Merge pull request #6512 from christianbeeznest/contidos-22802

NicoDucou · web-flow · commit c4002022798a · 2025-07-24T10:54:02.000+02:00
User: Enforce unique extra‑field per URL on user creation - refs BT#22802
diff --git a/main/admin/user_import.php b/main/admin/user_import.php
@@ -255,14 +255,13 @@ function complete_missing_data(array $user): array
 /**
  * Save the imported data.
  *
- * @uses \global variable $inserted_in_course, which returns the list of
- * courses the user was inserted in
+ * @uses   global $inserted_in_course, which returns the list of courses the user was inserted in
+ * @param  array       $users
+ * @param  bool        $sendMail
+ * @param  string|null $targetFolder
+ * @return array       The $users array, with 'message' and (for reused users) 'id' set
  */
-function save_data(
-    array $users,
-    bool $sendMail = false,
-    ?string $targetFolder = null
-): array {
+function save_data(array $users, bool $sendMail = false, ?string $targetFolder = null): array {
     global $inserted_in_course, $extra_fields;
 
     // Not all scripts declare the $inserted_in_course array (although they should).
@@ -281,107 +280,150 @@ function save_data(
 
     $optionsByField = [];
 
+    // which extra‑field variable are we validating on?
+    $uniqueField = api_get_configuration_value('extra_field_to_validate_on_user_registration');
+
     foreach ($users as &$user) {
         if ($user['has_error']) {
             $userError[] = $user;
             continue;
         }
 
-        $user = complete_missing_data($user);
-        $user['Status'] = api_status_key($user['Status']);
-        $redirection = $user['Redirection'] ?? '';
+        $returnMessage = '';
+        $user_id       = null;
+
+        // 1) If the CSV row has that unique extra‑field, try to look up an existing user
+        if (!empty($uniqueField) && !empty($user[$uniqueField])) {
+            // pass true to getUserId mode
+            $existing = UserManager::isExtraFieldValueUniquePerUrl($user[$uniqueField], true);
+            if ($existing !== null) {
+                // existing user found → reuse
+                $user_id       = $existing;
+                $returnMessage = Display::return_message(
+                    sprintf(
+                        'An existing user with the same %s was found (ID %d), enrolling instead of creating.',
+                        $uniqueField,
+                        $existing
+                    ),
+                    'info'
+                );
+            }
+        }
 
-        $user_id = UserManager::create_user(
-            $user['FirstName'],
-            $user['LastName'],
-            $user['Status'],
-            $user['Email'],
-            $user['UserName'],
-            $user['Password'],
-            $user['OfficialCode'],
-            $user['language'],
-            $user['PhoneNumber'],
-            '',
-            $user['AuthSource'],
-            $user['ExpiryDate'],
-            1,
-            0,
-            null,
-            null,
-            $sendMail,
-            false,
-            '',
-            false,
-            null,
-            null,
-            null,
-            $redirection
-        );
+        // 2) If not found, go through normal creation
+        if ($user_id === null) {
+            // fill in missing fields, generate password, etc.
+            $user = complete_missing_data($user);
+            $user['Status'] = api_status_key($user['Status']);
+            $redirection    = $user['Redirection'] ?? '';
+
+            $user_id = UserManager::create_user(
+                $user['FirstName'],
+                $user['LastName'],
+                $user['Status'],
+                $user['Email'],
+                $user['UserName'],
+                $user['Password'],
+                $user['OfficialCode'],
+                $user['language'],
+                $user['PhoneNumber'],
+                '',
+                $user['AuthSource'],
+                $user['ExpiryDate'],
+                1,
+                0,
+                null,
+                null,
+                $sendMail,
+                false,
+                '',
+                false,
+                null,
+                null,
+                null,
+                $redirection
+            );
 
-        if ($user_id) {
-            $returnMessage = Display::return_message(get_lang('UserAdded'), 'success');
-
-            if (isset($user['Courses']) && is_array($user['Courses'])) {
-                foreach ($user['Courses'] as $course) {
-                    if (CourseManager::course_exists($course)) {
-                        $result = CourseManager::subscribeUser($user_id, $course, $user['Status']);
-                        if ($result) {
-                            $course_info = api_get_course_info($course);
-                            $inserted_in_course[$course] = $course_info['title'];
-                        }
-                    }
-                }
+            if ($user_id) {
+                $returnMessage = Display::return_message(get_lang('UserAdded'), 'success');
+            } else {
+                $returnMessage = Display::return_message(get_lang('Error'), 'error');
+                $userWarning[] = $user;
+                $user['message'] = $returnMessage;
+                continue;
             }
+        }
 
-            if (isset($user['Sessions']) && is_array($user['Sessions'])) {
-                foreach ($user['Sessions'] as $sessionId) {
-                    $sessionInfo = api_get_session_info($sessionId);
-                    if (!empty($sessionInfo)) {
-                        SessionManager::subscribeUsersToSession(
-                            $sessionId,
-                            [$user_id],
-                            SESSION_VISIBLE_READ_ONLY,
-                            false
-                        );
+        // 3) At this point $user_id is either reused or newly created.
+        //    Enroll in courses:
+        if (isset($user['Courses']) && is_array($user['Courses'])) {
+            foreach ($user['Courses'] as $course) {
+                if (CourseManager::course_exists($course)) {
+                    $result = CourseManager::subscribeUser($user_id, $course, $user['Status']);
+                    if ($result) {
+                        $info = api_get_course_info($course);
+                        $inserted_in_course[$course] = $info['title'];
                     }
                 }
             }
+        }
 
-            if (!empty($user['ClassId'])) {
-                $classId = explode('|', trim($user['ClassId']));
-                foreach ($classId as $id) {
-                    $usergroup->subscribe_users_to_usergroup($id, [$user_id], false);
+        // 4) Enroll in sessions:
+        if (isset($user['Sessions']) && is_array($user['Sessions'])) {
+            foreach ($user['Sessions'] as $sessionId) {
+                $sessionInfo = api_get_session_info($sessionId);
+                if (!empty($sessionInfo)) {
+                    SessionManager::subscribeUsersToSession(
+                        $sessionId,
+                        [$user_id],
+                        SESSION_VISIBLE_READ_ONLY,
+                        false
+                    );
                 }
             }
+        }
 
-            // We are sure that the extra field exists.
-            foreach ($extra_fields as $extras) {
-                if (!isset($user[$extras[1]])) {
-                    continue;
-                }
-
-                $key = $extras[1];
-                $value = $user[$key];
+        // 5) Subscribe to usergroups:
+        if (!empty($user['ClassId'])) {
+            $classIds = explode('|', trim($user['ClassId']));
+            foreach ($classIds as $id) {
+                $usergroup->subscribe_users_to_usergroup($id, [$user_id], false);
+            }
+        }
 
-                if (!array_key_exists($key, $optionsByField)) {
-                    $optionsByField[$key] = $efo->getOptionsByFieldVariable($key);
+        // 6) Update extra‑field values (for newly created or even reused users):
+        foreach ($extra_fields as $extras) {
+            $fieldVar = $extras[1];
+            $matchedKey = null;
+            foreach ($user as $colName => $colVal) {
+                if (strtolower($colName) === strtolower($fieldVar)) {
+                    $matchedKey = $colName;
+                    break;
                 }
+            }
+            if ($matchedKey === null) {
+                continue;
+            }
 
-                /** @var ExtraFieldOptions $option */
-                foreach ($optionsByField[$key] as $option) {
-                    if ($option->getDisplayText() === $value) {
-                        $value = $option->getValue();
-                    }
+            $value = $user[$matchedKey];
+            if (!array_key_exists($matchedKey, $optionsByField)) {
+                $optionsByField[$matchedKey] = $efo->getOptionsByFieldVariable($matchedKey);
+            }
+            /** @var ExtraFieldOptions $option */
+            foreach ($optionsByField[$matchedKey] as $option) {
+                if ($option->getDisplayText() === $value) {
+                    $value = $option->getValue();
+                    break;
                 }
-
-                UserManager::update_extra_field_value($user_id, $key, $value);
             }
-            $userSaved[] = $user;
-        } else {
-            $returnMessage = Display::return_message(get_lang('Error'), 'warning');
-            $userWarning[] = $user;
+
+            UserManager::update_extra_field_value($user_id, $matchedKey, $value);
         }
+
+        // 7) Record success
+        $user['id']      = $user_id;
         $user['message'] = $returnMessage;
+        $userSaved[]     = $user;
     }
 
     // Save with success, error and warning users
@@ -708,6 +750,25 @@ function processUsers(array &$users, bool $sendMail, ?string $targetFolder = nul
 
             Session::erase('user_import_data_'.$userId);
             $users = Import::csvToArray($_FILES['import_file']['tmp_name']);
+
+            $uniqueField = api_get_configuration_value('extra_field_to_validate_on_user_registration');
+            if (!empty($uniqueField) && !empty($users)) {
+                $firstRow = reset($users);
+                $csvHeader = array_keys($firstRow);
+                $csvHeaderLower = array_map('trim', array_map('strtolower', $csvHeader));
+
+                if (!in_array($uniqueField, $csvHeaderLower, true)) {
+                    Display::addFlash(
+                        Display::return_message(
+                            sprintf('The column "%s" is required in the CSV for this platform', $uniqueField),
+                            'error'
+                        )
+                    );
+                    header('Location: ' . api_get_self());
+                    exit;
+                }
+            }
+
             $users = parse_csv_data(
                 $users,
                 $cleanFileName,
diff --git a/main/inc/lib/extra_field.lib.php b/main/inc/lib/extra_field.lib.php
@@ -788,8 +788,8 @@ public function addElements(
             if (!empty($showOnlyTheseFields)) {
                 $setData = [];
                 foreach ($showOnlyTheseFields as $variable) {
-                    $extraName = 'extra_'.$variable;
-                    if (in_array($extraName, array_keys($extraData))) {
+                    $extraName = 'extra_' . $variable;
+                    if (array_key_exists($extraName, $extraData)) {
                         $setData[$extraName] = $extraData[$extraName];
                     }
                 }
@@ -824,13 +824,26 @@ public function addElements(
             $help
         );
 
-        if (!empty($requiredFields)) {
-            /** @var HTML_QuickForm_input $element */
-            foreach ($form->getElements() as $element) {
-                $name = str_replace('extra_', '', $element->getName());
-                if (in_array($name, $requiredFields)) {
-                    $form->setRequired($element);
-                }
+        $requiredFields = is_array($requiredFields) ? $requiredFields : [];
+
+        $uniqueField = api_get_configuration_value('extra_field_to_validate_on_user_registration');
+        if (!empty($uniqueField) && !in_array($uniqueField, $requiredFields, true)) {
+            $requiredFields[] = $uniqueField;
+        }
+
+        /** @var HTML_QuickForm_element $element */
+        foreach ($form->getElements() as $element) {
+            $name = str_replace('extra_', '', $element->getName());
+            if (in_array($name, $requiredFields, true)) {
+                $form->setRequired($element);
+            }
+            if (!empty($uniqueField) && $name === $uniqueField) {
+                $form->addRule(
+                    'extra_' . $name,
+                    sprintf(get_lang('A user with the same %s already exists in this portal'), $name),
+                    'callback',
+                    ['UserManager', 'isExtraFieldValueUniquePerUrl']
+                );
             }
         }
 
diff --git a/main/inc/lib/usermanager.lib.php b/main/inc/lib/usermanager.lib.php
@@ -8405,4 +8405,51 @@ private static function getGravatar(
 
         return $url;
     }
+
+    /**
+     * Check or fetch a user by extra‑field on this portal.
+     *
+     * @param string $value      The extra‑field value to test (e.g. DNI).
+     * @param bool   $returnId   If true, return the existing user ID or null; otherwise return true/false for uniqueness.
+     * @return bool|int|null     When $returnId===false: true if unique, false if already exists.
+     *                           When $returnId===true: existing user ID or null if none.
+     */
+    public static function isExtraFieldValueUniquePerUrl(string $value, bool $returnId = false)
+    {
+        $field = api_get_configuration_value('extra_field_to_validate_on_user_registration');
+        if (empty($field) || $value === '') {
+            // If there's nothing to check, treat as “unique” or “no ID”
+            return $returnId ? null : true;
+        }
+
+        $accessUrlId = api_get_current_access_url_id();
+
+        $tUser   = Database::get_main_table(TABLE_MAIN_USER);
+        $tField  = Database::get_main_table(TABLE_EXTRA_FIELD);
+        $tValue  = Database::get_main_table(TABLE_EXTRA_FIELD_VALUES);
+        $tRelUrl = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
+
+        $sql = "
+        SELECT u.id
+        FROM   {$tUser} u
+        JOIN   {$tValue} v   ON v.item_id    = u.id
+        JOIN   {$tField} f   ON f.id         = v.field_id
+        JOIN   {$tRelUrl} url ON url.user_id = u.id
+        WHERE  f.variable        = '" . Database::escape_string($field) . "'
+          AND  v.value           = '" . Database::escape_string($value) . "'
+          AND  url.access_url_id = {$accessUrlId}
+        LIMIT  1
+    ";
+
+        $result = Database::query($sql);
+        $row    = Database::fetch_array($result, 'ASSOC');
+
+        if ($returnId) {
+            // return the existing user ID, or null if none
+            return $row['id'] ?? null;
+        }
+
+        // return true if no match was found (i.e. unique), false otherwise
+        return empty($row);
+    }
 }
diff --git a/main/install/configuration.dist.php b/main/install/configuration.dist.php
@@ -1948,7 +1948,7 @@
 
 // Default items per page in main/mySpace/users.php
 // $_configuration['my_space_users_items_per_page'] = 10;
- 
+
 //Add an expected theorical time spent in a course to show in main/mySpace/myStudents.php and main/session/resume_session.php
 //Create an extra field for courses with identifier "theoretical_time"
 //$_configuration['display_theoretical_time'] = false;
@@ -2700,3 +2700,5 @@
         ],
     ],
 ]; */
+// Extra field variable name to validate as unique per URL during user registration (e.g. 'dni')
+//$_configuration['extra_field_to_validate_on_user_registration'] = ''; // set in admin or directly (e.g. 'dni')
