Elgg  Version 6.3
Settings.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg\Users;
4 
8 use Elgg\Request;
9 
15 class Settings {
16 
26  public static function setPassword(\Elgg\Event $event) {
27 
29  if (!$actor instanceof \ElggUser) {
30  return;
31  }
32 
33  $user = $event->getUserParam();
34  $request = $event->getParam('request');
35 
36  if (!$user instanceof \ElggUser || !$request instanceof Request) {
37  return;
38  }
39 
40  $password = (string) $request->getParam('password', null, false);
41  $password2 = (string) $request->getParam('password2', null, false);
42 
43  if (!$password) {
44  return;
45  }
46 
47  if (!$actor->isAdmin() || $user->guid === $actor->guid) {
48  // let admin user change anyone's password without knowing it except his own.
49 
50  $current_password = (string) $request->getParam('current_password', null, false);
51 
52  try {
53  _elgg_services()->accounts->assertCurrentPassword($user, $current_password);
54  } catch (RegistrationException $e) {
55  $request->validation()->fail('password', '', elgg_echo('LoginException:ChangePasswordFailure'));
56 
57  return false;
58  }
59  }
60 
61  try {
62  _elgg_services()->accounts->assertValidPassword([$password, $password2]);
63  } catch (RegistrationException $e) {
64  $request->validation()->fail('password', '', $e->getMessage());
65 
66  return false;
67  }
68 
69  $user->setPassword($password);
70  _elgg_services()->persistentLogin->handlePasswordChange($user, $actor);
71 
72  if (elgg_get_config('security_notify_user_password')) {
73  // notify the user that their password has changed
74  $user->notify('password_change', $user);
75  }
76 
77  $request->validation()->pass('password', '', elgg_echo('user:password:success'));
78  }
79 
89  public static function setName(\Elgg\Event $event) {
90 
91  $user = $event->getUserParam();
92 
93  /* @var $request \Elgg\Request */
94  $request = $event->getParam('request');
95 
96  $name = $request->getParam('name');
97  if (!isset($name)) {
98  return;
99  }
100 
101  $name = strip_tags($name);
102  if (empty($name)) {
103  $request->validation()->fail('name', $request->getParam('name'), elgg_echo('user:name:fail'));
104 
105  return false;
106  }
107 
108  if ($name === $user->name) {
109  return;
110  }
111 
112  $request->validation()->pass('name', $name, elgg_echo('user:name:success'));
113 
114  $user->name = $name;
115  }
116 
126  public static function setUsername(\Elgg\Event $event) {
127 
128  $user = $event->getUserParam();
129  $request = $event->getParam('request');
130 
131  if (!$user instanceof \ElggUser || !$request instanceof Request) {
132  return;
133  }
134 
135  $username = $request->getParam('username');
136  if (!isset($username)) {
137  return;
138  }
139 
140  if (!elgg_is_admin_logged_in() && !elgg_get_config('can_change_username')) {
141  return;
142  }
143 
144  if (!$user->canEdit()) {
145  return;
146  }
147 
148  if ($user->username === $username) {
149  return;
150  }
151 
152  // check if username is valid and does not exist
153  try {
154  _elgg_services()->accounts->assertValidUsername($username, true);
155  } catch (RegistrationException $ex) {
156  $request->validation()->fail('username', $username, $ex->getMessage());
157 
158  return false;
159  }
160 
161  $user->username = $username;
162 
163  $request->validation()->pass('username', $username, elgg_echo('user:username:success'));
164 
165  // correctly forward after after a username change
166  elgg_register_event_handler('response', 'action:usersettings/save', function (\Elgg\Event $event) use ($username) {
167  $response = $event->getValue();
168  if (!$response instanceof ResponseBuilder) {
169  return;
170  }
171 
172  if ($response->getForwardURL() === REFERRER) {
173  $response->setForwardURL(elgg_generate_url('settings:account', [
174  'username' => $username,
175  ]));
176  }
177 
178  return $response;
179  });
180  }
181 
189  public static function setLanguage(\Elgg\Event $event) {
190 
191  $user = $event->getUserParam();
192  $request = $event->getParam('request');
193 
194  if (!$user instanceof \ElggUser || !$request instanceof Request) {
195  return;
196  }
197 
198  $language = $request->getParam('language');
199  if (!isset($language)) {
200  return;
201  }
202 
203  if ($language === $user->language) {
204  return;
205  }
206 
207  $who_can_change_language = elgg_get_config('who_can_change_language');
208  if ($who_can_change_language === 'nobody') {
209  return;
210  } elseif ($who_can_change_language === 'admin_only' && !elgg_is_admin_logged_in()) {
211  return;
212  }
213 
214  if (!in_array($language, _elgg_services()->translator->getAllowedLanguages())) {
215  return;
216  }
217 
218  $user->language = $language;
219 
220  $request->validation()->pass('language', $language, elgg_echo('user:language:success'));
221  }
222 
232  public static function setEmail(\Elgg\Event $event) {
233 
235  if (!$actor instanceof \ElggUser) {
236  return;
237  }
238 
239  $user = $event->getUserParam();
240  $request = $event->getParam('request');
241 
242  if (!$user instanceof \ElggUser || !$request instanceof Request) {
243  return;
244  }
245 
246  $email = $request->getParam('email');
247  if (!isset($email)) {
248  return;
249  }
250 
251  if (strcmp($email, $user->email) === 0) {
252  // no change
253  return;
254  }
255 
256  try {
257  $assert_unregistered = true;
258  if ($actor->isAdmin() && $user->guid !== $actor->guid) {
259  // admins changing another users email address are allowed to set it to a duplicate email address
260  $assert_unregistered = false;
261  }
262 
263  _elgg_services()->accounts->assertValidEmail($email, $assert_unregistered);
264  } catch (RegistrationException $ex) {
265  $request->validation()->fail('email', $email, $ex->getMessage());
266 
267  return false;
268  }
269 
270  if (_elgg_services()->config->security_email_require_password && $user->guid === $actor->guid) {
271  try {
272  // validate password
273  _elgg_services()->accounts->assertCurrentPassword($user, (string) $request->getParam('email_password'));
274  } catch (RegistrationException $e) {
275  $request->validation()->fail('email', $email, elgg_echo('email:save:fail:password'));
276  return false;
277  }
278  }
279 
280  $params = $event->getParams();
281  $params['email'] = $email;
282 
283  if (!elgg_trigger_event_results('change:email', 'user', $params, true)) {
284  return;
285  }
286 
287  if (_elgg_services()->config->security_email_require_confirmation && (!$actor->isAdmin() || $user->guid === $actor->guid)) {
288  // validate the new email address
289  try {
290  _elgg_services()->accounts->requestNewEmailValidation($user, $email);
291 
292  $request->validation()->pass('email', $email, elgg_echo('account:email:request:success', [$email]));
293  return true;
294  } catch (InvalidArgumentException $e) {
295  $request->validation()->fail('email', $email, elgg_echo('email:save:fail:password'));
296  return false;
297  }
298  }
299 
300  $user->email = $email;
301  $request->validation()->pass('email', $email, elgg_echo('email:save:success'));
302  }
303 
311  public static function setDefaultAccess(\Elgg\Event $event) {
312 
313  if (!_elgg_services()->config->allow_user_default_access) {
314  return;
315  }
316 
317  $user = $event->getUserParam();
318  $request = $event->getParam('request');
319 
320  if (!$user instanceof \ElggUser || !$request instanceof Request) {
321  return;
322  }
323 
324  $default_access = $request->getParam('default_access');
325  if (!isset($default_access)) {
326  return;
327  }
328 
329  if (!$user->setMetadata('elgg_default_access', $default_access)) {
330  $request->validation()->fail('default_access', $default_access, elgg_echo('user:default_access:failure'));
331  return;
332  }
333 
334  $request->validation()->pass('default_access', $default_access, elgg_echo('user:default_access:success'));
335  }
336 }
$email
Definition: change_email.php:7
$username
Definition: delete.php:23
if(! $user||! $user->canDelete()) $name
Definition: delete.php:22
$params
Saves global plugin settings.
Definition: save.php:13
$password2
Definition: register.php:14
$language
Definition: useradd.php:17
$user
Definition: ban.php:7
Models an event passed to event handlers.
Definition: Event.php:11
Could not register a new user for whatever reason.
Exception thrown if an argument is not of the expected type.
Request container.
Definition: Request.php:12
Event handlers for user settings.
Definition: Settings.php:15
static setEmail(\Elgg\Event $event)
Set a user's email address.
Definition: Settings.php:232
static setUsername(\Elgg\Event $event)
Set a user's username.
Definition: Settings.php:126
static setName(\Elgg\Event $event)
Set a user's display name.
Definition: Settings.php:89
static setPassword(\Elgg\Event $event)
Set a user's password.
Definition: Settings.php:26
static setDefaultAccess(\Elgg\Event $event)
Set a user's default access level.
Definition: Settings.php:311
static setLanguage(\Elgg\Event $event)
Set a user's language.
Definition: Settings.php:189
elgg_get_config(string $name, $default=null)
Get an Elgg configuration value.
const REFERRER
Used in calls to forward() to specify the browser should be redirected to the referring page.
Definition: constants.php:37
if(! $user instanceof \ElggUser) $who_can_change_language
Definition: language.php:13
if($item instanceof \ElggEntity) elseif($item instanceof \ElggRiverItem) elseif($item instanceof \ElggRelationship) elseif(is_callable([ $item, 'getType']))
Definition: item.php:48
_elgg_services()
Get the global service provider.
Definition: elgglib.php:337
HTTP response builder interface.
elgg_echo(string $message_key, array $args=[], string $language='')
Elgg language module Functions to manage language and translations.
Definition: languages.php:17
elgg_register_event_handler(string $event, string $type, callable|string $callback, int $priority=500)
Helper functions for event handling.
Definition: events.php:48
elgg_trigger_event_results(string $event, string $type, array $params=[], $returnvalue=null)
Triggers an event where it is expected that the mixed return value could be manipulated by event call...
Definition: events.php:117
$request
Definition: livesearch.php:12
if(! $user||! $user->canEdit()) $password
elgg_is_admin_logged_in()
Returns whether or not the viewer is currently logged in and an admin user.
Definition: sessions.php:52
elgg_get_logged_in_user_entity()
Return the current logged in user, or null if no user is logged in.
Definition: sessions.php:24
if(($owner instanceof \ElggGroup|| $owner instanceof \ElggUser) &&!in_array($owner->guid, $mute_guids)) $actor
Definition: mute.php:78
$response
Definition: content.php:10