Elgg  Version master
Settings.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg\Users;
4 
5 use Elgg\Exceptions\Configuration\RegistrationException;
6 use Elgg\Exceptions\InvalidArgumentException;
7 use Elgg\Http\ResponseBuilder;
8 use Elgg\Request;
9 
15 class Settings {
16 
26  public static function setPassword(\Elgg\Event $event) {
27 
28  $actor = elgg_get_logged_in_user_entity();
29  if (!$actor instanceof \ElggUser) {
30  return;
31  }
32 
33  $user = $event->getUserParam();
34  $request = $event->getParam('request');
35 
36  if (!$user instanceof \ElggUser || !$request instanceof Request) {
37  return;
38  }
39 
40  $password = (string) $request->getParam('password', null, false);
41  $password2 = (string) $request->getParam('password2', null, false);
42 
43  if (!$password) {
44  return;
45  }
46 
47  if (!$actor->isAdmin() || $user->guid === $actor->guid) {
48  // let admin user change anyone's password without knowing it except his own.
49 
50  $current_password = (string) $request->getParam('current_password', null, false);
51 
52  try {
53  _elgg_services()->accounts->assertCurrentPassword($user, $current_password);
54  } catch (RegistrationException $e) {
55  $request->validation()->fail('password', '', elgg_echo('LoginException:ChangePasswordFailure'));
56 
57  return false;
58  }
59  }
60 
61  try {
62  _elgg_services()->accounts->assertValidPassword([$password, $password2]);
63  } catch (RegistrationException $e) {
64  $request->validation()->fail('password', '', $e->getMessage());
65 
66  return false;
67  }
68 
69  $user->setPassword($password);
70  _elgg_services()->persistentLogin->handlePasswordChange($user, $actor);
71 
72  if (elgg_get_config('security_notify_user_password')) {
73  // notify the user that their password has changed
74  $site = elgg_get_site_entity();
75 
76  $subject = elgg_echo('user:notification:password_change:subject', [], $user->getLanguage());
77  $body = elgg_echo('user:notification:password_change:body', [
78  $user->getDisplayName(),
79  $site->getDisplayName(),
80  elgg_generate_url('account:password:reset'),
81  $site->getURL(),
82  ], $user->getLanguage());
83 
84  $params = [
85  'object' => $user,
86  'action' => 'password_change',
87  'apply_muting' => false,
88  ];
89 
90  notify_user($user->guid, $site->guid, $subject, $body, $params, ['email']);
91  }
92 
93  $request->validation()->pass('password', '', elgg_echo('user:password:success'));
94  }
95 
105  public static function setName(\Elgg\Event $event) {
106 
107  $user = $event->getUserParam();
108 
109  /* @var $request \Elgg\Request */
110  $request = $event->getParam('request');
111 
112  $name = $request->getParam('name');
113  if (!isset($name)) {
114  return;
115  }
116 
117  $name = strip_tags($name);
118  if (empty($name)) {
119  $request->validation()->fail('name', $request->getParam('name'), elgg_echo('user:name:fail'));
120 
121  return false;
122  }
123 
124  if ($name === $user->name) {
125  return;
126  }
127 
128  $request->validation()->pass('name', $name, elgg_echo('user:name:success'));
129 
130  $user->name = $name;
131  }
132 
142  public static function setUsername(\Elgg\Event $event) {
143 
144  $user = $event->getUserParam();
145  $request = $event->getParam('request');
146 
147  if (!$user instanceof \ElggUser || !$request instanceof Request) {
148  return;
149  }
150 
151  $username = $request->getParam('username');
152  if (!isset($username)) {
153  return;
154  }
155 
156  if (!elgg_is_admin_logged_in() && !elgg_get_config('can_change_username')) {
157  return;
158  }
159 
160  if (!$user->canEdit()) {
161  return;
162  }
163 
164  if ($user->username === $username) {
165  return;
166  }
167 
168  // check if username is valid and does not exist
169  try {
170  _elgg_services()->accounts->assertValidUsername($username, true);
171  } catch (RegistrationException $ex) {
172  $request->validation()->fail('username', $username, $ex->getMessage());
173 
174  return false;
175  }
176 
177  $user->username = $username;
178 
179  $request->validation()->pass('username', $username, elgg_echo('user:username:success'));
180 
181  // correctly forward after after a username change
182  elgg_register_event_handler('response', 'action:usersettings/save', function (\Elgg\Event $event) use ($username) {
183  $response = $event->getValue();
184  if (!$response instanceof ResponseBuilder) {
185  return;
186  }
187 
188  if ($response->getForwardURL() === REFERRER) {
189  $response->setForwardURL(elgg_generate_url('settings:account', [
190  'username' => $username,
191  ]));
192  }
193 
194  return $response;
195  });
196  }
197 
205  public static function setLanguage(\Elgg\Event $event) {
206 
207  $user = $event->getUserParam();
208  $request = $event->getParam('request');
209 
210  if (!$user instanceof \ElggUser || !$request instanceof Request) {
211  return;
212  }
213 
214  $language = $request->getParam('language');
215  if (!isset($language)) {
216  return;
217  }
218 
219  if ($language === $user->language) {
220  return;
221  }
222 
223  $who_can_change_language = elgg_get_config('who_can_change_language');
224  if ($who_can_change_language === 'nobody') {
225  return;
226  } elseif ($who_can_change_language === 'admin_only' && !elgg_is_admin_logged_in()) {
227  return;
228  }
229 
230  if (!in_array($language, _elgg_services()->translator->getAllowedLanguages())) {
231  return;
232  }
233 
234  $user->language = $language;
235 
236  $request->validation()->pass('language', $language, elgg_echo('user:language:success'));
237  }
238 
248  public static function setEmail(\Elgg\Event $event) {
249 
250  $actor = elgg_get_logged_in_user_entity();
251  if (!$actor instanceof \ElggUser) {
252  return;
253  }
254 
255  $user = $event->getUserParam();
256  $request = $event->getParam('request');
257 
258  if (!$user instanceof \ElggUser || !$request instanceof Request) {
259  return;
260  }
261 
262  $email = $request->getParam('email');
263  if (!isset($email)) {
264  return;
265  }
266 
267  if (strcmp($email, $user->email) === 0) {
268  // no change
269  return;
270  }
271 
272  try {
273  $assert_unregistered = true;
274  if ($actor->isAdmin() && $user->guid !== $actor->guid) {
275  // admins changing another users email address are allowed to set it to a duplicate email address
276  $assert_unregistered = false;
277  }
278 
279  _elgg_services()->accounts->assertValidEmail($email, $assert_unregistered);
280  } catch (RegistrationException $ex) {
281  $request->validation()->fail('email', $email, $ex->getMessage());
282 
283  return false;
284  }
285 
286  if (_elgg_services()->config->security_email_require_password && $user->guid === $actor->guid) {
287  try {
288  // validate password
289  _elgg_services()->accounts->assertCurrentPassword($user, (string) $request->getParam('email_password'));
290  } catch (RegistrationException $e) {
291  $request->validation()->fail('email', $email, elgg_echo('email:save:fail:password'));
292  return false;
293  }
294  }
295 
296  $params = $event->getParams();
297  $params['email'] = $email;
298 
299  if (!elgg_trigger_event_results('change:email', 'user', $params, true)) {
300  return;
301  }
302 
303  if (_elgg_services()->config->security_email_require_confirmation && (!$actor->isAdmin() || $user->guid === $actor->guid)) {
304  // validate the new email address
305  try {
306  _elgg_services()->accounts->requestNewEmailValidation($user, $email);
307 
308  $request->validation()->pass('email', $email, elgg_echo('account:email:request:success', [$email]));
309  return true;
310  } catch (InvalidArgumentException $e) {
311  $request->validation()->fail('email', $email, elgg_echo('email:save:fail:password'));
312  return false;
313  }
314  }
315 
316  $user->email = $email;
317  $request->validation()->pass('email', $email, elgg_echo('email:save:success'));
318  }
319 
327  public static function setDefaultAccess(\Elgg\Event $event) {
328 
329  if (!_elgg_services()->config->allow_user_default_access) {
330  return;
331  }
332 
333  $user = $event->getUserParam();
334  $request = $event->getParam('request');
335 
336  if (!$user instanceof \ElggUser || !$request instanceof Request) {
337  return;
338  }
339 
340  $default_access = $request->getParam('default_access');
341  if (!isset($default_access)) {
342  return;
343  }
344 
345  if (!$user->setMetadata('elgg_default_access', $default_access)) {
346  $request->validation()->fail('default_access', $default_access, elgg_echo('user:default_access:failure'));
347  return;
348  }
349 
350  $request->validation()->pass('default_access', $default_access, elgg_echo('user:default_access:success'));
351  }
352 }
$site
$site
Definition: icons.php:5
$email
$email
Definition: change_email.php:7
$username
$username
Definition: delete.php:23
$name
if(! $user||! $user->canDelete()) $name
Definition: delete.php:22
$params
$params
Saves global plugin settings.
Definition: save.php:13
$password2
$password2
Definition: register.php:14
$body
$body
Definition: useradd.php:55
$language
$language
Definition: useradd.php:17
$subject
$subject
Definition: useradd.php:54
$user
$user
Definition: ban.php:7
Elgg\Event
Models an event passed to event handlers.
Definition: Event.php:11
Elgg\Exceptions\Configuration\RegistrationException
Could not register a new user for whatever reason.
Definition: RegistrationException.php:10
Elgg\Exceptions\InvalidArgumentException
Exception thrown if an argument is not of the expected type.
Definition: InvalidArgumentException.php:11
Elgg\Request
Request container.
Definition: Request.php:12
Elgg\Users\Settings
Event handlers for user settings.
Definition: Settings.php:15
Elgg\Users\Settings\setEmail
static setEmail(\Elgg\Event $event)
Set a user's email address.
Definition: Settings.php:248
Elgg\Users\Settings\setUsername
static setUsername(\Elgg\Event $event)
Set a user's username.
Definition: Settings.php:142
Elgg\Users\Settings\setName
static setName(\Elgg\Event $event)
Set a user's display name.
Definition: Settings.php:105
Elgg\Users\Settings\setPassword
static setPassword(\Elgg\Event $event)
Set a user's password.
Definition: Settings.php:26
Elgg\Users\Settings\setDefaultAccess
static setDefaultAccess(\Elgg\Event $event)
Set a user's default access level.
Definition: Settings.php:327
Elgg\Users\Settings\setLanguage
static setLanguage(\Elgg\Event $event)
Set a user's language.
Definition: Settings.php:205
elgg_get_config
elgg_get_config(string $name, $default=null)
Get an Elgg configuration value.
Definition: configuration.php:136
REFERRER
const REFERRER
Used in calls to forward() to specify the browser should be redirected to the referring page.
Definition: constants.php:37
$who_can_change_language
if(! $user instanceof \ElggUser) $who_can_change_language
Definition: language.php:13
elseif
if($item instanceof \ElggEntity) elseif($item instanceof \ElggRiverItem) elseif($item instanceof \ElggRelationship) elseif(is_callable([ $item, 'getType']))
Definition: item.php:48
_elgg_services
_elgg_services()
Get the global service provider.
Definition: elgglib.php:353
elgg_get_site_entity
elgg_get_site_entity()
Get the current site entity.
Definition: entities.php:101
Elgg\Http\ResponseBuilder
HTTP response builder interface.
Definition: ResponseBuilder.php:13
elgg_echo
elgg_echo(string $message_key, array $args=[], string $language='')
Elgg language module Functions to manage language and translations.
Definition: languages.php:17
elgg_register_event_handler
elgg_register_event_handler(string $event, string $type, callable|string $callback, int $priority=500)
Helper functions for event handling.
Definition: events.php:48
elgg_trigger_event_results
elgg_trigger_event_results(string $event, string $type, array $params=[], $returnvalue=null)
Triggers an event where it is expected that the mixed return value could be manipulated by event call...
Definition: events.php:117
$request
$request
Definition: livesearch.php:12
notify_user
notify_user(int|array $to, int $from=0, string $subject='', string $message='', array $params=[], $methods_override=null)
Notify a user via their preferences.
Definition: notification.php:201
elgg_generate_url
elgg_generate_url(string $name, array $parameters=[])
Generate a URL for named route.
Definition: pagehandler.php:133
$password
if(! $user||! $user->canEdit()) $password
Definition: resetpassword.php:21
elgg_is_admin_logged_in
elgg_is_admin_logged_in()
Returns whether or not the viewer is currently logged in and an admin user.
Definition: sessions.php:52
elgg_get_logged_in_user_entity
elgg_get_logged_in_user_entity()
Return the current logged in user, or null if no user is logged in.
Definition: sessions.php:24
$actor
if(($owner instanceof \ElggGroup|| $owner instanceof \ElggUser) &&!in_array($owner->guid, $mute_guids)) $actor
Definition: mute.php:78
$response
$response
Definition: content.php:10
Generated on Fri Aug 29 2025 00:01:58 for Elgg by doxygen 1.9.1