search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Missing a stripslashes() so TeX functions didn't work
[moodle-linuxchix.git] / user / view.php
blob00491b285d6679be3ed386b816307cd6e6546caf
1 <?PHP // $Id$
2
3 // Display profile for a particular user
4
5 require_once("../config.php");
6 require_once($CFG->dirroot.'/user/profile/lib.php');
7 require_once($CFG->dirroot.'/tag/lib.php');
8
9 $id = optional_param('id', 0, PARAM_INT); // user id
10 $course = optional_param('course', SITEID, PARAM_INT); // course id (defaults to Site)
11 $enable = optional_param('enable', ''); // enable email
12 $disable = optional_param('disable', ''); // disable email
13
14 if (empty($id)) { // See your own profile by default
15 require_login();
16 $id = $USER->id;
17 }
18
19 if (! $user = get_record("user", "id", $id) ) {
20 error("No such user in this course");
21 }
22
23 if (! $course = get_record("course", "id", $course) ) {
24 error("No such course id");
25 }
26
27 /// Make sure the current user is allowed to see this user
28
29 if (empty($USER->id)) {
30 $currentuser = false;
31 } else {
32 $currentuser = ($user->id == $USER->id);
33 }
34
35 if ($course->id == SITEID) {
36 $coursecontext = get_context_instance(CONTEXT_SYSTEM); // SYSTEM context
37 } else {
38 $coursecontext = get_context_instance(CONTEXT_COURSE, $course->id); // Course context
39 }
40 $usercontext = get_context_instance(CONTEXT_USER, $user->id); // User context
41 $systemcontext = get_context_instance(CONTEXT_SYSTEM); // SYSTEM context
42
43 if (!empty($CFG->forcelogin) || $course->id != SITEID) {
44 // do not force parents to enrol
45 if (!get_record('role_assignments', 'userid', $USER->id, 'contextid', $usercontext->id)) {
46 require_login($course->id);
47 }
48 }
49
50 if (!empty($CFG->forceloginforprofiles)) {
51 require_login();
52 if (isguest()) {
53 redirect("$CFG->wwwroot/login/index.php");
54 }
55 }
56
57 $strpersonalprofile = get_string('personalprofile');
58 $strparticipants = get_string("participants");
59 $struser = get_string("user");
60
61 $fullname = fullname($user, has_capability('moodle/site:viewfullnames', $coursecontext));
62
63 $navlinks = array();
64 $navlinks[] = array('name' => $strparticipants, 'link' => "index.php?id=$course->id", 'type' => 'misc');
65
66 /// If the user being shown is not ourselves, then make sure we are allowed to see them!
67
68 if (!$currentuser) {
69 if ($course->id == SITEID) { // Reduce possibility of "browsing" userbase at site level
70 if ($CFG->forceloginforprofiles and !isteacherinanycourse()
71 and !isteacherinanycourse($user->id)
72 and !has_capability('moodle/user:viewdetails', $usercontext)) { // Teachers can browse and be browsed at site level. If not forceloginforprofiles, allow access (bug #4366)
73
74 $navlinks[] = array('name' => $struser, 'link' => null, 'type' => 'misc');
75 $navigation = build_navigation($navlinks);
76
77 print_header("$strpersonalprofile: ", "$strpersonalprofile: ", $navigation, "", "", true, "&nbsp;", navmenu($course));
78 print_heading(get_string('usernotavailable', 'error'));
79 print_footer($course);
80 exit;
81 }
82 } else { // Normal course
83 // check capabilities
84 if (!has_capability('moodle/user:viewdetails', $coursecontext) &&
85 !has_capability('moodle/user:viewdetails', $usercontext)) {
86 print_error('cannotviewprofile');
87 }
88
89 if (!has_capability('moodle/course:view', $coursecontext, $user->id, false)) {
90 if (has_capability('moodle/course:view', $coursecontext)) {
91 $navlinks[] = array('name' => $fullname, 'link' => null, 'type' => 'misc');
92 $navigation = build_navigation($navlinks);
93 print_header("$strpersonalprofile: ", "$strpersonalprofile: ", $navigation, "", "", true, "&nbsp;", navmenu($course));
94 print_heading(get_string('notenrolled', '', $fullname));
95 } else {
96 $navlinks[] = array('name' => $struser, 'link' => null, 'type' => 'misc');
97 $navigation = build_navigation($navlinks);
98 print_header("$strpersonalprofile: ", "$strpersonalprofile: ", $navigation, "", "", true, "&nbsp;", navmenu($course));
99 print_heading(get_string('notenrolledprofile'));
100 }
101 print_continue($_SERVER['HTTP_REFERER']);
102 print_footer($course);
103 exit;
104 }
105 }
106
107
108 // If groups are in use, make sure we can see that group
109 if (groups_get_course_groupmode($course) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $coursecontext)) {
110 require_login();
111
112 ///this is changed because of mygroupid
113 $gtrue = (bool)groups_get_all_groups($course->id, $user->id);
114 if (!$gtrue) {
115 $navigation = build_navigation($navlinks);
116 print_header("$strpersonalprofile: ", "$strpersonalprofile: ", $navigation, "", "", true, "&nbsp;", navmenu($course));
117 error(get_string("groupnotamember"), "../course/view.php?id=$course->id");
118 }
119 }
120 }
121
122
123 /// We've established they can see the user's name at least, so what about the rest?
124
125 $navlinks[] = array('name' => $fullname, 'link' => null, 'type' => 'misc');
126
127 $navigation = build_navigation($navlinks);
128
129 print_header("$course->fullname: $strpersonalprofile: $fullname", $course->fullname,
130 $navigation, "", "", true, "&nbsp;", navmenu($course));
131
132
133 if (($course->id != SITEID) and ! isguest() ) { // Need to have access to a course to see that info
134 if (!has_capability('moodle/course:view', $coursecontext, $user->id)) {
135 print_heading(get_string('notenrolled', '', $fullname));
136 print_footer($course);
137 die;
138 }
139 }
140
141 if ($user->deleted) {
142 print_heading(get_string('userdeleted'));
143 }
144
145 /// OK, security out the way, now we are showing the user
146
147 add_to_log($course->id, "user", "view", "view.php?id=$user->id&course=$course->id", "$user->id");
148
149 if ($course->id != SITEID) {
150 if ($lastaccess = get_record('user_lastaccess', 'userid', $user->id, 'courseid', $course->id)) {
151 $user->lastaccess = $lastaccess->timeaccess;
152 }
153 }
154
155
156 /// Get the hidden field list
157 if (has_capability('moodle/user:viewhiddendetails', $coursecontext)) {
158 $hiddenfields = array();
159 } else {
160 $hiddenfields = array_flip(explode(',', $CFG->hiddenuserfields));
161 }
162
163 /// Print tabs at top
164 /// This same call is made in:
165 /// /user/view.php
166 /// /user/edit.php
167 /// /course/user.php
168
169 $currenttab = 'profile';
170 $showroles = 1;
171 include('tabs.php');
172
173 if (is_mnet_remote_user($user)) {
174 $sql = "
175 SELECT DISTINCT
176 h.id,
177 h.name,
178 h.wwwroot,
179 a.name as application,
180 a.display_name
181 FROM
182 {$CFG->prefix}mnet_host h,
183 {$CFG->prefix}mnet_application a
184 WHERE
185 h.id = '{$user->mnethostid}' AND
186 h.applicationid = a.id
187 ORDER BY
188 a.display_name,
189 h.name";
190
191 $remotehost = get_record_sql($sql);
192
193 echo '<p class="errorboxcontent">'.get_string('remote'.$remotehost->application.'user')." <br />\n";
194 if ($USER->id == $user->id) {
195 if ($remotehost->application =='moodle') {
196 echo "Remote {$remotehost->display_name}: <a href=\"{$remotehost->wwwroot}/user/edit.php\">{$remotehost->name}</a> ".get_string('editremoteprofile')." </p>\n";
197 } else {
198 echo "Remote {$remotehost->display_name}: <a href=\"{$remotehost->wwwroot}/\">{$remotehost->name}</a> ".get_string('gotoyourserver')." </p>\n";
199 }
200 } else {
201 echo "Remote {$remotehost->display_name}: <a href=\"{$remotehost->wwwroot}/\">{$remotehost->name}</a></p>\n";
202 }
203 }
204
205 echo '<table width="80%" class="userinfobox" summary="">';
206 echo '<tr>';
207 echo '<td class="side">';
208 print_user_picture($user->id, $course->id, $user->picture, true, false, false);
209 echo '</td><td class="content">';
210
211 // Print the description
212
213 if ($user->description && !isset($hiddenfields['description'])) {
214 echo format_text($user->description, FORMAT_MOODLE)."<hr />";
215 }
216
217 // Print all the little details in a list
218
219 echo '<table class="list">';
220
221 if (($user->city or $user->country) and (!isset($hiddenfields['city']) or !isset($hiddenfields['country']))) {
222 $location = '';
223 if ($user->city && !isset($hiddenfields['city'])) {
224 $location .= $user->city;
225 }
226 if (!empty($countries[$user->country]) && !isset($hiddenfields['country'])) {
227 if ($user->city && !isset($hiddenfields['country'])) {
228 $location .= ', ';
229 }
230 $countries = get_list_of_countries();
231 $location .= $countries[$user->country];
232 }
233 print_row(get_string("city").":", $location);
234 }
235
236 if (has_capability('moodle/user:viewhiddendetails', $coursecontext)) {
237 if ($user->address) {
238 print_row(get_string("address").":", "$user->address");
239 }
240 if ($user->phone1) {
241 print_row(get_string("phone").":", "$user->phone1");
242 }
243 if ($user->phone2) {
244 print_row(get_string("phone").":", "$user->phone2");
245 }
246 }
247
248 if ($user->maildisplay == 1 or
249 ($user->maildisplay == 2 and ($course->id != SITEID) and !isguest()) or
250 has_capability('moodle/course:useremail', $coursecontext)) {
251
252 $emailswitch = '';
253
254 if (has_capability('moodle/course:useremail', $coursecontext) or $currentuser) { /// Can use the enable/disable email stuff
255 if (!empty($enable)) { /// Recieved a parameter to enable the email address
256 set_field('user', 'emailstop', 0, 'id', $user->id);
257 $user->emailstop = 0;
258 }
259 if (!empty($disable)) { /// Recieved a parameter to disable the email address
260 set_field('user', 'emailstop', 1, 'id', $user->id);
261 $user->emailstop = 1;
262 }
263 }
264
265 if (has_capability('moodle/course:useremail', $coursecontext)) { /// Can use the enable/disable email stuff
266 if ($user->emailstop) {
267 $switchparam = 'enable';
268 $switchtitle = get_string('emaildisable');
269 $switchclick = get_string('emailenableclick');
270 $switchpix = 'emailno.gif';
271 } else {
272 $switchparam = 'disable';
273 $switchtitle = get_string('emailenable');
274 $switchclick = get_string('emaildisableclick');
275 $switchpix = 'email.gif';
276 }
277 $emailswitch = "&nbsp;<a title=\"$switchclick\" ".
278 "href=\"view.php?id=$user->id&amp;course=$course->id&amp;$switchparam=1\">".
279 "<img src=\"$CFG->pixpath/t/$switchpix\" alt=\"$switchclick\" /></a>";
280
281 } else if ($currentuser) { /// Can only re-enable an email this way
282 if ($user->emailstop) { // Include link that tells how to re-enable their email
283 $switchparam = 'enable';
284 $switchtitle = get_string('emaildisable');
285 $switchclick = get_string('emailenableclick');
286
287 $emailswitch = "&nbsp;(<a title=\"$switchclick\" ".
288 "href=\"view.php?id=$user->id&amp;course=$course->id&amp;enable=1\">$switchtitle</a>)";
289 }
290 }
291
292 print_row(get_string("email").":", obfuscate_mailto($user->email, '', $user->emailstop)."$emailswitch");
293 }
294
295 if ($user->url && !isset($hiddenfields['webpage'])) {
296 print_row(get_string("webpage").":", "<a href=\"$user->url\">$user->url</a>");
297 }
298
299 if ($user->icq && !isset($hiddenfields['icqnumber'])) {
300 print_row(get_string('icqnumber').':',"<a href=\"http://web.icq.com/wwp?uin=$user->icq\">$user->icq <img src=\"http://web.icq.com/whitepages/online?icq=$user->icq&amp;img=5\" alt=\"\" /></a>");
301 }
302
303 if ($user->skype && !isset($hiddenfields['skypeid'])) {
304 print_row(get_string('skypeid').':','<a href="callto:'.urlencode($user->skype).'">'.s($user->skype).
305 ' <img src="http://mystatus.skype.com/smallicon/'.urlencode($user->skype).'" alt="'.get_string('status').'" '.
306 ' /></a>');
307 }
308 if ($user->yahoo && !isset($hiddenfields['yahooid'])) {
309 print_row(get_string('yahooid').':', '<a href="http://edit.yahoo.com/config/send_webmesg?.target='.urlencode($user->yahoo).'&amp;.src=pg">'.s($user->yahoo)." <img src=\"http://opi.yahoo.com/online?u=".urlencode($user->yahoo)."&m=g&t=0\" alt=\"\"></a>");
310 }
311 if ($user->aim && !isset($hiddenfields['aimid'])) {
312 print_row(get_string('aimid').':', '<a href="aim:goim?screenname='.s($user->aim).'">'.s($user->aim).'</a>');
313 }
314 if ($user->msn && !isset($hiddenfields['msnid'])) {
315 print_row(get_string('msnid').':', s($user->msn));
316 }
317
318 /// Print the Custom User Fields
319 profile_display_fields($user->id);
320
321
322 if ($mycourses = get_my_courses($user->id, null, null, false, 21)) {
323 $shown=0;
324 $courselisting = '';
325 foreach ($mycourses as $mycourse) {
326 if ($mycourse->visible and $mycourse->category) {
327 if ($mycourse->id != $course->id){
328 $courselisting .= "<a href=\"$CFG->wwwroot/user/view.php?id=$user->id&amp;course=$mycourse->id\">"
329 . format_string($mycourse->fullname) . "</a>, ";
330 }
331 else {
332 $courselisting .= format_string($mycourse->fullname) . ", ";
333 }
334 }
335 $shown++;
336 if($shown==20) {
337 $courselisting.= "...";
338 break;
339 }
340 }
341 print_row(get_string('courses').':', rtrim($courselisting,', '));
342 }
343
344 if (!isset($hiddenfields['lastaccess'])) {
345 if ($user->lastaccess) {
346 $datestring = userdate($user->lastaccess)."&nbsp; (".format_time(time() - $user->lastaccess).")";
347 } else {
348 $datestring = get_string("never");
349 }
350 print_row(get_string("lastaccess").":", $datestring);
351 }
352 /// printing roles
353
354 if ($rolestring = get_user_roles_in_context($id, $coursecontext->id)) {
355 print_row(get_string('roles').':', format_string($rolestring, false));
356 }
357
358 /// Printing groups
359 $isseparategroups = ($course->groupmode == SEPARATEGROUPS and $course->groupmodeforce and
360 !has_capability('moodle/site:accessallgroups', $coursecontext));
361 if (!$isseparategroups){
362 if ($usergroups = groups_get_all_groups($course->id, $user->id)){
363 $groupstr = '';
364 foreach ($usergroups as $group){
365 $groupstr .= ' <a href="'.$CFG->wwwroot.'/user/index.php?id='.$course->id.'&amp;group='.$group->id.'">'.format_string($group->name).'</a>,';
366 }
367 print_row(get_string("group").":", rtrim($groupstr, ', '));
368 }
369 }
370 /// End of printing groups
371
372 /// Printing Interests
373 if( !empty($CFG->usetags)) {
374 $interests = get_item_tags('user', $user->id);
375
376 $instereststr = tag_links_csv($interests);
377
378 if ($interests) {
379 print_row(get_string('interests').": ",rtrim($instereststr));
380 }
381 }
382 /// End of Printing Interests
383
384 echo "</table>";
385
386 echo "</td></tr></table>";
387
388 $userauth = get_auth_plugin($user->auth);
389
390 $passwordchangeurl = false;
391 if ($currentuser and $userauth->can_change_password() and !isguestuser() and has_capability('moodle/user:changeownpassword', $systemcontext)) {
392 if (!$passwordchangeurl = $userauth->change_password_url()) {
393 if (empty($CFG->loginhttps)) {
394 $passwordchangeurl = "$CFG->wwwroot/login/change_password.php";
395 } else {
396 $passwordchangeurl = str_replace('http:', 'https:', $CFG->wwwroot.'/login/change_password.php');
397 }
398 }
399 }
400
401 // Print other functions
402 echo '<div class="buttons">';
403
404 if ($passwordchangeurl) {
405 $params = array('id'=>$course->id);
406
407 if (!empty($USER->realuser)) {
408 $passwordchangeurl = ''; // do not use actual change password url - might contain sensitive data
409 } else {
410 $parts = explode('?', $passwordchangeurl);
411 $passwordchangeurl = reset($parts);
412 $after = next($parts);
413 preg_match_all('/([^&=]+)=([^&=]+)/', $after, $matches);
414 if (count($matches)) {
415 foreach($matches[0] as $key=>$match) {
416 $params[$matches[1][$key]] = $matches[2][$key];
417 }
418 }
419 }
420 echo "<form action=\"$passwordchangeurl\" method=\"get\">";
421 echo "<div>";
422 foreach($params as $key=>$value) {
423 echo '<input type="hidden" name="'.$key.'" value="'.s($value).'" />';
424 }
425 if (!empty($USER->realuser)) {
426 // changing of password when "Logged in as" is not allowed
427 echo "<input type=\"submit\" value=\"".get_string("changepassword")."\" disabled=\"disabled\" />";
428 } else {
429 echo "<input type=\"submit\" value=\"".get_string("changepassword")."\" />";
430 }
431 echo "</div>";
432 echo "</form>";
433 }
434
435 if ($course->id != SITEID && empty($course->metacourse)) { // Mostly only useful at course level
436
437 if (($user->id == $USER->id && // Myself
438 has_capability('moodle/course:view', $coursecontext, NULL) && // Course participant
439 has_capability('moodle/role:unassignself', $coursecontext, NULL, false)) // Can unassign myself
440 ||
441 (has_capability('moodle/role:assign', $coursecontext, NULL) && // I can assign roles
442 get_user_roles($coursecontext, $user->id)) ) { // This user has roles
443
444 echo '<form action="../course/unenrol.php" method="get">';
445 echo "<div>";
446 echo '<input type="hidden" name="id" value="'.$course->id.'" />';
447 echo '<input type="hidden" name="user" value="'.$user->id.'" />';
448 echo '<input type="submit" value="'.get_string('unenrolme', '', $course->shortname).'" />';
449 echo "</div>";
450 echo '</form>';
451 }
452 }
453
454 if ($USER->id != $user->id && empty($USER->realuser) && has_capability('moodle/user:loginas', $coursecontext) &&
455 ! has_capability('moodle/site:doanything', $coursecontext, $user->id, false)) {
456 echo '<form action="'.$CFG->wwwroot.'/course/loginas.php" method="get">';
457 echo "<div>";
458 echo '<input type="hidden" name="id" value="'.$course->id.'" />';
459 echo '<input type="hidden" name="user" value="'.$user->id.'" />';
460 echo '<input type="hidden" name="sesskey" value="'.sesskey().'" />';
461 echo '<input type="submit" value="'.get_string('loginas').'" />';
462 echo "</div>";
463 echo '</form>';
464 }
465
466 if (!empty($CFG->messaging) and !isguest()) {
467 if (!empty($USER->id) and ($USER->id == $user->id)) {
468 if ($countmessages = count_records('message', 'useridto', $user->id)) {
469 $messagebuttonname = get_string("messages", "message")."($countmessages)";
470 } else {
471 $messagebuttonname = get_string("messages", "message");
472 }
473 echo "<form onclick=\"this.target='message'\" action=\"../message/index.php\" method=\"get\">";
474 echo "<div>";
475 echo "<input type=\"submit\" value=\"$messagebuttonname\" onclick=\"return openpopup('/message/index.php', 'message', 'menubar=0,location=0,scrollbars,status,resizable,width=400,height=500', 0);\" />";
476 echo "</div>";
477 echo "</form>";
478 } else {
479 echo "<form onclick=\"this.target='message$user->id'\" action=\"../message/discussion.php\" method=\"get\">";
480 echo "<div>";
481 echo "<input type=\"hidden\" name=\"id\" value=\"$user->id\" />";
482 echo "<input type=\"submit\" value=\"".get_string("sendmessage", "message")."\" onclick=\"return openpopup('/message/discussion.php?id=$user->id', 'message_$user->id', 'menubar=0,location=0,scrollbars,status,resizable,width=400,height=500', 0);\" />";
483 echo "</div>";
484 echo "</form>";
485 }
486 }
487 // Authorize.net: User Payments
488 if ($course->enrol == 'authorize' || (empty($course->enrol) && $CFG->enrol == 'authorize')) {
489 echo "<form action=\"../enrol/authorize/index.php\" method=\"get\">";
490 echo "<div>";
491 echo "<input type=\"hidden\" name=\"course\" value=\"$course->id\" />";
492 echo "<input type=\"hidden\" name=\"user\" value=\"$user->id\" />";
493 echo "<input type=\"submit\" value=\"".get_string('payments')."\" />";
494 echo "</div>";
495 echo "</form>";
496 }
497 echo "</div>\n";
498
499 if ($CFG->debugdisplay && debugging('', DEBUG_DEVELOPER) && $USER->id == $user->id) { // Show user object
500 echo '<hr />';
501 print_heading('DEBUG MODE: User session variables');
502 print_object($USER);
503 }
504
505 print_footer($course);
506
507 /// Functions ///////
508
509 function print_row($left, $right) {
510 echo "\n<tr><td class=\"label c0\">$left</td><td class=\"info c1\">$right</td></tr>\n";
511 }
512
513 ?>
Moodle Repo, with LinuxChix modifications