diff --git a/main/admin/user_add.php b/main/admin/user_add.php
index 84f9d1c0f15..39d29d3797e 100755
--- a/main/admin/user_add.php
+++ b/main/admin/user_add.php
@@ -368,137 +368,176 @@ function setExpirationDatePicker(status) {
$form->addGroup($html_results_enabled);
// Validate form
-if ($form->validate()) {
+$formValid = $form->validate();
+if ($formValid) {
$check = Security::check_token('post');
if ($check) {
$user = $form->exportValues();
- $lastname = $user['lastname'];
- $firstname = $user['firstname'];
- $official_code = $user['official_code'];
- $email = $user['email'];
- $phone = $user['phone'];
- $username = $user['username'];
- $status = (int) $user['status'];
- $language = $user['language'];
- $picture = $_FILES['picture'];
- $platform_admin = (int) $user['admin']['platform_admin'];
- $send_mail = (int) $user['mail']['send_mail'];
- $hr_dept_id = isset($user['hr_dept_id']) ? (int) $user['hr_dept_id'] : 0;
-
- if (isset($extAuthSource) && count($extAuthSource) > 0 &&
- $user['password']['password_auto'] == '2'
- ) {
- $auth_source = $user['password']['auth_source'];
- $password = 'PLACEHOLDER';
- } else {
- $auth_source = PLATFORM_AUTH_SOURCE;
- $password = $user['password']['password_auto'] == '1' ? api_generate_password() : $user['password']['password'];
- }
-
- if ($user['radio_expiration_date'] == '1') {
- $expiration_date = $user['expiration_date'];
- } else {
- $expiration_date = null;
- }
-
- $active = (int) $user['active'];
- if (api_get_setting('login_is_email') == 'true') {
- $username = $email;
- }
-
- $extra = [];
- foreach ($user as $key => $value) {
- if (substr($key, 0, 6) == 'extra_') {
- // An extra field
- $extra[substr($key, 6)] = $value;
+ $extraFields = api_get_configuration_value('extra_fields_to_validate_on_user_registration');
+ if (!empty($extraFields) && isset($extraFields['extra_fields'])) {
+ $extraFieldList = $extraFields['extra_fields'];
+ foreach ($user as $key => $value) {
+ if (substr($key, 0, 6) == 'extra_') {
+ $extra_value = Security::remove_XSS($value);
+ $extra_field = substr($key,6);
+
+ if(!empty($extra_value)) {
+ if (in_array($extra_field, $extraFieldList)) {
+ $extraValueExists = api_user_extra_field_validation($extra_field, $extra_value);
+ if ($extraValueExists) {
+ $formValid = false;
+
+ $element = $form->getElement($key);
+ if ($element) {
+ $attrs = ['style' => 'border-color: #a94442;'];
+ $form->updateElementAttr([$element], $attrs);
+ }
+
+ Display::addFlash(
+ Display::return_message(
+ get_lang('TheValueEntered ').$extra_field.get_lang('AlreadyExists'),
+ 'error',
+ false
+ )
+ );
+ }
+ }
+ }
+ }
}
}
- $template = isset($user['email_template_option']) ? $user['email_template_option'] : [];
-
- $user_id = UserManager::create_user(
- $firstname,
- $lastname,
- $status,
- $email,
- $username,
- $password,
- $official_code,
- $language,
- $phone,
- null,
- $auth_source,
- $expiration_date,
- $active,
- $hr_dept_id,
- $extra,
- null,
- $send_mail,
- $platform_admin,
- '',
- false,
- null,
- 0,
- $template
- );
+ if ($formValid) {
+ $lastname = $user['lastname'];
+ $firstname = $user['firstname'];
+ $official_code = $user['official_code'];
+ $email = $user['email'];
+ $phone = $user['phone'];
+ $username = $user['username'];
+ $status = (int) $user['status'];
+ $language = $user['language'];
+ $picture = $_FILES['picture'];
+ $platform_admin = (int) $user['admin']['platform_admin'];
+ $send_mail = (int) $user['mail']['send_mail'];
+ $hr_dept_id = isset($user['hr_dept_id']) ? (int) $user['hr_dept_id'] : 0;
+
+ if (isset($extAuthSource) && count($extAuthSource) > 0 &&
+ $user['password']['password_auto'] == '2'
+ ) {
+ $auth_source = $user['password']['auth_source'];
+ $password = 'PLACEHOLDER';
+ } else {
+ $auth_source = PLATFORM_AUTH_SOURCE;
+ $password = $user['password']['password_auto'] == '1' ? api_generate_password() : $user['password']['password'];
+ }
- Security::clear_token();
- $tok = Security::get_token();
- if (!empty($user_id)) {
- if (!empty($picture['name'])) {
- $picture_uri = UserManager::update_user_picture(
- $user_id,
- $_FILES['picture']['name'],
- $_FILES['picture']['tmp_name'],
- $user['picture_crop_result']
- );
- UserManager::update_user(
- $user_id,
- $firstname,
- $lastname,
- $username,
- $password,
- $auth_source,
- $email,
- $status,
- $official_code,
- $phone,
- $picture_uri,
- $expiration_date,
- $active,
- null,
- $hr_dept_id,
- null,
- $language
- );
+ if ($user['radio_expiration_date'] == '1') {
+ $expiration_date = $user['expiration_date'];
+ } else {
+ $expiration_date = null;
}
- $extraFieldValues = new ExtraFieldValue('user');
- $user['item_id'] = $user_id;
- $extraFieldValues->saveFieldValues($user);
- $message = get_lang('UserAdded').': '.
- Display::url(
- api_get_person_name($firstname, $lastname),
- api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id
- );
- }
+ $active = (int) $user['active'];
+ if (api_get_setting('login_is_email') == 'true') {
+ $username = $email;
+ }
- Display::addFlash(Display::return_message($message, 'normal', false));
+ $extra = [];
+ foreach ($user as $key => $value) {
+ if (substr($key, 0, 6) == 'extra_') {
+ // An extra field
+ $extra[substr($key, 6)] = $value;
+ }
+ }
- if (isset($_POST['submit_plus'])
- || (api_is_session_admin() && api_get_configuration_value('limit_session_admin_list_users'))
- ) {
- //we want to add more. Prepare report message and redirect to the same page (to clean the form)
- header('Location: user_add.php?sec_token='.$tok);
- exit;
- } else {
+ $template = isset($user['email_template_option']) ? $user['email_template_option'] : [];
+
+ $user_id = UserManager::create_user(
+ $firstname,
+ $lastname,
+ $status,
+ $email,
+ $username,
+ $password,
+ $official_code,
+ $language,
+ $phone,
+ null,
+ $auth_source,
+ $expiration_date,
+ $active,
+ $hr_dept_id,
+ $extra,
+ null,
+ $send_mail,
+ $platform_admin,
+ '',
+ false,
+ null,
+ 0,
+ $template
+ );
+
+ Security::clear_token();
$tok = Security::get_token();
- header('Location: user_list.php?sec_token='.$tok);
- exit;
+ if (!empty($user_id)) {
+ if (!empty($picture['name'])) {
+ $picture_uri = UserManager::update_user_picture(
+ $user_id,
+ $_FILES['picture']['name'],
+ $_FILES['picture']['tmp_name'],
+ $user['picture_crop_result']
+ );
+ UserManager::update_user(
+ $user_id,
+ $firstname,
+ $lastname,
+ $username,
+ $password,
+ $auth_source,
+ $email,
+ $status,
+ $official_code,
+ $phone,
+ $picture_uri,
+ $expiration_date,
+ $active,
+ null,
+ $hr_dept_id,
+ null,
+ $language
+ );
+ }
+
+ $extraFieldValues = new ExtraFieldValue('user');
+ $user['item_id'] = $user_id;
+ $extraFieldValues->saveFieldValues($user);
+ $message = get_lang('UserAdded').': '.
+ Display::url(
+ api_get_person_name($firstname, $lastname),
+ api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id
+ );
+ }
+
+ Display::addFlash(Display::return_message($message, 'normal', false));
+
+ if (isset($_POST['submit_plus'])
+ || (api_is_session_admin() && api_get_configuration_value('limit_session_admin_list_users'))
+ ) {
+ //we want to add more. Prepare report message and redirect to the same page (to clean the form)
+ header('Location: user_add.php?sec_token='.$tok);
+ exit;
+ } else {
+ $tok = Security::get_token();
+ header('Location: user_list.php?sec_token='.$tok);
+ exit;
+ }
}
}
-} else {
+}
+
+if (!$formValid) {
if (isset($_POST['submit'])) {
Security::clear_token();
}
diff --git a/main/admin/user_edit.php b/main/admin/user_edit.php
index f1b0fe2c439..1718fedeeef 100755
--- a/main/admin/user_edit.php
+++ b/main/admin/user_edit.php
@@ -432,142 +432,181 @@ function confirmation(name) {
// Validate form
if ($form->validate()) {
$user = $form->getSubmitValues(1);
- $reset_password = (int) $user['reset_password'];
- if ($reset_password == 2 && empty($user['password'])) {
- Display::addFlash(Display::return_message(get_lang('PasswordIsTooShort')));
- header('Location: '.api_get_self().'?user_id='.$user_id);
- exit();
- }
-
- $is_user_subscribed_in_course = CourseManager::is_user_subscribed_in_course($user['user_id']);
-
- $picture_element = $form->getElement('picture');
- $picture = $picture_element->getValue();
-
- $picture_uri = $user_data['picture_uri'];
- if (isset($user['delete_picture']) && $user['delete_picture']) {
- $picture_uri = UserManager::deleteUserPicture($user_id);
- } elseif (!empty($picture['name'])) {
- $picture_uri = UserManager::update_user_picture(
- $user_id,
- $_FILES['picture']['name'],
- $_FILES['picture']['tmp_name'],
- $user['picture_crop_result']
- );
- }
- $lastname = $user['lastname'];
- $firstname = $user['firstname'];
- $password = $user['password'];
- $auth_source = isset($user['auth_source']) ? $user['auth_source'] : $userInfo['auth_source'];
- $official_code = $user['official_code'];
- $email = $user['email'];
- $phone = $user['phone'];
- $username = isset($user['username']) ? $user['username'] : $userInfo['username'];
- $status = (int) $user['status'];
- $platform_admin = 0;
- // Only platform admin can change user status to admin.
- if (api_is_platform_admin()) {
- $platform_admin = (int) $user['platform_admin'];
+ $formValid = true;
+
+ $extraFields = api_get_configuration_value('extra_fields_to_validate_on_user_registration');
+ if (!empty($extraFields) && isset($extraFields['extra_fields'])) {
+ $extraFieldList = $extraFields['extra_fields'];
+ foreach ($user as $key => $value) {
+ if (substr($key, 0, 6) == 'extra_') {
+ $extra_value = Security::remove_XSS($value);
+ $extra_field = substr($key,6);
+
+ if(!empty($extra_value)) {
+ if (in_array($extra_field, $extraFieldList)) {
+ $extraValueExists = api_user_extra_field_validation($extra_field, $extra_value);
+ if ($extraValueExists) {
+ $formValid = false;
+
+ $element = $form->getElement($key);
+ if ($element) {
+ $attrs = ['style' => 'border-color: #a94442;'];
+ $form->updateElementAttr([$element], $attrs);
+ }
+
+ Display::addFlash(
+ Display::return_message(
+ get_lang('TheValueEntered ').$extra_field.get_lang('AlreadyExists'),
+ 'error',
+ false
+ )
+ );
+ }
+ }
+ }
+ }
+ }
}
- $send_mail = (int) $user['send_mail'];
- $reset_password = (int) $user['reset_password'];
- $hr_dept_id = isset($user['hr_dept_id']) ? intval($user['hr_dept_id']) : null;
- $language = $user['language'];
- $address = isset($user['address']) ? $user['address'] : null;
-
- $expiration_date = null;
- if (!$user_data['platform_admin'] && $user['radio_expiration_date'] == '1') {
- if (empty($user['expiration_date'])) {
- Display::addFlash(Display::return_message(get_lang('EmptyExpirationDate')));
+ if ($formValid) {
+ $reset_password = (int) $user['reset_password'];
+ if ($reset_password == 2 && empty($user['password'])) {
+ Display::addFlash(Display::return_message(get_lang('PasswordIsTooShort')));
header('Location: '.api_get_self().'?user_id='.$user_id);
exit();
}
- $expiration_date = $user['expiration_date'];
- }
- $active = $user_data['platform_admin'] ? 1 : intval($user['active']);
+ $is_user_subscribed_in_course = CourseManager::is_user_subscribed_in_course($user['user_id']);
+
+ $picture_element = $form->getElement('picture');
+ $picture = $picture_element->getValue();
+
+ $picture_uri = $user_data['picture_uri'];
+ if (isset($user['delete_picture']) && $user['delete_picture']) {
+ $picture_uri = UserManager::deleteUserPicture($user_id);
+ } elseif (!empty($picture['name'])) {
+ $picture_uri = UserManager::update_user_picture(
+ $user_id,
+ $_FILES['picture']['name'],
+ $_FILES['picture']['tmp_name'],
+ $user['picture_crop_result']
+ );
+ }
- //If the user is set to admin the status will be overwrite by COURSEMANAGER = 1
- if ($platform_admin == 1) {
- $status = COURSEMANAGER;
- }
+ $lastname = $user['lastname'];
+ $firstname = $user['firstname'];
+ $password = $user['password'];
+ $auth_source = isset($user['auth_source']) ? $user['auth_source'] : $userInfo['auth_source'];
+ $official_code = $user['official_code'];
+ $email = $user['email'];
+ $phone = $user['phone'];
+ $username = isset($user['username']) ? $user['username'] : $userInfo['username'];
+ $status = (int) $user['status'];
+ $platform_admin = 0;
+ // Only platform admin can change user status to admin.
+ if (api_is_platform_admin()) {
+ $platform_admin = (int) $user['platform_admin'];
+ }
- if (api_get_setting('login_is_email') === 'true') {
- $username = $email;
- }
+ $send_mail = (int) $user['send_mail'];
+ $reset_password = (int) $user['reset_password'];
+ $hr_dept_id = isset($user['hr_dept_id']) ? intval($user['hr_dept_id']) : null;
+ $language = $user['language'];
+ $address = isset($user['address']) ? $user['address'] : null;
+
+ $expiration_date = null;
+ if (!$user_data['platform_admin'] && $user['radio_expiration_date'] == '1') {
+ if (empty($user['expiration_date'])) {
+ Display::addFlash(Display::return_message(get_lang('EmptyExpirationDate')));
+ header('Location: '.api_get_self().'?user_id='.$user_id);
+ exit();
+ }
+ $expiration_date = $user['expiration_date'];
+ }
- $template = isset($user['email_template_option']) ? $user['email_template_option'] : [];
+ $active = $user_data['platform_admin'] ? 1 : intval($user['active']);
- UserManager::update_user(
- $user_id,
- $firstname,
- $lastname,
- $username,
- $password,
- $auth_source,
- $email,
- $status,
- $official_code,
- $phone,
- $picture_uri,
- $expiration_date,
- $active,
- null,
- $hr_dept_id,
- null,
- $language,
- null,
- $send_mail,
- $reset_password,
- $address,
- $template
- );
+ //If the user is set to admin the status will be overwrite by COURSEMANAGER = 1
+ if ($platform_admin == 1) {
+ $status = COURSEMANAGER;
+ }
- $studentBossListSent = isset($user['student_boss']) ? $user['student_boss'] : [];
- UserManager::subscribeUserToBossList(
- $user_id,
- $studentBossListSent,
- true
- );
+ if (api_get_setting('login_is_email') === 'true') {
+ $username = $email;
+ }
- if (api_get_setting('openid_authentication') === 'true' && !empty($user['openid'])) {
- $up = UserManager::update_openid($user_id, $user['openid']);
- }
+ $template = isset($user['email_template_option']) ? $user['email_template_option'] : [];
- $currentUserId = api_get_user_id();
- if ($user_id != $currentUserId) {
- $userObj = api_get_user_entity($user_id);
- if ($platform_admin == 1) {
- UserManager::addUserAsAdmin($userObj);
- } else {
- UserManager::removeUserAdmin($userObj);
+ UserManager::update_user(
+ $user_id,
+ $firstname,
+ $lastname,
+ $username,
+ $password,
+ $auth_source,
+ $email,
+ $status,
+ $official_code,
+ $phone,
+ $picture_uri,
+ $expiration_date,
+ $active,
+ null,
+ $hr_dept_id,
+ null,
+ $language,
+ null,
+ $send_mail,
+ $reset_password,
+ $address,
+ $template
+ );
+
+ $studentBossListSent = isset($user['student_boss']) ? $user['student_boss'] : [];
+ UserManager::subscribeUserToBossList(
+ $user_id,
+ $studentBossListSent,
+ true
+ );
+
+ if (api_get_setting('openid_authentication') === 'true' && !empty($user['openid'])) {
+ $up = UserManager::update_openid($user_id, $user['openid']);
}
- }
- // It updates course relation type as EX-LEARNER if project name (extra field from user_edition_extra_field_to_check) is changed
- if (false !== api_get_configuration_value('user_edition_extra_field_to_check')) {
- $extraToCheck = api_get_configuration_value('user_edition_extra_field_to_check');
- if (isset($user['extra_'.$extraToCheck])) {
- $extraValueToCheck = $user['extra_'.$extraToCheck];
- UserManager::updateCourseRelationTypeExLearner($user_id, $extraValueToCheck);
+ $currentUserId = api_get_user_id();
+ if ($user_id != $currentUserId) {
+ $userObj = api_get_user_entity($user_id);
+ if ($platform_admin == 1) {
+ UserManager::addUserAsAdmin($userObj);
+ } else {
+ UserManager::removeUserAdmin($userObj);
+ }
}
- }
- $extraFieldValue = new ExtraFieldValue('user');
- $extraFieldValue->saveFieldValues($user);
- $userInfo = api_get_user_info($user_id);
- $message = get_lang('UserUpdated').': '.Display::url(
- $userInfo['complete_name_with_username'],
- api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id
- );
+ // It updates course relation type as EX-LEARNER if project name (extra field from user_edition_extra_field_to_check) is changed
+ if (false !== api_get_configuration_value('user_edition_extra_field_to_check')) {
+ $extraToCheck = api_get_configuration_value('user_edition_extra_field_to_check');
+ if (isset($user['extra_'.$extraToCheck])) {
+ $extraValueToCheck = $user['extra_'.$extraToCheck];
+ UserManager::updateCourseRelationTypeExLearner($user_id, $extraValueToCheck);
+ }
+ }
- Session::erase('system_timezone');
+ $extraFieldValue = new ExtraFieldValue('user');
+ $extraFieldValue->saveFieldValues($user);
+ $userInfo = api_get_user_info($user_id);
+ $message = get_lang('UserUpdated').': '.Display::url(
+ $userInfo['complete_name_with_username'],
+ api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id
+ );
- Display::addFlash(Display::return_message($message, 'normal', false));
- header('Location: user_list.php');
- exit();
+ Session::erase('system_timezone');
+
+ Display::addFlash(Display::return_message($message, 'normal', false));
+ header('Location: user_list.php');
+ exit();
+ }
}
$actions = [
diff --git a/main/admin/user_import.php b/main/admin/user_import.php
index b9ed2f9f2de..dc78009e8f0 100644
--- a/main/admin/user_import.php
+++ b/main/admin/user_import.php
@@ -197,6 +197,21 @@ function validate_data($users, $checkUniqueEmail = false)
$user['has_error'] = true;
}
}
+
+ // 6. Check if extra fields are duplicated
+ $extraFields = api_get_configuration_value('extra_fields_to_validate_on_user_registration');
+ if (!empty($extraFields) && isset($extraFields['extra_fields'])) {
+ $extraFieldList = $extraFields['extra_fields'];
+ foreach ($extraFieldList as $extraFieldToCheck) {
+ if (isset($user[$extraFieldToCheck]) && !empty($user[$extraFieldToCheck])) {
+ $valueExists = api_user_extra_field_validation($extraFieldToCheck, $user[$extraFieldToCheck]);
+ if ($valueExists) {
+ $user['message'] .= Display::return_message(get_lang('DuplicatedFieldAt').' '.$extraFieldToCheck, 'warning');
+ $user['has_error'] = true;
+ }
+ }
+ }
+ }
}
return $users;
diff --git a/main/auth/inscription.php b/main/auth/inscription.php
index aeec0f0e548..21313aea6ba 100755
--- a/main/auth/inscription.php
+++ b/main/auth/inscription.php
@@ -673,393 +673,433 @@
}
}
-if ($form->validate()) {
+$formValid = $form->validate();
+if ($formValid) {
$values = $form->getSubmitValues(1);
- // Make *sure* the login isn't too long
- if (isset($values['username'])) {
- $values['username'] = api_substr($values['username'], 0, USERNAME_MAX_LENGTH);
- }
- if (api_get_setting('allow_registration_as_teacher') === 'false') {
- $values['status'] = STUDENT;
+ $extraFields = api_get_configuration_value('extra_fields_to_validate_on_user_registration');
+ if (!empty($extraFields) && isset($extraFields['extra_fields'])) {
+ $extraFieldList = $extraFields['extra_fields'];
+ foreach ($values as $key => $value) {
+ if (substr($key, 0, 6) == 'extra_') {
+ $extra_value = Security::remove_XSS($value);
+ $extra_field = substr($key,6);
+
+ if(!empty($extra_value)) {
+ if (in_array($extra_field, $extraFieldList)) {
+ $extraValueExists = api_user_extra_field_validation($extra_field, $extra_value);
+ if ($extraValueExists) {
+ $formValid = false;
+
+ $element = $form->getElement($key);
+ if ($element) {
+ $attrs = ['style' => 'border-color: #a94442;'];
+ $form->updateElementAttr([$element], $attrs);
+ }
+
+ Display::addFlash(
+ Display::return_message(
+ get_lang('TheValueEntered ').$extra_field.get_lang('AlreadyExists'),
+ 'error',
+ false
+ )
+ );
+ }
+ }
+ }
+ }
+ }
}
- if (empty($values['official_code']) && !empty($values['username'])) {
- $values['official_code'] = api_strtoupper($values['username']);
- }
+ if ($formValid) {
+ // Make *sure* the login isn't too long
+ if (isset($values['username'])) {
+ $values['username'] = api_substr($values['username'], 0, USERNAME_MAX_LENGTH);
+ }
- if (api_get_setting('login_is_email') === 'true') {
- $values['username'] = $values['email'];
- }
+ if (api_get_setting('allow_registration_as_teacher') === 'false') {
+ $values['status'] = STUDENT;
+ }
- if ($user_already_registered_show_terms &&
- api_get_setting('allow_terms_conditions') === 'true'
- ) {
- $user_id = $_SESSION['term_and_condition']['user_id'];
- $is_admin = UserManager::is_admin($user_id);
- Session::write('is_platformAdmin', $is_admin);
- } else {
- // Moved here to include extra fields when creating a user. Formerly placed after user creation
- // Register extra fields
- $extras = [];
- foreach ($values as $key => $value) {
- if (substr($key, 0, 6) == 'extra_') {
- //an extra field
- $extras[substr($key, 6)] = $value;
- } elseif (strpos($key, 'remove_extra_') !== false) {
- $extra_value = Security::filter_filename(urldecode(key($value)));
- // To remove from user_field_value and folder
- UserManager::update_extra_field_value(
- $user_id,
- substr($key, 13),
- $extra_value
- );
- }
+ if (empty($values['official_code']) && !empty($values['username'])) {
+ $values['official_code'] = api_strtoupper($values['username']);
}
- $status = isset($values['status']) ? $values['status'] : STUDENT;
- $phone = isset($values['phone']) ? $values['phone'] : null;
- $values['language'] = isset($values['language']) ? $values['language'] : api_get_interface_language();
- $values['address'] = isset($values['address']) ? $values['address'] : '';
-
- // Creates a new user
- $user_id = UserManager::create_user(
- $values['firstname'],
- $values['lastname'],
- $status,
- $values['email'],
- $values['username'],
- $values['pass1'],
- $values['official_code'],
- $values['language'],
- $phone,
- null,
- PLATFORM_AUTH_SOURCE,
- null,
- 1,
- 0,
- $extras,
- null,
- true,
- false,
- $values['address'],
- false,
- $form
- );
+ if (api_get_setting('login_is_email') === 'true') {
+ $values['username'] = $values['email'];
+ }
- // Update the extra fields
- $count_extra_field = count($extras);
- if ($count_extra_field > 0 && is_int($user_id)) {
- foreach ($extras as $key => $value) {
- // For array $value -> if exists key 'tmp_name' then must not be empty
- // This avoid delete from user field value table when doesn't upload a file
- if (is_array($value)) {
- if (array_key_exists('tmp_name', $value) && empty($value['tmp_name'])) {
- //Nothing to do
- } else {
- if (array_key_exists('tmp_name', $value)) {
- $value['tmp_name'] = Security::filter_filename($value['tmp_name']);
- }
- if (array_key_exists('name', $value)) {
- $value['name'] = Security::filter_filename($value['name']);
+ if ($user_already_registered_show_terms &&
+ api_get_setting('allow_terms_conditions') === 'true'
+ ) {
+ $user_id = $_SESSION['term_and_condition']['user_id'];
+ $is_admin = UserManager::is_admin($user_id);
+ Session::write('is_platformAdmin', $is_admin);
+ } else {
+ // Moved here to include extra fields when creating a user. Formerly placed after user creation
+ // Register extra fields
+ $extras = [];
+ foreach ($values as $key => $value) {
+ if (substr($key, 0, 6) == 'extra_') {
+ //an extra field
+ $extras[substr($key, 6)] = $value;
+ } elseif (strpos($key, 'remove_extra_') !== false) {
+ $extra_value = Security::filter_filename(urldecode(key($value)));
+ // To remove from user_field_value and folder
+ UserManager::update_extra_field_value(
+ $user_id,
+ substr($key, 13),
+ $extra_value
+ );
+ }
+ }
+
+ $status = isset($values['status']) ? $values['status'] : STUDENT;
+ $phone = isset($values['phone']) ? $values['phone'] : null;
+ $values['language'] = isset($values['language']) ? $values['language'] : api_get_interface_language();
+ $values['address'] = isset($values['address']) ? $values['address'] : '';
+
+ // Creates a new user
+ $user_id = UserManager::create_user(
+ $values['firstname'],
+ $values['lastname'],
+ $status,
+ $values['email'],
+ $values['username'],
+ $values['pass1'],
+ $values['official_code'],
+ $values['language'],
+ $phone,
+ null,
+ PLATFORM_AUTH_SOURCE,
+ null,
+ 1,
+ 0,
+ $extras,
+ null,
+ true,
+ false,
+ $values['address'],
+ false,
+ $form
+ );
+
+ // Update the extra fields
+ $count_extra_field = count($extras);
+ if ($count_extra_field > 0 && is_int($user_id)) {
+ foreach ($extras as $key => $value) {
+ // For array $value -> if exists key 'tmp_name' then must not be empty
+ // This avoid delete from user field value table when doesn't upload a file
+ if (is_array($value)) {
+ if (array_key_exists('tmp_name', $value) && empty($value['tmp_name'])) {
+ //Nothing to do
+ } else {
+ if (array_key_exists('tmp_name', $value)) {
+ $value['tmp_name'] = Security::filter_filename($value['tmp_name']);
+ }
+ if (array_key_exists('name', $value)) {
+ $value['name'] = Security::filter_filename($value['name']);
+ }
+ UserManager::update_extra_field_value($user_id, $key, $value);
}
+ } else {
UserManager::update_extra_field_value($user_id, $key, $value);
}
- } else {
- UserManager::update_extra_field_value($user_id, $key, $value);
}
}
- }
- if ($user_id) {
- // Storing the extended profile
- $store_extended = false;
- $sql = "UPDATE ".Database::get_main_table(TABLE_MAIN_USER)." SET ";
-
- if (api_get_setting('extended_profile') == 'true' &&
- api_get_setting('extendedprofile_registration', 'mycomptetences') == 'true'
- ) {
- $sql_set[] = "competences = '".Database::escape_string($values['competences'])."'";
- $store_extended = true;
- }
+ if ($user_id) {
+ // Storing the extended profile
+ $store_extended = false;
+ $sql = "UPDATE ".Database::get_main_table(TABLE_MAIN_USER)." SET ";
- if (api_get_setting('extended_profile') == 'true' &&
- api_get_setting('extendedprofile_registration', 'mydiplomas') == 'true'
- ) {
- $sql_set[] = "diplomas = '".Database::escape_string($values['diplomas'])."'";
- $store_extended = true;
- }
+ if (api_get_setting('extended_profile') == 'true' &&
+ api_get_setting('extendedprofile_registration', 'mycomptetences') == 'true'
+ ) {
+ $sql_set[] = "competences = '".Database::escape_string($values['competences'])."'";
+ $store_extended = true;
+ }
- if (api_get_setting('extended_profile') == 'true' &&
- api_get_setting('extendedprofile_registration', 'myteach') == 'true'
- ) {
- $sql_set[] = "teach = '".Database::escape_string($values['teach'])."'";
- $store_extended = true;
- }
+ if (api_get_setting('extended_profile') == 'true' &&
+ api_get_setting('extendedprofile_registration', 'mydiplomas') == 'true'
+ ) {
+ $sql_set[] = "diplomas = '".Database::escape_string($values['diplomas'])."'";
+ $store_extended = true;
+ }
- if (api_get_setting('extended_profile') == 'true' &&
- api_get_setting('extendedprofile_registration', 'mypersonalopenarea') == 'true'
- ) {
- $sql_set[] = "openarea = '".Database::escape_string($values['openarea'])."'";
- $store_extended = true;
- }
+ if (api_get_setting('extended_profile') == 'true' &&
+ api_get_setting('extendedprofile_registration', 'myteach') == 'true'
+ ) {
+ $sql_set[] = "teach = '".Database::escape_string($values['teach'])."'";
+ $store_extended = true;
+ }
- if ($store_extended) {
- $sql .= implode(',', $sql_set);
- $sql .= " WHERE user_id = ".intval($user_id)."";
- Database::query($sql);
- }
+ if (api_get_setting('extended_profile') == 'true' &&
+ api_get_setting('extendedprofile_registration', 'mypersonalopenarea') == 'true'
+ ) {
+ $sql_set[] = "openarea = '".Database::escape_string($values['openarea'])."'";
+ $store_extended = true;
+ }
- // Saving user to Session if it was set
- if (!empty($sessionToRedirect) && !$sessionPremiumChecker) {
- $sessionInfo = api_get_session_info($sessionToRedirect);
- if (!empty($sessionInfo)) {
- SessionManager::subscribeUsersToSession(
- $sessionToRedirect,
- [$user_id],
- SESSION_VISIBLE_READ_ONLY,
- false
- );
+ if ($store_extended) {
+ $sql .= implode(',', $sql_set);
+ $sql .= " WHERE user_id = ".intval($user_id)."";
+ Database::query($sql);
}
- }
- // Saving user to course if it was set.
- if (!empty($course_code_redirect)) {
- $course_info = api_get_course_info($course_code_redirect);
- if (!empty($course_info)) {
- if (in_array(
- $course_info['visibility'],
- [
- COURSE_VISIBILITY_OPEN_PLATFORM,
- COURSE_VISIBILITY_OPEN_WORLD,
- ]
- )
- ) {
- CourseManager::subscribeUser(
- $user_id,
- $course_info['code']
+ // Saving user to Session if it was set
+ if (!empty($sessionToRedirect) && !$sessionPremiumChecker) {
+ $sessionInfo = api_get_session_info($sessionToRedirect);
+ if (!empty($sessionInfo)) {
+ SessionManager::subscribeUsersToSession(
+ $sessionToRedirect,
+ [$user_id],
+ SESSION_VISIBLE_READ_ONLY,
+ false
);
}
}
- }
- /* If the account has to be approved then we set the account to inactive,
- sent a mail to the platform admin and exit the page.*/
- if (api_get_setting('allow_registration') === 'approval') {
- // 1. Send mail to all platform admin
- $chamiloUser = api_get_user_entity($user_id);
- MessageManager::sendNotificationOfNewRegisteredUserApproval($chamiloUser);
-
- // 2. set account inactive
- UserManager::disable($user_id);
-
- // 3. exit the page
- unset($user_id);
-
- Display::display_header($tool_name);
- echo Display::page_header($tool_name);
- echo $content;
- Display::display_footer();
- exit;
- } elseif (api_get_setting('allow_registration') === 'confirmation') {
- // 1. Send mail to the user
- $thisUser = api_get_user_entity($user_id);
- UserManager::sendUserConfirmationMail($thisUser);
-
- // 2. set account inactive
- UserManager::disable($user_id);
-
- // 3. exit the page
- unset($user_id);
-
- Display::addFlash(
- Display::return_message(
- get_lang('YouNeedConfirmYourAccountViaEmailToAccessThePlatform'),
- 'warning'
- )
- );
+ // Saving user to course if it was set.
+ if (!empty($course_code_redirect)) {
+ $course_info = api_get_course_info($course_code_redirect);
+ if (!empty($course_info)) {
+ if (in_array(
+ $course_info['visibility'],
+ [
+ COURSE_VISIBILITY_OPEN_PLATFORM,
+ COURSE_VISIBILITY_OPEN_WORLD,
+ ]
+ )
+ ) {
+ CourseManager::subscribeUser(
+ $user_id,
+ $course_info['code']
+ );
+ }
+ }
+ }
- Display::display_header($tool_name);
- //echo $content;
- Display::display_footer();
- exit;
+ /* If the account has to be approved then we set the account to inactive,
+ sent a mail to the platform admin and exit the page.*/
+ if (api_get_setting('allow_registration') === 'approval') {
+ // 1. Send mail to all platform admin
+ $chamiloUser = api_get_user_entity($user_id);
+ MessageManager::sendNotificationOfNewRegisteredUserApproval($chamiloUser);
+
+ // 2. set account inactive
+ UserManager::disable($user_id);
+
+ // 3. exit the page
+ unset($user_id);
+
+ Display::display_header($tool_name);
+ echo Display::page_header($tool_name);
+ echo $content;
+ Display::display_footer();
+ exit;
+ } elseif (api_get_setting('allow_registration') === 'confirmation') {
+ // 1. Send mail to the user
+ $thisUser = api_get_user_entity($user_id);
+ UserManager::sendUserConfirmationMail($thisUser);
+
+ // 2. set account inactive
+ UserManager::disable($user_id);
+
+ // 3. exit the page
+ unset($user_id);
+
+ Display::addFlash(
+ Display::return_message(
+ get_lang('YouNeedConfirmYourAccountViaEmailToAccessThePlatform'),
+ 'warning'
+ )
+ );
+
+ Display::display_header($tool_name);
+ //echo $content;
+ Display::display_footer();
+ exit;
+ }
}
}
- }
- // Terms & Conditions
- if (api_get_setting('allow_terms_conditions') === 'true') {
- // Update the terms & conditions.
- if (isset($values['legal_accept_type'])) {
- $cond_array = explode(':', $values['legal_accept_type']);
- if (!empty($cond_array[0]) && !empty($cond_array[1])) {
- $conditionToSave = (int) $cond_array[0].':'.(int) $cond_array[1].':'.time();
-
- Event::addEvent(
- LOG_TERM_CONDITION_ACCEPTED,
- LOG_USER_OBJECT,
- api_get_user_info($user_id),
- api_get_utc_datetime()
- );
+ // Terms & Conditions
+ if (api_get_setting('allow_terms_conditions') === 'true') {
+ // Update the terms & conditions.
+ if (isset($values['legal_accept_type'])) {
+ $cond_array = explode(':', $values['legal_accept_type']);
+ if (!empty($cond_array[0]) && !empty($cond_array[1])) {
+ $conditionToSave = (int) $cond_array[0].':'.(int) $cond_array[1].':'.time();
+
+ Event::addEvent(
+ LOG_TERM_CONDITION_ACCEPTED,
+ LOG_USER_OBJECT,
+ api_get_user_info($user_id),
+ api_get_utc_datetime()
+ );
- LegalManager::sendEmailToUserBoss($user_id, $conditionToSave);
+ LegalManager::sendEmailToUserBoss($user_id, $conditionToSave);
+ }
}
+ $values = api_get_user_info($user_id);
}
- $values = api_get_user_info($user_id);
- }
- /* SESSION REGISTERING */
- /* @todo move this in a function */
- $_user['firstName'] = stripslashes($values['firstname']);
- $_user['lastName'] = stripslashes($values['lastname']);
- $_user['mail'] = $values['email'];
- $_user['language'] = $values['language'];
- $_user['user_id'] = $user_id;
- $_user['status'] = $values['status'] ?? STUDENT;
- ConditionalLogin::check_conditions($_user);
- Session::write('_user', $_user);
-
- $is_allowedCreateCourse = isset($values['status']) && $values['status'] == 1;
- $usersCanCreateCourse = api_is_allowed_to_create_course();
-
- Session::write('is_allowedCreateCourse', $is_allowedCreateCourse);
-
- // Stats
- Event::eventLogin($user_id);
-
- // last user login date is now
- $user_last_login_datetime = 0; // used as a unix timestamp it will correspond to : 1 1 1970
- Session::write('user_last_login_datetime', $user_last_login_datetime);
- $recipient_name = api_get_person_name($values['firstname'], $values['lastname']);
- $text_after_registration =
- ''.
- get_lang('Dear').' '.
- stripslashes(Security::remove_XSS($recipient_name)).',
'.
- get_lang('PersonalSettings').".
";
-
- $form_data = [
- 'button' => Display::button(
- 'next',
- get_lang('Next'),
- ['class' => 'btn btn-primary btn-large']
- ),
- 'message' => '',
- 'action' => api_get_path(WEB_PATH).'user_portal.php',
- 'go_button' => '',
- ];
-
- if (api_get_setting('allow_terms_conditions') === 'true' && $user_already_registered_show_terms) {
- if (api_get_setting('load_term_conditions_section') === 'login') {
- $form_data['action'] = api_get_path(WEB_PATH).'user_portal.php';
- } else {
- $courseInfo = api_get_course_info();
- if (!empty($courseInfo)) {
- $form_data['action'] = $courseInfo['course_public_url'].'?id_session='.api_get_session_id();
- $cidReset = true;
- Session::erase('_course');
- Session::erase('_cid');
- } else {
+ /* SESSION REGISTERING */
+ /* @todo move this in a function */
+ $_user['firstName'] = stripslashes($values['firstname']);
+ $_user['lastName'] = stripslashes($values['lastname']);
+ $_user['mail'] = $values['email'];
+ $_user['language'] = $values['language'];
+ $_user['user_id'] = $user_id;
+ $_user['status'] = $values['status'] ?? STUDENT;
+ ConditionalLogin::check_conditions($_user);
+ Session::write('_user', $_user);
+
+ $is_allowedCreateCourse = isset($values['status']) && $values['status'] == 1;
+ $usersCanCreateCourse = api_is_allowed_to_create_course();
+
+ Session::write('is_allowedCreateCourse', $is_allowedCreateCourse);
+
+ // Stats
+ Event::eventLogin($user_id);
+
+ // last user login date is now
+ $user_last_login_datetime = 0; // used as a unix timestamp it will correspond to : 1 1 1970
+ Session::write('user_last_login_datetime', $user_last_login_datetime);
+ $recipient_name = api_get_person_name($values['firstname'], $values['lastname']);
+ $text_after_registration =
+ ''.
+ get_lang('Dear').' '.
+ stripslashes(Security::remove_XSS($recipient_name)).',
'.
+ get_lang('PersonalSettings').".
";
+
+ $form_data = [
+ 'button' => Display::button(
+ 'next',
+ get_lang('Next'),
+ ['class' => 'btn btn-primary btn-large']
+ ),
+ 'message' => '',
+ 'action' => api_get_path(WEB_PATH).'user_portal.php',
+ 'go_button' => '',
+ ];
+
+ if (api_get_setting('allow_terms_conditions') === 'true' && $user_already_registered_show_terms) {
+ if (api_get_setting('load_term_conditions_section') === 'login') {
$form_data['action'] = api_get_path(WEB_PATH).'user_portal.php';
+ } else {
+ $courseInfo = api_get_course_info();
+ if (!empty($courseInfo)) {
+ $form_data['action'] = $courseInfo['course_public_url'].'?id_session='.api_get_session_id();
+ $cidReset = true;
+ Session::erase('_course');
+ Session::erase('_cid');
+ } else {
+ $form_data['action'] = api_get_path(WEB_PATH).'user_portal.php';
+ }
}
- }
- } else {
- if (!empty($values['email'])) {
- $text_after_registration .= ''.get_lang('MailHasBeenSent').'.
';
- }
-
- if ($is_allowedCreateCourse) {
- if ($usersCanCreateCourse) {
- $form_data['message'] = ''.get_lang('NowGoCreateYourCourse').'
';
+ } else {
+ if (!empty($values['email'])) {
+ $text_after_registration .= ''.get_lang('MailHasBeenSent').'.
';
}
- $form_data['action'] = api_get_path(WEB_CODE_PATH).'create_course/add_course.php';
- if (api_get_setting('course_validation') === 'true') {
- $form_data['button'] = Display::button(
- 'next',
- get_lang('CreateCourseRequest'),
- ['class' => 'btn btn-primary btn-large']
- );
+ if ($is_allowedCreateCourse) {
+ if ($usersCanCreateCourse) {
+ $form_data['message'] = ''.get_lang('NowGoCreateYourCourse').'
';
+ }
+ $form_data['action'] = api_get_path(WEB_CODE_PATH).'create_course/add_course.php';
+
+ if (api_get_setting('course_validation') === 'true') {
+ $form_data['button'] = Display::button(
+ 'next',
+ get_lang('CreateCourseRequest'),
+ ['class' => 'btn btn-primary btn-large']
+ );
+ } else {
+ $form_data['button'] = Display::button(
+ 'next',
+ get_lang('CourseCreate'),
+ ['class' => 'btn btn-primary btn-large']
+ );
+ $form_data['go_button'] = ' '.
+ Display::span(
+ get_lang('Next'),
+ ['class' => 'btn btn-primary btn-large']
+ ).'';
+ }
} else {
+ if (api_get_setting('allow_students_to_browse_courses') == 'true') {
+ $form_data['action'] = 'courses.php?action=subscribe';
+ $form_data['message'] = ''.get_lang('NowGoChooseYourCourses').".
";
+ } else {
+ $form_data['action'] = api_get_path(WEB_PATH).'user_portal.php';
+ }
$form_data['button'] = Display::button(
'next',
- get_lang('CourseCreate'),
+ get_lang('Next'),
['class' => 'btn btn-primary btn-large']
);
- $form_data['go_button'] = ' '.
- Display::span(
- get_lang('Next'),
- ['class' => 'btn btn-primary btn-large']
- ).'';
- }
- } else {
- if (api_get_setting('allow_students_to_browse_courses') == 'true') {
- $form_data['action'] = 'courses.php?action=subscribe';
- $form_data['message'] = ''.get_lang('NowGoChooseYourCourses').".
";
- } else {
- $form_data['action'] = api_get_path(WEB_PATH).'user_portal.php';
}
- $form_data['button'] = Display::button(
- 'next',
- get_lang('Next'),
- ['class' => 'btn btn-primary btn-large']
- );
}
- }
- if ($sessionPremiumChecker && $sessionId) {
- $url = api_get_path(WEB_PLUGIN_PATH).'buycourses/src/process.php?i='.$sessionId.'&t=2';
- Session::erase('SessionIsPremium');
- Session::erase('sessionId');
- header('Location:'.$url);
- exit;
- }
+ if ($sessionPremiumChecker && $sessionId) {
+ $url = api_get_path(WEB_PLUGIN_PATH).'buycourses/src/process.php?i='.$sessionId.'&t=2';
+ Session::erase('SessionIsPremium');
+ Session::erase('sessionId');
+ header('Location:'.$url);
+ exit;
+ }
- SessionManager::redirectToSession();
+ SessionManager::redirectToSession();
- $redirectBuyCourse = Session::read('buy_course_redirect');
- if (!empty($redirectBuyCourse)) {
- $form_data['action'] = api_get_path(WEB_PATH).$redirectBuyCourse;
- Session::erase('buy_course_redirect');
- }
+ $redirectBuyCourse = Session::read('buy_course_redirect');
+ if (!empty($redirectBuyCourse)) {
+ $form_data['action'] = api_get_path(WEB_PATH).$redirectBuyCourse;
+ Session::erase('buy_course_redirect');
+ }
- $form_data = CourseManager::redirectToCourse($form_data);
- $form_register = new FormValidator('form_register', 'post', $form_data['action']);
- if (!empty($form_data['message'])) {
- $form_register->addElement('html', $form_data['message'].'
');
- }
+ $form_data = CourseManager::redirectToCourse($form_data);
+ $form_register = new FormValidator('form_register', 'post', $form_data['action']);
+ if (!empty($form_data['message'])) {
+ $form_register->addElement('html', $form_data['message'].'
');
+ }
- if ($usersCanCreateCourse) {
- $form_register->addElement('html', $form_data['button']);
- } else {
- if (!empty($redirectBuyCourse)) {
- $form_register->addButtonNext(get_lang('Next'));
+ if ($usersCanCreateCourse) {
+ $form_register->addElement('html', $form_data['button']);
} else {
- $form_register->addElement('html', $form_data['go_button']);
+ if (!empty($redirectBuyCourse)) {
+ $form_register->addButtonNext(get_lang('Next'));
+ } else {
+ $form_register->addElement('html', $form_data['go_button']);
+ }
}
- }
- $text_after_registration .= $form_register->returnForm();
+ $text_after_registration .= $form_register->returnForm();
- // Just in case
- Session::erase('course_redirect');
- Session::erase('exercise_redirect');
- Session::erase('session_redirect');
- Session::erase('only_one_course_session_redirect');
+ // Just in case
+ Session::erase('course_redirect');
+ Session::erase('exercise_redirect');
+ Session::erase('session_redirect');
+ Session::erase('only_one_course_session_redirect');
- if (CustomPages::enabled() && CustomPages::exists(CustomPages::REGISTRATION_FEEDBACK)) {
- CustomPages::display(
- CustomPages::REGISTRATION_FEEDBACK,
- ['info' => $text_after_registration]
- );
- } else {
- $tpl = new Template($tool_name);
- $tpl->assign('inscription_content', $content);
- $tpl->assign('text_after_registration', $text_after_registration);
- $tpl->assign('hide_header', $hideHeaders);
- $inscription = $tpl->get_template('auth/inscription.tpl');
- $tpl->display($inscription);
+ if (CustomPages::enabled() && CustomPages::exists(CustomPages::REGISTRATION_FEEDBACK)) {
+ CustomPages::display(
+ CustomPages::REGISTRATION_FEEDBACK,
+ ['info' => $text_after_registration]
+ );
+ } else {
+ $tpl = new Template($tool_name);
+ $tpl->assign('inscription_content', $content);
+ $tpl->assign('text_after_registration', $text_after_registration);
+ $tpl->assign('hide_header', $hideHeaders);
+ $inscription = $tpl->get_template('auth/inscription.tpl');
+ $tpl->display($inscription);
+ }
}
-} else {
+}
+
+if (!$formValid) {
// Custom pages
if (CustomPages::enabled() && CustomPages::exists(CustomPages::REGISTRATION)) {
CustomPages::display(
diff --git a/main/inc/lib/api.lib.php b/main/inc/lib/api.lib.php
index cf59954c8ce..495e539f95e 100755
--- a/main/inc/lib/api.lib.php
+++ b/main/inc/lib/api.lib.php
@@ -10683,3 +10683,22 @@ function api_encrypt_hash($data, $secret)
return base64_encode($iv) . base64_encode($encrypted . $tag);
}
+
+/**
+ * Check existence of a user extra field with a specific value
+
+ *
+ * @param string $extraField The name of the extra field to check.
+ * @param string $extraFieldValue The value of the extra field to validate against.
+ *
+ * @return bool True if the extra field with the specified value exists, false otherwise.
+ */
+function api_user_extra_field_validation($extraField, $extraFieldValue) {
+ $fieldValue = new ExtraFieldValue('user');
+ $data = $fieldValue->get_item_id_from_field_variable_and_field_value($extraField, $extraFieldValue, false, true);
+
+ if ($data) {
+ return true;
+ }
+ return false;
+}
diff --git a/main/install/configuration.dist.php b/main/install/configuration.dist.php
index 7430bfb450b..73be1c6c59d 100644
--- a/main/install/configuration.dist.php
+++ b/main/install/configuration.dist.php
@@ -1675,6 +1675,13 @@
// Add help text to put 2 names in registration form
//$_configuration['registration_add_helptext_for_2_names'] = false;
+// Add extra fields to validate on user registration
+/*$_configuration['extra_fields_to_validate_on_user_registration'] = [
+ 'extra_fields' => [
+ 'passport', 'employee_id'
+ ]
+];*/
+
// Allow career/promotions in global announcements
// ALTER TABLE sys_announcement ADD COLUMN career_id INT DEFAULT 0;
// ALTER TABLE sys_announcement ADD COLUMN promotion_id INT DEFAULT 0;