/** * Serves the files from the emarking file areas * * @package mod_emarking * @category files * @param stdClass $course * the course object * @param stdClass $cm * the course module object * @param stdClass $context * the emarking's context * @param string $filearea * the name of the file area * @param array $args * extra arguments (itemid, path) * @param bool $forcedownload * whether or not force download * @param array $options * additional options affecting the file serving */ function emarking_pluginfile($course, $cm, $context, $filearea, array $args, $forcedownload, array $options = array()) { global $DB, $CFG, $USER; require_once $CFG->dirroot . '/mod/emarking/locallib.php'; require_once $CFG->dirroot . '/mod/emarking/print/locallib.php'; require_login(); // send_file defaults. $lifetime = null; $filter = 0; $pathisstring = false; $forcedownload = false; $mimetype = ''; $dontdie = false; // end of send_file defaults. $filename = array_pop($args); $itemid = array_pop($args); $contextcategory = context_coursecat::instance($course->category); $contextcourse = context_course::instance($course->id); // Security! We always protect the exams filearea. if ($filearea === 'exams') { send_file_not_found(); } if ($filearea === 'pages') { $parts = explode('-', $filename); if (count($parts) != 3) { send_file_not_found(); } if (!($parts[0] === intval($parts[0]) . "") || !($parts[1] === intval($parts[1]) . "")) { send_file_not_found(); } $subparts = explode('.', $parts[2]); $isanonymous = substr($subparts[0], -strlen('_a')) === '_a'; $imageuser = intval($parts[0]); $usercangrade = has_capability('mod/emarking:grade', $context); $bothenrolled = is_enrolled($contextcourse) && is_enrolled($contextcourse, $imageuser); if ($USER->id != $imageuser && !$usercangrade && !$isanonymous && !is_siteadmin($USER) && !$bothenrolled) { send_file_not_found(); } } if ($filearea === 'response') { $parts = explode('_', $filename); if (count($parts) != 3) { send_file_not_found(); } if (!($parts[0] === "response") || !($parts[1] === intval($parts[1]) . "")) { send_file_not_found(); } $subparts = explode('.', $parts[2]); $studentid = intval($subparts[0]); $emarkingid = intval($parts[1]); if (!($emarking = $DB->get_record('emarking', array('id' => $emarkingid)))) { send_file_not_found(); } if ($studentid != $USER->id && !is_siteadmin($USER) && !has_capability('mod/emarking:supervisegrading', $context)) { send_file_not_found(); } $forcedownload = true; $mimetype = 'application/pdf'; } if ($filearea === 'examstoprint') { if (!has_capability('mod/emarking:downloadexam', $contextcategory)) { // Add to Moodle log so some auditing can be done. \mod_emarking\event\invalidaccessdownload_attempted::create_from_exam($exam, $contextcourse)->trigger(); send_file_not_found(); } $token = required_param('token', PARAM_INT); if ($token > 9999 && $_SESSION[$USER->sesskey . "smstoken"] === $token) { if (!($exam = $DB->get_record('emarking_exams', array('emarking' => $itemid)))) { send_file_not_found(); } $now = new DateTime(); $tokendate = new DateTime(); $tokendate->setTimestamp($_SESSION[$USER->sesskey . "smsdate"]); $diff = $now->diff($tokendate); if ($diff->i > 5 && false) { // Add to Moodle log so some auditing can be done. \mod_emarking\event\invalidtokendownload_attempted::create_from_exam($exam, $contextcourse)->trigger(); send_file_not_found(); } // Everything is fine, now we update the exam status and deliver the file. $exam->status = EMARKING_EXAM_SENT_TO_PRINT; $DB->update_record('emarking_exams', $exam); } else { // Add to Moodle log so some auditing can be done. \mod_emarking\event\invalidtokendownload_attempted::create_from_exam($exam, $contextcourse)->trigger(); send_file_not_found(); } // Notify everyone that the exam was downloaded. emarking_send_examdownloaded_notification($exam, $course, $USER); // Add to Moodle log so some auditing can be done. \mod_emarking\event\exam_downloaded::create_from_exam($exam, $contextcourse)->trigger(); } $fs = get_file_storage(); if (!($file = $fs->get_file($context->id, 'mod_emarking', $filearea, $itemid, '/', $filename))) { echo $context->id . ".." . $filearea . ".." . $itemid . ".." . $filename; echo "File really not found"; send_file_not_found(); } send_file($file, $filename, $lifetime, $filter, $pathisstring, $forcedownload, $mimetype = '', $dontdie); }