/** * Serves the files from the emarking file areas * * @package mod_emarking * @category files * @param stdClass $course * the course object * @param stdClass $cm * the course module object * @param stdClass $context * the emarking's context * @param string $filearea * the name of the file area * @param array $args * extra arguments (itemid, path) * @param bool $forcedownload * whether or not force download * @param array $options * additional options affecting the file serving */ function emarking_pluginfile($course, $cm, $context, $filearea, array $args, $forcedownload, array $options = array()) { global $DB, $CFG, $USER; require_once $CFG->dirroot . '/mod/emarking/locallib.php'; require_once $CFG->dirroot . '/mod/emarking/print/locallib.php'; require_login(); // send_file defaults. $lifetime = null; $filter = 0; $pathisstring = false; $forcedownload = false; $mimetype = ''; $dontdie = false; // end of send_file defaults. $filename = array_pop($args); $itemid = array_pop($args); $contextcategory = context_coursecat::instance($course->category); $contextcourse = context_course::instance($course->id); // Security! We always protect the exams filearea. if ($filearea === 'exams') { send_file_not_found(); } if ($filearea === 'pages') { $parts = explode('-', $filename); if (count($parts) != 3) { send_file_not_found(); } if (!($parts[0] === intval($parts[0]) . "") || !($parts[1] === intval($parts[1]) . "")) { send_file_not_found(); } $subparts = explode('.', $parts[2]); $isanonymous = substr($subparts[0], -strlen('_a')) === '_a'; $imageuser = intval($parts[0]); $usercangrade = has_capability('mod/emarking:grade', $context); $bothenrolled = is_enrolled($contextcourse) && is_enrolled($contextcourse, $imageuser); if ($USER->id != $imageuser && !$usercangrade && !$isanonymous && !is_siteadmin($USER) && !$bothenrolled) { send_file_not_found(); } } if ($filearea === 'response') { $parts = explode('_', $filename); if (count($parts) != 3) { send_file_not_found(); } if (!($parts[0] === "response") || !($parts[1] === intval($parts[1]) . "")) { send_file_not_found(); } $subparts = explode('.', $parts[2]); $studentid = intval($subparts[0]); $emarkingid = intval($parts[1]); if (!($emarking = $DB->get_record('emarking', array('id' => $emarkingid)))) { send_file_not_found(); } if ($studentid != $USER->id && !is_siteadmin($USER) && !has_capability('mod/emarking:supervisegrading', $context)) { send_file_not_found(); } $forcedownload = true; $mimetype = 'application/pdf'; } if ($filearea === 'examstoprint') { if (!has_capability('mod/emarking:downloadexam', $contextcategory)) { // Add to Moodle log so some auditing can be done. \mod_emarking\event\invalidaccessdownload_attempted::create_from_exam($exam, $contextcourse)->trigger(); send_file_not_found(); } $token = required_param('token', PARAM_INT); if ($token > 9999 && $_SESSION[$USER->sesskey . "smstoken"] === $token) { if (!($exam = $DB->get_record('emarking_exams', array('emarking' => $itemid)))) { send_file_not_found(); } $now = new DateTime(); $tokendate = new DateTime(); $tokendate->setTimestamp($_SESSION[$USER->sesskey . "smsdate"]); $diff = $now->diff($tokendate); if ($diff->i > 5 && false) { // Add to Moodle log so some auditing can be done. \mod_emarking\event\invalidtokendownload_attempted::create_from_exam($exam, $contextcourse)->trigger(); send_file_not_found(); } // Everything is fine, now we update the exam status and deliver the file. $exam->status = EMARKING_EXAM_SENT_TO_PRINT; $DB->update_record('emarking_exams', $exam); } else { // Add to Moodle log so some auditing can be done. \mod_emarking\event\invalidtokendownload_attempted::create_from_exam($exam, $contextcourse)->trigger(); send_file_not_found(); } // Notify everyone that the exam was downloaded. emarking_send_examdownloaded_notification($exam, $course, $USER); // Add to Moodle log so some auditing can be done. \mod_emarking\event\exam_downloaded::create_from_exam($exam, $contextcourse)->trigger(); } $fs = get_file_storage(); if (!($file = $fs->get_file($context->id, 'mod_emarking', $filearea, $itemid, '/', $filename))) { echo $context->id . ".." . $filearea . ".." . $itemid . ".." . $filename; echo "File really not found"; send_file_not_found(); } send_file($file, $filename, $lifetime, $filter, $pathisstring, $forcedownload, $mimetype = '', $dontdie); }
$item = array("context" => $contextcourse, "objectid" => $exam->emarking); // Add to Moodle log so some auditing can be done. \mod_emarking\event\invalidaccessdownload_attempted::create($item)->trigger(); echo json_encode(array("error" => get_string("invalidaccess", "mod_emarking"))); die; } // Check the exam status to validate if it is already generated. if ($exam->status < EMARKING_EXAM_PROCESSED) { echo json_encode(array('error' => get_string('error') . core_text::strtolower(' ' . get_string('exam', 'mod_emarking') . ' ' . get_string('examstatusbeingprocessed', 'mod_emarking')))); die; } // If a token was sent and it was not valid, log and die. if ($token > 9999 && $_SESSION[$USER->sesskey . "smstoken"] !== $token) { $item = array("context" => $contextcourse, "objectid" => $exam->emarking); // Add to Moodle log so some auditing can be done. \mod_emarking\event\invalidtokendownload_attempted::create($item)->trigger(); echo $OUTPUT->header(); echo $OUTPUT->notification(get_string("eventinvalidtokengranted", "mod_emarking"), "notifyproblem"); $buttonurl = $incourse ? $courseurl : $coursecategoryurl; echo $OUTPUT->single_button($buttonurl, get_string("back"), "get"); echo $OUTPUT->footer(); die; } // A token was sent to validate download it will have 5 digits, otherwise it should be 0. if ($token > 9999 && $_SESSION[$USER->sesskey . "smstoken"] === $token) { $now = new DateTime(); $tokendate = new DateTime(); $tokendate->setTimestamp($_SESSION[$USER->sesskey . "smsdate"]); $diff = $now->diff($tokendate); if ($diff->i > 5 && false) { echo $OUTPUT->header();