We are running Moodle 1.1.1 (2003091000) on W2K server with IIS. The server is outside our W2KLAN domain. Authentication is currently POP3.
Moodle is popular amongst staff and students so far and is beginning to take off in some areas. We see some serious potential as a tool to support/complement our more conventional classroom based learning environment.
Problem: We have about 450 users so far (1600+ anticipated eventually) and are getting problems with users entering blank, inappropriate or inaccurate information into their profiles, deliberately or accidentally. Some of the deliberate is down to novelty value, but with a population ranging from age 11-19 then the younger sensitive ones need some protection from the immature older ones. In addition inaccurate e-mail addresses are causing unnecessary mailings to the domain postmaster (as undeliverable). (these could be filtered but that would be addressing the symptom not the cause)
We need a 2 stage solution:
1 Correct the current data. We could wipe them and start again but do not want to lose links to existing content. Alternative is to overwrite all existing users with accurate names, e-mail etc. Could this be achieved by using CSV import? We do not need to change the user name or password so database indexing should hopefully be OK. Could add the new users at the same time.
There is some CSV import code elsewhere in a forum, but I believe it is designed to ignore existing users is overwriting a problem within Moodle?. (My PHP is non-existent)
2 We then need to protect the profiles from critical changes - first and surname, email address (perhaps picture, town and description also). Can this be done? I think we could populate the user information more completely (and therefore more accurately) on initial login by using LDAP authentication eg from our LAN Active Directory [does Moodle need to be within the domain to do this?], but then need to prevent changes.
We acknowledge that in some ways this is against some of the spirit of Moodle, but we are trying to balance user freedom to experiment and explore, with protecting younger pupils and efficient use of very limited staff time to deal with issues arising from accidental or deliberate misuse of the system.
We would appreciate any comments and suggestions from other Moodle users who have experienced similar problems or can help with a solution even if it is to point us to something obvious we have missed (for which we apologise in advance).
TIA
[Martin apologies if this is in wrong forum (should it be in authentication?) please move if necessary]
To answer part of your question, I've stopped pupils (in the same age range) changing their name, username and email address by altering the html form edit.html so the user's details are in hidden form elements and therefore cannot be changed easily. They could still be hacked by sending a lengthy query string if someone was sufficiently knowledgable, but it has stopped things changing for now.
edit.html is found in \moodle\user
I've attached my version, if you want to, just swap this with the original Moodle version you should have no more changed names etc.
One small side effect of this is that you can't edit pupil details or add pupils using the Moodle interface (as this uses the same HTML). One day I will make it work for teachers or admin and not for students....
Hi Richard,
I have some recommendation if you want to prevent students from editing firstname, lastname, email but allowing administrator to do so. You can insert condition checking before displaying firstname, lastname .. text fields. take a look at the code edit.html starts from line 50. The code will check if user is not admin it will display the text field as readonly
<tr valign=top>
<td><p><?php print_string("firstname") ?>:</td>
<?php if (isadmin()) { ?>
<td><input type="text" name="firstname" size=30 value="<?php p($user->firstname) ?>">
<?php }
else { ?>
<td><input type="text" name="firstname" size=30 value="<?php p($user->firstname) ?>" readonly>
<?php } ?>
<?php if (isset($err["firstname"])) formerr($err["firstname"]); ?>
</td>
</tr>