Esempio n. 1
0
}
if ($name) {
    if (!($course = get_record("course", "shortname", $name))) {
        error("That's an invalid short course name");
    }
} else {
    if (!($course = get_record("course", "id", $id))) {
        error("That's an invalid course id");
    }
}
$site = get_site();
if ($CFG->forcelogin) {
    require_login();
}
$context = get_context_instance(CONTEXT_COURSE, $course->id);
if ((!(course_parent_visible($course) && $CFG->allowvisiblecoursesinhiddencategories) || !$course->visible) && !has_capability('moodle/course:viewhiddencourses', $context)) {
    error(get_string('coursehidden'), $CFG->wwwroot . '/');
}
print_header(get_string("summaryof", "", $course->fullname));
print_heading(format_string($course->fullname) . '<br />(' . format_string($course->shortname) . ')');
if ($course->guest || $course->password) {
    print_box_start('generalbox icons');
    if ($course->guest) {
        $strallowguests = get_string('allowguests');
        echo "<div><img alt=\"\" class=\"icon guest\" src=\"{$CFG->pixpath}/i/guest.gif\" />&nbsp;{$strallowguests}</div>";
    }
    if ($course->password) {
        $strrequireskey = get_string('requireskey');
        echo "<div><img alt=\"\" class=\"icon key\" src=\"{$CFG->pixpath}/i/key.gif\" />&nbsp;{$strrequireskey}</div>";
    }
    print_box_end();
Esempio n. 2
0
}
if ($name) {
    if (!($course = get_record("course", "shortname", $name))) {
        error("That's an invalid short course name");
    }
} else {
    if (!($course = get_record("course", "id", $id))) {
        error("That's an invalid course id");
    }
}
$site = get_site();
if ($CFG->forcelogin) {
    require_login();
}
$context = get_context_instance(CONTEXT_COURSE, $course->id);
if ((!course_parent_visible($course) || !$course->visible) && !has_capability('moodle/course:viewhiddencourses', $context)) {
    print_error('coursehidden', '', $CFG->wwwroot . '/');
}
print_header(get_string("summaryof", "", $course->fullname));
print_heading(format_string($course->fullname) . '<br />(' . format_string($course->shortname) . ')');
if ($course->guest || $course->password) {
    print_box_start('generalbox icons');
    if ($course->guest) {
        $strallowguests = get_string('allowguests');
        echo "<div><img alt=\"\" class=\"icon guest\" src=\"{$CFG->pixpath}/i/guest.gif\" />&nbsp;{$strallowguests}</div>";
    }
    if ($course->password) {
        $strrequireskey = get_string('requireskey');
        echo "<div><img alt=\"\" class=\"icon key\" src=\"{$CFG->pixpath}/i/key.gif\" />&nbsp;{$strrequireskey}</div>";
    }
    print_box_end();
Esempio n. 3
0
/**
 * This function checks that the current user is logged in and has the
 * required privileges
 *
 * This function checks that the current user is logged in, and optionally
 * whether they are allowed to be in a particular course and view a particular
 * course module.
 * If they are not logged in, then it redirects them to the site login unless
 * $autologinguest is set and {@link $CFG}->autologinguests is set to 1 in which
 * case they are automatically logged in as guests.
 * If $courseid is given and the user is not enrolled in that course then the
 * user is redirected to the course enrolment page.
 * If $cm is given and the coursemodule is hidden and the user is not a teacher
 * in the course then the user is redirected to the course home page.
 *
 * @uses $CFG
 * @uses $SESSION
 * @uses $USER
 * @uses $FULLME
 * @uses SITEID
 * @uses $COURSE
 * @param mixed $courseorid id of the course or course object
 * @param bool $autologinguest
 * @param object $cm course module object
 * @param bool $setwantsurltome Define if we want to set $SESSION->wantsurl, defaults to
 *             true. Used to avoid (=false) some scripts (file.php...) to set that variable,
 *             in order to keep redirects working properly. MDL-14495
 */
function require_login($courseorid = 0, $autologinguest = true, $cm = null, $setwantsurltome = true)
{
    global $CFG, $SESSION, $USER, $COURSE, $FULLME;
    /// setup global $COURSE, themes, language and locale
    course_setup($courseorid);
    /// If the user is not even logged in yet then make sure they are
    if (!isloggedin()) {
        //NOTE: $USER->site check was obsoleted by session test cookie,
        //      $USER->confirmed test is in login/index.php
        if ($setwantsurltome) {
            $SESSION->wantsurl = $FULLME;
        }
        if (!empty($_SERVER['HTTP_REFERER'])) {
            $SESSION->fromurl = $_SERVER['HTTP_REFERER'];
        }
        if ($autologinguest and !empty($CFG->guestloginbutton) and !empty($CFG->autologinguests) and ($COURSE->id == SITEID or $COURSE->guest)) {
            $loginguest = '?loginguest=true';
        } else {
            $loginguest = '';
        }
        if (empty($CFG->loginhttps) or $loginguest) {
            //do not require https for guest logins
            redirect($CFG->wwwroot . '/login/index.php' . $loginguest);
        } else {
            $wwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
            redirect($wwwroot . '/login/index.php');
        }
        exit;
    }
    /// loginas as redirection if needed
    if ($COURSE->id != SITEID and !empty($USER->realuser)) {
        if ($USER->loginascontext->contextlevel == CONTEXT_COURSE) {
            if ($USER->loginascontext->instanceid != $COURSE->id) {
                print_error('loginasonecourse', '', $CFG->wwwroot . '/course/view.php?id=' . $USER->loginascontext->instanceid);
            }
        }
    }
    /// check whether the user should be changing password (but only if it is REALLY them)
    if (get_user_preferences('auth_forcepasswordchange') && empty($USER->realuser)) {
        $userauth = get_auth_plugin($USER->auth);
        if ($userauth->can_change_password()) {
            $SESSION->wantsurl = $FULLME;
            if ($changeurl = $userauth->change_password_url()) {
                //use plugin custom url
                redirect($changeurl);
            } else {
                //use moodle internal method
                if (empty($CFG->loginhttps)) {
                    redirect($CFG->wwwroot . '/login/change_password.php');
                } else {
                    $wwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
                    redirect($wwwroot . '/login/change_password.php');
                }
            }
        } else {
            print_error('nopasswordchangeforced', 'auth');
        }
    }
    /// Check that the user account is properly set up
    if (user_not_fully_set_up($USER)) {
        $SESSION->wantsurl = $FULLME;
        redirect($CFG->wwwroot . '/user/edit.php?id=' . $USER->id . '&amp;course=' . SITEID);
    }
    /// Make sure current IP matches the one for this session (if required)
    if (!empty($CFG->tracksessionip)) {
        if ($USER->sessionIP != md5(getremoteaddr())) {
            print_error('sessionipnomatch', 'error');
        }
    }
    /// Make sure the USER has a sesskey set up.  Used for checking script parameters.
    sesskey();
    // Check that the user has agreed to a site policy if there is one
    if (!empty($CFG->sitepolicy)) {
        if (!$USER->policyagreed) {
            $SESSION->wantsurl = $FULLME;
            redirect($CFG->wwwroot . '/user/policy.php');
        }
    }
    // Fetch the system context, we are going to use it a lot.
    $sysctx = get_context_instance(CONTEXT_SYSTEM);
    /// If the site is currently under maintenance, then print a message
    if (!has_capability('moodle/site:config', $sysctx)) {
        if (file_exists($CFG->dataroot . '/' . SITEID . '/maintenance.html')) {
            print_maintenance_message();
            exit;
        }
    }
    /// groupmembersonly access control
    if (!empty($CFG->enablegroupings) and $cm and $cm->groupmembersonly and !has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_MODULE, $cm->id))) {
        if (isguestuser() or !groups_has_membership($cm)) {
            print_error('groupmembersonlyerror', 'group', $CFG->wwwroot . '/course/view.php?id=' . $cm->course);
        }
    }
    // Fetch the course context, and prefetch its child contexts
    if (!isset($COURSE->context)) {
        if (!($COURSE->context = get_context_instance(CONTEXT_COURSE, $COURSE->id))) {
            print_error('nocontext');
        }
    }
    if (!empty($cm) && !isset($cm->context)) {
        if (!($cm->context = get_context_instance(CONTEXT_MODULE, $cm->id))) {
            print_error('nocontext');
        }
    }
    if ($COURSE->id == SITEID) {
        /// Eliminate hidden site activities straight away
        if (!empty($cm) && !$cm->visible && !has_capability('moodle/course:viewhiddenactivities', $cm->context)) {
            redirect($CFG->wwwroot, get_string('activityiscurrentlyhidden'));
        }
        user_accesstime_log($COURSE->id);
        /// Access granted, update lastaccess times
        return;
    } else {
        /// Check if the user can be in a particular course
        if (empty($USER->access['rsw'][$COURSE->context->path])) {
            //
            // MDL-13900 - If the course or the parent category are hidden
            // and the user hasn't the 'course:viewhiddencourses' capability, prevent access
            //
            if (!($COURSE->visible && course_parent_visible($COURSE)) && !has_capability('moodle/course:viewhiddencourses', $COURSE->context)) {
                print_header_simple();
                notice(get_string('coursehidden'), $CFG->wwwroot . '/');
            }
        }
        /// Non-guests who don't currently have access, check if they can be allowed in as a guest
        if ($USER->username != 'guest' and !has_capability('moodle/course:view', $COURSE->context)) {
            if ($COURSE->guest == 1) {
                // Temporarily assign them guest role for this context, if it fails later user is asked to enrol
                $USER->access = load_temp_role($COURSE->context, $CFG->guestroleid, $USER->access);
            }
        }
        /// If the user is a guest then treat them according to the course policy about guests
        if (has_capability('moodle/legacy:guest', $COURSE->context, NULL, false)) {
            if (has_capability('moodle/site:doanything', $sysctx)) {
                // administrators must be able to access any course - even if somebody gives them guest access
                user_accesstime_log($COURSE->id);
                /// Access granted, update lastaccess times
                return;
            }
            switch ($COURSE->guest) {
                /// Check course policy about guest access
                case 1:
                    /// Guests always allowed
                    if (!has_capability('moodle/course:view', $COURSE->context)) {
                        // Prohibited by capability
                        print_header_simple();
                        notice(get_string('guestsnotallowed', '', format_string($COURSE->fullname)), "{$CFG->wwwroot}/login/index.php");
                    }
                    if (!empty($cm) and !$cm->visible) {
                        // Not allowed to see module, send to course page
                        redirect($CFG->wwwroot . '/course/view.php?id=' . $cm->course, get_string('activityiscurrentlyhidden'));
                    }
                    user_accesstime_log($COURSE->id);
                    /// Access granted, update lastaccess times
                    return;
                    // User is allowed to see this course
                    break;
                case 2:
                    /// Guests allowed with key
                    if (!empty($USER->enrolkey[$COURSE->id])) {
                        // Set by enrol/manual/enrol.php
                        user_accesstime_log($COURSE->id);
                        /// Access granted, update lastaccess times
                        return true;
                    }
                    //  otherwise drop through to logic below (--> enrol.php)
                    break;
                default:
                    /// Guests not allowed
                    $strloggedinasguest = get_string('loggedinasguest');
                    print_header_simple('', '', build_navigation(array(array('name' => $strloggedinasguest, 'link' => null, 'type' => 'misc'))));
                    if (empty($USER->access['rsw'][$COURSE->context->path])) {
                        // Normal guest
                        notice(get_string('guestsnotallowed', '', format_string($COURSE->fullname)), "{$CFG->wwwroot}/login/index.php");
                    } else {
                        notify(get_string('guestsnotallowed', '', format_string($COURSE->fullname)));
                        echo '<div class="notifyproblem">' . switchroles_form($COURSE->id) . '</div>';
                        print_footer($COURSE);
                        exit;
                    }
                    break;
            }
            /// For non-guests, check if they have course view access
        } else {
            if (has_capability('moodle/course:view', $COURSE->context)) {
                if (!empty($USER->realuser)) {
                    // Make sure the REAL person can also access this course
                    if (!has_capability('moodle/course:view', $COURSE->context, $USER->realuser)) {
                        print_header_simple();
                        notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot . '/');
                    }
                }
                /// Make sure they can read this activity too, if specified
                if (!empty($cm) && !$cm->visible && !has_capability('moodle/course:viewhiddenactivities', $cm->context)) {
                    redirect($CFG->wwwroot . '/course/view.php?id=' . $cm->course, get_string('activityiscurrentlyhidden'));
                }
                user_accesstime_log($COURSE->id);
                /// Access granted, update lastaccess times
                return;
                // User is allowed to see this course
            }
        }
        /// Currently not enrolled in the course, so see if they want to enrol
        $SESSION->wantsurl = $FULLME;
        redirect($CFG->wwwroot . '/course/enrol.php?id=' . $COURSE->id);
        die;
    }
}
 /**
  * Makes security checks for viewing this forum. Will not return if user
  * cannot view it.
  * This function calls Moodle require_login, so should be a complete
  * access check. It should be placed near the top of a page.
  * Note that this function only works for the current user when used in
  * interactive mode (ordinary web page view). It cannot be called in cron,
  * web services, etc.
  *
  * @param int $groupid Group ID user is attempting to view (may also be
  *   ALL_GROUPS or NO_GROUPS or null)
  * @param int $userid User ID or 0 for current; only specify user ID when
  *   there is no current user and normal login process is not required -
  *   do NOT set this to the current user id, always user 0
  * @param int $autologinasguest whether to get the require_login call to
  *   automatically log user in as guest
  */
 function require_view($groupid, $userid = 0, $autologinasguest = false)
 {
     global $CFG;
     $cm = $this->get_course_module();
     $course = $this->get_course();
     $context = $this->get_context();
     if (!$userid) {
         // User must be logged in and able to access the activity. (This
         // call sets up the global course and checks various other access
         // restrictions that apply at course-module level, such as visibility.)
         if (count((array) $course) == 1) {
             require_login($course->id, $autologinasguest, $cm);
         } else {
             require_login($course, $autologinasguest, $cm);
         }
     } else {
         // For non-logged-in user we check basic course permission and
         // a couple of the 'hidden' flags
         require_capability('moodle/course:view', $context, $userid);
         // This check makes 2 DB queries :(
         if (!($course->visible && course_parent_visible($course))) {
             require_capability('moodle/course:viewhiddencourses', $context);
         }
         if (!$cm->visible) {
             require_capability('moodle/course:viewhiddenactivities', $context);
         }
         // Check OU custom restrictions (start/end dates)
         if (class_exists('ouflags')) {
             require_once $CFG->dirroot . '/local/module_access.php';
             define('SKIP_SAMS_CHECK', true);
             require_module_access($cm, $course, $userid);
         }
     }
     // Check they have the forumng view capability (this is there largely
     // so that we can override it to prevent prisoners from accessing)
     require_capability('mod/forumng:view', $context, $userid);
     // Note: There is no other capability just to view the forum front page,
     // so just check group access
     if ($groupid !== self::NO_GROUPS && !$this->can_access_group($groupid, false, $userid)) {
         // We already know they don't have this capability, but it's
         // a logical one to use to give an error message.
         require_capability('moodle/site:accessallgroups', $context, $userid);
     }
 }