/**
* This function checks that the current user is logged in and has the
* required privileges
*
* This function checks that the current user is logged in, and optionally
* whether they are allowed to be in a particular course and view a particular
* course module.
* If they are not logged in, then it redirects them to the site login unless
* $autologinguest is set and {@link $CFG}->autologinguests is set to 1 in which
* case they are automatically logged in as guests.
* If $courseid is given and the user is not enrolled in that course then the
* user is redirected to the course enrolment page.
* If $cm is given and the coursemodule is hidden and the user is not a teacher
* in the course then the user is redirected to the course home page.
*
* @uses $CFG
* @uses $SESSION
* @uses $USER
* @uses $FULLME
* @uses SITEID
* @uses $COURSE
* @param mixed $courseorid id of the course or course object
* @param bool $autologinguest
* @param object $cm course module object
* @param bool $setwantsurltome Define if we want to set $SESSION->wantsurl, defaults to
* true. Used to avoid (=false) some scripts (file.php...) to set that variable,
* in order to keep redirects working properly. MDL-14495
*/
function require_login($courseorid = 0, $autologinguest = true, $cm = null, $setwantsurltome = true)
{
global $CFG, $SESSION, $USER, $COURSE, $FULLME;
/// setup global $COURSE, themes, language and locale
course_setup($courseorid);
/// If the user is not even logged in yet then make sure they are
if (!isloggedin()) {
//NOTE: $USER->site check was obsoleted by session test cookie,
// $USER->confirmed test is in login/index.php
if ($setwantsurltome) {
$SESSION->wantsurl = $FULLME;
}
if (!empty($_SERVER['HTTP_REFERER'])) {
$SESSION->fromurl = $_SERVER['HTTP_REFERER'];
}
if ($autologinguest and !empty($CFG->guestloginbutton) and !empty($CFG->autologinguests) and ($COURSE->id == SITEID or $COURSE->guest)) {
$loginguest = '?loginguest=true';
} else {
$loginguest = '';
}
if (empty($CFG->loginhttps) or $loginguest) {
//do not require https for guest logins
redirect($CFG->wwwroot . '/login/index.php' . $loginguest);
} else {
$wwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
redirect($wwwroot . '/login/index.php');
}
exit;
}
/// loginas as redirection if needed
if ($COURSE->id != SITEID and !empty($USER->realuser)) {
if ($USER->loginascontext->contextlevel == CONTEXT_COURSE) {
if ($USER->loginascontext->instanceid != $COURSE->id) {
print_error('loginasonecourse', '', $CFG->wwwroot . '/course/view.php?id=' . $USER->loginascontext->instanceid);
}
}
}
/// check whether the user should be changing password (but only if it is REALLY them)
if (get_user_preferences('auth_forcepasswordchange') && empty($USER->realuser)) {
$userauth = get_auth_plugin($USER->auth);
if ($userauth->can_change_password()) {
$SESSION->wantsurl = $FULLME;
if ($changeurl = $userauth->change_password_url()) {
//use plugin custom url
redirect($changeurl);
} else {
//use moodle internal method
if (empty($CFG->loginhttps)) {
redirect($CFG->wwwroot . '/login/change_password.php');
} else {
$wwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
redirect($wwwroot . '/login/change_password.php');
}
}
} else {
print_error('nopasswordchangeforced', 'auth');
}
}
/// Check that the user account is properly set up
if (user_not_fully_set_up($USER)) {
$SESSION->wantsurl = $FULLME;
redirect($CFG->wwwroot . '/user/edit.php?id=' . $USER->id . '&course=' . SITEID);
}
/// Make sure current IP matches the one for this session (if required)
if (!empty($CFG->tracksessionip)) {
if ($USER->sessionIP != md5(getremoteaddr())) {
print_error('sessionipnomatch', 'error');
}
}
/// Make sure the USER has a sesskey set up. Used for checking script parameters.
sesskey();
// Check that the user has agreed to a site policy if there is one
if (!empty($CFG->sitepolicy)) {
if (!$USER->policyagreed) {
$SESSION->wantsurl = $FULLME;
redirect($CFG->wwwroot . '/user/policy.php');
}
}
// Fetch the system context, we are going to use it a lot.
$sysctx = get_context_instance(CONTEXT_SYSTEM);
/// If the site is currently under maintenance, then print a message
if (!has_capability('moodle/site:config', $sysctx)) {
if (file_exists($CFG->dataroot . '/' . SITEID . '/maintenance.html')) {
print_maintenance_message();
exit;
}
}
/// groupmembersonly access control
if (!empty($CFG->enablegroupings) and $cm and $cm->groupmembersonly and !has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_MODULE, $cm->id))) {
if (isguestuser() or !groups_has_membership($cm)) {
print_error('groupmembersonlyerror', 'group', $CFG->wwwroot . '/course/view.php?id=' . $cm->course);
}
}
// Fetch the course context, and prefetch its child contexts
if (!isset($COURSE->context)) {
if (!($COURSE->context = get_context_instance(CONTEXT_COURSE, $COURSE->id))) {
print_error('nocontext');
}
}
if (!empty($cm) && !isset($cm->context)) {
if (!($cm->context = get_context_instance(CONTEXT_MODULE, $cm->id))) {
print_error('nocontext');
}
}
if ($COURSE->id == SITEID) {
/// Eliminate hidden site activities straight away
if (!empty($cm) && !$cm->visible && !has_capability('moodle/course:viewhiddenactivities', $cm->context)) {
redirect($CFG->wwwroot, get_string('activityiscurrentlyhidden'));
}
user_accesstime_log($COURSE->id);
/// Access granted, update lastaccess times
return;
} else {
/// Check if the user can be in a particular course
if (empty($USER->access['rsw'][$COURSE->context->path])) {
//
// MDL-13900 - If the course or the parent category are hidden
// and the user hasn't the 'course:viewhiddencourses' capability, prevent access
//
if (!($COURSE->visible && course_parent_visible($COURSE)) && !has_capability('moodle/course:viewhiddencourses', $COURSE->context)) {
print_header_simple();
notice(get_string('coursehidden'), $CFG->wwwroot . '/');
}
}
/// Non-guests who don't currently have access, check if they can be allowed in as a guest
if ($USER->username != 'guest' and !has_capability('moodle/course:view', $COURSE->context)) {
if ($COURSE->guest == 1) {
// Temporarily assign them guest role for this context, if it fails later user is asked to enrol
$USER->access = load_temp_role($COURSE->context, $CFG->guestroleid, $USER->access);
}
}
/// If the user is a guest then treat them according to the course policy about guests
if (has_capability('moodle/legacy:guest', $COURSE->context, NULL, false)) {
if (has_capability('moodle/site:doanything', $sysctx)) {
// administrators must be able to access any course - even if somebody gives them guest access
user_accesstime_log($COURSE->id);
/// Access granted, update lastaccess times
return;
}
switch ($COURSE->guest) {
/// Check course policy about guest access
case 1:
/// Guests always allowed
if (!has_capability('moodle/course:view', $COURSE->context)) {
// Prohibited by capability
print_header_simple();
notice(get_string('guestsnotallowed', '', format_string($COURSE->fullname)), "{$CFG->wwwroot}/login/index.php");
}
if (!empty($cm) and !$cm->visible) {
// Not allowed to see module, send to course page
redirect($CFG->wwwroot . '/course/view.php?id=' . $cm->course, get_string('activityiscurrentlyhidden'));
}
user_accesstime_log($COURSE->id);
/// Access granted, update lastaccess times
return;
// User is allowed to see this course
break;
case 2:
/// Guests allowed with key
if (!empty($USER->enrolkey[$COURSE->id])) {
// Set by enrol/manual/enrol.php
user_accesstime_log($COURSE->id);
/// Access granted, update lastaccess times
return true;
}
// otherwise drop through to logic below (--> enrol.php)
break;
default:
/// Guests not allowed
$strloggedinasguest = get_string('loggedinasguest');
print_header_simple('', '', build_navigation(array(array('name' => $strloggedinasguest, 'link' => null, 'type' => 'misc'))));
if (empty($USER->access['rsw'][$COURSE->context->path])) {
// Normal guest
notice(get_string('guestsnotallowed', '', format_string($COURSE->fullname)), "{$CFG->wwwroot}/login/index.php");
} else {
notify(get_string('guestsnotallowed', '', format_string($COURSE->fullname)));
echo '<div class="notifyproblem">' . switchroles_form($COURSE->id) . '</div>';
print_footer($COURSE);
exit;
}
break;
}
/// For non-guests, check if they have course view access
} else {
if (has_capability('moodle/course:view', $COURSE->context)) {
if (!empty($USER->realuser)) {
// Make sure the REAL person can also access this course
if (!has_capability('moodle/course:view', $COURSE->context, $USER->realuser)) {
print_header_simple();
notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot . '/');
}
}
/// Make sure they can read this activity too, if specified
if (!empty($cm) && !$cm->visible && !has_capability('moodle/course:viewhiddenactivities', $cm->context)) {
redirect($CFG->wwwroot . '/course/view.php?id=' . $cm->course, get_string('activityiscurrentlyhidden'));
}
user_accesstime_log($COURSE->id);
/// Access granted, update lastaccess times
return;
// User is allowed to see this course
}
}
/// Currently not enrolled in the course, so see if they want to enrol
$SESSION->wantsurl = $FULLME;
redirect($CFG->wwwroot . '/course/enrol.php?id=' . $COURSE->id);
die;
}
}
function print_header($title, $morenavlinks = NULL, $meta = '', $bodytags = '', $extrabuttons = '')
{
global $USER, $CFG;
$this->init_full();
$replacements = array('%fullname%' => $this->courserecord->fullname);
foreach ($replacements as $search => $replace) {
$title = str_replace($search, $replace, $title);
}
$navlinks = array();
if (!empty($morenavlinks)) {
$navlinks = array_merge($navlinks, $morenavlinks);
}
$navigation = build_navigation($navlinks);
// The "Editing On" button will be appearing only in the "main" course screen
// (i.e., no breadcrumbs other than the default one added inside this function)
$buttons = switchroles_form($this->courserecord->id);
if ($this->user_allowed_editing()) {
$buttons .= update_course_icon($this->courserecord->id);
}
$buttons = empty($morenavlinks) ? $buttons : ' ';
// Add any extra buttons requested (by the resource module, for example)
if ($extrabuttons != '') {
$buttons = $buttons == ' ' ? $extrabuttons : $buttons . $extrabuttons;
}
print_header($title, $this->courserecord->fullname, $navigation, '', $meta, true, $buttons, user_login_string($this->courserecord, $USER), false, $bodytags);
}
function print_header($title, $morebreadcrumbs = NULL, $meta = '', $bodytags = '', $extrabuttons = '')
{
global $USER, $CFG;
$this->init_full();
$replacements = array('%fullname%' => $this->courserecord->fullname);
foreach ($replacements as $search => $replace) {
$title = str_replace($search, $replace, $title);
}
if ($this->courserecord->id == SITEID) {
$breadcrumbs = array();
} else {
$breadcrumbs = array($this->courserecord->shortname => $CFG->wwwroot . '/course/view.php?id=' . $this->courserecord->id);
}
if (!empty($morebreadcrumbs)) {
$breadcrumbs = array_merge($breadcrumbs, $morebreadcrumbs);
}
$total = count($breadcrumbs);
$current = 1;
$crumbtext = '';
foreach ($breadcrumbs as $text => $href) {
if ($current++ == $total) {
$crumbtext .= ' ' . $text;
} else {
$crumbtext .= ' <a href="' . $href . '">' . $text . '</a> ->';
}
}
// The "Editing On" button will be appearing only in the "main" course screen
// (i.e., no breadcrumbs other than the default one added inside this function)
$buttons = switchroles_form($this->courserecord->id) . update_course_icon($this->courserecord->id);
$buttons = empty($morebreadcrumbs) ? $buttons : ' ';
// Add any extra buttons requested (by the resource module, for example)
if ($extrabuttons != '') {
$buttons = $buttons == ' ' ? $extrabuttons : $buttons . $extrabuttons;
}
print_header($title, $this->courserecord->fullname, $crumbtext, '', $meta, true, $buttons, user_login_string($this->courserecord, $USER), false, $bodytags);
echo '<div class="accesshide"><a href="#startofcontent">' . get_string('skiptomaincontent') . '</a></div>';
}
function print_header($title, $morenavlinks = NULL, $meta = '', $bodytags = '')
{
global $USER, $CFG;
$this->init_full();
$replacements = array('%fullname%' => $this->courserecord->fullname);
foreach ($replacements as $search => $replace) {
$title = str_replace($search, $replace, $title);
}
$navlinks = array();
if (!empty($morenavlinks)) {
$navlinks = array_merge($navlinks, $morenavlinks);
}
$navigation = build_navigation($navlinks);
// The "Editing On" button will be appearing only in the "main" course screen
// (i.e., no breadcrumbs other than the default one added inside this function)
$buttons = switchroles_form($this->courserecord->id);
if ($this->user_allowed_editing()) {
$buttons .= update_course_icon($this->courserecord->id);
}
$buttons = empty($morenavlinks) ? $buttons : ' ';
print_header($title, $this->courserecord->fullname, $navigation, '', $meta, true, $buttons, user_login_string($this->courserecord, $USER), false, $bodytags);
echo '<div class="accesshide"><a href="#startofcontent">' . get_string('skiptomaincontent') . '</a></div>';
}
"';
}
// Okay, global variable alert. VERY UGLY. We need to create
// this object here before the <blockname>_print_block()
// function is called, since that function needs to set some
// stuff in the javascriptportal object.
$COURSE->javascriptportal = new jsportal();
$useajax = true;
}
}
}
$CFG->blocksdrag = $useajax;
// this will add a new class to the header so we can style differently
// The "Editing On" button will be appearing only in the "main" course screen
// (i.e., no breadcrumbs other than the default one added inside this function)
$buttons = switchroles_form($course->id);
if ($PAGE->user_allowed_editing()) {
$buttons .= update_course_icon($course->id);
}
$title = get_string('course') . ': ' . $course->fullname;
$navigation = build_navigation(array());
print_header($title, $course->fullname, $navigation, '', '', true, $buttons, user_login_string($course, $USER), false, $bodytags);
$completion = new completion_info($course);
if ($completion->is_enabled() && ajaxenabled()) {
require_js(array('yui_yahoo', 'yui_event', 'yui_connection', 'yui_dom'));
// Need to do this after the header because it requires the YUI stuff
// to be loaded already
require_js('course/completion.js');
print_js_config(array('completion_strsaved' => get_string('saved', 'completion'), 'completion_strtitley' => get_string('completion-title-manual-y', 'completion'), 'completion_strtitlen' => get_string('completion-title-manual-n', 'completion'), 'completion_stralty' => get_string('completion-alt-manual-y', 'completion'), 'completion_straltn' => get_string('completion-alt-manual-n', 'completion')));
// This value tracks whether there has been a dynamic change to the page.
// It is used so that if a user does this - (a) set some tickmarks, (b)
/**
* Print out the header and any pre-page content information.
*
*/
function print_header()
{
global $CFG, $PAGE, $USER, $COURSE, $course;
// AJAX-capable course format?
$CFG->useajax = false;
$ajaxformatfile = $CFG->dirroot . '/course/format/' . $course->format . '/ajax.php';
$bodytags = '';
if (file_exists($ajaxformatfile)) {
// Needs to exist otherwise no AJAX by default
$CFG->ajaxcapable = false;
// May be overridden later by ajaxformatfile
$CFG->ajaxtestedbrowsers = array();
// May be overridden later by ajaxformatfile
require_once $ajaxformatfile;
if (!empty($USER->editing) && $CFG->ajaxcapable) {
// Course-based switches
if (ajaxenabled($CFG->ajaxtestedbrowsers)) {
// rowser, user and site-based switches
require_js(array('yui_yahoo', 'yui_dom', 'yui_event', 'yui_dragdrop', 'yui_connection', 'ajaxcourse_blocks', 'ajaxcourse_sections'));
if (debugging('', DEBUG_DEVELOPER)) {
require_js(array('yui_logger'));
$bodytags = 'onload = "javascript:
show_logger = function() {
var logreader = new YAHOO.widget.LogReader();
logreader.newestOnTop = false;
logreader.setTitle(\'Moodle Debug: YUI Log Console\');
};
show_logger();
"';
}
// Okay, global variable alert. VERY UGLY. We need to create
// this object here before the <blockname>_print_block()
// function is called, since that function needs to set some
// stuff in the javascriptportal object.
$COURSE->javascriptportal = new jsportal();
$CFG->useajax = true;
}
}
}
$CFG->blocksdrag = $CFG->useajax;
// this will add a new class to the header so we can style differently
/// *** The only part we are really changing is here....
$breadcrumbs = array($this->course->shortname => $CFG->wwwroot . '/course/view.php?id=' . $this->course->id);
$total = count($breadcrumbs);
$current = 1;
$crumbtext = '';
foreach ($breadcrumbs as $text => $href) {
if ($current++ == $total) {
$crumbtext .= ' ' . $text;
} else {
$crumbtext .= ' <a href="' . $href . '">' . $text . '</a> ->';
}
}
// The "Editing On" button will be appearing only in the "main" course screen
// (i.e., no breadcrumbs other than the default one added inside this function)
$buttons = switchroles_form($this->course->id) . update_course_icon($this->course->id);
$title = get_string('course') . ': ' . $this->course->fullname;
if (empty($this->course->logo)) {
$heading = $this->course->fullname;
} else {
$heading = '<img src="' . $CFG->wwwroot . '/file.php/' . $this->course->id . '/' . $this->course->logo . '" ' . 'alt="' . $this->course->fullname . '" />';
}
print_header($title, $heading, $crumbtext, '', '', true, $buttons, user_login_string($this->course, $USER), false, $bodytags);
echo '<div class="accesshide"><a href="#startofcontent">' . get_string('skiptomaincontent') . '</a></div>';
}