} else {
$errormsg = get_string("invalidlogin");
$errorcode = 3;
}
}
}
}
/// Detect problems with timedout sessions
if ($session_has_timed_out and !data_submitted()) {
$errormsg = get_string('sessionerroruser', 'error');
$errorcode = 4;
}
/// First, let's remember where the user was trying to get to before they got here
if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = null;
$referer = get_local_referer(false);
if ($referer && $referer != $CFG->wwwroot && $referer != $CFG->wwwroot . '/' && $referer != $CFG->httpswwwroot . '/login/' && strpos($referer, $CFG->httpswwwroot . '/login/?') !== 0 && strpos($referer, $CFG->httpswwwroot . '/login/index.php') !== 0) {
// There might be some extra params such as ?lang=.
$SESSION->wantsurl = $referer;
}
}
/// Redirect to alternative login URL if needed
if (!empty($CFG->alternateloginurl)) {
$loginurl = $CFG->alternateloginurl;
if (strpos($SESSION->wantsurl, $loginurl) === 0) {
//we do not want to return to alternate url
$SESSION->wantsurl = NULL;
}
if ($errorcode) {
if (strpos($loginurl, '?') === false) {
$loginurl .= '?';
$renderer = $PAGE->get_renderer('mod_choice');
echo $renderer->display_options($options, $cm->id, $choice->display, $choice->allowmultiple);
$choiceformshown = true;
} else {
$choiceformshown = false;
}
if (!$choiceformshown) {
$sitecontext = context_system::instance();
if (isguestuser()) {
// Guest account
echo $OUTPUT->confirm(get_string('noguestchoose', 'choice') . '<br /><br />' . get_string('liketologin'), get_login_url(), new moodle_url('/course/view.php', array('id' => $course->id)));
} else {
if (!is_enrolled($context)) {
// Only people enrolled can make a choice
$SESSION->wantsurl = qualified_me();
$SESSION->enrolcancel = get_local_referer(false);
$coursecontext = context_course::instance($course->id);
$courseshortname = format_string($course->shortname, true, array('context' => $coursecontext));
echo $OUTPUT->box_start('generalbox', 'notice');
echo '<p align="center">' . get_string('notenrolledchoose', 'choice') . '</p>';
echo $OUTPUT->container_start('continuebutton');
echo $OUTPUT->single_button(new moodle_url('/enrol/index.php?', array('id' => $course->id)), get_string('enrolme', 'core_enrol', $courseshortname));
echo $OUTPUT->container_end();
echo $OUTPUT->box_end();
}
}
}
// print the results at the bottom of the screen
if (choice_can_view_results($choice, $current, $choiceopen)) {
if (!empty($choice->showunanswered)) {
$choice->option[0] = get_string('notanswered', 'choice');
/**
* This function checks that the current user is logged in and has the
* required privileges
*
* This function checks that the current user is logged in, and optionally
* whether they are allowed to be in a particular course and view a particular
* course module.
* If they are not logged in, then it redirects them to the site login unless
* $autologinguest is set and {@link $CFG}->autologinguests is set to 1 in which
* case they are automatically logged in as guests.
* If $courseid is given and the user is not enrolled in that course then the
* user is redirected to the course enrolment page.
* If $cm is given and the course module is hidden and the user is not a teacher
* in the course then the user is redirected to the course home page.
*
* When $cm parameter specified, this function sets page layout to 'module'.
* You need to change it manually later if some other layout needed.
*
* @package core_access
* @category access
*
* @param mixed $courseorid id of the course or course object
* @param bool $autologinguest default true
* @param object $cm course module object
* @param bool $setwantsurltome Define if we want to set $SESSION->wantsurl, defaults to
* true. Used to avoid (=false) some scripts (file.php...) to set that variable,
* in order to keep redirects working properly. MDL-14495
* @param bool $preventredirect set to true in scripts that can not redirect (CLI, rss feeds, etc.), throws exceptions
* @return mixed Void, exit, and die depending on path
* @throws coding_exception
* @throws require_login_exception
*/
function require_login($courseorid = null, $autologinguest = true, $cm = null, $setwantsurltome = true, $preventredirect = false)
{
global $CFG, $SESSION, $USER, $PAGE, $SITE, $DB, $OUTPUT;
// Must not redirect when byteserving already started.
if (!empty($_SERVER['HTTP_RANGE'])) {
$preventredirect = true;
}
if (AJAX_SCRIPT) {
// We cannot redirect for AJAX scripts either.
$preventredirect = true;
}
// Setup global $COURSE, themes, language and locale.
if (!empty($courseorid)) {
if (is_object($courseorid)) {
$course = $courseorid;
} else {
if ($courseorid == SITEID) {
$course = clone $SITE;
} else {
$course = $DB->get_record('course', array('id' => $courseorid), '*', MUST_EXIST);
}
}
if ($cm) {
if ($cm->course != $course->id) {
throw new coding_exception('course and cm parameters in require_login() call do not match!!');
}
// Make sure we have a $cm from get_fast_modinfo as this contains activity access details.
if (!$cm instanceof cm_info) {
// Note: nearly all pages call get_fast_modinfo anyway and it does not make any
// db queries so this is not really a performance concern, however it is obviously
// better if you use get_fast_modinfo to get the cm before calling this.
$modinfo = get_fast_modinfo($course);
$cm = $modinfo->get_cm($cm->id);
}
}
} else {
// Do not touch global $COURSE via $PAGE->set_course(),
// the reasons is we need to be able to call require_login() at any time!!
$course = $SITE;
if ($cm) {
throw new coding_exception('cm parameter in require_login() requires valid course parameter!');
}
}
// If this is an AJAX request and $setwantsurltome is true then we need to override it and set it to false.
// Otherwise the AJAX request URL will be set to $SESSION->wantsurl and events such as self enrolment in the future
// risk leading the user back to the AJAX request URL.
if ($setwantsurltome && defined('AJAX_SCRIPT') && AJAX_SCRIPT) {
$setwantsurltome = false;
}
// Redirect to the login page if session has expired, only with dbsessions enabled (MDL-35029) to maintain current behaviour.
if ((!isloggedin() or isguestuser()) && !empty($SESSION->has_timed_out) && !empty($CFG->dbsessions)) {
if ($preventredirect) {
throw new require_login_session_timeout_exception();
} else {
if ($setwantsurltome) {
$SESSION->wantsurl = qualified_me();
}
redirect(get_login_url());
}
}
// If the user is not even logged in yet then make sure they are.
if (!isloggedin()) {
if ($autologinguest and !empty($CFG->guestloginbutton) and !empty($CFG->autologinguests)) {
if (!($guest = get_complete_user_data('id', $CFG->siteguest))) {
// Misconfigured site guest, just redirect to login page.
redirect(get_login_url());
exit;
// Never reached.
}
$lang = isset($SESSION->lang) ? $SESSION->lang : $CFG->lang;
complete_user_login($guest);
$USER->autologinguest = true;
$SESSION->lang = $lang;
} else {
// NOTE: $USER->site check was obsoleted by session test cookie, $USER->confirmed test is in login/index.php.
if ($preventredirect) {
throw new require_login_exception('You are not logged in');
}
if ($setwantsurltome) {
$SESSION->wantsurl = qualified_me();
}
$referer = get_local_referer(false);
if (!empty($referer)) {
$SESSION->fromurl = $referer;
}
// Give auth plugins an opportunity to authenticate or redirect to an external login page
$authsequence = get_enabled_auth_plugins(true);
// auths, in sequence
foreach ($authsequence as $authname) {
$authplugin = get_auth_plugin($authname);
$authplugin->pre_loginpage_hook();
if (isloggedin()) {
break;
}
}
// If we're still not logged in then go to the login page
if (!isloggedin()) {
redirect(get_login_url());
exit;
// Never reached.
}
}
}
// Loginas as redirection if needed.
if ($course->id != SITEID and \core\session\manager::is_loggedinas()) {
if ($USER->loginascontext->contextlevel == CONTEXT_COURSE) {
if ($USER->loginascontext->instanceid != $course->id) {
print_error('loginasonecourse', '', $CFG->wwwroot . '/course/view.php?id=' . $USER->loginascontext->instanceid);
}
}
}
// Check whether the user should be changing password (but only if it is REALLY them).
if (get_user_preferences('auth_forcepasswordchange') && !\core\session\manager::is_loggedinas()) {
$userauth = get_auth_plugin($USER->auth);
if ($userauth->can_change_password() and !$preventredirect) {
if ($setwantsurltome) {
$SESSION->wantsurl = qualified_me();
}
if ($changeurl = $userauth->change_password_url()) {
// Use plugin custom url.
redirect($changeurl);
} else {
// Use moodle internal method.
if (empty($CFG->loginhttps)) {
redirect($CFG->wwwroot . '/login/change_password.php');
} else {
$wwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
redirect($wwwroot . '/login/change_password.php');
}
}
} else {
if ($userauth->can_change_password()) {
throw new moodle_exception('forcepasswordchangenotice');
} else {
throw new moodle_exception('nopasswordchangeforced', 'auth');
}
}
}
// Check that the user account is properly set up. If we can't redirect to
// edit their profile, perform just the lax check. It will allow them to
// use filepicker on the profile edit page.
if ($preventredirect) {
$usernotfullysetup = user_not_fully_set_up($USER, false);
} else {
$usernotfullysetup = user_not_fully_set_up($USER, true);
}
if ($usernotfullysetup) {
if ($preventredirect) {
throw new moodle_exception('usernotfullysetup');
}
if ($setwantsurltome) {
$SESSION->wantsurl = qualified_me();
}
redirect($CFG->wwwroot . '/user/edit.php?id=' . $USER->id . '&course=' . SITEID);
}
// Make sure the USER has a sesskey set up. Used for CSRF protection.
sesskey();
// Do not bother admins with any formalities.
if (is_siteadmin()) {
// Set the global $COURSE.
if ($cm) {
$PAGE->set_cm($cm, $course);
$PAGE->set_pagelayout('incourse');
} else {
if (!empty($courseorid)) {
$PAGE->set_course($course);
}
}
// Set accesstime or the user will appear offline which messes up messaging.
user_accesstime_log($course->id);
return;
}
// Check that the user has agreed to a site policy if there is one - do not test in case of admins.
if (!$USER->policyagreed and !is_siteadmin()) {
if (!empty($CFG->sitepolicy) and !isguestuser()) {
if ($preventredirect) {
throw new moodle_exception('sitepolicynotagreed', 'error', '', $CFG->sitepolicy);
}
if ($setwantsurltome) {
$SESSION->wantsurl = qualified_me();
}
redirect($CFG->wwwroot . '/user/policy.php');
} else {
if (!empty($CFG->sitepolicyguest) and isguestuser()) {
if ($preventredirect) {
throw new moodle_exception('sitepolicynotagreed', 'error', '', $CFG->sitepolicyguest);
}
if ($setwantsurltome) {
$SESSION->wantsurl = qualified_me();
}
redirect($CFG->wwwroot . '/user/policy.php');
}
}
}
// Fetch the system context, the course context, and prefetch its child contexts.
$sysctx = context_system::instance();
$coursecontext = context_course::instance($course->id, MUST_EXIST);
if ($cm) {
$cmcontext = context_module::instance($cm->id, MUST_EXIST);
} else {
$cmcontext = null;
}
// If the site is currently under maintenance, then print a message.
if (!empty($CFG->maintenance_enabled) and !has_capability('moodle/site:maintenanceaccess', $sysctx)) {
if ($preventredirect) {
throw new require_login_exception('Maintenance in progress');
}
$PAGE->set_context(null);
print_maintenance_message();
}
// Make sure the course itself is not hidden.
if ($course->id == SITEID) {
// Frontpage can not be hidden.
} else {
if (is_role_switched($course->id)) {
// When switching roles ignore the hidden flag - user had to be in course to do the switch.
} else {
if (!$course->visible and !has_capability('moodle/course:viewhiddencourses', $coursecontext)) {
// Originally there was also test of parent category visibility, BUT is was very slow in complex queries
// involving "my courses" now it is also possible to simply hide all courses user is not enrolled in :-).
if ($preventredirect) {
throw new require_login_exception('Course is hidden');
}
$PAGE->set_context(null);
// We need to override the navigation URL as the course won't have been added to the navigation and thus
// the navigation will mess up when trying to find it.
navigation_node::override_active_url(new moodle_url('/'));
notice(get_string('coursehidden'), $CFG->wwwroot . '/');
}
}
}
// Is the user enrolled?
if ($course->id == SITEID) {
// Everybody is enrolled on the frontpage.
} else {
if (\core\session\manager::is_loggedinas()) {
// Make sure the REAL person can access this course first.
$realuser = \core\session\manager::get_realuser();
if (!is_enrolled($coursecontext, $realuser->id, '', true) and !is_viewing($coursecontext, $realuser->id) and !is_siteadmin($realuser->id)) {
if ($preventredirect) {
throw new require_login_exception('Invalid course login-as access');
}
$PAGE->set_context(null);
echo $OUTPUT->header();
notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot . '/');
}
}
$access = false;
if (is_role_switched($course->id)) {
// Ok, user had to be inside this course before the switch.
$access = true;
} else {
if (is_viewing($coursecontext, $USER)) {
// Ok, no need to mess with enrol.
$access = true;
} else {
if (isset($USER->enrol['enrolled'][$course->id])) {
if ($USER->enrol['enrolled'][$course->id] > time()) {
$access = true;
if (isset($USER->enrol['tempguest'][$course->id])) {
unset($USER->enrol['tempguest'][$course->id]);
remove_temp_course_roles($coursecontext);
}
} else {
// Expired.
unset($USER->enrol['enrolled'][$course->id]);
}
}
if (isset($USER->enrol['tempguest'][$course->id])) {
if ($USER->enrol['tempguest'][$course->id] == 0) {
$access = true;
} else {
if ($USER->enrol['tempguest'][$course->id] > time()) {
$access = true;
} else {
// Expired.
unset($USER->enrol['tempguest'][$course->id]);
remove_temp_course_roles($coursecontext);
}
}
}
if (!$access) {
// Cache not ok.
$until = enrol_get_enrolment_end($coursecontext->instanceid, $USER->id);
if ($until !== false) {
// Active participants may always access, a timestamp in the future, 0 (always) or false.
if ($until == 0) {
$until = ENROL_MAX_TIMESTAMP;
}
$USER->enrol['enrolled'][$course->id] = $until;
$access = true;
} else {
$params = array('courseid' => $course->id, 'status' => ENROL_INSTANCE_ENABLED);
$instances = $DB->get_records('enrol', $params, 'sortorder, id ASC');
$enrols = enrol_get_plugins(true);
// First ask all enabled enrol instances in course if they want to auto enrol user.
foreach ($instances as $instance) {
if (!isset($enrols[$instance->enrol])) {
continue;
}
// Get a duration for the enrolment, a timestamp in the future, 0 (always) or false.
$until = $enrols[$instance->enrol]->try_autoenrol($instance);
if ($until !== false) {
if ($until == 0) {
$until = ENROL_MAX_TIMESTAMP;
}
$USER->enrol['enrolled'][$course->id] = $until;
$access = true;
break;
}
}
// If not enrolled yet try to gain temporary guest access.
if (!$access) {
foreach ($instances as $instance) {
if (!isset($enrols[$instance->enrol])) {
continue;
}
// Get a duration for the guest access, a timestamp in the future or false.
$until = $enrols[$instance->enrol]->try_guestaccess($instance);
if ($until !== false and $until > time()) {
$USER->enrol['tempguest'][$course->id] = $until;
$access = true;
break;
}
}
}
}
}
}
}
if (!$access) {
if ($preventredirect) {
throw new require_login_exception('Not enrolled');
}
if ($setwantsurltome) {
$SESSION->wantsurl = qualified_me();
}
redirect($CFG->wwwroot . '/enrol/index.php?id=' . $course->id);
}
}
// Check visibility of activity to current user; includes visible flag, conditional availability, etc.
if ($cm && !$cm->uservisible) {
if ($preventredirect) {
throw new require_login_exception('Activity is hidden');
}
if ($course->id != SITEID) {
$url = new moodle_url('/course/view.php', array('id' => $course->id));
} else {
$url = new moodle_url('/');
}
redirect($url, get_string('activityiscurrentlyhidden'));
}
// Set the global $COURSE.
if ($cm) {
$PAGE->set_cm($cm, $course);
$PAGE->set_pagelayout('incourse');
} else {
if (!empty($courseorid)) {
$PAGE->set_course($course);
}
}
// Finally access granted, update lastaccess times.
user_accesstime_log($course->id);
}
/**
* @global object
* @global object
*/
function forum_set_return()
{
global $CFG, $SESSION;
if (!isset($SESSION->fromdiscussion)) {
$referer = get_local_referer(false);
// If the referer is NOT a login screen then save it.
if (!strncasecmp("{$CFG->wwwroot}/login", $referer, 300)) {
$SESSION->fromdiscussion = $referer;
}
}
}
/**
* Will get called before the login page is shownr. Ff NTLM SSO
* is enabled, and the user is in the right network, we'll redirect
* to the magic NTLM page for SSO...
*
*/
function loginpage_hook()
{
global $CFG, $SESSION;
// HTTPS is potentially required
//httpsrequired(); - this must be used before setting the URL, it is already done on the login/index.php
if (($_SERVER['REQUEST_METHOD'] === 'GET' || $_SERVER['REQUEST_METHOD'] === 'POST' && get_local_referer() != strip_querystring(qualified_me())) && !empty($this->config->ntlmsso_enabled) && !empty($this->config->ntlmsso_subnet) && empty($_GET['authldap_skipntlmsso']) && (isguestuser() || !isloggedin()) && address_in_subnet(getremoteaddr(), $this->config->ntlmsso_subnet)) {
// First, let's remember where we were trying to get to before we got here
if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = null;
$referer = get_local_referer(false);
if ($referer && $referer != $CFG->wwwroot && $referer != $CFG->wwwroot . '/' && $referer != $CFG->httpswwwroot . '/login/' && $referer != $CFG->httpswwwroot . '/login/index.php') {
$SESSION->wantsurl = $referer;
}
}
// Now start the whole NTLM machinery.
if ($this->config->ntlmsso_ie_fastpath == AUTH_NTLM_FASTPATH_YESATTEMPT || $this->config->ntlmsso_ie_fastpath == AUTH_NTLM_FASTPATH_YESFORM) {
if (core_useragent::is_ie()) {
$sesskey = sesskey();
redirect($CFG->wwwroot . '/auth/ldap/ntlmsso_magic.php?sesskey=' . $sesskey);
} else {
if ($this->config->ntlmsso_ie_fastpath == AUTH_NTLM_FASTPATH_YESFORM) {
redirect($CFG->httpswwwroot . '/login/index.php?authldap_skipntlmsso=1');
}
}
}
redirect($CFG->wwwroot . '/auth/ldap/ntlmsso_attempt.php');
}
// No NTLM SSO, Use the normal login page instead.
// If $SESSION->wantsurl is empty and we have a 'Referer:' header, the login
// page insists on redirecting us to that page after user validation. If
// we clicked on the redirect link at the ntlmsso_finish.php page (instead
// of waiting for the redirection to happen) then we have a 'Referer:' header
// we don't want to use at all. As we can't get rid of it, just point
// $SESSION->wantsurl to $CFG->wwwroot (after all, we came from there).
if (empty($SESSION->wantsurl) && get_local_referer() == $CFG->httpswwwroot . '/auth/ldap/ntlmsso_finish.php') {
$SESSION->wantsurl = $CFG->wwwroot;
}
}
if (!($cm = get_coursemodule_from_instance("forum", $forum->id, $course->id))) {
print_error('invalidcoursemodule');
}
require_login($course, false, $cm);
$returnpageurl = new moodle_url('/mod/forum/' . $returnpage, array('id' => $course->id, 'f' => $forum->id));
$returnto = forum_go_back_to($returnpageurl);
if (!forum_tp_can_track_forums($forum)) {
redirect($returnto);
}
$info = new stdClass();
$info->name = fullname($USER);
$info->forum = format_string($forum->name);
$eventparams = array('context' => context_module::instance($cm->id), 'relateduserid' => $USER->id, 'other' => array('forumid' => $forum->id));
if (forum_tp_is_tracked($forum)) {
if (forum_tp_stop_tracking($forum->id)) {
$event = \mod_forum\event\readtracking_disabled::create($eventparams);
$event->trigger();
redirect($returnto, get_string("nownottracking", "forum", $info), 1);
} else {
print_error('cannottrack', '', get_local_referer(false));
}
} else {
// subscribe
if (forum_tp_start_tracking($forum->id)) {
$event = \mod_forum\event\readtracking_enabled::create($eventparams);
$event->trigger();
redirect($returnto, get_string("nowtracking", "forum", $info), 1);
} else {
print_error('cannottrack', '', get_local_referer(false));
}
}
/**
* Initialise $_SESSION, handles google access
* and sets up not-logged-in user properly.
*
* WARNING: $USER and $SESSION are set up later, do not use them yet!
*
* @param bool $newsid is this a new session in first http request?
*/
protected static function initialise_user_session($newsid)
{
global $CFG, $DB;
$sid = session_id();
if (!$sid) {
// No session, very weird.
error_log('Missing session ID, session not started!');
self::init_empty_session();
return;
}
if (!($record = $DB->get_record('sessions', array('sid' => $sid), 'id, sid, state, userid, lastip, timecreated, timemodified'))) {
if (!$newsid) {
if (!empty($_SESSION['USER']->id)) {
// This should not happen, just log it, we MUST not produce any output here!
error_log("Cannot find session record {$sid} for user " . $_SESSION['USER']->id . ", creating new session.");
}
// Prevent session fixation attacks.
session_regenerate_id(true);
}
$_SESSION = array();
}
unset($sid);
if (isset($_SESSION['USER']->id)) {
if (!empty($_SESSION['USER']->realuser)) {
$userid = $_SESSION['USER']->realuser;
} else {
$userid = $_SESSION['USER']->id;
}
// Verify timeout first.
$maxlifetime = $CFG->sessiontimeout;
$timeout = false;
if (isguestuser($userid) or empty($userid)) {
// Ignore guest and not-logged in timeouts, there is very little risk here.
$timeout = false;
} else {
if ($record->timemodified < time() - $maxlifetime) {
$timeout = true;
$authsequence = get_enabled_auth_plugins();
// Auths, in sequence.
foreach ($authsequence as $authname) {
$authplugin = get_auth_plugin($authname);
if ($authplugin->ignore_timeout_hook($_SESSION['USER'], $record->sid, $record->timecreated, $record->timemodified)) {
$timeout = false;
break;
}
}
}
}
if ($timeout) {
session_regenerate_id(true);
$_SESSION = array();
$DB->delete_records('sessions', array('id' => $record->id));
} else {
// Update session tracking record.
$update = new \stdClass();
$updated = false;
if ($record->userid != $userid) {
$update->userid = $record->userid = $userid;
$updated = true;
}
$ip = getremoteaddr();
if ($record->lastip != $ip) {
$update->lastip = $record->lastip = $ip;
$updated = true;
}
$updatefreq = empty($CFG->session_update_timemodified_frequency) ? 20 : $CFG->session_update_timemodified_frequency;
if ($record->timemodified == $record->timecreated) {
// Always do first update of existing record.
$update->timemodified = $record->timemodified = time();
$updated = true;
} else {
if ($record->timemodified < time() - $updatefreq) {
// Update the session modified flag only once every 20 seconds.
$update->timemodified = $record->timemodified = time();
$updated = true;
}
}
if ($updated) {
$update->id = $record->id;
$DB->update_record('sessions', $update);
}
return;
}
} else {
if ($record) {
// This happens when people switch session handlers...
session_regenerate_id(true);
$_SESSION = array();
$DB->delete_records('sessions', array('id' => $record->id));
}
}
unset($record);
$timedout = false;
if (!isset($_SESSION['SESSION'])) {
$_SESSION['SESSION'] = new \stdClass();
if (!$newsid) {
$timedout = true;
}
}
$user = null;
if (!empty($CFG->opentogoogle)) {
if (\core_useragent::is_web_crawler()) {
$user = guest_user();
}
$referer = get_local_referer(false);
if (!empty($CFG->guestloginbutton) and !$user and !empty($referer)) {
// Automatically log in users coming from search engine results.
if (strpos($referer, 'google') !== false) {
$user = guest_user();
} else {
if (strpos($referer, 'altavista') !== false) {
$user = guest_user();
}
}
}
}
// Setup $USER and insert the session tracking record.
if ($user) {
self::set_user($user);
self::add_session_record($user->id);
} else {
self::init_empty_session();
self::add_session_record(0);
}
if ($timedout) {
$_SESSION['SESSION']->has_timed_out = true;
}
}
/**
* Outputs an error message for any guests accessing the quiz
*
* @param int $course The course ID
* @param array $quiz Array contingin quiz data
* @param int $cm Course Module ID
* @param int $context The page contect ID
* @param array $messages Array containing any messages
*/
public function view_page_guest($course, $quiz, $cm, $context, $messages)
{
$output = '';
$output .= $this->view_information($quiz, $cm, $context, $messages);
$guestno = html_writer::tag('p', get_string('guestsno', 'quiz'));
$liketologin = html_writer::tag('p', get_string('liketologin'));
$referer = get_local_referer(false);
$output .= $this->confirm($guestno . "\n\n" . $liketologin . "\n", get_login_url(), $referer);
return $output;
}
}
} else {
if (\mod_twf\subscriptions::unsubscribe_user_from_discussion($user->id, $discussion, $context)) {
$info->discussion = $discussion->name;
redirect($returnto, get_string("discussionnownotsubscribed", "twf", $info), 1);
} else {
print_error('cannotunsubscribe', 'twf', get_local_referer(false));
}
}
} else {
// subscribe
if (\mod_twf\subscriptions::subscription_disabled($twf) && !has_capability('mod/twf:managesubscriptions', $context)) {
print_error('disallowsubscribe', 'twf', get_local_referer(false));
}
if (!has_capability('mod/twf:viewdiscussion', $context)) {
print_error('noviewdiscussionspermission', 'twf', get_local_referer(false));
}
if (is_null($sesskey)) {
// We came here via link in email.
$PAGE->set_title($course->shortname);
$PAGE->set_heading($course->fullname);
echo $OUTPUT->header();
$viewurl = new moodle_url('/mod/twf/view.php', array('f' => $id));
if ($discussionid) {
$a = new stdClass();
$a->twf = format_string($twf->name);
$a->discussion = format_string($discussion->name);
echo $OUTPUT->confirm(get_string('confirmsubscribediscussion', 'twf', $a), $PAGE->url, $viewurl);
} else {
echo $OUTPUT->confirm(get_string('confirmsubscribe', 'twf', format_string($twf->name)), $PAGE->url, $viewurl);
}
}
redirect($destination);
// Bye!
}
$PAGE->set_title($course->shortname);
$PAGE->set_heading($course->fullname);
$PAGE->navbar->add(get_string('enrolmentoptions', 'enrol'));
echo $OUTPUT->header();
echo $OUTPUT->heading(get_string('enrolmentoptions', 'enrol'));
$courserenderer = $PAGE->get_renderer('core', 'course');
echo $courserenderer->course_info_box($course);
//TODO: find if future enrolments present and display some info
foreach ($forms as $form) {
echo $form;
}
if (!$forms) {
if (isguestuser()) {
notice(get_string('noguestaccess', 'enrol'), get_login_url());
} else {
if ($returnurl) {
notice(get_string('notenrollable', 'enrol'), $returnurl);
} else {
$url = get_local_referer(false);
if (empty($url)) {
$url = new moodle_url('/index.php');
}
notice(get_string('notenrollable', 'enrol'), $url);
}
}
}
echo $OUTPUT->footer();
print_error('coursemisconf');
}
$PAGE->set_url('/mod/survey/save.php', array('id' => $id));
require_login($course, false, $cm);
$context = context_module::instance($cm->id);
require_capability('mod/survey:participate', $context);
if (!($survey = $DB->get_record("survey", array("id" => $cm->instance)))) {
print_error('invalidsurveyid', 'survey');
}
$strsurveysaved = get_string('surveysaved', 'survey');
$PAGE->set_title($strsurveysaved);
$PAGE->set_heading($course->fullname);
echo $OUTPUT->header();
echo $OUTPUT->heading($survey->name);
if (survey_already_done($survey->id, $USER->id)) {
notice(get_string("alreadysubmitted", "survey"), get_local_referer(false));
exit;
}
// Sort through the data and arrange it
// This is necessary because some of the questions
// may have two answers, eg Question 1 -> 1 and P1
$answers = array();
foreach ($formdata as $key => $val) {
if ($key != "userid" && $key != "id") {
if (substr($key, 0, 1) == "q") {
$key = clean_param(substr($key, 1), PARAM_ALPHANUM);
// keep everything but the 'q', number or Pnumber
}
if (substr($key, 0, 1) == "P") {
$realkey = (int) substr($key, 1);
$answers[$realkey][1] = $val;
public function view()
{
global $OUTPUT, $CFG;
if (!$this->items && $this->canedit()) {
redirect(new moodle_url('/mod/checklist/edit.php', array('id' => $this->cm->id)));
}
if ($this->canupdateown()) {
$currenttab = 'view';
} else {
if ($this->canpreview()) {
$currenttab = 'preview';
} else {
if ($this->canviewreports()) {
// No editing, but can view reports.
redirect(new moodle_url('/mod/checklist/report.php', array('id' => $this->cm->id)));
} else {
$this->view_header();
if ($CFG->branch >= 30) {
$ref = get_local_referer(false);
} else {
$ref = get_referer(false);
}
echo $OUTPUT->heading(format_string($this->checklist->name));
echo $OUTPUT->confirm('<p>' . get_string('guestsno', 'checklist') . "</p>\n\n<p>" . get_string('liketologin') . "</p>\n", get_login_url(), $ref);
echo $OUTPUT->footer();
die;
}
$currenttab = '';
}
}
$this->view_header();
echo $OUTPUT->heading(format_string($this->checklist->name));
$this->view_tabs($currenttab);
if ($CFG->version > 2014051200) {
// Moodle 2.7+.
$params = array('contextid' => $this->context->id, 'objectid' => $this->checklist->id);
$event = \mod_checklist\event\course_module_viewed::create($params);
$event->trigger();
} else {
// Before Moodle 2.7.
add_to_log($this->course->id, 'checklist', 'view', "view.php?id={$this->cm->id}", $this->checklist->id, $this->cm->id);
}
if ($this->canupdateown()) {
$this->process_view_actions();
}
$this->view_items();
$this->view_footer();
}
$questionnaire->page->add_to_page('message', get_string('noneinuse', 'questionnaire'));
}
}
}
}
}
}
}
}
if ($questionnaire->capabilities->editquestions && !$questionnaire->questions && $questionnaire->is_active()) {
$questionnaire->page->add_to_page('complete', '<a href="' . $CFG->wwwroot . htmlspecialchars('/mod/questionnaire/questions.php?' . 'id=' . $questionnaire->cm->id) . '">' . '<strong>' . get_string('addquestions', 'questionnaire') . '</strong></a>');
}
if (isguestuser()) {
$guestno = html_writer::tag('p', get_string('noteligible', 'questionnaire'));
$liketologin = html_writer::tag('p', get_string('liketologin'));
$questionnaire->page->add_to_page('guestuser', $questionnaire->renderer->confirm($guestno . "\n\n" . $liketologin . "\n", get_login_url(), get_local_referer(false)));
}
// Log this course module view.
// Needed for the event logging.
$context = context_module::instance($questionnaire->cm->id);
$anonymous = $questionnaire->respondenttype == 'anonymous';
$event = \mod_questionnaire\event\course_module_viewed::create(array('objectid' => $questionnaire->id, 'anonymous' => $anonymous, 'context' => $context));
$event->trigger();
$usernumresp = $questionnaire->count_submissions($USER->id);
if ($questionnaire->capabilities->readownresponses && $usernumresp > 0) {
$argstr = 'instance=' . $questionnaire->id . '&user='******'viewyourresponses', 'questionnaire', $usernumresp);
} else {
$titletext = get_string('yourresponse', 'questionnaire');
$argstr .= '&byresponse=1&action=vresp';
$files = $fs->get_area_files($context->id, 'mod_resource', 'content', 0, 'sortorder DESC, id ASC', false);
// TODO: this is not very efficient!!
if (count($files) < 1) {
resource_print_filenotfound($resource, $cm, $course);
die;
} else {
$file = reset($files);
unset($files);
}
$resource->mainfile = $file->get_filename();
$displaytype = resource_get_final_display_type($resource);
if ($displaytype == RESOURCELIB_DISPLAY_OPEN || $displaytype == RESOURCELIB_DISPLAY_DOWNLOAD) {
// For 'open' and 'download' links, we always redirect to the content - except
// if the user just chose 'save and display' from the form then that would be
// confusing
if (strpos(get_local_referer(false), 'modedit.php') === false) {
$redirect = true;
}
}
// Don't redirect teachers, otherwise they can not access course or module settings.
if ($redirect && !course_get_format($course)->has_view_page() && (has_capability('moodle/course:manageactivities', $context) || has_capability('moodle/course:update', context_course::instance($course->id)))) {
$redirect = false;
}
if ($redirect) {
// coming from course page or url index page
// this redirect trick solves caching problems when tracking views ;-)
$path = '/' . $context->id . '/mod_resource/content/' . $resource->revision . $file->get_filepath() . $file->get_filename();
$fullurl = moodle_url::make_file_url('/pluginfile.php', $path, $displaytype == RESOURCELIB_DISPLAY_DOWNLOAD);
redirect($fullurl);
}
switch ($displaytype) {
}
}
}
if ($questionnaire->is_active() && !$questionnaire->questions) {
echo '<p>' . get_string('noneinuse', 'questionnaire') . '</p>';
}
if ($questionnaire->is_active() && $questionnaire->capabilities->editquestions && !$questionnaire->questions) {
// Sanity check.
echo '<a href="' . $CFG->wwwroot . htmlspecialchars('/mod/questionnaire/questions.php?' . 'id=' . $questionnaire->cm->id) . '">' . '<strong>' . get_string('addquestions', 'questionnaire') . '</strong></a>';
}
echo $OUTPUT->box_end();
if (isguestuser()) {
$output = '';
$guestno = html_writer::tag('p', get_string('noteligible', 'questionnaire'));
$liketologin = html_writer::tag('p', get_string('liketologin'));
$output .= $OUTPUT->confirm($guestno . "\n\n" . $liketologin . "\n", get_login_url(), get_local_referer(false));
echo $output;
}
// Log this course module view.
// Needed for the event logging.
$context = context_module::instance($questionnaire->cm->id);
$anonymous = $questionnaire->respondenttype == 'anonymous';
$event = \mod_questionnaire\event\course_module_viewed::create(array('objectid' => $questionnaire->id, 'anonymous' => $anonymous, 'context' => $context));
$event->trigger();
$usernumresp = $questionnaire->count_submissions($USER->id);
if ($questionnaire->capabilities->readownresponses && $usernumresp > 0) {
echo $OUTPUT->box_start('generalbox boxaligncenter boxwidthwide');
$argstr = 'instance=' . $questionnaire->id . '&user='******'viewyourresponses', 'questionnaire', $usernumresp);
} else {
