/** * Serves assignment feedback and other files. * * @param mixed $course course or id of the course * @param mixed $cm course module or id of the course module * @param context $context * @param string $filearea * @param array $args * @param bool $forcedownload * @return bool false if file not found, does not return if found - just send the file */ function assignfeedback_editpdf_pluginfile($course, $cm, context $context, $filearea, $args, $forcedownload) { global $USER, $DB, $CFG; if ($context->contextlevel == CONTEXT_MODULE) { require_login($course, false, $cm); $itemid = (int) array_shift($args); if (!($assign = $DB->get_record('assign', array('id' => $cm->instance)))) { return false; } $record = $DB->get_record('assign_grades', array('id' => $itemid), 'userid,assignment', MUST_EXIST); $userid = $record->userid; if ($assign->id != $record->assignment) { return false; } // Check is users feedback or has grading permission. if ($USER->id != $userid and !has_capability('mod/assign:grade', $context)) { return false; } $relativepath = implode('/', $args); $fullpath = "/{$context->id}/assignfeedback_editpdf/{$filearea}/{$itemid}/{$relativepath}"; $fs = get_file_storage(); if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) { return false; } // Download MUST be forced - security! send_stored_file($file, 0, 0, true); // Check if we want to retrieve the stamps. } }
/** * Get course/cm/zoom objects from url parameters, and check for login/permissions. * * @return array Array of ($course, $cm, $zoom) */ function zoom_get_instance_setup() { global $DB; $id = optional_param('id', 0, PARAM_INT); // Course_module ID, or $n = optional_param('n', 0, PARAM_INT); // ... zoom instance ID - it should be named as the first character of the module. if ($id) { $cm = get_coursemodule_from_id('zoom', $id, 0, false, MUST_EXIST); $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST); $zoom = $DB->get_record('zoom', array('id' => $cm->instance), '*', MUST_EXIST); } else { if ($n) { $zoom = $DB->get_record('zoom', array('id' => $n), '*', MUST_EXIST); $course = $DB->get_record('course', array('id' => $zoom->course), '*', MUST_EXIST); $cm = get_coursemodule_from_instance('zoom', $zoom->id, $course->id, false, MUST_EXIST); } else { print_error('You must specify a course_module ID or an instance ID'); } } require_login($course, true, $cm); $context = context_module::instance($cm->id); require_capability('mod/zoom:view', $context); return array($course, $cm, $zoom); }
protected function __construct($course_id, $section_i) { global $CFG, $DB; $this->debug = new SharingCart_DebugTrace(); $this->debug->trace(); $this->execute_succeeded = FALSE; require_login($course_id); // 権限チェック $this->requireCapabilities($course_id); $this->debug->trace('Capabilities - OK'); // 必要な関数が使用可能かチェック backup_required_functions(); // このタイミングで各モジュールのテーブルをアップグレード $return_to = $_SERVER['REQUEST_URI']; // upgrade_backup_db($return_to); // 設定オブジェクトを生成 $this->prefs =& $this->createPreferences(); // ユニーク値をセット (Moodleコアはここにtime()が入っているのを期待しているのでそれに従う) $this->prefs->backup_unique_code = time(); // コースを取得 $this->course = $DB->get_record('course', array('id' => $course_id)); if (!$this->course) { throw new SharingCart_CourseException('Invalid course'); } // セクションを取得 $this->section = $DB->get_record('course_sections', array('course' => $course_id, 'section' => $section_i)); if (!$this->section) { throw new SharingCart_SectionException('Invalid section'); } }
/** * Controller setup * * Get $cm and $instance and perform * proper call to require_login() * * @return void * @see $cm, $instance * @throws coding_exception */ public function setup() { global $DB, $COURSE, $PAGE; // Course module ID or module instance ID $id = optional_param('id', 0, PARAM_INT); $a = optional_param('a', 0, PARAM_INT); // Get required course module record if ($id) { $this->cm = get_coursemodule_from_id($this->component, $id, 0, false, MUST_EXIST); } else { if ($a) { $this->cm = get_coursemodule_from_instance($this->component, $a, 0, false, MUST_EXIST); } else { throw new coding_exception('No Course Module or Instance ID was passed'); } } // Get the module instance $this->instance = $DB->get_record($this->component, array('id' => $this->cm->instance), '*', MUST_EXIST); require_login($this->cm->course, true, $this->cm); $PAGE->set_title(format_string($this->instance->name)); $PAGE->set_heading(format_string($COURSE->fullname)); $PAGE->set_activity_record($this->instance); $PAGE->set_context($this->get_context()); $PAGE->set_url($this->new_url(array('action' => $this->action))); $this->heading->text = format_string($this->instance->name); }
/** * Serves assignment submissions and other files. * * @param mixed $course course or id of the course * @param mixed $cm course module or id of the course module * @param context $context * @param string $filearea * @param array $args * @param bool $forcedownload * @return bool false if file not found, does not return if found - just send the file */ function assignsubmission_onenote_pluginfile($course, $cm, context $context, $filearea, $args, $forcedownload) { global $DB, $CFG; if ($context->contextlevel != CONTEXT_MODULE) { return false; } require_login($course, false, $cm); $itemid = (int) array_shift($args); $record = $DB->get_record('assign_submission', array('id' => $itemid), 'userid, assignment, groupid', MUST_EXIST); $userid = $record->userid; $groupid = $record->groupid; require_once $CFG->dirroot . '/mod/assign/locallib.php'; $assign = new assign($context, $cm, $course); if ($assign->get_instance()->id != $record->assignment) { return false; } if ($assign->get_instance()->teamsubmission && !$assign->can_view_group_submission($groupid)) { return false; } if (!$assign->get_instance()->teamsubmission && !$assign->can_view_submission($userid)) { return false; } $relativepath = implode('/', $args); $fullpath = "/{$context->id}/assignsubmission_onenote/{$filearea}/{$itemid}/{$relativepath}"; $fs = get_file_storage(); if (!($file = $fs->get_file_by_hash(sha1($fullpath))) || $file->is_directory()) { return false; } // Download MUST be forced - security! send_stored_file($file, 0, 0, true); }
/** * Serves seplment feedback and other files. * * @param mixed $course course or id of the course * @param mixed $cm course module or id of the course module * @param context $context * @param string $filearea * @param array $args * @param bool $forcedownload * @return bool false if file not found, does not return if found - just send the file */ function seplfeedback_file_pluginfile($course, $cm, context $context, $filearea, $args, $forcedownload) { global $USER, $DB; if ($context->contextlevel != CONTEXT_MODULE) { return false; } require_login($course, false, $cm); $itemid = (int) array_shift($args); $record = $DB->get_record('sepl_grades', array('id' => $itemid), 'userid,seplment', MUST_EXIST); $userid = $record->userid; if (!($sepl = $DB->get_record('sepl', array('id' => $cm->instance)))) { return false; } if ($sepl->id != $record->seplment) { return false; } // Check is users feedback or has grading permission. if ($USER->id != $userid and !has_capability('mod/sepl:grade', $context)) { return false; } $relativepath = implode('/', $args); $fullpath = "/{$context->id}/seplfeedback_file/{$filearea}/{$itemid}/{$relativepath}"; $fs = get_file_storage(); if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) { return false; } // Download MUST be forced - security! send_stored_file($file, 0, 0, true); }
/** * This function checks for a user's access to a particular form/page. The main check * is requiring a user to be logged into a particular course. Optionally, it will check * for a capability and check the user's sesskey. * * @param string $capability Verify the user has this capability. * @param bool $checksesskey T/F indicating whether sesskey should be checked. * @return bool T/F indicating if access is permitted. * */ function blocks_skills_group_verify_access($capability = null, $checksesskey = false) { $courseid = required_param('courseid', PARAM_INT); try { require_login($courseid, false); } catch (Exception $e) { echo get_string('nologin', BLOCK_SG_LANG_TABLE); return false; } if ($capability != null) { if (!has_capability($capability, context_course::instance($courseid))) { echo get_string('noaccess', BLOCK_SG_LANG_TABLE); return false; } } try { if ($checksesskey != false) { if (!confirm_sesskey()) { echo get_string('badsesskey', BLOCK_SG_LANG_TABLE); return false; } } } catch (Exception $e) { echo get_string('badsesskey', BLOCK_SG_LANG_TABLE); return false; } return true; }
/** * Return guest enrolment instance information. * * @param int $instanceid instance id of guest enrolment plugin. * @return array warnings and instance information. * @since Moodle 3.1 */ public static function get_instance_info($instanceid) { global $DB; $params = self::validate_parameters(self::get_instance_info_parameters(), array('instanceid' => $instanceid)); $warnings = array(); // Retrieve guest enrolment plugin. $enrolplugin = enrol_get_plugin('guest'); if (empty($enrolplugin)) { throw new moodle_exception('invaliddata', 'error'); } require_login(null, false, null, false, true); $enrolinstance = $DB->get_record('enrol', array('id' => $params['instanceid']), '*', MUST_EXIST); $course = $DB->get_record('course', array('id' => $enrolinstance->courseid), '*', MUST_EXIST); $context = context_course::instance($course->id); if (!$course->visible and !has_capability('moodle/course:viewhiddencourses', $context)) { throw new moodle_exception('coursehidden'); } $instanceinfo = $enrolplugin->get_enrol_info($enrolinstance); // Specific instance information. $instanceinfo->passwordrequired = $instanceinfo->requiredparam->passwordrequired; unset($instanceinfo->requiredparam); $result = array(); $result['instanceinfo'] = $instanceinfo; $result['warnings'] = $warnings; return $result; }
function local_obu_application_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload, $options) { global $USER; // Check that the context is a 'user' one and that the filearea is valid if ($context->contextlevel != CONTEXT_USER || $filearea !== 'file') { return false; } // Make sure the user is logged in require_login(); $itemid = array_shift($args); // The first item in the $args array // Extract the filename / filepath from the $args array $filename = array_pop($args); // The last item in the $args array if (!$args) { $filepath = '/'; // $args is empty => the path is '/' } else { $filepath = '/' . implode('/', $args) . '/'; // $args contains elements of the filepath } // Retrieve the file from the pool $fs = get_file_storage(); $file = $fs->get_file($context->id, 'local_obu_application', $filearea, $itemid, $filepath, $filename); if (!$file) { return false; // The file does not exist! } // Check the capability if ($USER->id != $file->get_userid() && !has_capability('local/obu_application:manage', $context)) { return false; } // We can now send the file back to the browser send_stored_file($file, 86400, 0, $forcedownload, $options); }
/** * Return self-enrolment instance information. * * @param int $instanceid instance id of self enrolment plugin. * @return array instance information. * @throws moodle_exception */ public static function get_instance_info($instanceid) { global $DB, $CFG; require_once $CFG->libdir . '/enrollib.php'; $params = self::validate_parameters(self::get_instance_info_parameters(), array('instanceid' => $instanceid)); // Retrieve self enrolment plugin. $enrolplugin = enrol_get_plugin('self'); if (empty($enrolplugin)) { throw new moodle_exception('invaliddata', 'error'); } // Note that we can't use validate_context because the user is not enrolled in the course. require_login(null, false, null, false, true); $enrolinstance = $DB->get_record('enrol', array('id' => $params['instanceid']), '*', MUST_EXIST); $course = $DB->get_record('course', array('id' => $enrolinstance->courseid), '*', MUST_EXIST); $context = context_course::instance($course->id); if (!$course->visible and !has_capability('moodle/course:viewhiddencourses', $context)) { throw new moodle_exception('coursehidden'); } $instanceinfo = (array) $enrolplugin->get_enrol_info($enrolinstance); if (isset($instanceinfo['requiredparam']->enrolpassword)) { $instanceinfo['enrolpassword'] = $instanceinfo['requiredparam']->enrolpassword; } unset($instanceinfo->requiredparam); return $instanceinfo; }
function _ops_update() { require_login(); $msg = ''; $uid = max(0, intval($_POST['uid'])); $user = new User(); if ($uid) { $user->retrieve($uid); $user->merge($_POST); if (!$user->exists()) { $msg = 'User not found!'; } else { if ($user->update()) { $msg = 'User updated!'; } else { $msg = 'User update failed!'; } } } else { $user->merge($_POST); if ($user->create()) { $msg = 'User inserted!'; } else { $msg = 'User insert failed!'; } } redirect('users/manage', $msg); }
public function __construct() { parent::__construct(); require_login(true); $this->load->model('questions_model'); $this->load->model('courses_model'); }
/** * Server teamwork files * * @category files * @param stdClass $course course object * @param stdClass $cm course module object * @param stdClass $context context object * @param string $filearea file area * @param array $args extra arguments * @param bool $forcedownload whether or not force download * @param array $options additional options affecting the file serving * @return bool */ function teamworkform_rubric_pluginfile($course, $cm, $context, $filearea, array $args, $forcedownload, array $options = array()) { global $DB; if ($context->contextlevel != CONTEXT_MODULE) { return false; } require_login($course, true, $cm); if ($filearea !== 'description') { return false; } $itemid = (int) array_shift($args); // the id of the assessment form dimension if (!($teamwork = $DB->get_record('teamwork', array('id' => $cm->instance)))) { send_file_not_found(); } if (!($dimension = $DB->get_record('teamworkform_rubric', array('id' => $itemid, 'teamworkid' => $teamwork->id)))) { send_file_not_found(); } // TODO now make sure the user is allowed to see the file // (media embedded into the dimension description) $fs = get_file_storage(); $relativepath = implode('/', $args); $fullpath = "/{$context->id}/teamworkform_rubric/{$filearea}/{$itemid}/{$relativepath}"; if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) { return false; } // finally send the file send_stored_file($file, 0, 0, $forcedownload, $options); }
/** * set up the class for the view page * * @param string $baseurl the base url of the page */ public function setup_page($baseurl) { global $PAGE, $CFG, $DB; $this->pagevars = array(); $this->pageurl = new \moodle_url($baseurl); $this->pageurl->remove_all_params(); $id = optional_param('id', false, PARAM_INT); $quizid = optional_param('quizid', false, PARAM_INT); // get necessary records from the DB if ($id) { $cm = get_coursemodule_from_id('activequiz', $id, 0, false, MUST_EXIST); $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST); $quiz = $DB->get_record('activequiz', array('id' => $cm->instance), '*', MUST_EXIST); } else { $quiz = $DB->get_record('activequiz', array('id' => $quizid), '*', MUST_EXIST); $course = $DB->get_record('course', array('id' => $quiz->course), '*', MUST_EXIST); $cm = get_coursemodule_from_instance('activequiz', $quiz->id, $course->id, false, MUST_EXIST); } $this->get_parameters(); // get the rest of the parameters and set them in the class require_login($course->id, false, $cm); $this->pageurl->param('id', $cm->id); $this->pageurl->param('quizid', $quiz->id); $this->pageurl->param('action', $this->pagevars['action']); $this->pagevars['pageurl'] = $this->pageurl; $this->RTQ = new \mod_activequiz\activequiz($cm, $course, $quiz, $this->pagevars); $this->RTQ->require_capability('mod/activequiz:seeresponses'); // set up renderer $this->RTQ->get_renderer()->init($this->RTQ, $this->pageurl, $this->pagevars); $PAGE->set_pagelayout('incourse'); $PAGE->set_context($this->RTQ->getContext()); $PAGE->set_title(strip_tags($course->shortname . ': ' . get_string("modulename", "activequiz") . ': ' . format_string($quiz->name, true))); $PAGE->set_heading($course->fullname); $PAGE->set_url($this->pageurl); }
/** * Serves assignment submissions and other files. * * @param mixed $course course or id of the course * @param mixed $cm course module or id of the course module * @param context $context * @param string $filearea * @param array $args * @param bool $forcedownload * @return bool false if file not found, does not return if found - just send the file */ function assignsubmission_onlinepoodll_pluginfile($course, $cm, context $context, $filearea, $args, $forcedownload) { global $USER, $DB; if ($context->contextlevel != CONTEXT_MODULE) { return false; } require_login($course, false, $cm); $itemid = (int) array_shift($args); //back image is a special case if (!($itemid == 0 && ($filearea = "onlinepoodll_backimage"))) { $record = $DB->get_record('assign_submission', array('id' => $itemid), 'userid, assignment', MUST_EXIST); $userid = $record->userid; if (!($assign = $DB->get_record('assign', array('id' => $cm->instance)))) { return false; } if ($assign->id != $record->assignment) { return false; } // check is users submission or has grading permission if ($USER->id != $userid and !has_capability('mod/assign:grade', $context)) { return false; } } $relativepath = implode('/', $args); $fullpath = "/{$context->id}/assignsubmission_onlinepoodll/{$filearea}/{$itemid}/{$relativepath}"; $fs = get_file_storage(); if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) { return false; } send_stored_file($file, 0, 0, true); // download MUST be forced - security! }
function local_filemanager_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload, array $options = array()) { global $DB; if ($context->contextlevel != CONTEXT_SYSTEM) { return false; } require_login(); if ($filearea != 'attachment') { return false; } $itemid = (int) array_shift($args); if ($itemid != 0) { return false; } $fs = get_file_storage(); $filename = array_pop($args); if (empty($args)) { $filepath = '/'; } else { $filepath = '/' . implode('/', $args) . '/'; } $file = $fs->get_file($context->id, 'local_filemanager', $filearea, $itemid, $filepath, $filename); if (!$file) { return false; } // finally send the file send_stored_file($file, 0, 0, true, $options); // download MUST be forced - security! }
function workshopform_numerrors_pluginfile($course, $cm, $context, $filearea, array $args, $forcedownload) { global $DB; if ($context->contextlevel != CONTEXT_MODULE) { return false; } require_login($course, true, $cm); if ($filearea !== 'description') { return false; } $itemid = (int)array_shift($args); // the id of the assessment form dimension if (!$workshop = $DB->get_record('workshop', array('id' => $cm->instance))) { send_file_not_found(); } if (!$dimension = $DB->get_record('workshopform_numerrors', array('id' => $itemid ,'workshopid' => $workshop->id))) { send_file_not_found(); } // TODO now make sure the user is allowed to see the file // (media embedded into the dimension description) $fs = get_file_storage(); $relativepath = implode('/', $args); $fullpath = "/$context->id/workshopform_numerrors/$filearea/$itemid/$relativepath"; if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { return false; } // finally send the file send_stored_file($file); }
/** * This is function verifies that the user has basic access to this page. More detailed checks * may be performed later depending on the action. * * @param int $requesttype The type of the ajax request. * */ public function verify_access($requesttype) { // Whether or not to output JSON depends on the type of request (view mail just outputs directly). $outputjson = $requesttype == 'view' ? false : true; $this->courseid = required_param('courseid', PARAM_INT); // Require users to be logged in, but do not redirect to login page -> we'll tell the user manually. try { require_login($this->courseid, false, null, false, true); } catch (Exception $e) { if ($outputjson === true) { echo json_encode(array('result' => 'false', 'text' => get_string('mailnologin', BLOCK_CM_LANG_TABLE))); } else { echo '<p>' . get_string('mailnologin', BLOCK_CM_LANG_TABLE) . '</p>'; } return false; } if (!confirm_sesskey(required_param("sesskey", PARAM_TEXT))) { if ($outputjson === true) { echo json_encode(array('result' => 'false', 'text' => get_string('mailbadsesskey', BLOCK_CM_LANG_TABLE))); } else { echo '<p>' . get_string('mailbadsesskey', BLOCK_CM_LANG_TABLE) . '</p>'; } return false; } return true; }
function pages_by_name() { //First check to see if its a file if (empty($_GET['id'])) { $_GET['id'] = 'home'; } if (isset($_GET['arg1']) && $_GET['arg1'] != "") { $_GET['id'] = $_GET['id'] . "/" . $_GET['arg1']; //echo 'here'; } if (is_file('views/pages/' . $_GET['id'] . ".php")) { render('pages', $_GET['id']); } $pages = new Page(); $pages = $pages->find("WHERE name ='" . $_GET['id'] . "'"); if (empty($pages)) { $pages = new Page(); $pages = $pages->find("WHERE name ='" . str_replace(" ", "_", $_GET['id']) . "'"); } if (empty($pages)) { $pages = new Page(); header("HTTP/1.0 404 Not Found"); $pages = $pages->find("WHERE name='404'"); } $page = ""; global $page; $page = array_pop($pages); if ($page->protected) { require_login(); render(); } else { render(); } }
function atto_ejsapp_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload, array $options = array()) { // Make sure the user is logged in and has access to the module (plugins that are not course modules should leave out the 'cm' part). require_login($course, true, $cm); // Leave this line out if you set the itemid to null in make_pluginfile_url (set $itemid to 0 instead). $itemid = array_shift($args); // The first item in the $args array. // Use the itemid to retrieve any relevant data records and perform any security checks to see if the // user really does have access to the file in question. // Extract the filename / filepath from the $args array. $filename = array_pop($args); // The last item in the $args array. if (!$args) { $filepath = '/'; // $args is empty => the path is '/' } else { $filepath = '/' . implode('/', $args) . '/'; // $args contains elements of the filepath } // Retrieve the file from the Files API. $fs = get_file_storage(); $file = $fs->get_file($context->id, 'atto_ejsapp', $filearea, $itemid, $filepath, $filename); if (!$file) { return false; // The file does not exist. } // We can now send the file back to the browser - in this case with a cache lifetime of 1 day and no filtering. // From Moodle 2.3, use send_stored_file instead. send_stored_file($file, 86400, 0, $forcedownload, $options); }
protected function loadDefaults() { global $DB, $CFG; if (!($course = $DB->get_record('course', array('id' => $this->arguments[0])))) { print_error("invalidcourseid"); } require_login($course); $defaults = array('reset_events' => 1, 'reset_roles_local' => 1, 'reset_gradebook_grades' => 1, 'reset_notes' => 1); if ($allmods = $DB->get_records('modules')) { foreach ($allmods as $mod) { $modname = $mod->name; $modfile = $this->topDir . "/mod/{$modname}/lib.php"; $mod_reset_course_form_defaults = $modname . '_reset_course_form_defaults'; if (file_exists($modfile)) { //echo "$modfile\n"; include_once $modfile; if (function_exists($mod_reset_course_form_defaults)) { if ($moddefs = $mod_reset_course_form_defaults($this->course)) { $defaults = $defaults + $moddefs; } } } } } return (object) $defaults; }
protected function __construct($course_id, $section_i) { global $CFG; //error_reporting(E_ALL); require_login($course_id); // 権限チェック $this->requireCapabilities($course_id); // 必要な関数が使用可能かチェック backup_required_functions(); // このタイミングで各モジュールのテーブルをアップグレード $return_to = $_SERVER['REQUEST_URI']; upgrade_backup_db($return_to); // 設定オブジェクトを生成 $this->prefs =& $this->createPreferences(); // ユニーク値をセット (Moodleコアはここにtime()が入っているのを期待しているのでそれに従う) $this->prefs->backup_unique_code = time(); // コースを取得 $this->course = get_record('course', 'id', $course_id); if (!$this->course) { throw new SharingCart_CourseException('Invalid ID'); } // セクションを取得 $this->section = get_record('course_sections', 'course', $course_id, 'section', $section_i); if (!$this->section) { throw new SharingCart_SectionException('Invalid ID'); } }
/** * Constructor */ public function __construct() { parent::__construct(); $this->load->model('user_model'); $this->load->model('modo_model'); $this->load->model('group_model'); require_login(); }
/** * Save file recorded during congrea session when local file is * serving for virtual class * * @package mod_congrea * @copyright 2016 Suman Bogati * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ function record_file_save($getdata, $postdata, $valparams, $DB) { global $CFG; list($cmid, $userid, $filenum, $vmsession, $data) = $valparams; if ($cmid) { $cm = get_coursemodule_from_id('congrea', $cmid, 0, false, MUST_EXIST); $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST); $congrea = $DB->get_record('congrea', array('id' => $cm->instance), '*', MUST_EXIST); } else { echo 'VCE6'; exit; //'Course module ID missing.'; } require_login($course, true, $cm); $context = context_module::instance($cm->id); $basefilepath = $CFG->dataroot . "/congrea"; // Place to save recording files. if (has_capability('mod/congrea:dorecording', $context)) { if ($data) { $filepath = $basefilepath . "/" . $course->id . "/" . $congrea->id . "/" . $vmsession; // Create folder if not exist if (!file_exists($filepath)) { mkdir($filepath, 0777, true); } $filename = "vc." . $filenum; if (file_put_contents($filepath . '/' . $filename, $data) != false) { //save file record in database if ($filenum > 1) { //update record $vcfile = $DB->get_record('congrea_files', array('vcid' => $congrea->id, 'vcsessionkey' => $vmsession)); $vcfile->numoffiles = $filenum; $DB->update_record('congrea_files', $vcfile); } else { $vcfile = new stdClass(); $vcfile->courseid = $course->id; $vcfile->vcid = $congrea->id; $vcfile->userid = $userid; $vcfile->vcsessionkey = $vmsession; $vcfile->vcsessionname = 'vc-' . $course->shortname . '-' . $congrea->name . $cm->id . '-' . date("Ymd") . '-' . date('Hi'); $vcfile->numoffiles = $filenum; $vcfile->timecreated = time(); //print_r($vcfile);exit; $DB->insert_record('congrea_files', $vcfile); } echo "done"; } else { echo 'VCE5'; //'Unable to record data.';exit; } } else { echo 'VCE4'; //'No data for recording.'; } } else { echo 'VCE2'; //'Permission denied'; } }
/** * Load data required for the export. */ public function load_data() { global $DB, $USER; // Note that require_login() is normally called later as a part of // portfolio_export_pagesetup() in the portfolio/add.php file. But we // load various data depending of capabilities so it makes sense to // call it explicitly here, too. require_login($this->get('course'), false, $this->cm, false, true); if (isguestuser()) { throw new portfolio_caller_exception('guestsarenotallowed', 'core_error'); } $workshoprecord = $DB->get_record('workshop', ['id' => $this->cm->instance], '*', MUST_EXIST); $this->workshop = new workshop($workshoprecord, $this->cm, $this->get('course')); $this->submission = $this->workshop->get_submission_by_id($this->submissionid); // Is the user exporting her/his own submission? $ownsubmission = $this->submission->authorid == $USER->id; // Does the user have permission to see all submissions (aka is it a teacher)? $canviewallsubmissions = has_capability('mod/workshop:viewallsubmissions', $this->workshop->context); $canviewallsubmissions = $canviewallsubmissions && $this->workshop->check_group_membership($this->submission->authorid); // Is the user exporting a submission that she/he has peer-assessed? $userassessment = $this->workshop->get_assessment_of_submission_by_user($this->submission->id, $USER->id); if ($userassessment) { $this->assessments[$userassessment->id] = $userassessment; $isreviewer = true; } if (!$ownsubmission and !$canviewallsubmissions and !$isreviewer) { throw new portfolio_caller_exception('nopermissions', 'core_error'); } // Does the user have permission to see all assessments (aka is it a teacher)? $canviewallassessments = has_capability('mod/workshop:viewallassessments', $this->workshop->context); // Load other assessments eventually if the user can see them. if ($canviewallassessments or $ownsubmission and $this->workshop->assessments_available()) { foreach ($this->workshop->get_assessments_of_submission($this->submission->id) as $assessment) { if ($assessment->reviewerid == $USER->id) { // User's own assessment is already loaded. continue; } if (is_null($assessment->grade) and !$canviewallassessments) { // Students do not see peer-assessment that are not graded. continue; } $this->assessments[$assessment->id] = $assessment; } } // Prepare embedded and attached files for the export. $this->multifiles = []; $this->add_area_files('submission_content', $this->submission->id); $this->add_area_files('submission_attachment', $this->submission->id); foreach ($this->assessments as $assessment) { $this->add_area_files('overallfeedback_content', $assessment->id); $this->add_area_files('overallfeedback_attachment', $assessment->id); } $this->add_area_files('instructauthors', 0); // If there are no files to be exported, we can offer plain HTML file export. if (empty($this->multifiles)) { $this->add_format(PORTFOLIO_FORMAT_PLAINHTML); } }
function require_admin() { require_login(); $user = current_user(); if (!$user->admin) { header("Location: /admin/index.php"); exit; } }
function _manage($n = 0) { require_login(); $n = (int) $n; $data['body'][] = '<h2>Manage Users</h2><br />'; _make_user_table($n, $data); $data['body'][] = '<p><a href="' . myUrl('users/add') . '">Add New User</a></p>'; View::do_dump(VIEW_PATH . 'layouts/mainlayout.php', $data); }
/** * set up the class for the view page * * @throws \moodle_exception throws exception on error in setting up initial vars when debugging */ public function setup_page() { global $DB, $PAGE; // no page url as this is just a callback $this->pageurl = null; $this->jsonlib = new \mod_activequiz\utils\jsonlib(); // first check if this is a jserror, if so, log it and end execution so we're not wasting time $jserror = optional_param('jserror', '', PARAM_ALPHANUMEXT); if (!empty($jserror)) { // log the js error on the apache error logs error_log($jserror); // set a status and send it saying that we logged the error $this->jsonlib->set('status', 'loggedjserror'); $this->jsonlib->send_response(); } // use try/catch in order to catch errors and not display them on a javascript callback try { $rtqid = required_param('rtqid', PARAM_INT); $sessionid = required_param('sessionid', PARAM_INT); $attemptid = required_param('attemptid', PARAM_INT); $this->action = required_param('action', PARAM_ALPHANUMEXT); $this->pagevars['inquesetion'] = optional_param('inquestion', '', PARAM_ALPHAEXT); // only load things asked for, don't assume that we're loading whatever $quiz = $DB->get_record('activequiz', array('id' => $rtqid), '*', MUST_EXIST); $course = $DB->get_record('course', array('id' => $quiz->course), '*', MUST_EXIST); $cm = get_coursemodule_from_instance('activequiz', $quiz->id, $course->id, false, MUST_EXIST); $session = $DB->get_record('activequiz_sessions', array('id' => $sessionid), '*', MUST_EXIST); require_login($course->id, false, $cm, false, true); } catch (\moodle_exception $e) { if (debugging()) { // if debugging throw error as normal throw new $e(); } else { $this->jsonlib->send_error('invalid request'); } exit; // stop execution } // check to make sure asked for session is open if ((int) $session->sessionopen !== 1) { $this->jsonlib->send_error('invalidsession'); } $this->pagevars['pageurl'] = $this->pageurl; $this->pagevars['action'] = $this->action; $this->RTQ = new \mod_activequiz\activequiz($cm, $course, $quiz, $this->pagevars); // set up renderer $this->RTQ->get_renderer()->init($this->RTQ, $this->pageurl, $this->pagevars); // finally set up the question manager and the possible activequiz session $this->session = new \mod_activequiz\activequiz_session($this->RTQ, $this->pageurl, $this->pagevars, $session); // get and validate the attempt $attempt = $this->session->get_user_attempt($attemptid); if ($attempt->getStatus() != 'inprogress') { $this->jsonlib->send_error('invalidattempt'); } // if the attempt validates, make it the open attempt on the session $this->session->set_open_attempt($attempt); }
function elggadmin_page_before($c = null, $args = null) { require_login('admin'); if (!defined('context')) { context('elggadmin'); } $page = isset($args[1]) ? $args[1] : 'config'; elggadmin_currentpage($page); }
/** * Form for editing Information Spot block instances. * * @copyright 2014 Roberto Pinna * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later * @package block_informationspot * @category files * @param stdClass $course course object * @param stdClass $birecord_or_cm block instance record * @param stdClass $context context object * @param string $filearea file area * @param array $args extra arguments * @param bool $forcedownload whether or not force download * @param array $options additional options affecting the file serving * @return bool */ function block_informationspot_pluginfile($course, $birecord_or_cm, $context, $filearea, $args, $forcedownload, array $options = array()) { global $DB, $CFG, $USER; if ($context->contextlevel != CONTEXT_BLOCK) { send_file_not_found(); } // If block is in course context, then check if user has capability to access course. if ($context->get_course_context(false)) { require_course_login($course); } else { if ($CFG->forcelogin) { require_login(); } else { // Get parent context and see if user have proper permission. $parentcontext = $context->get_parent_context(); if ($parentcontext->contextlevel === CONTEXT_COURSECAT) { // Check if category is visible and user can view this category. $category = $DB->get_record('course_categories', array('id' => $parentcontext->instanceid), '*', MUST_EXIST); if (!$category->visible) { require_capability('moodle/category:viewhiddencategories', $parentcontext); } } else { if ($parentcontext->contextlevel === CONTEXT_USER && $parentcontext->instanceid != $USER->id) { // The block is in the context of a user, it is only visible to the user who it belongs to. send_file_not_found(); } } // At this point there is no way to check SYSTEM context, so ignoring it. } } if ($filearea != 'image') { send_file_not_found(); } $fs = get_file_storage(); $imageid = array_shift($args); $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, 'block_informationspot', $filearea, $imageid, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } if ($parentcontext = context::instance_by_id($birecord_or_cm->parentcontextid, IGNORE_MISSING)) { if ($parentcontext->contextlevel == CONTEXT_USER) { // force download on all personal pages including /my/ //because we do not have reliable way to find out from where this is used $forcedownload = true; } } else { // weird, there should be parent context, better force dowload then $forcedownload = true; } // NOTE: it woudl be nice to have file revisions here, for now rely on standard file lifetime, // do not lower it because the files are dispalyed very often. \core\session\manager::write_close(); send_stored_file($file, null, 0, $forcedownload, $options); }