) { Security::clear_token(); } diff --git a/main/admin/user_edit.php b/main/admin/user_edit.php index f1b0fe2c43..1718fedeee 100755 --- a/main/admin/user_edit.php +++ b/main/admin/user_edit.php @@ -432,142 +432,181 @@ $error_drh = false; // Validate form if ($form->validate()) { $user = $form->getSubmitValues(1); - $reset_password = (int) $user['reset_password']; - if ($reset_password == 2 && empty($user['password'])) { - Display::addFlash(Display::return_message(get_lang('PasswordIsTooShort'))); - header('Location: '.api_get_self().'?user_id='.$user_id); - exit(); - } - - $is_user_subscribed_in_course = CourseManager::is_user_subscribed_in_course($user['user_id']); - - $picture_element = $form->getElement('picture'); - $picture = $picture_element->getValue(); - - $picture_uri = $user_data['picture_uri']; - if (isset($user['delete_picture']) && $user['delete_picture']) { - $picture_uri = UserManager::deleteUserPicture($user_id); - } elseif (!empty($picture['name'])) { - $picture_uri = UserManager::update_user_picture( - $user_id, - $_FILES['picture']['name'], - $_FILES['picture']['tmp_name'], - $user['picture_crop_result'] - ); - } - $lastname = $user['lastname']; - $firstname = $user['firstname']; - $password = $user['password']; - $auth_source = isset($user['auth_source']) ? $user['auth_source'] : $userInfo['auth_source']; - $official_code = $user['official_code']; - $email = $user['email']; - $phone = $user['phone']; - $username = isset($user['username']) ? $user['username'] : $userInfo['username']; - $status = (int) $user['status']; - $platform_admin = 0; - // Only platform admin can change user status to admin. - if (api_is_platform_admin()) { - $platform_admin = (int) $user['platform_admin']; + $formValid = true; + + $extraFields = api_get_configuration_value('extra_fields_to_validate_on_user_registration'); + if (!empty($extraFields) && isset($extraFields['extra_fields'])) { + $extraFieldList = $extraFields['extra_fields']; + foreach ($user as $key => $value) { + if (substr($key, 0, 6) == 'extra_') { + $extra_value = Security::remove_XSS($value); + $extra_field = substr($key,6); + + if(!empty($extra_value)) { + if (in_array($extra_field, $extraFieldList)) { + $extraValueExists = api_user_extra_field_validation($extra_field, $extra_value); + if ($extraValueExists) { + $formValid = false; + + $element = $form->getElement($key); + if ($element) { + $attrs = ['style' => 'border-color: #a94442;']; + $form->updateElementAttr([$element], $attrs); + } + + Display::addFlash( + Display::return_message( + get_lang('TheValueEntered ').$extra_field.get_lang('AlreadyExists'), + 'error', + false + ) + ); + } + } + } + } + } } - $send_mail = (int) $user['send_mail']; - $reset_password = (int) $user['reset_password']; - $hr_dept_id = isset($user['hr_dept_id']) ? intval($user['hr_dept_id']) : null; - $language = $user['language']; - $address = isset($user['address']) ? $user['address'] : null; - - $expiration_date = null; - if (!$user_data['platform_admin'] && $user['radio_expiration_date'] == '1') { - if (empty($user['expiration_date'])) { - Display::addFlash(Display::return_message(get_lang('EmptyExpirationDate'))); + if ($formValid) { + $reset_password = (int) $user['reset_password']; + if ($reset_password == 2 && empty($user['password'])) { + Display::addFlash(Display::return_message(get_lang('PasswordIsTooShort'))); header('Location: '.api_get_self().'?user_id='.$user_id); exit(); } - $expiration_date = $user['expiration_date']; - } - $active = $user_data['platform_admin'] ? 1 : intval($user['active']); + $is_user_subscribed_in_course = CourseManager::is_user_subscribed_in_course($user['user_id']); + + $picture_element = $form->getElement('picture'); + $picture = $picture_element->getValue(); + + $picture_uri = $user_data['picture_uri']; + if (isset($user['delete_picture']) && $user['delete_picture']) { + $picture_uri = UserManager::deleteUserPicture($user_id); + } elseif (!empty($picture['name'])) { + $picture_uri = UserManager::update_user_picture( + $user_id, + $_FILES['picture']['name'], + $_FILES['picture']['tmp_name'], + $user['picture_crop_result'] + ); + } - //If the user is set to admin the status will be overwrite by COURSEMANAGER = 1 - if ($platform_admin == 1) { - $status = COURSEMANAGER; - } + $lastname = $user['lastname']; + $firstname = $user['firstname']; + $password = $user['password']; + $auth_source = isset($user['auth_source']) ? $user['auth_source'] : $userInfo['auth_source']; + $official_code = $user['official_code']; + $email = $user['email']; + $phone = $user['phone']; + $username = isset($user['username']) ? $user['username'] : $userInfo['username']; + $status = (int) $user['status']; + $platform_admin = 0; + // Only platform admin can change user status to admin. + if (api_is_platform_admin()) { + $platform_admin = (int) $user['platform_admin']; + } - if (api_get_setting('login_is_email') === 'true') { - $username = $email; - } + $send_mail = (int) $user['send_mail']; + $reset_password = (int) $user['reset_password']; + $hr_dept_id = isset($user['hr_dept_id']) ? intval($user['hr_dept_id']) : null; + $language = $user['language']; + $address = isset($user['address']) ? $user['address'] : null; + + $expiration_date = null; + if (!$user_data['platform_admin'] && $user['radio_expiration_date'] == '1') { + if (empty($user['expiration_date'])) { + Display::addFlash(Display::return_message(get_lang('EmptyExpirationDate'))); + header('Location: '.api_get_self().'?user_id='.$user_id); + exit(); + } + $expiration_date = $user['expiration_date']; + } - $template = isset($user['email_template_option']) ? $user['email_template_option'] : []; + $active = $user_data['platform_admin'] ? 1 : intval($user['active']); - UserManager::update_user( - $user_id, - $firstname, - $lastname, - $username, - $password, - $auth_source, - $email, - $status, - $official_code, - $phone, - $picture_uri, - $expiration_date, - $active, - null, - $hr_dept_id, - null, - $language, - null, - $send_mail, - $reset_password, - $address, - $template - ); + //If the user is set to admin the status will be overwrite by COURSEMANAGER = 1 + if ($platform_admin == 1) { + $status = COURSEMANAGER; + } - $studentBossListSent = isset($user['student_boss']) ? $user['student_boss'] : []; - UserManager::subscribeUserToBossList( - $user_id, - $studentBossListSent, - true - ); + if (api_get_setting('login_is_email') === 'true') { + $username = $email; + } - if (api_get_setting('openid_authentication') === 'true' && !empty($user['openid'])) { - $up = UserManager::update_openid($user_id, $user['openid']); - } + $template = isset($user['email_template_option']) ? $user['email_template_option'] : []; - $currentUserId = api_get_user_id(); - if ($user_id != $currentUserId) { - $userObj = api_get_user_entity($user_id); - if ($platform_admin == 1) { - UserManager::addUserAsAdmin($userObj); - } else { - UserManager::removeUserAdmin($userObj); + UserManager::update_user( + $user_id, + $firstname, + $lastname, + $username, + $password, + $auth_source, + $email, + $status, + $official_code, + $phone, + $picture_uri, + $expiration_date, + $active, + null, + $hr_dept_id, + null, + $language, + null, + $send_mail, + $reset_password, + $address, + $template + ); + + $studentBossListSent = isset($user['student_boss']) ? $user['student_boss'] : []; + UserManager::subscribeUserToBossList( + $user_id, + $studentBossListSent, + true + ); + + if (api_get_setting('openid_authentication') === 'true' && !empty($user['openid'])) { + $up = UserManager::update_openid($user_id, $user['openid']); } - } - // It updates course relation type as EX-LEARNER if project name (extra field from user_edition_extra_field_to_check) is changed - if (false !== api_get_configuration_value('user_edition_extra_field_to_check')) { - $extraToCheck = api_get_configuration_value('user_edition_extra_field_to_check'); - if (isset($user['extra_'.$extraToCheck])) { - $extraValueToCheck = $user['extra_'.$extraToCheck]; - UserManager::updateCourseRelationTypeExLearner($user_id, $extraValueToCheck); + $currentUserId = api_get_user_id(); + if ($user_id != $currentUserId) { + $userObj = api_get_user_entity($user_id); + if ($platform_admin == 1) { + UserManager::addUserAsAdmin($userObj); + } else { + UserManager::removeUserAdmin($userObj); + } } - } - $extraFieldValue = new ExtraFieldValue('user'); - $extraFieldValue->saveFieldValues($user); - $userInfo = api_get_user_info($user_id); - $message = get_lang('UserUpdated').': '.Display::url( - $userInfo['complete_name_with_username'], - api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id - ); + // It updates course relation type as EX-LEARNER if project name (extra field from user_edition_extra_field_to_check) is changed + if (false !== api_get_configuration_value('user_edition_extra_field_to_check')) { + $extraToCheck = api_get_configuration_value('user_edition_extra_field_to_check'); + if (isset($user['extra_'.$extraToCheck])) { + $extraValueToCheck = $user['extra_'.$extraToCheck]; + UserManager::updateCourseRelationTypeExLearner($user_id, $extraValueToCheck); + } + } - Session::erase('system_timezone'); + $extraFieldValue = new ExtraFieldValue('user'); + $extraFieldValue->saveFieldValues($user); + $userInfo = api_get_user_info($user_id); + $message = get_lang('UserUpdated').': '.Display::url( + $userInfo['complete_name_with_username'], + api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id + ); - Display::addFlash(Display::return_message($message, 'normal', false)); - header('Location: user_list.php'); - exit(); + Session::erase('system_timezone'); + + Display::addFlash(Display::return_message($message, 'normal', false)); + header('Location: user_list.php'); + exit(); + } } $actions = [