/**
* Serves the message attachments. Implements needed access control ;-)
*
* @param object $course
* @param object $cm
* @param object $context
* @param string $filearea
* @param array $args
* @param bool $forcedownload
* @return bool false if file not found, does not return if found - justsend the file
*/
function block_jmail_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload)
{
global $SCRIPT;
if ($context->contextlevel != CONTEXT_BLOCK) {
//send_file_not_found();
}
require_course_login($course);
$coursecontext = block_jmail_get_context(CONTEXT_COURSE, $course->id, MUST_EXIST);
// The mailbox constructor does the permission validation
if (!($mailbox = new block_jmail_mailbox($course, $coursecontext, $context))) {
return;
}
$messageid = (int) array_shift($args);
$message = block_jmail_message::get_from_id($messageid);
// We check if we are the senders or the receivers
if (!$message) {
send_file_not_found();
}
$pendingaprobal = !$message->approved and has_capability('block/jmail:approvemessages', $context);
if (!$message->is_mine() and !$pendingaprobal) {
send_file_not_found();
}
$fs = get_file_storage();
$relativepath = implode('/', $args);
$fullpath = "/{$context->id}/block_jmail/{$filearea}/{$messageid}/{$relativepath}";
if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) {
send_file_not_found();
}
$forcedownload = true;
send_stored_file($file, 60 * 60, 0, $forcedownload);
}
/**
* Serves the dataformview_tabular template files.
*
* @param object $course
* @param object $cm
* @param object $context
* @param string $filearea
* @param array $args
* @param bool $forcedownload
* @return bool false if file not found, does not return if found - justsend the file
*/
function dataformview_tabular_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload)
{
if (!in_array($filearea, dataformview_tabular_tabular::get_file_areas())) {
return false;
}
if ($context->contextlevel == CONTEXT_MODULE) {
require_course_login($course, true, $cm);
$viewid = (int) array_shift($args);
$dataformid = $cm->instance;
// Confirm user access.
$params = array('dataformid' => $dataformid, 'viewid' => $viewid);
if (!mod_dataform\access\view_access::validate($params)) {
return false;
}
$relativepath = implode('/', $args);
$fullpath = "/{$context->id}/dataformview_tabular/{$filearea}/{$viewid}/{$relativepath}";
$fs = get_file_storage();
if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) {
return false;
}
// Finally send the file.
send_stored_file($file, 0, 0, true);
// Download MUST be forced - security!
}
return false;
}
/**
* Form for editing HTML block instances.
*
* @copyright 2010 Petr Skoda (http://skodak.org)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
* @package block_html
* @category files
* @param stdClass $course course object
* @param stdClass $birecord_or_cm block instance record
* @param stdClass $context context object
* @param string $filearea file area
* @param array $args extra arguments
* @param bool $forcedownload whether or not force download
* @param array $options additional options affecting the file serving
* @return bool
*/
function block_html_pluginfile($course, $birecord_or_cm, $context, $filearea, $args, $forcedownload, array $options = array())
{
global $SCRIPT;
if ($context->contextlevel != CONTEXT_BLOCK) {
send_file_not_found();
}
require_course_login($course);
if ($filearea !== 'content') {
send_file_not_found();
}
$fs = get_file_storage();
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, 'block_html', 'content', 0, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
if ($parentcontext = get_context_instance_by_id($birecord_or_cm->parentcontextid)) {
if ($parentcontext->contextlevel == CONTEXT_USER) {
// force download on all personal pages including /my/
//because we do not have reliable way to find out from where this is used
$forcedownload = true;
}
} else {
// weird, there should be parent context, better force dowload then
$forcedownload = true;
}
session_get_instance()->write_close();
send_stored_file($file, 60 * 60, 0, $forcedownload, $options);
}
/**
* Form for editing Information Spot block instances.
*
* @copyright 2014 Roberto Pinna
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
* @package block_informationspot
* @category files
* @param stdClass $course course object
* @param stdClass $birecord_or_cm block instance record
* @param stdClass $context context object
* @param string $filearea file area
* @param array $args extra arguments
* @param bool $forcedownload whether or not force download
* @param array $options additional options affecting the file serving
* @return bool
*/
function block_informationspot_pluginfile($course, $birecord_or_cm, $context, $filearea, $args, $forcedownload, array $options = array())
{
global $DB, $CFG, $USER;
if ($context->contextlevel != CONTEXT_BLOCK) {
send_file_not_found();
}
// If block is in course context, then check if user has capability to access course.
if ($context->get_course_context(false)) {
require_course_login($course);
} else {
if ($CFG->forcelogin) {
require_login();
} else {
// Get parent context and see if user have proper permission.
$parentcontext = $context->get_parent_context();
if ($parentcontext->contextlevel === CONTEXT_COURSECAT) {
// Check if category is visible and user can view this category.
$category = $DB->get_record('course_categories', array('id' => $parentcontext->instanceid), '*', MUST_EXIST);
if (!$category->visible) {
require_capability('moodle/category:viewhiddencategories', $parentcontext);
}
} else {
if ($parentcontext->contextlevel === CONTEXT_USER && $parentcontext->instanceid != $USER->id) {
// The block is in the context of a user, it is only visible to the user who it belongs to.
send_file_not_found();
}
}
// At this point there is no way to check SYSTEM context, so ignoring it.
}
}
if ($filearea != 'image') {
send_file_not_found();
}
$fs = get_file_storage();
$imageid = array_shift($args);
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, 'block_informationspot', $filearea, $imageid, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
if ($parentcontext = context::instance_by_id($birecord_or_cm->parentcontextid, IGNORE_MISSING)) {
if ($parentcontext->contextlevel == CONTEXT_USER) {
// force download on all personal pages including /my/
//because we do not have reliable way to find out from where this is used
$forcedownload = true;
}
} else {
// weird, there should be parent context, better force dowload then
$forcedownload = true;
}
// NOTE: it woudl be nice to have file revisions here, for now rely on standard file lifetime,
// do not lower it because the files are dispalyed very often.
\core\session\manager::write_close();
send_stored_file($file, null, 0, $forcedownload, $options);
}
/**
* Form for editing HTML block instances.
*
* @copyright 2010 Petr Skoda (http://skodak.org)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
* @package block_html
* @category files
* @param stdClass $course course object
* @param stdClass $birecord_or_cm block instance record
* @param stdClass $context context object
* @param string $filearea file area
* @param array $args extra arguments
* @param bool $forcedownload whether or not force download
* @param array $options additional options affecting the file serving
* @return bool
* @todo MDL-36050 improve capability check on stick blocks, so we can check user capability before sending images.
*/
function block_html_pluginfile($course, $birecord_or_cm, $context, $filearea, $args, $forcedownload, array $options = array())
{
global $DB, $CFG;
if ($context->contextlevel != CONTEXT_BLOCK) {
send_file_not_found();
}
// If block is in course context, then check if user has capability to access course.
if ($context->get_course_context(false)) {
require_course_login($course);
} else {
if ($CFG->forcelogin) {
require_login();
} else {
// Get parent context and see if user have proper permission.
$parentcontext = $context->get_parent_context();
if ($parentcontext->contextlevel === CONTEXT_COURSECAT) {
// Check if category is visible and user can view this category.
$category = $DB->get_record('course_categories', array('id' => $parentcontext->instanceid), '*', MUST_EXIST);
if (!$category->visible) {
require_capability('moodle/category:viewhiddencategories', $parentcontext);
}
}
// At this point there is no way to check SYSTEM or USER context, so ignoring it.
}
}
if ($filearea !== 'content') {
send_file_not_found();
}
$fs = get_file_storage();
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, 'block_html', 'content', 0, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
if ($parentcontext = get_context_instance_by_id($birecord_or_cm->parentcontextid)) {
if ($parentcontext->contextlevel == CONTEXT_USER) {
// force download on all personal pages including /my/
//because we do not have reliable way to find out from where this is used
$forcedownload = true;
}
} else {
// weird, there should be parent context, better force dowload then
$forcedownload = true;
}
session_get_instance()->write_close();
send_stored_file($file, 60 * 60, 0, $forcedownload, $options);
}
function block_navbuttons_pluginfile($course, $birecord_or_cm, $context, $filearea, $args, $forcedownload)
{
if ($context->contextlevel != CONTEXT_COURSE) {
send_file_not_found();
}
require_course_login($course);
if ($filearea !== 'icons') {
send_file_not_found();
}
$fs = get_file_storage();
$filename = $args[1];
$iconid = $args[0];
if (!($file = $fs->get_file($context->id, 'block_navbuttons', 'icons', $iconid, '/', $filename)) or $file->is_directory()) {
send_file_not_found();
}
send_stored_file($file, 60 * 60, 0, $forcedownload);
}
/**
* Serves the data attachments. Implements needed access control ;-)
*
* @param object $course
* @param object $cm
* @param object $context
* @param string $filearea
* @param array $args
* @param bool $forcedownload
* @return bool false if file not found, does not return if found - justsend the file
*/
function data_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload) {
global $CFG, $DB;
if ($context->contextlevel != CONTEXT_MODULE) {
return false;
}
require_course_login($course, true, $cm);
if ($filearea === 'content') {
$contentid = (int)array_shift($args);
if (!$content = $DB->get_record('data_content', array('id'=>$contentid))) {
return false;
}
if (!$field = $DB->get_record('data_fields', array('id'=>$content->fieldid))) {
return false;
}
if (!$record = $DB->get_record('data_records', array('id'=>$content->recordid))) {
return false;
}
if (!$data = $DB->get_record('data', array('id'=>$field->dataid))) {
return false;
}
if ($data->id != $cm->instance) {
// hacker attempt - context does not match the contentid
return false;
}
//check if approved
if ($data->approval and !$record->approved and !data_isowner($record) and !has_capability('mod/data:approve', $context)) {
return false;
}
// group access
if ($record->groupid) {
$groupmode = groups_get_activity_groupmode($cm, $course);
if ($groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) {
if (!groups_is_member($record->groupid)) {
return false;
}
}
}
$fieldobj = data_get_field($field, $data, $cm);
$relativepath = implode('/', $args);
$fullpath = "/$context->id/mod_data/content/$content->id/$relativepath";
if (!$fieldobj->file_ok($relativepath)) {
return false;
}
$fs = get_file_storage();
if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) {
return false;
}
// finally send the file
send_stored_file($file, 0, 0, true); // download MUST be forced - security!
}
return false;
}
/**
* Serves the folder files.
*
* @package mod_folder
* @category files
* @param stdClass $course course object
* @param stdClass $cm course module
* @param stdClass $context context object
* @param string $filearea file area
* @param array $args extra arguments
* @param bool $forcedownload whether or not force download
* @param array $options additional options affecting the file serving
* @return bool false if file not found, does not return if found - just send the file
*/
function folder_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload, array $options = array())
{
global $CFG, $DB;
if ($context->contextlevel != CONTEXT_MODULE) {
return false;
}
require_course_login($course, true, $cm);
if (!has_capability('mod/folder:view', $context)) {
return false;
}
if ($filearea !== 'content') {
// intro is handled automatically in pluginfile.php
return false;
}
array_shift($args);
// ignore revision - designed to prevent caching problems only
$fs = get_file_storage();
$relativepath = implode('/', $args);
$fullpath = "/{$context->id}/mod_folder/content/0/{$relativepath}";
if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) {
return false;
}
// finally send the file
// for folder module, we force download file all the time
send_stored_file($file, 0, 0, true, $options);
}
/**
* Initialise the navigation given the type and id for the branch to expand.
*
* @return array An array of the expandable nodes
*/
public function initialise()
{
global $CFG, $DB, $SITE;
if ($this->initialised || during_initial_install()) {
return $this->expandable;
}
$this->initialised = true;
$this->rootnodes = array();
$this->rootnodes['site'] = $this->add_course($SITE);
$this->rootnodes['courses'] = $this->add(get_string('courses'), null, self::TYPE_ROOTNODE, null, 'courses');
// Branchtype will be one of navigation_node::TYPE_*
switch ($this->branchtype) {
case self::TYPE_CATEGORY:
$this->load_category($this->instanceid);
break;
case self::TYPE_COURSE:
$course = $DB->get_record('course', array('id' => $this->instanceid), '*', MUST_EXIST);
require_course_login($course, true, null, false, true);
$this->page->set_context(get_context_instance(CONTEXT_COURSE, $course->id));
$coursenode = $this->add_course($course);
$this->add_course_essentials($coursenode, $course);
if ($this->format_display_course_content($course->format)) {
$this->load_course_sections($course, $coursenode);
}
break;
case self::TYPE_SECTION:
$sql = 'SELECT c.*, cs.section AS sectionnumber
FROM {course} c
LEFT JOIN {course_sections} cs ON cs.course = c.id
WHERE cs.id = ?';
$course = $DB->get_record_sql($sql, array($this->instanceid), MUST_EXIST);
require_course_login($course, true, null, false, true);
$this->page->set_context(get_context_instance(CONTEXT_COURSE, $course->id));
$coursenode = $this->add_course($course);
$this->add_course_essentials($coursenode, $course);
$sections = $this->load_course_sections($course, $coursenode);
list($sectionarray, $activities) = $this->generate_sections_and_activities($course);
$this->load_section_activities($sections[$course->sectionnumber]->sectionnode, $course->sectionnumber, $activities);
break;
case self::TYPE_ACTIVITY:
$sql = "SELECT c.*\n FROM {course} c\n JOIN {course_modules} cm ON cm.course = c.id\n WHERE cm.id = :cmid";
$params = array('cmid' => $this->instanceid);
$course = $DB->get_record_sql($sql, $params, MUST_EXIST);
$modinfo = get_fast_modinfo($course);
$cm = $modinfo->get_cm($this->instanceid);
require_course_login($course, true, $cm, false, true);
$this->page->set_context(get_context_instance(CONTEXT_MODULE, $cm->id));
$coursenode = $this->load_course($course);
if ($course->id == $SITE->id) {
$modulenode = $this->load_activity($cm, $course, $coursenode->find($cm->id, self::TYPE_ACTIVITY));
} else {
$sections = $this->load_course_sections($course, $coursenode);
list($sectionarray, $activities) = $this->generate_sections_and_activities($course);
$activities = $this->load_section_activities($sections[$cm->sectionnum]->sectionnode, $cm->sectionnum, $activities);
$modulenode = $this->load_activity($cm, $course, $activities[$cm->id]);
}
break;
default:
throw new Exception('Unknown type');
return $this->expandable;
}
if ($this->page->context->contextlevel == CONTEXT_COURSE && $this->page->context->instanceid != $SITE->id) {
$this->load_for_user(null, true);
}
$this->find_expandable($this->expandable);
return $this->expandable;
}
/**
* Initialise the navigation given the type and id for the branch to expand.
*
* @return array An array of the expandable nodes
*/
public function initialise()
{
global $DB, $SITE;
if ($this->initialised || during_initial_install()) {
return $this->expandable;
}
$this->initialised = true;
$this->rootnodes = array();
$this->rootnodes['site'] = $this->add_course($SITE);
$this->rootnodes['mycourses'] = $this->add(get_string('mycourses'), new moodle_url('/my'), self::TYPE_ROOTNODE, null, 'mycourses');
$this->rootnodes['courses'] = $this->add(get_string('courses'), null, self::TYPE_ROOTNODE, null, 'courses');
// The courses branch is always displayed, and is always expandable (although may be empty).
// This mimicks what is done during {@link global_navigation::initialise()}.
$this->rootnodes['courses']->isexpandable = true;
// Branchtype will be one of navigation_node::TYPE_*
switch ($this->branchtype) {
case 0:
if ($this->instanceid === 'mycourses') {
$this->load_courses_enrolled();
} else {
if ($this->instanceid === 'courses') {
$this->load_courses_other();
}
}
break;
case self::TYPE_CATEGORY:
$this->load_category($this->instanceid);
break;
case self::TYPE_MY_CATEGORY:
$this->load_category($this->instanceid, self::TYPE_MY_CATEGORY);
break;
case self::TYPE_COURSE:
$course = $DB->get_record('course', array('id' => $this->instanceid), '*', MUST_EXIST);
if (!can_access_course($course, null, '', true)) {
// Thats OK all courses are expandable by default. We don't need to actually expand it we can just
// add the course node and break. This leads to an empty node.
$this->add_course($course);
break;
}
require_course_login($course, true, null, false, true);
$this->page->set_context(context_course::instance($course->id));
$coursenode = $this->add_course($course);
$this->add_course_essentials($coursenode, $course);
$this->load_course_sections($course, $coursenode);
break;
case self::TYPE_SECTION:
$sql = 'SELECT c.*, cs.section AS sectionnumber
FROM {course} c
LEFT JOIN {course_sections} cs ON cs.course = c.id
WHERE cs.id = ?';
$course = $DB->get_record_sql($sql, array($this->instanceid), MUST_EXIST);
require_course_login($course, true, null, false, true);
$this->page->set_context(context_course::instance($course->id));
$coursenode = $this->add_course($course);
$this->add_course_essentials($coursenode, $course);
$this->load_course_sections($course, $coursenode, $course->sectionnumber);
break;
case self::TYPE_ACTIVITY:
$sql = "SELECT c.*\n FROM {course} c\n JOIN {course_modules} cm ON cm.course = c.id\n WHERE cm.id = :cmid";
$params = array('cmid' => $this->instanceid);
$course = $DB->get_record_sql($sql, $params, MUST_EXIST);
$modinfo = get_fast_modinfo($course);
$cm = $modinfo->get_cm($this->instanceid);
require_course_login($course, true, $cm, false, true);
$this->page->set_context(context_module::instance($cm->id));
$coursenode = $this->load_course($course);
$this->load_course_sections($course, $coursenode, null, $cm);
$activitynode = $coursenode->find($cm->id, self::TYPE_ACTIVITY);
if ($activitynode) {
$modulenode = $this->load_activity($cm, $course, $activitynode);
}
break;
default:
throw new Exception('Unknown type');
return $this->expandable;
}
if ($this->page->context->contextlevel == CONTEXT_COURSE && $this->page->context->instanceid != $SITE->id) {
$this->load_for_user(null, true);
}
$this->find_expandable($this->expandable);
return $this->expandable;
}
require_login($course, true);
} else {
require_login($course, true, $cm);
}
} else {
if ($course->id == SITEID) {
require_course_login($course, true);
} else {
require_course_login($course, true, $cm);
}
}
//check whether the given courseid exists
if ($courseid AND $courseid != SITEID) {
if ($course2 = $DB->get_record('course', array('id'=>$courseid))) {
require_course_login($course2); //this overwrites the object $course :-(
$course = $DB->get_record("course", array("id"=>$cm->course)); // the workaround
} else {
print_error('invalidcourseid');
}
}
if ($feedback->anonymous == FEEDBACK_ANONYMOUS_NO) {
add_to_log($course->id, 'feedback', 'view', 'view.php?id='.$cm->id, $feedback->id, $cm->id);
}
/// Print the page header
$strfeedbacks = get_string("modulenameplural", "feedback");
$strfeedback = get_string("modulename", "feedback");
if ($course->id == SITEID) {
/**
* Serves the book attachments. Implements needed access control ;-)
*
* @param stdClass $course course object
* @param cm_info $cm course module object
* @param context $context context object
* @param string $filearea file area
* @param array $args extra arguments
* @param bool $forcedownload whether or not force download
* @param array $options additional options affecting the file serving
* @return bool false if file not found, does not return if found - just send the file
*/
function book_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload, array $options = array())
{
global $CFG, $DB;
if ($context->contextlevel != CONTEXT_MODULE) {
return false;
}
require_course_login($course, true, $cm);
if ($filearea !== 'chapter') {
return false;
}
if (!has_capability('mod/book:read', $context)) {
return false;
}
$chid = (int) array_shift($args);
if (!($book = $DB->get_record('book', array('id' => $cm->instance)))) {
return false;
}
if (!($chapter = $DB->get_record('book_chapters', array('id' => $chid, 'bookid' => $book->id)))) {
return false;
}
if ($chapter->hidden and !has_capability('mod/book:viewhiddenchapters', $context)) {
return false;
}
$fs = get_file_storage();
$relativepath = implode('/', $args);
$fullpath = "/{$context->id}/mod_book/chapter/{$chid}/{$relativepath}";
if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) {
return false;
}
// Nasty hack because we do not have file revisions in book yet.
$lifetime = $CFG->filelifetime;
if ($lifetime > 60 * 10) {
$lifetime = 60 * 10;
}
// finally send the file
send_stored_file($file, $lifetime, 0, $forcedownload, $options);
}
/**
* Serves the resource files.
* @param object $course
* @param object $cm
* @param object $context
* @param string $filearea
* @param array $args
* @param bool $forcedownload
* @return bool false if file not found, does not return if found - just send the file
*/
function resource_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload) {
global $CFG, $DB;
require_once("$CFG->libdir/resourcelib.php");
if ($context->contextlevel != CONTEXT_MODULE) {
return false;
}
require_course_login($course, true, $cm);
if (!has_capability('mod/resource:view', $context)) {
return false;
}
if ($filearea !== 'content') {
// intro is handled automatically in pluginfile.php
return false;
}
array_shift($args); // ignore revision - designed to prevent caching problems only
$fs = get_file_storage();
$relativepath = implode('/', $args);
$fullpath = rtrim("/$context->id/mod_resource/$filearea/0/$relativepath", '/');
do {
if (!$file = $fs->get_file_by_hash(sha1($fullpath))) {
if ($fs->get_file_by_hash(sha1("$fullpath/."))) {
if ($file = $fs->get_file_by_hash(sha1("$fullpath/index.htm"))) {
break;
}
if ($file = $fs->get_file_by_hash(sha1("$fullpath/index.html"))) {
break;
}
if ($file = $fs->get_file_by_hash(sha1("$fullpath/Default.htm"))) {
break;
}
}
$resource = $DB->get_record('resource', array('id'=>$cm->instance), 'id, legacyfiles', MUST_EXIST);
if ($resource->legacyfiles != RESOURCELIB_LEGACYFILES_ACTIVE) {
return false;
}
if (!$file = resourcelib_try_file_migration('/'.$relativepath, $cm->id, $cm->course, 'mod_resource', 'content', 0)) {
return false;
}
// file migrate - update flag
$resource->legacyfileslast = time();
$DB->update_record('resource', $resource);
}
} while (false);
// should we apply filters?
$mimetype = $file->get_mimetype();
if ($mimetype === 'text/html' or $mimetype === 'text/plain') {
$filter = $DB->get_field('resource', 'filterfiles', array('id'=>$cm->instance));
$CFG->embeddedsoforcelinktarget = true;
} else {
$filter = 0;
}
// finally send the file
send_stored_file($file, 86400, $filter, $forcedownload);
}
require_once "{$CFG->libdir}/pdflib.php";
// Retrieve any variables that are passed
$id = required_param('id', PARAM_INT);
// Course Module ID
$action = optional_param('action', '', PARAM_ALPHA);
if (!($cm = get_coursemodule_from_id('iomadcertificate', $id))) {
print_error('Course Module ID was incorrect');
}
if (!($course = $DB->get_record('course', array('id' => $cm->course)))) {
print_error('course is misconfigured');
}
if (!($iomadcertificate = $DB->get_record('iomadcertificate', array('id' => $cm->instance)))) {
print_error('course module is incorrect');
}
// Requires a course login
require_course_login($course->id, true, $cm);
// Check the capabilities
$context = context_module::instance($cm->id);
require_capability('mod/iomadcertificate:view', $context);
// Initialize $PAGE, compute blocks
$PAGE->set_url('/mod/iomadcertificate/review.php', array('id' => $cm->id));
$PAGE->set_context($context);
$PAGE->set_cm($cm);
$PAGE->set_title(format_string($iomadcertificate->name));
$PAGE->set_heading(format_string($course->fullname));
// Get previous cert record
if (!($certrecord = $DB->get_record('iomadcertificate_issues', array('userid' => $USER->id, 'iomadcertificateid' => $iomadcertificate->id)))) {
notice(get_string('noiomadcertificatesissued', 'iomadcertificate'), "{$CFG->wwwroot}/course/view.php?id={$course->id}");
die;
}
// Load the specific iomadcertificatetype
/**
* Serves the book attachments. Implements needed access control ;-)
*
* @param stdClass $course course object
* @param cm_info $cm course module object
* @param context $context context object
* @param string $filearea file area
* @param array $args extra arguments
* @param bool $forcedownload whether or not force download
* @param array $options additional options affecting the file serving
* @return bool false if file not found, does not return if found - just send the file
*/
function book_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload, array $options = array())
{
global $CFG, $DB;
if ($context->contextlevel != CONTEXT_MODULE) {
return false;
}
require_course_login($course, true, $cm);
if ($filearea !== 'chapter') {
return false;
}
if (!has_capability('mod/book:read', $context)) {
return false;
}
$chid = (int) array_shift($args);
if (!($book = $DB->get_record('book', array('id' => $cm->instance)))) {
return false;
}
if (!($chapter = $DB->get_record('book_chapters', array('id' => $chid, 'bookid' => $book->id)))) {
return false;
}
if ($chapter->hidden and !has_capability('mod/book:viewhiddenchapters', $context)) {
return false;
}
// Download the contents of a chapter as an html file.
if ($args[0] == 'index.html') {
$filename = "index.html";
// We need to rewrite the pluginfile URLs so the media filters can work.
$content = file_rewrite_pluginfile_urls($chapter->content, 'webservice/pluginfile.php', $context->id, 'mod_book', 'chapter', $chapter->id);
$formatoptions = new stdClass();
$formatoptions->noclean = true;
$formatoptions->overflowdiv = true;
$formatoptions->context = $context;
$content = format_text($content, $chapter->contentformat, $formatoptions);
// Remove @@PLUGINFILE@@/.
$options = array('reverse' => true);
$content = file_rewrite_pluginfile_urls($content, 'webservice/pluginfile.php', $context->id, 'mod_book', 'chapter', $chapter->id, $options);
$content = str_replace('@@PLUGINFILE@@/', '', $content);
$titles = "";
// Format the chapter titles.
if (!$book->customtitles) {
require_once __DIR__ . '/locallib.php';
$chapters = book_preload_chapters($book);
if (!$chapter->subchapter) {
$currtitle = book_get_chapter_title($chapter->id, $chapters, $book, $context);
// Note that we can't use the $OUTPUT->heading() in WS_SERVER mode.
$titles = "<h3>{$currtitle}</h3>";
} else {
$currtitle = book_get_chapter_title($chapters[$chapter->id]->parent, $chapters, $book, $context);
$currsubtitle = book_get_chapter_title($chapter->id, $chapters, $book, $context);
// Note that we can't use the $OUTPUT->heading() in WS_SERVER mode.
$titles = "<h3>{$currtitle}</h3>";
$titles .= "<h4>{$currsubtitle}</h4>";
}
}
$content = $titles . $content;
send_file($content, $filename, 0, 0, true, true);
} else {
$fs = get_file_storage();
$relativepath = implode('/', $args);
$fullpath = "/{$context->id}/mod_book/chapter/{$chid}/{$relativepath}";
if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) {
return false;
}
// Nasty hack because we do not have file revisions in book yet.
$lifetime = $CFG->filelifetime;
if ($lifetime > 60 * 10) {
$lifetime = 60 * 10;
}
// Finally send the file.
send_stored_file($file, $lifetime, 0, $forcedownload, $options);
}
}
/**
* Check that the user has permission to view this module, and check if they can edit it too.
*/
function check_permission()
{
// Make sure the user is logged-in
require_course_login($this->course, true, $this->cm);
add_to_log($this->course->id, 'sloodle', 'view sloodle module', "view.php?id={$this->cm->id}", "{$this->sloodle->id}", $this->cm->id);
// Check for permissions
$this->module_context = get_context_instance(CONTEXT_MODULE, $this->cm->id);
$this->course_context = get_context_instance(CONTEXT_COURSE, $this->course->id);
if (has_capability('moodle/course:manageactivities', $this->module_context)) {
$this->canedit = true;
}
// If the module is hidden, then can the user still view it?
if (empty($this->cm->visible) && !has_capability('moodle/course:viewhiddenactivities', $this->module_context)) {
notice(get_string('activityiscurrentlyhidden'));
}
}
/**
* Serves the glossary attachments. Implements needed access control ;-)
*
* @param object $course
* @param object $cm
* @param object $context
* @param string $filearea
* @param array $args
* @param bool $forcedownload
* @return bool false if file not found, does not return if found - justsend the file
*/
function glossary_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload) {
global $CFG, $DB;
if ($context->contextlevel != CONTEXT_MODULE) {
return false;
}
require_course_login($course, true, $cm);
if ($filearea === 'attachment' or $filearea === 'entry') {
$entryid = (int)array_shift($args);
require_course_login($course, true, $cm);
if (!$entry = $DB->get_record('glossary_entries', array('id'=>$entryid))) {
return false;
}
if (!$glossary = $DB->get_record('glossary', array('id'=>$cm->instance))) {
return false;
}
if ($glossary->defaultapproval and !$entry->approved and !has_capability('mod/glossary:approve', $context)) {
return false;
}
// this trickery here is because we need to support source glossary access
if ($entry->glossaryid == $cm->instance) {
$filecontext = $context;
} else if ($entry->sourceglossaryid == $cm->instance) {
if (!$maincm = get_coursemodule_from_instance('glossary', $entry->glossaryid)) {
return false;
}
$filecontext = get_context_instance(CONTEXT_MODULE, $maincm->id);
} else {
return false;
}
$relativepath = implode('/', $args);
$fullpath = "/$filecontext->id/mod_glossary/$filearea/$entryid/$relativepath";
$fs = get_file_storage();
if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) {
return false;
}
// finally send the file
send_stored_file($file, 0, 0, true); // download MUST be forced - security!
} else if ($filearea === 'export') {
require_login($course, false, $cm);
require_capability('mod/glossary:export', $context);
if (!$glossary = $DB->get_record('glossary', array('id'=>$cm->instance))) {
return false;
}
$cat = array_shift($args);
$cat = clean_param($cat, PARAM_ALPHANUM);
$filename = clean_filename(strip_tags(format_string($glossary->name)).'.xml');
$content = glossary_generate_export_file($glossary, NULL, $cat);
send_file($content, $filename, 0, 0, true, true);
}
return false;
}
<?php
#################################################################################
## This versin is not present in any Moodle CVS and was generated from:
## $Id: dlg_ins_dragmath.php,v 1.2.4.1 2008/05/14 16:04:28 net-buoy Exp $
## to accomodate changes made in DragMath 0.7.8.1 and relocation of DragMath
## for Moodle 2 purposes to /lib/DragMath.
## In Moodle 2 this file becomes dragmath.php and is located in
## /lib/editor/tinymce/plugins/dragmath
## while DragMath itself is located in
## /lib/DragMath
##
#################################################################################
require "../../../../config.php";
$id = optional_param('id', SITEID, PARAM_INT);
require_course_login($id);
$urlforcodebase = $CFG->wwwroot . '/lib/DragMath/applet/';
$drlang = str_replace('_utf8', '', current_language());
// use more standard language codes
$drlangmapping = array('cs' => 'cz', 'pt_br' => 'pt-br');
// fix non-standard lang names
if (array_key_exists($drlang, $drlangmapping)) {
$drlang = $drlangmapping[$drlang];
}
if (!file_exists("{$CFG->dirroot}/lib/dragmath/applet/lang/{$drlang}.xml")) {
$drlang = 'en';
}
@header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
/**
* Serves the forum attachments. Implements needed access control ;-)
*
* @param object $course
* @param object $cm
* @param object $context
* @param string $filearea
* @param array $args
* @param bool $forcedownload
* @return bool false if file not found, does not return if found - justsend the file
*/
function forum_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload) {
global $CFG, $DB;
if ($context->contextlevel != CONTEXT_MODULE) {
return false;
}
require_course_login($course, true, $cm);
$fileareas = array('attachment', 'post');
if (!in_array($filearea, $fileareas)) {
return false;
}
$postid = (int)array_shift($args);
if (!$post = $DB->get_record('forum_posts', array('id'=>$postid))) {
return false;
}
if (!$discussion = $DB->get_record('forum_discussions', array('id'=>$post->discussion))) {
return false;
}
if (!$forum = $DB->get_record('forum', array('id'=>$cm->instance))) {
return false;
}
$fs = get_file_storage();
$relativepath = implode('/', $args);
$fullpath = "/$context->id/mod_forum/$filearea/$postid/$relativepath";
if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) {
return false;
}
// Make sure groups allow this user to see this file
if ($discussion->groupid > 0 and $groupmode = groups_get_activity_groupmode($cm, $course)) { // Groups are being used
if (!groups_group_exists($discussion->groupid)) { // Can't find group
return false; // Be safe and don't send it to anyone
}
if (!groups_is_member($discussion->groupid) and !has_capability('moodle/site:accessallgroups', $context)) {
// do not send posts from other groups when in SEPARATEGROUPS or VISIBLEGROUPS
return false;
}
}
// Make sure we're allowed to see it...
if (!forum_user_can_see_post($forum, $discussion, $post, NULL, $cm)) {
return false;
}
// finally send the file
send_stored_file($file, 0, 0, true); // download MUST be forced - security!
}
/**
* Make sure user is logged in as required in this context.
*/
function require_login_in_context($contextorid = null)
{
if (!is_object($contextorid)) {
$context = get_context_instance_by_id($contextorid);
} else {
$context = $contextorid;
}
if ($context && $context->contextlevel == CONTEXT_COURSE) {
require_login($context->instanceid);
} else {
if ($context && $context->contextlevel == CONTEXT_MODULE) {
if ($cm = get_record('course_modules', 'id', $context->instanceid)) {
if (!($course = get_record('course', 'id', $cm->course))) {
error('Incorrect course.');
}
require_course_login($course, true, $cm);
} else {
error('Incorrect course module id.');
}
} else {
if ($context && $context->contextlevel == CONTEXT_SYSTEM) {
if (!empty($CFG->forcelogin)) {
require_login();
}
} else {
require_login();
}
}
}
}
/**
* Serves the files included in feedback items like label. Implements needed access control ;-)
*
* @param object $course
* @param object $cm
* @param object $context
* @param string $filearea
* @param array $args
* @param bool $forcedownload
* @return bool false if file not found, does not return if found - justsend the file
*/
function feedback_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload)
{
global $CFG, $DB;
require_login($course, false, $cm);
$itemid = (int) array_shift($args);
require_course_login($course, true, $cm);
if (!($item = $DB->get_record('feedback_item', array('id' => $itemid)))) {
return false;
}
if (!has_capability('mod/feedback:view', $context)) {
return false;
}
if ($context->contextlevel == CONTEXT_MODULE) {
if ($filearea !== 'item') {
return false;
}
if ($item->feedback == $cm->instance) {
$filecontext = $context;
} else {
return false;
}
}
if ($context->contextlevel == CONTEXT_COURSE) {
if ($filearea !== 'template') {
return false;
}
}
$relativepath = implode('/', $args);
$fullpath = "/{$context->id}/mod_feedback/{$filearea}/{$itemid}/{$relativepath}";
$fs = get_file_storage();
if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) {
return false;
}
// finally send the file
send_stored_file($file, 0, 0, true);
// download MUST be forced - security!
return false;
}
/**
* Serves the forum attachments. Implements needed access control ;-)
*
* @package mod_forum
* @category files
* @param stdClass $course course object
* @param stdClass $cm course module object
* @param stdClass $context context object
* @param string $filearea file area
* @param array $args extra arguments
* @param bool $forcedownload whether or not force download
* @param array $options additional options affecting the file serving
* @return bool false if file not found, does not return if found - justsend the file
*/
function forum_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload, array $options=array()) {
global $CFG, $DB;
if ($context->contextlevel != CONTEXT_MODULE) {
return false;
}
require_course_login($course, true, $cm);
$areas = forum_get_file_areas($course, $cm, $context);
// filearea must contain a real area
if (!isset($areas[$filearea])) {
return false;
}
$postid = (int)array_shift($args);
if (!$post = $DB->get_record('forum_posts', array('id'=>$postid))) {
return false;
}
if (!$discussion = $DB->get_record('forum_discussions', array('id'=>$post->discussion))) {
return false;
}
if (!$forum = $DB->get_record('forum', array('id'=>$cm->instance))) {
return false;
}
$fs = get_file_storage();
$relativepath = implode('/', $args);
$fullpath = "/$context->id/mod_forum/$filearea/$postid/$relativepath";
if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) {
return false;
}
// Make sure groups allow this user to see this file
if ($discussion->groupid > 0) {
$groupmode = groups_get_activity_groupmode($cm, $course);
if ($groupmode == SEPARATEGROUPS) {
if (!groups_is_member($discussion->groupid) and !has_capability('moodle/site:accessallgroups', $context)) {
return false;
}
}
}
// Make sure we're allowed to see it...
if (!forum_user_can_see_post($forum, $discussion, $post, NULL, $cm)) {
return false;
}
// finally send the file
send_stored_file($file, 0, 0, true, $options); // download MUST be forced - security!
}
* */
require_once "../../config.php";
require_once "locallib.php";
require_once 'importexcel_form.php';
$id = required_param('id', PARAM_INT);
// Course Module ID
$url = new moodle_url('/mod/booking/importexcel.php', array('id' => $id));
$urlRedirect = new moodle_url('/mod/booking/view.php', array('id' => $id));
$PAGE->set_url($url);
if (!($cm = get_coursemodule_from_id('booking', $id))) {
print_error("Course Module ID was incorrect");
}
if (!($course = $DB->get_record("course", array("id" => $cm->course)))) {
print_error('coursemisconf');
}
require_course_login($course, false, $cm);
$groupmode = groups_get_activity_groupmode($cm);
if (!($booking = booking_get_booking($cm, ''))) {
error("Course module is incorrect");
}
if (!($context = context_module::instance($cm->id))) {
print_error('badcontext');
}
require_capability('mod/booking:updatebooking', $context);
$PAGE->navbar->add(get_string("importexceltitle", "booking"));
$PAGE->set_title(format_string($booking->name));
$PAGE->set_heading($course->fullname);
$PAGE->set_pagelayout('standard');
$mform = new importexcel_form($url);
//Form processing and displaying is done here
if ($mform->is_cancelled()) {
$url = new moodle_url('/calendar/managesubscriptions.php');
if ($courseid != SITEID) {
$url->param('course', $courseid);
}
navigation_node::override_active_url(new moodle_url('/calendar/view.php', array('view' => 'month')));
$PAGE->set_url($url);
$PAGE->set_pagelayout('standard');
$PAGE->navbar->add(get_string('managesubscriptions', 'calendar'));
if ($courseid != SITEID && !empty($courseid)) {
$course = $DB->get_record('course', array('id' => $courseid));
$courses = array($course->id => $course);
} else {
$course = get_site();
$courses = calendar_get_default_courses();
}
require_course_login($course);
if (!calendar_user_can_add_event($course)) {
print_error('errorcannotimport', 'calendar');
}
$form = new calendar_addsubscription_form(null);
$form->set_data(array('course' => $course->id));
$importresults = '';
$formdata = $form->get_data();
if (!empty($formdata)) {
require_sesskey();
// Must have sesskey for all actions.
$subscriptionid = calendar_add_subscription($formdata);
if ($formdata->importfrom == CALENDAR_IMPORT_FROM_FILE) {
// Blank the URL if it's a file import.
$formdata->url = '';
$calendar = $form->get_file_content('importfile');
/**
* Serves the questionnaire attachments. Implements needed access control ;-)
*
* @param object $course
* @param object $cm
* @param object $context
* @param string $filearea
* @param array $args
* @param bool $forcedownload
* @return bool false if file not found, does not return if found - justsend the file
*/
function questionnaire_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload)
{
global $DB;
if ($context->contextlevel != CONTEXT_MODULE) {
return false;
}
require_course_login($course, true, $cm);
$fileareas = array('intro', 'info', 'thankbody', 'question');
if (!in_array($filearea, $fileareas)) {
return false;
}
$componentid = (int) array_shift($args);
if ($filearea != 'question') {
if (!($survey = $DB->get_record('questionnaire_survey', array('id' => $componentid)))) {
return false;
}
} else {
if (!($question = $DB->get_record('questionnaire_question', array('id' => $componentid)))) {
return false;
}
}
if (!($questionnaire = $DB->get_record('questionnaire', array('id' => $cm->instance)))) {
return false;
}
$fs = get_file_storage();
$relativepath = implode('/', $args);
$fullpath = "/{$context->id}/mod_questionnaire/{$filearea}/{$componentid}/{$relativepath}";
if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) {
return false;
}
// Finally send the file.
send_stored_file($file, 0, 0, true);
// Download MUST be forced - security!
}
/**
* Serves the files from the content file areas
*
* @package mod_content
* @category files
*
* @param stdClass $course the course object
* @param stdClass $cm the course module object
* @param stdClass $context the content's context
* @param string $filearea the name of the file area
* @param array $args extra arguments (itemid, path)
* @param bool $forcedownload whether or not force download
* @param array $options additional options affecting the file serving
*/
function content_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload, array $options = array())
{
global $CFG, $DB;
if ($context->contextlevel != CONTEXT_MODULE) {
return false;
}
require_course_login($course, true, $cm);
$itemid = 0;
switch ($filearea) {
case 'page':
case 'bgpage':
$pageid = (int) array_shift($args);
$itemid = $pageid;
if (!($page = $DB->get_record('content_pages', array('id' => $pageid)))) {
return false;
}
break;
case 'content':
$itemid = 0;
break;
default:
return false;
break;
}
if (!($content = $DB->get_record('content', array('id' => $cm->instance)))) {
return false;
}
$relativepath = implode('/', $args);
$fullpath = "/{$context->id}/mod_content/{$filearea}/{$itemid}/{$relativepath}";
$fs = get_file_storage();
if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) {
return false;
}
// Nasty hack because we do not have fSile revisions in content yet.
$lifetime = $CFG->filelifetime;
if ($lifetime > 60 * 10) {
$lifetime = 60 * 10;
}
send_stored_file($file, 0, 0, true, $options);
// download MUST be forced - security!
// finally send the file
return false;
}
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* This page lists all the instances of book in a particular course
*
* @package mod_book
* @copyright 2004-2011 Petr Skoda {@link http://skodak.org}
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
require dirname(__FILE__) . '/../../config.php';
require_once dirname(__FILE__) . '/locallib.php';
$id = required_param('id', PARAM_INT);
// Course ID.
$course = $DB->get_record('course', array('id' => $id), '*', MUST_EXIST);
unset($id);
require_course_login($course, true);
$PAGE->set_pagelayout('incourse');
// Get all required strings
$strbooks = get_string('modulenameplural', 'mod_book');
$strbook = get_string('modulename', 'mod_book');
$strname = get_string('name');
$strintro = get_string('moduleintro');
$strlastmodified = get_string('lastmodified');
$PAGE->set_url('/mod/book/index.php', array('id' => $course->id));
$PAGE->set_title($course->shortname . ': ' . $strbooks);
$PAGE->set_heading($course->fullname);
$PAGE->navbar->add($strbooks);
echo $OUTPUT->header();
\mod_book\event\course_module_instance_list_viewed::create_from_course($course)->trigger();
// Get all the appropriate data
if (!($books = get_all_instances_in_course('book', $course))) {
/**
* This function delegates file serving to individual plugins
*
* @param string $relativepath
* @param bool $forcedownload
* @param null|string $preview the preview mode, defaults to serving the original file
* @todo MDL-31088 file serving improments
*/
function file_pluginfile($relativepath, $forcedownload, $preview = null)
{
global $DB, $CFG, $USER;
// relative path must start with '/'
if (!$relativepath) {
print_error('invalidargorconf');
} else {
if ($relativepath[0] != '/') {
print_error('pathdoesnotstartslash');
}
}
// extract relative path components
$args = explode('/', ltrim($relativepath, '/'));
if (count($args) < 3) {
// always at least context, component and filearea
print_error('invalidarguments');
}
$contextid = (int) array_shift($args);
$component = clean_param(array_shift($args), PARAM_COMPONENT);
$filearea = clean_param(array_shift($args), PARAM_AREA);
list($context, $course, $cm) = get_context_info_array($contextid);
$fs = get_file_storage();
// ========================================================================================================================
if ($component === 'blog') {
// Blog file serving
if ($context->contextlevel != CONTEXT_SYSTEM) {
send_file_not_found();
}
if ($filearea !== 'attachment' and $filearea !== 'post') {
send_file_not_found();
}
if (empty($CFG->enableblogs)) {
print_error('siteblogdisable', 'blog');
}
$entryid = (int) array_shift($args);
if (!($entry = $DB->get_record('post', array('module' => 'blog', 'id' => $entryid)))) {
send_file_not_found();
}
if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) {
require_login();
if (isguestuser()) {
print_error('noguest');
}
if ($CFG->bloglevel == BLOG_USER_LEVEL) {
if ($USER->id != $entry->userid) {
send_file_not_found();
}
}
}
if ($entry->publishstate === 'public') {
if ($CFG->forcelogin) {
require_login();
}
} else {
if ($entry->publishstate === 'site') {
require_login();
//ok
} else {
if ($entry->publishstate === 'draft') {
require_login();
if ($USER->id != $entry->userid) {
send_file_not_found();
}
}
}
}
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, $component, $filearea, $entryid, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
send_stored_file($file, 10 * 60, 0, true, array('preview' => $preview));
// download MUST be forced - security!
// ========================================================================================================================
} else {
if ($component === 'grade') {
if (($filearea === 'outcome' or $filearea === 'scale') and $context->contextlevel == CONTEXT_SYSTEM) {
// Global gradebook files
if ($CFG->forcelogin) {
require_login();
}
$fullpath = "/{$context->id}/{$component}/{$filearea}/" . implode('/', $args);
if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview));
} else {
if ($filearea === 'feedback' and $context->contextlevel == CONTEXT_COURSE) {
//TODO: nobody implemented this yet in grade edit form!!
send_file_not_found();
if ($CFG->forcelogin || $course->id != SITEID) {
require_login($course);
}
$fullpath = "/{$context->id}/{$component}/{$filearea}/" . implode('/', $args);
if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview));
} else {
send_file_not_found();
}
}
// ========================================================================================================================
} else {
if ($component === 'tag') {
if ($filearea === 'description' and $context->contextlevel == CONTEXT_SYSTEM) {
// All tag descriptions are going to be public but we still need to respect forcelogin
if ($CFG->forcelogin) {
require_login();
}
$fullpath = "/{$context->id}/tag/description/" . implode('/', $args);
if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 60 * 60, 0, true, array('preview' => $preview));
} else {
send_file_not_found();
}
// ========================================================================================================================
} else {
if ($component === 'badges') {
require_once $CFG->libdir . '/badgeslib.php';
$badgeid = (int) array_shift($args);
$badge = new badge($badgeid);
$filename = array_pop($args);
if ($filearea === 'badgeimage') {
if ($filename !== 'f1' && $filename !== 'f2') {
send_file_not_found();
}
if (!($file = $fs->get_file($context->id, 'badges', 'badgeimage', $badge->id, '/', $filename . '.png'))) {
send_file_not_found();
}
\core\session\manager::write_close();
send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview));
} else {
if ($filearea === 'userbadge' and $context->contextlevel == CONTEXT_USER) {
if (!($file = $fs->get_file($context->id, 'badges', 'userbadge', $badge->id, '/', $filename . '.png'))) {
send_file_not_found();
}
\core\session\manager::write_close();
send_stored_file($file, 60 * 60, 0, true, array('preview' => $preview));
}
}
// ========================================================================================================================
} else {
if ($component === 'calendar') {
if ($filearea === 'event_description' and $context->contextlevel == CONTEXT_SYSTEM) {
// All events here are public the one requirement is that we respect forcelogin
if ($CFG->forcelogin) {
require_login();
}
// Get the event if from the args array
$eventid = array_shift($args);
// Load the event from the database
if (!($event = $DB->get_record('event', array('id' => (int) $eventid, 'eventtype' => 'site')))) {
send_file_not_found();
}
// Get the file and serve if successful
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, $component, $filearea, $eventid, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview));
} else {
if ($filearea === 'event_description' and $context->contextlevel == CONTEXT_USER) {
// Must be logged in, if they are not then they obviously can't be this user
require_login();
// Don't want guests here, potentially saves a DB call
if (isguestuser()) {
send_file_not_found();
}
// Get the event if from the args array
$eventid = array_shift($args);
// Load the event from the database - user id must match
if (!($event = $DB->get_record('event', array('id' => (int) $eventid, 'userid' => $USER->id, 'eventtype' => 'user')))) {
send_file_not_found();
}
// Get the file and serve if successful
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, $component, $filearea, $eventid, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 0, 0, true, array('preview' => $preview));
} else {
if ($filearea === 'event_description' and $context->contextlevel == CONTEXT_COURSE) {
// Respect forcelogin and require login unless this is the site.... it probably
// should NEVER be the site
if ($CFG->forcelogin || $course->id != SITEID) {
require_login($course);
}
// Must be able to at least view the course. This does not apply to the front page.
if ($course->id != SITEID && !is_enrolled($context) && !is_viewing($context)) {
//TODO: hmm, do we really want to block guests here?
send_file_not_found();
}
// Get the event id
$eventid = array_shift($args);
// Load the event from the database we need to check whether it is
// a) valid course event
// b) a group event
// Group events use the course context (there is no group context)
if (!($event = $DB->get_record('event', array('id' => (int) $eventid, 'courseid' => $course->id)))) {
send_file_not_found();
}
// If its a group event require either membership of view all groups capability
if ($event->eventtype === 'group') {
if (!has_capability('moodle/site:accessallgroups', $context) && !groups_is_member($event->groupid, $USER->id)) {
send_file_not_found();
}
} else {
if ($event->eventtype === 'course' || $event->eventtype === 'site') {
// Ok. Please note that the event type 'site' still uses a course context.
} else {
// Some other type.
send_file_not_found();
}
}
// If we get this far we can serve the file
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, $component, $filearea, $eventid, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview));
} else {
send_file_not_found();
}
}
}
// ========================================================================================================================
} else {
if ($component === 'user') {
if ($filearea === 'icon' and $context->contextlevel == CONTEXT_USER) {
if (count($args) == 1) {
$themename = theme_config::DEFAULT_THEME;
$filename = array_shift($args);
} else {
$themename = array_shift($args);
$filename = array_shift($args);
}
// fix file name automatically
if ($filename !== 'f1' and $filename !== 'f2' and $filename !== 'f3') {
$filename = 'f1';
}
if ((!empty($CFG->forcelogin) and !isloggedin()) || !empty($CFG->forceloginforprofileimage) && (!isloggedin() || isguestuser())) {
// protect images if login required and not logged in;
// also if login is required for profile images and is not logged in or guest
// do not use require_login() because it is expensive and not suitable here anyway
$theme = theme_config::load($themename);
redirect($theme->pix_url('u/' . $filename, 'moodle'));
// intentionally not cached
}
if (!($file = $fs->get_file($context->id, 'user', 'icon', 0, '/', $filename . '.png'))) {
if (!($file = $fs->get_file($context->id, 'user', 'icon', 0, '/', $filename . '.jpg'))) {
if ($filename === 'f3') {
// f3 512x512px was introduced in 2.3, there might be only the smaller version.
if (!($file = $fs->get_file($context->id, 'user', 'icon', 0, '/', 'f1.png'))) {
$file = $fs->get_file($context->id, 'user', 'icon', 0, '/', 'f1.jpg');
}
}
}
}
if (!$file) {
// bad reference - try to prevent future retries as hard as possible!
if ($user = $DB->get_record('user', array('id' => $context->instanceid), 'id, picture')) {
if ($user->picture > 0) {
$DB->set_field('user', 'picture', 0, array('id' => $user->id));
}
}
// no redirect here because it is not cached
$theme = theme_config::load($themename);
$imagefile = $theme->resolve_image_location('u/' . $filename, 'moodle', null);
send_file($imagefile, basename($imagefile), 60 * 60 * 24 * 14);
}
$options = array('preview' => $preview);
if (empty($CFG->forcelogin) && empty($CFG->forceloginforprofileimage)) {
// Profile images should be cache-able by both browsers and proxies according
// to $CFG->forcelogin and $CFG->forceloginforprofileimage.
$options['cacheability'] = 'public';
}
send_stored_file($file, 60 * 60 * 24 * 365, 0, false, $options);
// enable long caching, there are many images on each page
} else {
if ($filearea === 'private' and $context->contextlevel == CONTEXT_USER) {
require_login();
if (isguestuser()) {
send_file_not_found();
}
if ($USER->id !== $context->instanceid) {
send_file_not_found();
}
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, $component, $filearea, 0, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 0, 0, true, array('preview' => $preview));
// must force download - security!
} else {
if ($filearea === 'profile' and $context->contextlevel == CONTEXT_USER) {
if ($CFG->forcelogin) {
require_login();
}
$userid = $context->instanceid;
if ($USER->id == $userid) {
// always can access own
} else {
if (!empty($CFG->forceloginforprofiles)) {
require_login();
if (isguestuser()) {
send_file_not_found();
}
// we allow access to site profile of all course contacts (usually teachers)
if (!has_coursecontact_role($userid) && !has_capability('moodle/user:viewdetails', $context)) {
send_file_not_found();
}
$canview = false;
if (has_capability('moodle/user:viewdetails', $context)) {
$canview = true;
} else {
$courses = enrol_get_my_courses();
}
while (!$canview && count($courses) > 0) {
$course = array_shift($courses);
if (has_capability('moodle/user:viewdetails', context_course::instance($course->id))) {
$canview = true;
}
}
}
}
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, $component, $filearea, 0, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 0, 0, true, array('preview' => $preview));
// must force download - security!
} else {
if ($filearea === 'profile' and $context->contextlevel == CONTEXT_COURSE) {
$userid = (int) array_shift($args);
$usercontext = context_user::instance($userid);
if ($CFG->forcelogin) {
require_login();
}
if (!empty($CFG->forceloginforprofiles)) {
require_login();
if (isguestuser()) {
print_error('noguest');
}
//TODO: review this logic of user profile access prevention
if (!has_coursecontact_role($userid) and !has_capability('moodle/user:viewdetails', $usercontext)) {
print_error('usernotavailable');
}
if (!has_capability('moodle/user:viewdetails', $context) && !has_capability('moodle/user:viewdetails', $usercontext)) {
print_error('cannotviewprofile');
}
if (!is_enrolled($context, $userid)) {
print_error('notenrolledprofile');
}
if (groups_get_course_groupmode($course) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) {
print_error('groupnotamember');
}
}
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($usercontext->id, 'user', 'profile', 0, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 0, 0, true, array('preview' => $preview));
// must force download - security!
} else {
if ($filearea === 'backup' and $context->contextlevel == CONTEXT_USER) {
require_login();
if (isguestuser()) {
send_file_not_found();
}
$userid = $context->instanceid;
if ($USER->id != $userid) {
send_file_not_found();
}
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, 'user', 'backup', 0, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 0, 0, true, array('preview' => $preview));
// must force download - security!
} else {
send_file_not_found();
}
}
}
}
}
// ========================================================================================================================
} else {
if ($component === 'coursecat') {
if ($context->contextlevel != CONTEXT_COURSECAT) {
send_file_not_found();
}
if ($filearea === 'description') {
if ($CFG->forcelogin) {
// no login necessary - unless login forced everywhere
require_login();
}
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, 'coursecat', 'description', 0, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview));
} else {
send_file_not_found();
}
// ========================================================================================================================
} else {
if ($component === 'course') {
if ($context->contextlevel != CONTEXT_COURSE) {
send_file_not_found();
}
if ($filearea === 'summary' || $filearea === 'overviewfiles') {
if ($CFG->forcelogin) {
require_login();
}
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, 'course', $filearea, 0, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview));
} else {
if ($filearea === 'section') {
if ($CFG->forcelogin) {
require_login($course);
} else {
if ($course->id != SITEID) {
require_login($course);
}
}
$sectionid = (int) array_shift($args);
if (!($section = $DB->get_record('course_sections', array('id' => $sectionid, 'course' => $course->id)))) {
send_file_not_found();
}
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, 'course', 'section', $sectionid, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview));
} else {
send_file_not_found();
}
}
} else {
if ($component === 'cohort') {
$cohortid = (int) array_shift($args);
$cohort = $DB->get_record('cohort', array('id' => $cohortid), '*', MUST_EXIST);
$cohortcontext = context::instance_by_id($cohort->contextid);
// The context in the file URL must be either cohort context or context of the course underneath the cohort's context.
if ($context->id != $cohort->contextid && ($context->contextlevel != CONTEXT_COURSE || !in_array($cohort->contextid, $context->get_parent_context_ids()))) {
send_file_not_found();
}
// User is able to access cohort if they have view cap on cohort level or
// the cohort is visible and they have view cap on course level.
$canview = has_capability('moodle/cohort:view', $cohortcontext) || $cohort->visible && has_capability('moodle/cohort:view', $context);
if ($filearea === 'description' && $canview) {
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (($file = $fs->get_file($cohortcontext->id, 'cohort', 'description', $cohort->id, $filepath, $filename)) && !$file->is_directory()) {
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview));
}
}
send_file_not_found();
} else {
if ($component === 'group') {
if ($context->contextlevel != CONTEXT_COURSE) {
send_file_not_found();
}
require_course_login($course, true, null, false);
$groupid = (int) array_shift($args);
$group = $DB->get_record('groups', array('id' => $groupid, 'courseid' => $course->id), '*', MUST_EXIST);
if ($course->groupmodeforce and $course->groupmode == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context) and !groups_is_member($group->id, $USER->id)) {
// do not allow access to separate group info if not member or teacher
send_file_not_found();
}
if ($filearea === 'description') {
require_login($course);
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, 'group', 'description', $group->id, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview));
} else {
if ($filearea === 'icon') {
$filename = array_pop($args);
if ($filename !== 'f1' and $filename !== 'f2') {
send_file_not_found();
}
if (!($file = $fs->get_file($context->id, 'group', 'icon', $group->id, '/', $filename . '.png'))) {
if (!($file = $fs->get_file($context->id, 'group', 'icon', $group->id, '/', $filename . '.jpg'))) {
send_file_not_found();
}
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 60 * 60, 0, false, array('preview' => $preview));
} else {
send_file_not_found();
}
}
} else {
if ($component === 'grouping') {
if ($context->contextlevel != CONTEXT_COURSE) {
send_file_not_found();
}
require_login($course);
$groupingid = (int) array_shift($args);
// note: everybody has access to grouping desc images for now
if ($filearea === 'description') {
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, 'grouping', 'description', $groupingid, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview));
} else {
send_file_not_found();
}
// ========================================================================================================================
} else {
if ($component === 'backup') {
if ($filearea === 'course' and $context->contextlevel == CONTEXT_COURSE) {
require_login($course);
require_capability('moodle/backup:downloadfile', $context);
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, 'backup', 'course', 0, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 0, 0, $forcedownload, array('preview' => $preview));
} else {
if ($filearea === 'section' and $context->contextlevel == CONTEXT_COURSE) {
require_login($course);
require_capability('moodle/backup:downloadfile', $context);
$sectionid = (int) array_shift($args);
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, 'backup', 'section', $sectionid, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview));
} else {
if ($filearea === 'activity' and $context->contextlevel == CONTEXT_MODULE) {
require_login($course, false, $cm);
require_capability('moodle/backup:downloadfile', $context);
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, 'backup', 'activity', 0, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview));
} else {
if ($filearea === 'automated' and $context->contextlevel == CONTEXT_COURSE) {
// Backup files that were generated by the automated backup systems.
require_login($course);
require_capability('moodle/site:config', $context);
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, 'backup', 'automated', 0, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 0, 0, $forcedownload, array('preview' => $preview));
} else {
send_file_not_found();
}
}
}
}
// ========================================================================================================================
} else {
if ($component === 'question') {
require_once $CFG->libdir . '/questionlib.php';
question_pluginfile($course, $context, 'question', $filearea, $args, $forcedownload);
send_file_not_found();
// ========================================================================================================================
} else {
if ($component === 'grading') {
if ($filearea === 'description') {
// files embedded into the form definition description
if ($context->contextlevel == CONTEXT_SYSTEM) {
require_login();
} else {
if ($context->contextlevel >= CONTEXT_COURSE) {
require_login($course, false, $cm);
} else {
send_file_not_found();
}
}
$formid = (int) array_shift($args);
$sql = "SELECT ga.id\n FROM {grading_areas} ga\n JOIN {grading_definitions} gd ON (gd.areaid = ga.id)\n WHERE gd.id = ? AND ga.contextid = ?";
$areaid = $DB->get_field_sql($sql, array($formid, $context->id), IGNORE_MISSING);
if (!$areaid) {
send_file_not_found();
}
$fullpath = "/{$context->id}/{$component}/{$filearea}/{$formid}/" . implode('/', $args);
if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) {
send_file_not_found();
}
\core\session\manager::write_close();
// Unlock session during file serving.
send_stored_file($file, 60 * 60, 0, $forcedownload, array('preview' => $preview));
}
// ========================================================================================================================
} else {
if (strpos($component, 'mod_') === 0) {
$modname = substr($component, 4);
if (!file_exists("{$CFG->dirroot}/mod/{$modname}/lib.php")) {
send_file_not_found();
}
require_once "{$CFG->dirroot}/mod/{$modname}/lib.php";
if ($context->contextlevel == CONTEXT_MODULE) {
if ($cm->modname !== $modname) {
// somebody tries to gain illegal access, cm type must match the component!
send_file_not_found();
}
}
if ($filearea === 'intro') {
if (!plugin_supports('mod', $modname, FEATURE_MOD_INTRO, true)) {
send_file_not_found();
}
require_course_login($course, true, $cm);
// all users may access it
$filename = array_pop($args);
$filepath = $args ? '/' . implode('/', $args) . '/' : '/';
if (!($file = $fs->get_file($context->id, 'mod_' . $modname, 'intro', 0, $filepath, $filename)) or $file->is_directory()) {
send_file_not_found();
}
// finally send the file
send_stored_file($file, null, 0, false, array('preview' => $preview));
}
$filefunction = $component . '_pluginfile';
$filefunctionold = $modname . '_pluginfile';
if (function_exists($filefunction)) {
// if the function exists, it must send the file and terminate. Whatever it returns leads to "not found"
$filefunction($course, $cm, $context, $filearea, $args, $forcedownload, array('preview' => $preview));
} else {
if (function_exists($filefunctionold)) {
// if the function exists, it must send the file and terminate. Whatever it returns leads to "not found"
$filefunctionold($course, $cm, $context, $filearea, $args, $forcedownload, array('preview' => $preview));
}
}
send_file_not_found();
// ========================================================================================================================
} else {
if (strpos($component, 'block_') === 0) {
$blockname = substr($component, 6);
// note: no more class methods in blocks please, that is ....
if (!file_exists("{$CFG->dirroot}/blocks/{$blockname}/lib.php")) {
send_file_not_found();
}
require_once "{$CFG->dirroot}/blocks/{$blockname}/lib.php";
if ($context->contextlevel == CONTEXT_BLOCK) {
$birecord = $DB->get_record('block_instances', array('id' => $context->instanceid), '*', MUST_EXIST);
if ($birecord->blockname !== $blockname) {
// somebody tries to gain illegal access, cm type must match the component!
send_file_not_found();
}
if ($context->get_course_context(false)) {
// If block is in course context, then check if user has capability to access course.
require_course_login($course);
} else {
if ($CFG->forcelogin) {
// If user is logged out, bp record will not be visible, even if the user would have access if logged in.
require_login();
}
}
$bprecord = $DB->get_record('block_positions', array('contextid' => $context->id, 'blockinstanceid' => $context->instanceid));
// User can't access file, if block is hidden or doesn't have block:view capability
if ($bprecord && !$bprecord->visible || !has_capability('moodle/block:view', $context)) {
send_file_not_found();
}
} else {
$birecord = null;
}
$filefunction = $component . '_pluginfile';
if (function_exists($filefunction)) {
// if the function exists, it must send the file and terminate. Whatever it returns leads to "not found"
$filefunction($course, $birecord, $context, $filearea, $args, $forcedownload, array('preview' => $preview));
}
send_file_not_found();
// ========================================================================================================================
} else {
if (strpos($component, '_') === false) {
// all core subsystems have to be specified above, no more guessing here!
send_file_not_found();
} else {
// try to serve general plugin file in arbitrary context
$dir = core_component::get_component_directory($component);
if (!file_exists("{$dir}/lib.php")) {
send_file_not_found();
}
include_once "{$dir}/lib.php";
$filefunction = $component . '_pluginfile';
if (function_exists($filefunction)) {
// if the function exists, it must send the file and terminate. Whatever it returns leads to "not found"
$filefunction($course, $cm, $context, $filearea, $args, $forcedownload, array('preview' => $preview));
}
send_file_not_found();
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
if ($cm = get_coursemodule_from_instance("forum", $forum->id, $course->id)) {
$buttontext = update_module_button($cm->id, $course->id, $strforum);
} else {
$cm->id = 0;
$cm->visible = 1;
$cm->course = $course->id;
$buttontext = "";
}
} else {
error('Must specify a course module or a forum ID');
}
}
if (!$buttontext) {
$buttontext = forum_search_form($course, $search);
}
require_course_login($course, true, $cm);
$context = get_context_instance(CONTEXT_MODULE, $cm->id);
/// Print header.
$navigation = build_navigation('', $cm);
print_header_simple(format_string($forum->name), "", $navigation, "", "", true, $buttontext, user_login_string($course) . '<hr style="width:95%">' . navmenu($course, $cm));
/// Some capability checks.
if (empty($cm->visible) and !has_capability('moodle/course:viewhiddenactivities', $context)) {
notice(get_string("activityiscurrentlyhidden"));
}
if (!has_capability('mod/forum:viewdiscussion', $context)) {
notice(get_string('noviewdiscussionspermission', 'forum'));
}
/// find out current groups mode
groups_print_activity_menu($cm, 'view.php?id=' . $cm->id);
$currentgroup = groups_get_activity_group($cm);
$groupmode = groups_get_activity_groupmode($cm);
/**
* Serves the facetoface and sessions details.
*
* @param stdClass $course course object
* @param cm_info $cm course module object
* @param context $context context object
* @param string $filearea file area
* @param array $args extra arguments
* @param bool $forcedownload whether or not force download
* @param array $options additional options affecting the file serving
* @return bool false if file not found, does not return if found - just send the file
*/
function facetoface_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload, array $options=array()) {
global $DB;
if ($context->contextlevel != CONTEXT_MODULE) {
return false;
}
require_course_login($course, true, $cm);
if ($filearea !== 'session') {
return false;
}
$sessionid = (int)array_shift($args);
if (!$session = $DB->get_record('facetoface_sessions', array('id' => $sessionid))) {
return false;
}
if (!$facetoface = $DB->get_record('facetoface', array('id' => $cm->instance))) {
return false;
}
$fs = get_file_storage();
$relativepath = implode('/', $args);
$fullpath = "/$context->id/mod_facetoface/$filearea/$sessionid/$relativepath";
if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) {
return false;
}
// finally send the file
send_stored_file($file, 360, 0, $forcedownload, $options);
}
