function get_content()
{
global $USER, $CFG, $SESSION;
$wwwroot = '';
$signup = '';
if ($this->content !== NULL) {
return $this->content;
}
if (empty($CFG->loginhttps)) {
$wwwroot = $CFG->wwwroot;
} else {
// This actually is not so secure ;-), 'cause we're
// in unencrypted connection...
$wwwroot = str_replace("http://", "https://", $CFG->wwwroot);
}
if (!empty($CFG->registerauth)) {
$authplugin = get_auth_plugin($CFG->registerauth);
if ($authplugin->can_signup()) {
$signup = $wwwroot . '/login/signup.php';
}
}
// TODO: now that we have multiauth it is hard to find out if there is a way to change password
$forgot = $wwwroot . '/login/forgot_password.php';
if (!empty($CFG->loginpasswordautocomplete)) {
$autocomplete = 'autocomplete="off"';
} else {
$autocomplete = '';
}
$username = get_moodle_cookie();
$this->content = new stdClass();
$this->content->footer = '';
$this->content->text = '';
if (!isloggedin() or isguestuser()) {
// Show the block
if (empty($CFG->authloginviaemail)) {
$strusername = get_string('username');
} else {
$strusername = get_string('usernameemail');
}
$this->content->text .= "\n" . '<form class="loginform" id="login" method="post" action="' . get_login_url() . '" ' . $autocomplete . '>';
$this->content->text .= '<div class="c1 fld username"><label for="login_username">' . $strusername . '</label>';
$this->content->text .= '<input type="text" name="username" id="login_username" value="' . s($username) . '" /></div>';
$this->content->text .= '<div class="c1 fld password"><label for="login_password">' . get_string('password') . '</label>';
$this->content->text .= '<input type="password" name="password" id="login_password" value="" ' . $autocomplete . ' /></div>';
if (isset($CFG->rememberusername) and $CFG->rememberusername == 2) {
$checked = $username ? 'checked="checked"' : '';
$this->content->text .= '<div class="c1 rememberusername"><input type="checkbox" name="rememberusername" id="rememberusername" value="1" ' . $checked . '/>';
$this->content->text .= ' <label for="rememberusername">' . get_string('rememberusername', 'admin') . '</label></div>';
}
$this->content->text .= '<div class="c1 btn"><input type="submit" value="' . get_string('login') . '" /></div>';
$this->content->text .= "</form>\n";
if (!empty($signup)) {
$this->content->footer .= '<div><a href="' . $signup . '">' . get_string('startsignup') . '</a></div>';
}
if (!empty($forgot)) {
$this->content->footer .= '<div><a href="' . $forgot . '">' . get_string('forgotaccount') . '</a></div>';
}
}
return $this->content;
}
function execute($requests)
{
$url = get_login_url();
if ($requests['login_params']) {
if (strrpos($url, '?') !== false) {
$url .= '&';
} else {
$url .= '?';
}
$url .= 'login_params=' . urlencode($requests['login_params']);
}
// リダイレクト
header('Refresh: 3; URL=' . $url);
//---- inc_ テンプレート用 変数 ----//
$this->set('inc_page_header', fetch_inc_page_header('public'));
$msg = '';
switch ($requests['msg_code']) {
case 'login_failed':
$msg = 'ログインに失敗しました。再度、ログイン操作を行ってください。';
break;
case 'logout':
$msg = 'ログアウトしました。';
break;
case 'password_reset_timeout':
$msg = 'パスワード再設定の有効期限が過ぎています。';
break;
case 'change_mailaddress':
$msg = 'メールアドレスが変更されました。';
break;
case 'change_password':
$msg = 'パスワードを変更しました。新しいパスワードで再ログインしてください。';
break;
case 'taikai':
$msg = '退会完了しました。ご利用ありがとうございました。';
break;
case 'invalid_url':
$msg = 'このURLは既に無効になっています。';
break;
case 'regist_mail':
$msg = 'メールアドレスを登録しました。';
break;
case 'login_rejected':
$msg = 'ログインできませんでした。';
break;
}
$this->set('msg', $msg);
$this->set('login_url', $url);
return 'success';
}
function execute($requests)
{
//<PCKTAI
if (OPENPNE_AUTH_MODE == 'slavepne' || !(OPENPNE_REGIST_FROM & OPENPNE_REGIST_FROM_PC)) {
client_redirect_login();
}
//>
//---- inc_ テンプレート用 変数 ----//
$this->set('inc_page_header', fetch_inc_page_header('regist'));
//アフィリエイトタグ用変数
$aftag = str_replace(array('({$ID})', '({$DATETIME})'), array($requests['c_member_id'], date("YmdHis")), AFFILIATE_TAG);
$this->set('aftag', $aftag);
$this->set('login_url', get_login_url());
return 'success';
}
protected function do_save($action)
{
global $user;
if (!$user->is_logged_in()) {
if (VISIBILITY == 'private') {
header('Location: ' . get_login_url($action->page));
} else {
header('Location: ' . get_base_url($action->page));
}
exit;
}
$this->file = new File($this->format_page_name($action->page, true));
if ($_POST['updated'] == $this->file->time) {
$this->file->save($_POST['text']);
} else {
header('Location: ' . $this->get_base_url(str_replace(DOC, '', rtrim($action->page, '/')) . '/edit/'));
exit;
}
header('Location: ' . $this->get_base_url(str_replace(DOC, '', $action->page)));
exit;
}
/**
* Default exception handler, uncaught exceptions are equivalent to error() in 1.9 and earlier
*
* @param Exception $ex
* @return void -does not return. Terminates execution!
*/
function default_exception_handler($ex)
{
global $CFG, $DB, $OUTPUT, $USER, $FULLME, $SESSION, $PAGE;
// detect active db transactions, rollback and log as error
abort_all_db_transactions();
if ($ex instanceof required_capability_exception && !CLI_SCRIPT && !AJAX_SCRIPT && !empty($CFG->autologinguests) && !empty($USER->autologinguest)) {
$SESSION->wantsurl = qualified_me();
redirect(get_login_url());
}
$info = get_exception_info($ex);
if (debugging('', DEBUG_MINIMAL)) {
$logerrmsg = "Default exception handler: " . $info->message . ' Debug: ' . $info->debuginfo . "\n" . format_backtrace($info->backtrace, true);
error_log($logerrmsg);
}
if (is_early_init($info->backtrace)) {
echo bootstrap_renderer::early_error($info->message, $info->moreinfourl, $info->link, $info->backtrace, $info->debuginfo, $info->errorcode);
} else {
try {
if ($DB) {
// If you enable db debugging and exception is thrown, the print footer prints a lot of rubbish
$DB->set_debug(0);
}
echo $OUTPUT->fatal_error($info->message, $info->moreinfourl, $info->link, $info->backtrace, $info->debuginfo);
} catch (Exception $out_ex) {
// default exception handler MUST not throw any exceptions!!
// the problem here is we do not know if page already started or not, we only know that somebody messed up in outputlib or theme
// so we just print at least something instead of "Exception thrown without a stack frame in Unknown on line 0":-(
if (CLI_SCRIPT or AJAX_SCRIPT) {
// just ignore the error and send something back using the safest method
echo bootstrap_renderer::early_error($info->message, $info->moreinfourl, $info->link, $info->backtrace, $info->debuginfo, $info->errorcode);
} else {
echo bootstrap_renderer::early_error_content($info->message, $info->moreinfourl, $info->link, $info->backtrace, $info->debuginfo);
$outinfo = get_exception_info($out_ex);
echo bootstrap_renderer::early_error_content($outinfo->message, $outinfo->moreinfourl, $outinfo->link, $outinfo->backtrace, $outinfo->debuginfo);
}
}
}
exit(1);
// General error code
}
/**
* Outputs an error message for any guests accessing the quiz
*
* @param int $course The course ID
* @param array $quiz Array contingin quiz data
* @param int $cm Course Module ID
* @param int $context The page contect ID
* @param array $messages Array containing any messages
*/
public function view_page_guest($course, $quiz, $cm, $context, $messages) {
$output = '';
$output .= $this->view_information($quiz, $cm, $context, $messages);
$guestno = html_writer::tag('p', get_string('guestsno', 'quiz'));
$liketologin = html_writer::tag('p', get_string('liketologin'));
$output .= $this->confirm($guestno."\n\n".$liketologin."\n", get_login_url(),
get_referer(false));
return $output;
}
/**
* Return the standard string that says whether you are logged in (and switched
* roles/logged in as another user).
* @param bool $withlinks if false, then don't include any links in the HTML produced.
* If not set, the default is the nologinlinks option from the theme config.php file,
* and if that is not set, then links are included.
* @return string HTML fragment.
*/
public function login_info($withlinks = null)
{
global $USER, $CFG, $DB, $SESSION;
if (during_initial_install()) {
return '';
}
if (is_null($withlinks)) {
$withlinks = empty($this->page->layout_options['nologinlinks']);
}
$loginpage = (string) $this->page->url === get_login_url();
$course = $this->page->course;
if (\core\session\manager::is_loggedinas()) {
$realuser = \core\session\manager::get_realuser();
$fullname = fullname($realuser, true);
if ($withlinks) {
$loginastitle = get_string('loginas');
$realuserinfo = " [<a href=\"{$CFG->wwwroot}/course/loginas.php?id={$course->id}&sesskey=" . sesskey() . "\"";
$realuserinfo .= "title =\"" . $loginastitle . "\">{$fullname}</a>] ";
} else {
$realuserinfo = " [{$fullname}] ";
}
} else {
$realuserinfo = '';
}
$loginurl = get_login_url();
if (empty($course->id)) {
// $course->id is not defined during installation
return '';
} else {
if (isloggedin()) {
$context = context_course::instance($course->id);
$fullname = fullname($USER, true);
// Since Moodle 2.0 this link always goes to the public profile page (not the course profile page)
if ($withlinks) {
$linktitle = get_string('viewprofile');
$username = "******"{$CFG->wwwroot}/user/profile.php?id={$USER->id}\" title=\"{$linktitle}\">{$fullname}</a>";
} else {
$username = $fullname;
}
if (is_mnet_remote_user($USER) and $idprovider = $DB->get_record('mnet_host', array('id' => $USER->mnethostid))) {
if ($withlinks) {
$username .= " from <a href=\"{$idprovider->wwwroot}\">{$idprovider->name}</a>";
} else {
$username .= " from {$idprovider->name}";
}
}
if (isguestuser()) {
$loggedinas = $realuserinfo . get_string('loggedinasguest');
if (!$loginpage && $withlinks) {
$loggedinas .= " (<a href=\"{$loginurl}\">" . get_string('login') . '</a>)';
}
} else {
if (is_role_switched($course->id)) {
// Has switched roles
$rolename = '';
if ($role = $DB->get_record('role', array('id' => $USER->access['rsw'][$context->path]))) {
$rolename = ': ' . role_get_name($role, $context);
}
$loggedinas = get_string('loggedinas', 'moodle', $username) . $rolename;
if ($withlinks) {
$url = new moodle_url('/course/switchrole.php', array('id' => $course->id, 'sesskey' => sesskey(), 'switchrole' => 0, 'returnurl' => $this->page->url->out_as_local_url(false)));
$loggedinas .= '(' . html_writer::tag('a', get_string('switchrolereturn'), array('href' => $url)) . ')';
}
} else {
$loggedinas = $realuserinfo . get_string('loggedinas', 'moodle', $username);
if ($withlinks) {
echo "<i class='fa fa-user hide979 mywhite'></i> ";
//****************$loggedinas .= " (<a href=\"$CFG->wwwroot/login/logout.php?sesskey=".sesskey()."\">".get_string('logout').'</a>)';
$loggedinas .= " <span class=\"line-trans\">|</span><a class=\"logtop\" href=\"{$CFG->wwwroot}/login/logout.php?sesskey=" . sesskey() . "\"> " . get_string('logout') . '</a><span class="line-trans"> |</span>';
}
}
}
} else {
$loggedinas = get_string('loggedinnot', 'moodle');
if (!$loginpage && $withlinks) {
//****************$loggedinas $loggedinas .= " (<a href=\"$loginurl\">".get_string('login').'</a>)';
echo "<i class='fa fa-lock hide979 mywhite'></i> ";
$loggedinas .= " | <a href=\"{$loginurl}\">" . get_string('login') . '</a> |';
}
}
}
$loggedinas = '<div class="logininfo">' . $loggedinas . '</div>';
if (isset($SESSION->justloggedin)) {
unset($SESSION->justloggedin);
if (!empty($CFG->displayloginfailures)) {
if (!isguestuser()) {
if ($count = count_login_failures($CFG->displayloginfailures, $USER->username, $USER->lastlogin)) {
$loggedinas .= ' <div class="loginfailures">';
if (empty($count->accounts)) {
$loggedinas .= get_string('failedloginattempts', '', $count);
} else {
$loggedinas .= get_string('failedloginattemptsall', '', $count);
}
if (file_exists("{$CFG->dirroot}/report/log/index.php") and has_capability('report/log:view', context_system::instance())) {
$loggedinas .= ' (<a href="' . $CFG->wwwroot . '/report/log/index.php' . '?chooselog=1&id=1&modid=site_errors">' . get_string('logs') . '</a>)';
}
$loggedinas .= '</div>';
}
}
}
}
return $loggedinas;
}
if (user_has_role_assignment($USER->id,5) ) {
$PAGE->requires->css('/student/custom.css');
}
$userid = optional_param('id', 0, PARAM_INT);
$edit = optional_param('edit', null, PARAM_BOOL); // Turn editing on and off.
$reset = optional_param('reset', null, PARAM_BOOL);
$PAGE->set_url('/user/profile.php', array('id' => $userid));
if (!empty($CFG->forceloginforprofiles)) {
require_login();
if (isguestuser()) {
$PAGE->set_context(context_system::instance());
echo $OUTPUT->header();
echo $OUTPUT->confirm(get_string('guestcantaccessprofiles', 'error'),
get_login_url(),
$CFG->wwwroot);
echo $OUTPUT->footer();
die;
}
} else if (!empty($CFG->forcelogin)) {
require_login();
}
$userid = $userid ? $userid : $USER->id; // Owner of the page.
if ((!$user = $DB->get_record('user', array('id' => $userid))) || ($user->deleted)) {
$PAGE->set_context(context_system::instance());
echo $OUTPUT->header();
if (!$user) {
echo $OUTPUT->notification(get_string('invaliduser', 'error'));
} else {
unset($SESSION->info);
}
if (isset($SESSION->backupprefs)) {
unset($SESSION->backupprefs);
}
if (isset($SESSION->restore)) {
unset($SESSION->restore);
}
if (isset($SESSION->import_preferences)) {
unset($SESSION->import_preferences);
}
}
if (!$to && isset($SESSION->restore->restoreto) && isset($SESSION->restore->importing) && isset($SESSION->restore->course_id)) {
$to = $SESSION->restore->course_id;
}
$loginurl = get_login_url();
if (!empty($id)) {
require_login($id);
if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_COURSE, $id))) {
if (empty($to)) {
print_error("cannotuseadminadminorteacher", '', $loginurl);
} else {
if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_COURSE, $to)) && !has_capability('moodle/site:import', get_context_instance(CONTEXT_COURSE, $to))) {
print_error("cannotuseadminadminorteacher", '', $loginurl);
}
}
}
} else {
if (!has_capability('moodle/site:restore', get_context_instance(CONTEXT_SYSTEM))) {
print_error("cannotuseadmin", '', $loginurl);
}
if (! $cm = get_coursemodule_from_instance('chat', $chat->id, $course->id)) {
print_error('invalidcoursemodule');
}
}
require_course_login($course, true, $cm);
$context = context_module::instance($cm->id);
$PAGE->set_context($context);
// show some info for guests
if (isguestuser()) {
$PAGE->set_title(format_string($chat->name));
echo $OUTPUT->header();
echo $OUTPUT->confirm('<p>'.get_string('noguests', 'chat').'</p>'.get_string('liketologin'),
get_login_url(), $CFG->wwwroot.'/course/view.php?id='.$course->id);
echo $OUTPUT->footer();
exit;
}
add_to_log($course->id, 'chat', 'view', "view.php?id=$cm->id", $chat->id, $cm->id);
$strenterchat = get_string('enterchat', 'chat');
$stridle = get_string('idle', 'chat');
$strcurrentusers = get_string('currentusers', 'chat');
$strnextsession = get_string('nextsession', 'chat');
$courseshortname = format_string($course->shortname, true, array('context' => context_course::instance($course->id)));
$title = $courseshortname . ': ' . format_string($chat->name);
/**
* Outputs the user menu.
* @return custom_menu object
*/
public function custom_menu_user()
{
// Die if executed during install.
if (during_initial_install()) {
return false;
}
global $USER, $CFG, $DB;
$loginurl = get_login_url();
$usermenu = html_writer::start_tag('ul', array('class' => 'nav'));
$usermenu .= html_writer::start_tag('li', array('class' => 'dropdown'));
if (!isloggedin()) {
if ($this->page->pagelayout != 'login') {
$userpic = '<em><i class="fa fa-sign-in"></i>' . get_string('login') . '</em>';
$usermenu .= html_writer::link($loginurl, $userpic, array('class' => 'loginurl'));
}
} else {
if (isguestuser()) {
$userurl = new moodle_url('#');
$userpic = parent::user_picture($USER, array('link' => false));
$caret = '<i class="fa fa-caret-right"></i>';
$userclass = array('class' => 'dropdown-toggle', 'data-toggle' => 'dropdown');
$usermenu .= html_writer::link($userurl, $userpic . get_string('guest') . $caret, $userclass);
// Render direct logout link.
$usermenu .= html_writer::start_tag('ul', array('class' => 'dropdown-menu pull-right'));
$branchlabel = '<em><i class="fa fa-sign-out"></i>' . get_string('logout') . '</em>';
$branchurl = new moodle_url('/login/logout.php');
$branchurl->param('sesskey', sesskey());
$usermenu .= html_writer::tag('li', html_writer::link($branchurl, $branchlabel));
// Render Help Link.
$usermenu .= $this->theme_essential_render_helplink();
$usermenu .= html_writer::end_tag('ul');
} else {
$course = $this->page->course;
$context = context_course::instance($course->id);
// Output Profile link.
$userurl = new moodle_url('#');
$userpic = parent::user_picture($USER, array('link' => false));
$caret = '<i class="fa fa-caret-right"></i>';
$userclass = array('class' => 'dropdown-toggle', 'data-toggle' => 'dropdown');
if (!empty($USER->alternatename)) {
$usermenu .= html_writer::link($userurl, $userpic . $USER->alternatename . $caret, $userclass);
} else {
$usermenu .= html_writer::link($userurl, $userpic . $USER->firstname . $caret, $userclass);
}
// Start dropdown menu items.
$usermenu .= html_writer::start_tag('ul', array('class' => 'dropdown-menu pull-right'));
if (\core\session\manager::is_loggedinas()) {
$realuser = \core\session\manager::get_realuser();
$branchlabel = '<em><i class="fa fa-key"></i>' . fullname($realuser, true) . get_string('loggedinas', 'theme_essential') . fullname($USER, true) . '</em>';
} else {
$branchlabel = '<em><i class="fa fa-user"></i>' . fullname($USER, true) . '</em>';
}
$branchurl = new moodle_url('/user/profile.php', array('id' => $USER->id));
$usermenu .= html_writer::tag('li', html_writer::link($branchurl, $branchlabel));
if (is_mnet_remote_user($USER) && ($idprovider = $DB->get_record('mnet_host', array('id' => $USER->mnethostid)))) {
$branchlabel = '<em><i class="fa fa-users"></i>' . get_string('loggedinfrom', 'theme_essential') . $idprovider->name . '</em>';
$branchurl = new moodle_url($idprovider->wwwroot);
$usermenu .= html_writer::tag('li', html_writer::link($branchurl, $branchlabel));
}
if (is_role_switched($course->id)) {
// Has switched roles.
$branchlabel = '<em><i class="fa fa-users"></i>' . get_string('switchrolereturn') . '</em>';
$branchurl = new moodle_url('/course/switchrole.php', array('id' => $course->id, 'sesskey' => sesskey(), 'switchrole' => 0, 'returnurl' => $this->page->url->out_as_local_url(false)));
$usermenu .= html_writer::tag('li', html_writer::link($branchurl, $branchlabel));
}
// Add preferences submenu.
$usermenu .= $this->theme_essential_render_preferences($context);
$usermenu .= html_writer::empty_tag('hr', array('class' => 'sep'));
// Output Calendar link if user is allowed to edit own calendar entries.
if (has_capability('moodle/calendar:manageownentries', $context)) {
$branchlabel = '<em><i class="fa fa-calendar"></i>' . get_string('pluginname', 'block_calendar_month') . '</em>';
$branchurl = new moodle_url('/calendar/view.php');
$usermenu .= html_writer::tag('li', html_writer::link($branchurl, $branchlabel));
}
// Check if messaging is enabled.
if (!empty($CFG->messaging)) {
$branchlabel = '<em><i class="fa fa-envelope"></i>' . get_string('pluginname', 'block_messages') . '</em>';
$branchurl = new moodle_url('/message/index.php');
$usermenu .= html_writer::tag('li', html_writer::link($branchurl, $branchlabel));
}
// Check if user is allowed to manage files.
if (has_capability('moodle/user:manageownfiles', $context)) {
$branchlabel = '<em><i class="fa fa-file"></i>' . get_string('privatefiles', 'block_private_files') . '</em>';
$branchurl = new moodle_url('/user/files.php');
$usermenu .= html_writer::tag('li', html_writer::link($branchurl, $branchlabel));
}
// Check if user is allowed to view discussions.
if (has_capability('mod/forum:viewdiscussion', $context)) {
$branchlabel = '<em><i class="fa fa-list-alt"></i>' . get_string('forumposts', 'mod_forum') . '</em>';
$branchurl = new moodle_url('/mod/forum/user.php', array('id' => $USER->id));
$usermenu .= html_writer::tag('li', html_writer::link($branchurl, $branchlabel));
$branchlabel = '<em><i class="fa fa-list"></i>' . get_string('discussions', 'mod_forum') . '</em>';
$branchurl = new moodle_url('/mod/forum/user.php', array('id' => $USER->id, 'mode' => 'discussions'));
$usermenu .= html_writer::tag('li', html_writer::link($branchurl, $branchlabel));
$usermenu .= html_writer::empty_tag('hr', array('class' => 'sep'));
}
// Output user grade links course sensitive, workaround for frontpage, selecting first enrolled course.
if ($course->id == SITEID) {
$branchlabel = '<em><i class="fa fa-list-alt"></i>' . get_string('mygrades', 'theme_essential') . '</em>';
$branchurl = new moodle_url('/grade/report/overview/index.php', array('id' => $course->id, 'userid' => $USER->id));
$usermenu .= html_writer::tag('li', html_writer::link($branchurl, $branchlabel));
} else {
if (has_capability('gradereport/overview:view', $context)) {
$branchlabel = '<em><i class="fa fa-list-alt"></i>' . get_string('mygrades', 'theme_essential') . '</em>';
$branchurl = new moodle_url('/grade/report/overview/index.php', array('id' => $course->id, 'userid' => $USER->id));
$usermenu .= html_writer::tag('li', html_writer::link($branchurl, $branchlabel));
}
if (has_capability('gradereport/user:view', $context)) {
// In Course also output Course grade links.
$branchlabel = '<em><i class="fa fa-list-alt"></i>' . get_string('coursegrades', 'theme_essential') . '</em>';
$branchurl = new moodle_url('/grade/report/user/index.php', array('id' => $course->id, 'userid' => $USER->id));
$usermenu .= html_writer::tag('li', html_writer::link($branchurl, $branchlabel));
}
}
// Check if badges are enabled.
if (!empty($CFG->enablebadges) && has_capability('moodle/badges:manageownbadges', $context)) {
$branchlabel = '<em><i class="fa fa-certificate"></i>' . get_string('badges') . '</em>';
$branchurl = new moodle_url('/badges/mybadges.php');
$usermenu .= html_writer::tag('li', html_writer::link($branchurl, $branchlabel));
}
$usermenu .= html_writer::empty_tag('hr', array('class' => 'sep'));
// Render direct logout link.
$branchlabel = '<em><i class="fa fa-sign-out"></i>' . get_string('logout') . '</em>';
if (\core\session\manager::is_loggedinas()) {
$branchurl = new moodle_url('/course/loginas.php', array('id' => $course->id, 'sesskey' => sesskey()));
} else {
$branchurl = new moodle_url('/login/logout.php', array('sesskey' => sesskey()));
}
$usermenu .= html_writer::tag('li', html_writer::link($branchurl, $branchlabel));
// Render Help Link.
$usermenu .= $this->theme_essential_render_helplink();
$usermenu .= html_writer::end_tag('ul');
}
}
$usermenu .= html_writer::end_tag('li');
$usermenu .= html_writer::end_tag('ul');
return $usermenu;
}
/**
* Returns text to be displayed to the user which reflects their login status
*
* @uses $CFG
* @uses $USER
* @param course $course {@link $COURSE} object containing course information
* @param user $user {@link $USER} object containing user information
* @return string
*/
function user_login_string($course = NULL, $user = NULL)
{
global $USER, $CFG, $SITE, $DB;
if (empty($user) and !empty($USER->id)) {
$user = $USER;
}
if (empty($course)) {
$course = $SITE;
}
if (session_is_loggedinas()) {
$realuser = session_get_realuser();
$fullname = fullname($realuser, true);
$realuserinfo = " [<a {$CFG->frametarget}\n href=\"{$CFG->wwwroot}/course/loginas.php?id={$course->id}&return=1&sesskey=" . sesskey() . "\">{$fullname}</a>] ";
} else {
$realuserinfo = '';
}
$loginurl = get_login_url();
if (empty($course->id)) {
// $course->id is not defined during installation
return '';
} else {
if (!empty($user->id)) {
$context = get_context_instance(CONTEXT_COURSE, $course->id);
$fullname = fullname($user, true);
$username = "******"{$CFG->wwwroot}/user/view.php?id={$user->id}&course={$course->id}\">{$fullname}</a>";
if (is_mnet_remote_user($user) and $idprovider = $DB->get_record('mnet_host', array('id' => $user->mnethostid))) {
$username .= " from <a {$CFG->frametarget} href=\"{$idprovider->wwwroot}\">{$idprovider->name}</a>";
}
if (isset($user->username) && $user->username == 'guest') {
$loggedinas = $realuserinfo . get_string('loggedinasguest') . " (<a {$CFG->frametarget} href=\"{$loginurl}\">" . get_string('login') . '</a>)';
} else {
if (!empty($user->access['rsw'][$context->path])) {
$rolename = '';
if ($role = $DB->get_record('role', array('id' => $user->access['rsw'][$context->path]))) {
$rolename = ': ' . format_string($role->name);
}
$loggedinas = get_string('loggedinas', 'moodle', $username) . $rolename . " (<a {$CFG->frametarget}\n href=\"{$CFG->wwwroot}/course/view.php?id={$course->id}&switchrole=0&sesskey=" . sesskey() . "\">" . get_string('switchrolereturn') . '</a>)';
} else {
$loggedinas = $realuserinfo . get_string('loggedinas', 'moodle', $username) . ' ' . " (<a {$CFG->frametarget} href=\"{$CFG->wwwroot}/login/logout.php?sesskey=" . sesskey() . "\">" . get_string('logout') . '</a>)';
}
}
} else {
$loggedinas = get_string('loggedinnot', 'moodle') . " (<a {$CFG->frametarget} href=\"{$loginurl}\">" . get_string('login') . '</a>)';
}
}
return '<div class="logininfo">' . $loggedinas . '</div>';
}
if (!($cm = get_coursemodule_from_instance("quora", $quora->id, $course->id))) {
print_error('invalidcoursemodule');
}
$user = $USER;
require_login($course, false, $cm);
if ($returnpage == 'index.php') {
$returnto = quora_go_back_to($returnpage . '?id=' . $course->id);
} else {
$returnto = quora_go_back_to($returnpage . '?f=' . $quora->id);
}
if (isguestuser()) {
// Guests can't change quora
$PAGE->set_title($course->shortname);
$PAGE->set_heading($course->fullname);
echo $OUTPUT->header();
echo $OUTPUT->confirm(get_string('noguesttracking', 'quora') . '<br /><br />' . get_string('liketologin'), get_login_url(), $returnto);
echo $OUTPUT->footer();
exit;
}
$info = new stdClass();
$info->name = fullname($user);
$info->quora = format_string($quora->name);
if ($mark == 'read') {
if (!empty($d)) {
if (!($discussion = $DB->get_record('quora_discussions', array('id' => $d, 'quora' => $quora->id)))) {
print_error('invaliddiscussionid', 'quora');
}
quora_tp_mark_discussion_read($user, $d);
} else {
// Mark all messages read in current group
$currentgroup = groups_get_activity_group($cm);
$messages = $accessmanager->describe_rules();
if ($quiz->attempts != 1) {
$messages[] = get_string('gradingmethod', 'quiz', quiz_get_grading_option_name($quiz->grademethod));
}
echo $OUTPUT->box_start('quizinfo');
$accessmanager->print_messages($messages);
echo $OUTPUT->box_end();
/// Show number of attempts summary to those who can view reports.
if (has_capability('mod/quiz:viewreports', $context)) {
if ($strattemptnum = quiz_num_attempt_summary($quiz, $cm)) {
echo '<div class="quizattemptcounts"><a href="report.php?mode=overview&id=' . $cm->id . '">' . $strattemptnum . "</a></div>\n";
}
}
/// Guests can't do a quiz, so offer them a choice of logging in or going back.
if (isguestuser()) {
echo $OUTPUT->confirm('<p>' . get_string('guestsno', 'quiz') . "</p>\n\n<p>" . get_string('liketologin') . "</p>\n", get_login_url(), get_referer(false));
echo $OUTPUT->footer();
exit;
}
/// If they are not enrolled in this course in a good enough role, tell them to enrol.
if (!($canattempt || $canpreview || $canreviewmine)) {
echo $OUTPUT->box('<p>' . get_string('youneedtoenrol', 'quiz') . "</p>\n\n<p>" . $OUTPUT->continue_button($CFG->wwwroot . '/course/view.php?id=' . $course->id) . "</p>\n", 'generalbox', 'notice');
echo $OUTPUT->footer();
exit;
}
/// Get this user's attempts.
$attempts = quiz_get_user_attempts($quiz->id, $USER->id);
$lastfinishedattempt = end($attempts);
$unfinished = false;
if ($unfinishedattempt = quiz_get_user_attempt_unfinished($quiz->id, $USER->id)) {
$attempts[] = $unfinishedattempt;
/**
* Processes a user's request to set a new password in the event they forgot the old one.
* If no user identifier has been supplied, it displays a form where they can submit their identifier.
* Where they have supplied identifier, the function will check their status, and send email as appropriate.
*/
function core_login_process_password_reset_request()
{
global $DB, $OUTPUT, $CFG, $PAGE;
$systemcontext = context_system::instance();
$mform = new login_forgot_password_form();
if ($mform->is_cancelled()) {
redirect(get_login_url());
} else {
if ($data = $mform->get_data()) {
// Requesting user has submitted form data.
// Next find the user account in the database which the requesting user claims to own.
if (!empty($data->username)) {
// Username has been specified - load the user record based on that.
$username = core_text::strtolower($data->username);
// Mimic the login page process.
$userparams = array('username' => $username, 'mnethostid' => $CFG->mnet_localhost_id, 'deleted' => 0, 'suspended' => 0);
$user = $DB->get_record('user', $userparams);
} else {
// Try to load the user record based on email address.
// this is tricky because
// 1/ the email is not guaranteed to be unique - TODO: send email with all usernames to select the account for pw reset
// 2/ mailbox may be case sensitive, the email domain is case insensitive - let's pretend it is all case-insensitive.
$select = $DB->sql_like('email', ':email', false, true, false, '|') . " AND mnethostid = :mnethostid AND deleted=0 AND suspended=0";
$params = array('email' => $DB->sql_like_escape($data->email, '|'), 'mnethostid' => $CFG->mnet_localhost_id);
$user = $DB->get_record_select('user', $select, $params, '*', IGNORE_MULTIPLE);
}
// Target user details have now been identified, or we know that there is no such account.
// Send email address to account's email address if appropriate.
$pwresetstatus = PWRESET_STATUS_NOEMAILSENT;
if ($user and !empty($user->confirmed)) {
$userauth = get_auth_plugin($user->auth);
if (!$userauth->can_reset_password() or !is_enabled_auth($user->auth) or !has_capability('moodle/user:changeownpassword', $systemcontext, $user->id)) {
if (send_password_change_info($user)) {
$pwresetstatus = PWRESET_STATUS_OTHEREMAILSENT;
} else {
print_error('cannotmailconfirm');
}
} else {
// The account the requesting user claims to be is entitled to change their password.
// Next, check if they have an existing password reset in progress.
$resetinprogress = $DB->get_record('user_password_resets', array('userid' => $user->id));
if (empty($resetinprogress)) {
// Completely new reset request - common case.
$resetrecord = core_login_generate_password_reset($user);
$sendemail = true;
} else {
if ($resetinprogress->timerequested < time() - $CFG->pwresettime) {
// Preexisting, but expired request - delete old record & create new one.
// Uncommon case - expired requests are cleaned up by cron.
$DB->delete_records('user_password_resets', array('id' => $resetinprogress->id));
$resetrecord = core_login_generate_password_reset($user);
$sendemail = true;
} else {
if (empty($resetinprogress->timererequested)) {
// Preexisting, valid request. This is the first time user has re-requested the reset.
// Re-sending the same email once can actually help in certain circumstances
// eg by reducing the delay caused by greylisting.
$resetinprogress->timererequested = time();
$DB->update_record('user_password_resets', $resetinprogress);
$resetrecord = $resetinprogress;
$sendemail = true;
} else {
// Preexisting, valid request. User has already re-requested email.
$pwresetstatus = PWRESET_STATUS_ALREADYSENT;
$sendemail = false;
}
}
}
if ($sendemail) {
$sendresult = send_password_change_confirmation_email($user, $resetrecord);
if ($sendresult) {
$pwresetstatus = PWRESET_STATUS_TOKENSENT;
} else {
print_error('cannotmailconfirm');
}
}
}
}
// Any email has now been sent.
// Next display results to requesting user if settings permit.
echo $OUTPUT->header();
if (!empty($CFG->protectusernames)) {
// Neither confirm, nor deny existance of any username or email address in database.
// Print general (non-commital) message.
notice(get_string('emailpasswordconfirmmaybesent'), $CFG->wwwroot . '/index.php');
die;
// Never reached.
} else {
if (empty($user)) {
// Protect usernames is off, and we couldn't find the user with details specified.
// Print failure advice.
notice(get_string('emailpasswordconfirmnotsent'), $CFG->wwwroot . '/forgot_password.php');
die;
// Never reached.
} else {
if (empty($user->email)) {
// User doesn't have an email set - can't send a password change confimation email.
notice(get_string('emailpasswordconfirmnoemail'), $CFG->wwwroot . '/index.php');
die;
// Never reached.
} else {
if ($pwresetstatus == PWRESET_STATUS_ALREADYSENT) {
// User found, protectusernames is off, but user has already (re) requested a reset.
// Don't send a 3rd reset email.
$stremailalreadysent = get_string('emailalreadysent');
notice($stremailalreadysent, $CFG->wwwroot . '/index.php');
die;
// Never reached.
} else {
if ($pwresetstatus == PWRESET_STATUS_NOEMAILSENT) {
// User found, protectusernames is off, but user is not confirmed.
// Pretend we sent them an email.
// This is a big usability problem - need to tell users why we didn't send them an email.
// Obfuscate email address to protect privacy.
$protectedemail = preg_replace('/([^@]*)@(.*)/', '******@$2', $user->email);
$stremailpasswordconfirmsent = get_string('emailpasswordconfirmsent', '', $protectedemail);
notice($stremailpasswordconfirmsent, $CFG->wwwroot . '/index.php');
die;
// Never reached.
} else {
// Confirm email sent. (Obfuscate email address to protect privacy).
$protectedemail = preg_replace('/([^@]*)@(.*)/', '******@$2', $user->email);
// This is a small usability problem - may be obfuscating the email address which the user has just supplied.
$stremailresetconfirmsent = get_string('emailresetconfirmsent', '', $protectedemail);
notice($stremailresetconfirmsent, $CFG->wwwroot . '/index.php');
die;
// Never reached.
}
}
}
}
}
die;
// Never reached.
}
}
// Make sure we really are on the https page when https login required.
$PAGE->verify_https_required();
// DISPLAY FORM.
echo $OUTPUT->header();
//echo $OUTPUT->box(get_string('passwordforgotteninstructions2'), 'generalbox boxwidthnormal boxaligncenter'); // GWL - Forgot Pwd page remove header content
echo '<div class="loginbox clearfix onecolumn forgot-password">';
echo '<div class="loginpanel">';
echo get_string('passwordforgotten2');
echo get_string('cantaccessaccount2');
echo get_string('dontpanic2');
$mform->display();
echo '</div>';
echo '</div>';
echo $OUTPUT->footer();
}
}
if (!($course = $DB->get_record('course', array('id' => $forum->course)))) {
print_error('invalidcourseid');
}
if (!($cm = get_coursemodule_from_instance('forum', $forum->id, $course->id))) {
// For the logs
print_error('invalidcoursemodule');
} else {
$modcontext = get_context_instance(CONTEXT_MODULE, $cm->id);
}
$PAGE->set_cm($cm, $course, $forum);
$PAGE->set_context($modcontext);
$PAGE->set_title($course->shortname);
$PAGE->set_heading($course->fullname);
echo $OUTPUT->header();
echo $OUTPUT->confirm(get_string('noguestpost', 'forum') . '<br /><br />' . get_string('liketologin'), get_login_url(), get_referer(false));
echo $OUTPUT->footer();
exit;
}
require_login(0, false);
// Script is useless unless they're logged in
if (!empty($forum)) {
// User is starting a new discussion in a forum
if (!($forum = $DB->get_record("forum", array("id" => $forum)))) {
print_error('invalidforumid', 'forum');
}
if (!($course = $DB->get_record("course", array("id" => $forum->course)))) {
print_error('invalidcourseid');
}
if (!($cm = get_coursemodule_from_instance("forum", $forum->id, $course->id))) {
print_error("invalidcoursemodule");
$ADMIN->add('messageoutputs', new admin_page_managemessageoutputs());
$ADMIN->add('messageoutputs', new admin_page_defaultmessageoutputs());
foreach (core_plugin_manager::instance()->get_plugins_of_type('message') as $plugin) {
/** @var \core\plugininfo\message $plugin */
$plugin->load_settings($ADMIN, 'messageoutputs', $hassiteconfig);
}
// authentication plugins
$ADMIN->add('modules', new admin_category('authsettings', new lang_string('authentication', 'admin')));
$temp = new admin_settingpage('manageauths', new lang_string('authsettings', 'admin'));
$temp->add(new admin_setting_manageauths());
$temp->add(new admin_setting_heading('manageauthscommonheading', new lang_string('commonsettings', 'admin'), ''));
$temp->add(new admin_setting_special_registerauth());
$temp->add(new admin_setting_configcheckbox('authpreventaccountcreation', new lang_string('authpreventaccountcreation', 'admin'), new lang_string('authpreventaccountcreation_help', 'admin'), 0));
$temp->add(new admin_setting_configcheckbox('loginpageautofocus', new lang_string('loginpageautofocus', 'admin'), new lang_string('loginpageautofocus_help', 'admin'), 0));
$temp->add(new admin_setting_configselect('guestloginbutton', new lang_string('guestloginbutton', 'auth'), new lang_string('showguestlogin', 'auth'), '1', array('0' => new lang_string('hide'), '1' => new lang_string('show'))));
$temp->add(new admin_setting_configtext('alternateloginurl', new lang_string('alternateloginurl', 'auth'), new lang_string('alternatelogin', 'auth', htmlspecialchars(get_login_url())), ''));
$temp->add(new admin_setting_configtext('forgottenpasswordurl', new lang_string('forgottenpasswordurl', 'auth'), new lang_string('forgottenpassword', 'auth'), ''));
$temp->add(new admin_setting_confightmleditor('auth_instructions', new lang_string('instructions', 'auth'), new lang_string('authinstructions', 'auth'), ''));
$temp->add(new admin_setting_configtext('allowemailaddresses', new lang_string('allowemailaddresses', 'admin'), new lang_string('configallowemailaddresses', 'admin'), '', PARAM_NOTAGS));
$temp->add(new admin_setting_configtext('denyemailaddresses', new lang_string('denyemailaddresses', 'admin'), new lang_string('configdenyemailaddresses', 'admin'), '', PARAM_NOTAGS));
$temp->add(new admin_setting_configcheckbox('verifychangedemail', new lang_string('verifychangedemail', 'admin'), new lang_string('configverifychangedemail', 'admin'), 1));
$temp->add(new admin_setting_configtext('recaptchapublickey', new lang_string('recaptchapublickey', 'admin'), new lang_string('configrecaptchapublickey', 'admin'), '', PARAM_NOTAGS));
$temp->add(new admin_setting_configtext('recaptchaprivatekey', new lang_string('recaptchaprivatekey', 'admin'), new lang_string('configrecaptchaprivatekey', 'admin'), '', PARAM_NOTAGS));
$ADMIN->add('authsettings', $temp);
$temp = new admin_externalpage('authtestsettings', get_string('testsettings', 'core_auth'), new moodle_url("/auth/test_settings.php"), 'moodle/site:config', true);
$ADMIN->add('authsettings', $temp);
foreach (core_plugin_manager::instance()->get_plugins_of_type('auth') as $plugin) {
/** @var \core\plugininfo\auth $plugin */
$plugin->load_settings($ADMIN, 'authsettings', $hassiteconfig);
}
// Enrolment plugins
}
// Check if user already enrolled
if (is_enrolled($context, $USER, '', true)) {
if (!empty($SESSION->wantsurl)) {
$destination = $SESSION->wantsurl;
unset($SESSION->wantsurl);
} else {
$destination = "{$CFG->wwwroot}/course/view.php?id={$course->id}";
}
redirect($destination);
// Bye!
}
$PAGE->set_title($course->shortname);
$PAGE->set_heading($course->fullname);
$PAGE->navbar->add(get_string('enrolmentoptions', 'enrol'));
echo $OUTPUT->header();
echo $OUTPUT->heading(get_string('enrolmentoptions', 'enrol'));
$courserenderer = $PAGE->get_renderer('core', 'course');
echo $courserenderer->course_info_box($course);
//TODO: find if future enrolments present and display some info
foreach ($forms as $form) {
echo $form;
}
if (!$forms) {
if (isguestuser()) {
notice(get_string('noguestaccess', 'enrol'), get_login_url());
} else {
notice(get_string('notenrollable', 'enrol'), "{$CFG->wwwroot}/index.php");
}
}
echo $OUTPUT->footer();
$ADMIN->add('messageoutputs', $settings);
}
}
}
// authentication plugins
$ADMIN->add('modules', new admin_category('authsettings', get_string('authentication', 'admin')));
$temp = new admin_settingpage('manageauths', get_string('authsettings', 'admin'));
$temp->add(new admin_setting_manageauths());
$temp->add(new admin_setting_heading('manageauthscommonheading', get_string('commonsettings', 'admin'), ''));
$temp->add(new admin_setting_special_registerauth());
$temp->add(new admin_setting_configselect('guestloginbutton', get_string('guestloginbutton', 'auth'),
get_string('showguestlogin', 'auth'), '1', array('0'=>get_string('hide'), '1'=>get_string('show'))));
$temp->add(new admin_setting_configtext('alternateloginurl', get_string('alternateloginurl', 'auth'),
get_string('alternatelogin', 'auth', htmlspecialchars(get_login_url())), ''));
$temp->add(new admin_setting_configtext('forgottenpasswordurl', get_string('forgottenpasswordurl', 'auth'),
get_string('forgottenpassword', 'auth'), ''));
$temp->add(new admin_setting_confightmleditor('auth_instructions', get_string('instructions', 'auth'),
get_string('authinstructions', 'auth'), ''));
$temp->add(new admin_setting_configtext('allowemailaddresses', get_string('allowemailaddresses', 'admin'), get_string('configallowemailaddresses', 'admin'), '', PARAM_NOTAGS));
$temp->add(new admin_setting_configtext('denyemailaddresses', get_string('denyemailaddresses', 'admin'), get_string('configdenyemailaddresses', 'admin'), '', PARAM_NOTAGS));
$temp->add(new admin_setting_configcheckbox('verifychangedemail', get_string('verifychangedemail', 'admin'), get_string('configverifychangedemail', 'admin'), 1));
$temp->add(new admin_setting_configtext('recaptchapublickey', get_string('recaptchapublickey', 'admin'), get_string('configrecaptchapublickey', 'admin'), '', PARAM_NOTAGS));
$temp->add(new admin_setting_configtext('recaptchaprivatekey', get_string('recaptchaprivatekey', 'admin'), get_string('configrecaptchaprivatekey', 'admin'), '', PARAM_NOTAGS));
$ADMIN->add('authsettings', $temp);
$auths = get_plugin_list('auth');
$authsenabled = get_enabled_auth_plugins();
/**
* Performs the common access checks and page setup for all
* user preference pages.
*
* @param int $userid The user id to edit taken from the page params.
* @param int $courseid The optional course id if we came from a course context.
* @return array containing the user and course records.
*/
function useredit_setup_preference_page($userid, $courseid)
{
global $PAGE, $SESSION, $DB, $CFG, $OUTPUT, $USER;
// Guest can not edit.
if (isguestuser()) {
print_error('guestnoeditprofile');
}
if (!($course = $DB->get_record('course', array('id' => $courseid)))) {
print_error('invalidcourseid');
}
if ($course->id != SITEID) {
require_login($course);
} else {
if (!isloggedin()) {
if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = $CFG->httpswwwroot . '/user/preferences.php';
}
redirect(get_login_url());
} else {
$PAGE->set_context(context_system::instance());
}
}
// The user profile we are editing.
if (!($user = $DB->get_record('user', array('id' => $userid)))) {
print_error('invaliduserid');
}
// Guest can not be edited.
if (isguestuser($user)) {
print_error('guestnoeditprofile');
}
// Remote users cannot be edited.
if (is_mnet_remote_user($user)) {
if (user_not_fully_set_up($user, false)) {
$hostwwwroot = $DB->get_field('mnet_host', 'wwwroot', array('id' => $user->mnethostid));
print_error('usernotfullysetup', 'mnet', '', $hostwwwroot);
}
redirect($CFG->wwwroot . "/user/view.php?course={$course->id}");
}
$systemcontext = context_system::instance();
$personalcontext = context_user::instance($user->id);
// Check access control.
if ($user->id == $USER->id) {
// Editing own profile - require_login() MUST NOT be used here, it would result in infinite loop!
if (!has_capability('moodle/user:editownprofile', $systemcontext)) {
print_error('cannotedityourprofile');
}
} else {
// Teachers, parents, etc.
require_capability('moodle/user:editprofile', $personalcontext);
// No editing of primary admin!
if (is_siteadmin($user) and !is_siteadmin($USER)) {
// Only admins may edit other admins.
print_error('useradmineditadmin');
}
}
if ($user->deleted) {
echo $OUTPUT->header();
echo $OUTPUT->heading(get_string('userdeleted'));
echo $OUTPUT->footer();
die;
}
$PAGE->set_pagelayout('admin');
$PAGE->set_context($personalcontext);
if ($USER->id != $user->id) {
$PAGE->navigation->extend_for_user($user);
} else {
if ($node = $PAGE->navigation->find('myprofile', navigation_node::TYPE_ROOTNODE)) {
$node->force_open();
}
}
return array($user, $course);
}
echo $OUTPUT->header();
echo $OUTPUT->confirm(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
echo $OUTPUT->footer();
exit;
} elseif (intval($days2expire) < 0) {
echo $OUTPUT->header();
echo $OUTPUT->confirm(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
echo $OUTPUT->footer();
exit;
}
}
// Discard any errors before the last redirect.
unset($SESSION->loginerrormsg);
// test the session actually works by redirecting to self
$SESSION->wantsurl = $urltogo;
redirect(new moodle_url(get_login_url(), array('testsession' => $USER->id)));
} else {
if (empty($errormsg)) {
if ($errorcode == AUTH_LOGIN_UNAUTHORISED) {
$errormsg = get_string("unauthorisedlogin", "", $frm->username);
} else {
$errormsg = get_string("invalidlogin");
$errorcode = 3;
}
}
}
}
/// Detect problems with timedout sessions
if ($session_has_timed_out and !data_submitted()) {
$errormsg = get_string('sessionerroruser', 'error');
$errorcode = 4;
<?php
// $Id: index.php,v 1.28 2009/05/06 09:29:06 tjhunt Exp $
// this is the 'my moodle' page
require_once dirname(__FILE__) . '/../config.php';
require_once $CFG->dirroot . '/course/lib.php';
require_login();
$strmymoodle = get_string('mymoodle', 'my');
if (isguest()) {
print_header($strmymoodle);
notice_yesno(get_string('noguest', 'my') . '<br /><br />' . get_string('liketologin'), get_login_url(), $CFG->wwwroot);
print_footer();
die;
}
$edit = optional_param('edit', -1, PARAM_BOOL);
$blockaction = optional_param('blockaction', '', PARAM_ALPHA);
$PAGE->set_context(get_context_instance(CONTEXT_USER, $USER->id));
$PAGE->set_url('my/index.php');
$PAGE->set_blocks_editing_capability('moodle/my:manageblocks');
// Note: MDL-19010 there will be further changes to printing header and blocks.
// The code will be much nicer than this eventually.
$pageblocks = blocks_setup($PAGE, BLOCKS_PINNED_BOTH);
if ($edit != -1 and $PAGE->user_allowed_editing()) {
$USER->editing = $edit;
}
$button = update_mymoodle_icon($USER->id);
$header = $SITE->shortname . ': ' . $strmymoodle;
$navigation = build_navigation($strmymoodle);
$loggedinas = user_login_string();
if (empty($CFG->langmenu)) {
$langmenu = '';
}
}
if ((!$current or $choice->allowupdate) and $choiceopen and is_enrolled($context, NULL, 'mod/choice:choose')) {
// They haven't made their choice yet or updates allowed and choice is open
$options = choice_prepare_options($choice, $USER, $cm, $allresponses);
$renderer = $PAGE->get_renderer('mod_choice');
echo $renderer->display_options($options, $cm->id, $choice->display, $choice->allowmultiple);
$choiceformshown = true;
} else {
$choiceformshown = false;
}
if (!$choiceformshown) {
$sitecontext = context_system::instance();
if (isguestuser()) {
// Guest account
echo $OUTPUT->confirm(get_string('noguestchoose', 'choice') . '<br /><br />' . get_string('liketologin'), get_login_url(), new moodle_url('/course/view.php', array('id' => $course->id)));
} else {
if (!is_enrolled($context)) {
// Only people enrolled can make a choice
$SESSION->wantsurl = qualified_me();
$SESSION->enrolcancel = get_local_referer(false);
$coursecontext = context_course::instance($course->id);
$courseshortname = format_string($course->shortname, true, array('context' => $coursecontext));
echo $OUTPUT->box_start('generalbox', 'notice');
echo '<p align="center">' . get_string('notenrolledchoose', 'choice') . '</p>';
echo $OUTPUT->container_start('continuebutton');
echo $OUTPUT->single_button(new moodle_url('/enrol/index.php?', array('id' => $course->id)), get_string('enrolme', 'core_enrol', $courseshortname));
echo $OUTPUT->container_end();
echo $OUTPUT->box_end();
}
}
/**
* Initialize internal states for the most common skin displays.
*
* For more specific skins, this function may not be called and
* equivalent code may be customized within the skin.
*
* @param string What are we going to display. Most of the time the global $disp should be passed.
*/
function skin_init($disp)
{
/**
* @var Blog
*/
global $Blog;
/**
* @var Item
*/
global $Item;
/**
* @var Skin
*/
global $Skin;
global $robots_index;
global $seo_page_type;
global $redir, $ReqURL, $ReqURI, $m, $w, $preview;
global $Chapter;
global $Debuglog;
/**
* @var ItemList2
*/
global $MainList;
/**
* This will give more detail when $disp == 'posts'; otherwise it will have the same content as $disp
* @var string
*/
global $disp_detail, $Settings;
global $Timer;
global $Messages, $PageCache;
global $Session, $current_User;
$Timer->resume('skin_init');
if (empty($disp_detail)) {
$disp_detail = $disp;
}
$Debuglog->add('skin_init: $disp=' . $disp, 'skins');
// This is the main template; it may be used to display very different things.
// Do inits depending on current $disp:
switch ($disp) {
case 'front':
case 'posts':
case 'single':
case 'page':
case 'terms':
case 'download':
case 'feedback-popup':
// We need to load posts for this display:
if ($disp == 'terms') {
// Initialize the redirect param to know what page redirect after accepting of terms:
param('redirect_to', 'url', '');
}
// Note: even if we request the same post as $Item above, the following will do more restrictions (dates, etc.)
// Init the MainList object:
init_MainList($Blog->get_setting('posts_per_page'));
// Init post navigation
$post_navigation = $Skin->get_post_navigation();
if (empty($post_navigation)) {
$post_navigation = $Blog->get_setting('post_navigation');
}
if (!empty($MainList) && $MainList->single_post && ($single_Item =& mainlist_get_item())) {
// If we are currently viewing a single post
// We assume the current user will have read the entire post and all its current comments:
$single_Item->update_read_timestamps(true, true);
// Restart the items list:
$MainList->restart();
}
break;
case 'search':
// Searching post, comments and categories
load_funcs('collections/_search.funcs.php');
// Check previous search keywords so it can be displayed in the search input box
param('s', 'string', '', true);
break;
}
// SEO stuff & redirects if necessary:
$seo_page_type = NULL;
switch ($disp) {
// CONTENT PAGES:
case 'single':
case 'page':
case 'terms':
if ($disp == 'terms' && !$Item) {
// Wrong post ID for terms page:
global $disp;
$disp = '404';
$Messages->add(sprintf(T_('Terms not found. (post ID #%s)'), get_param('p')), 'error');
break;
}
if (!$preview && empty($Item)) {
// No Item, incorrect request and incorrect state of the application, a 404 redirect should have already happened
//debug_die( 'Invalid page URL!' );
}
if ($disp == 'single') {
$seo_page_type = 'Single post page';
} else {
$seo_page_type = '"Page" page';
}
if (!$preview) {
// Check if item has a goal to insert a hit into DB
$Item->check_goal();
}
// Check if the post has 'redirected' status:
if (!$preview && $Item->status == 'redirected' && $redir == 'yes') {
// $redir=no here allows to force a 'single post' URL for commenting
// Redirect to the URL specified in the post:
$Debuglog->add('Redirecting to post URL [' . $Item->url . '].');
header_redirect($Item->url, true, true);
}
// Check if we want to redirect to a canonical URL for the post
// Please document encountered problems.
if (!$preview && ($Blog->get_setting('canonical_item_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_item_urls'))) {
// We want to redirect to the Item's canonical URL:
$canonical_url = $Item->get_permanent_url('', '', '&');
if (preg_match('|[&?](page=\\d+)|', $ReqURI, $page_param)) {
// A certain post page has been requested, keep only this param and discard all others:
$canonical_url = url_add_param($canonical_url, $page_param[1], '&');
}
if (preg_match('|[&?](mode=quote&[qcp]+=\\d+)|', $ReqURI, $page_param)) {
// A quote of comment/post, keep only these params and discard all others:
$canonical_url = url_add_param($canonical_url, $page_param[1], '&');
}
if (!is_same_url($ReqURL, $canonical_url)) {
// The requested URL does not look like the canonical URL for this post...
// url difference was resolved
$url_resolved = false;
// Check if the difference is because of an allowed post navigation param
if (preg_match('|[&?]cat=(\\d+)|', $ReqURI, $cat_param)) {
// A category post navigation param is set
$extended_url = '';
if ($post_navigation == 'same_category' && isset($cat_param[1])) {
// navigatie through posts from the same category
$category_ids = postcats_get_byID($Item->ID);
if (in_array($cat_param[1], $category_ids)) {
// cat param is one of this Item categories
$extended_url = $Item->add_navigation_param($canonical_url, $post_navigation, $cat_param[1], '&');
// Set MainList navigation target to the requested category
$MainList->nav_target = $cat_param[1];
}
}
$url_resolved = is_same_url($ReqURL, $extended_url);
}
if (preg_match('|[&?]tag=([^&A-Z]+)|', $ReqURI, $tag_param)) {
// A tag post navigation param is set
$extended_url = '';
if ($post_navigation == 'same_tag' && isset($tag_param[1])) {
// navigatie through posts from the same tag
$tag_names = $Item->get_tags();
if (in_array($tag_param[1], $tag_names)) {
// tag param is one of this Item tags
$extended_url = $Item->add_navigation_param($canonical_url, $post_navigation, $tag_param[1], '&');
// Set MainList navigation target to the requested tag
$MainList->nav_target = $tag_param[1];
}
}
$url_resolved = is_same_url($ReqURL, $extended_url);
}
if (!$url_resolved && $Blog->get_setting('canonical_item_urls') && $redir == 'yes' && !$Item->check_cross_post_nav('auto', $Blog->ID)) {
// REDIRECT TO THE CANONICAL URL:
$Debuglog->add('Redirecting to canonical URL [' . $canonical_url . '].');
header_redirect($canonical_url, true);
} else {
// Use rel="canoncial":
add_headline('<link rel="canonical" href="' . $canonical_url . '" />');
}
// EXITED.
}
}
if (!$MainList->result_num_rows) {
// There is nothing to display for this page, don't index it!
$robots_index = false;
}
break;
case 'download':
if (empty($Item)) {
// No Item, incorrect request and incorrect state of the application, a 404 redirect should have already happened
debug_die('Invalid page URL!');
}
$download_link_ID = param('download', 'integer', 0);
// Check if we can allow to download the selected file
$LinkCache =& get_LinkCache();
if (!(($download_Link =& $LinkCache->get_by_ID($download_link_ID, false, false)) && ($LinkItem =& $download_Link->get_LinkOwner()) && ($LinkItem->Item && $LinkItem->Item->ID == $Item->ID) && ($download_File =& $download_Link->get_File()) && $download_File->exists())) {
// Bad request, Redirect to Item permanent url
$Messages->add(T_('The requested file is not available for download.'), 'error');
$canonical_url = $Item->get_permanent_url('', '', '&');
$Debuglog->add('Redirecting to canonical URL [' . $canonical_url . '].');
header_redirect($canonical_url, true);
}
// Save the downloading Link to the global vars
$GLOBALS['download_Link'] =& $download_Link;
// Save global $Item to $download_Item, because $Item can be rewritten by function get_featured_Item() in some skins
$GLOBALS['download_Item'] =& $Item;
init_ajax_forms('blog');
// auto requires jQuery
// Initialize JavaScript to download file after X seconds
add_js_headline('
jQuery( document ).ready( function ()
{
jQuery( "#download_timer_js" ).show();
} );
var b2evo_download_timer = ' . intval($Blog->get_setting('download_delay')) . ';
var downloadInterval = setInterval( function()
{
jQuery( "#download_timer" ).html( b2evo_download_timer );
if( b2evo_download_timer == 0 )
{ // Stop timer and download a file
clearInterval( downloadInterval );
jQuery( "#download_help_url" ).show();
}
b2evo_download_timer--;
}, 1000 );');
// Use meta tag to download file when JavaScript is NOT enabled
add_headline('<meta http-equiv="refresh" content="' . intval($Blog->get_setting('download_delay')) . '; url=' . $download_Link->get_download_url(array('type' => 'action')) . '" />');
$seo_page_type = 'Download page';
if ($Blog->get_setting($disp . '_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
case 'posts':
init_ajax_forms('blog');
// auto requires jQuery
// fp> if we add this here, we have to exetnd the inner if()
// init_ratings_js( 'blog' );
// Get list of active filters:
$active_filters = $MainList->get_active_filters();
if (!empty($active_filters)) {
// The current page is being filtered...
if (array_diff($active_filters, array('page')) == array()) {
// This is just a follow "paged" page
$disp_detail = 'posts-next';
$seo_page_type = 'Next page';
if ($Blog->get_setting('paged_noindex')) {
// We prefer robots not to index category pages:
$robots_index = false;
}
} elseif (array_diff($active_filters, array('cat_array', 'cat_modifier', 'cat_focus', 'posts', 'page')) == array()) {
// This is a category page
$disp_detail = 'posts-cat';
$seo_page_type = 'Category page';
if ($Blog->get_setting('chapter_noindex')) {
// We prefer robots not to index category pages:
$robots_index = false;
}
global $cat, $catsel;
if (empty($catsel) && preg_match('~^[0-9]+$~', $cat)) {
// We are on a single cat page:
// NOTE: we must have selected EXACTLY ONE CATEGORY through the cat parameter
// BUT: - this can resolve to including children
// - selecting exactly one cat through catsel[] is NOT OK since not equivalent (will exclude children)
// echo 'SINGLE CAT PAGE';
if ($Blog->get_setting('canonical_cat_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_cat_urls')) {
// Check if the URL was canonical:
if (!isset($Chapter)) {
$ChapterCache =& get_ChapterCache();
/**
* @var Chapter
*/
$Chapter =& $ChapterCache->get_by_ID($MainList->filters['cat_array'][0], false);
}
if ($Chapter) {
if ($Chapter->parent_ID) {
// This is a sub-category page (i-e: not a level 1 category)
$disp_detail = 'posts-subcat';
}
$canonical_url = $Chapter->get_permanent_url(NULL, NULL, $MainList->get_active_filter('page'), NULL, '&');
if (!is_same_url($ReqURL, $canonical_url)) {
// fp> TODO: we're going to lose the additional params, it would be better to keep them...
// fp> what additional params actually?
if ($Blog->get_setting('canonical_cat_urls') && $redir == 'yes') {
// REDIRECT TO THE CANONICAL URL:
header_redirect($canonical_url, true);
} else {
// Use rel="canonical":
add_headline('<link rel="canonical" href="' . $canonical_url . '" />');
}
}
} else {
// If the requested chapter was not found display 404 page
$Messages->add(T_('The requested chapter was not found'));
global $disp;
$disp = '404';
break;
}
}
if ($post_navigation == 'same_category') {
// Category is set and post navigation should go through the same category, set navigation target param
$MainList->nav_target = $cat;
}
}
} elseif (array_diff($active_filters, array('tags', 'posts', 'page')) == array()) {
// This is a tag page
$disp_detail = 'posts-tag';
$seo_page_type = 'Tag page';
if ($Blog->get_setting('tag_noindex')) {
// We prefer robots not to index tag pages:
$robots_index = false;
}
if ($Blog->get_setting('canonical_tag_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_tag_urls')) {
// Check if the URL was canonical:
$canonical_url = $Blog->gen_tag_url($MainList->get_active_filter('tags'), $MainList->get_active_filter('page'), '&');
if (!is_same_url($ReqURL, $canonical_url)) {
if ($Blog->get_setting('canonical_tag_urls') && $redir == 'yes') {
// REDIRECT TO THE CANONICAL URL:
header_redirect($canonical_url, true);
} else {
// Use rel="canoncial":
add_headline('<link rel="canonical" href="' . $canonical_url . '" />');
}
}
}
$tag = $MainList->get_active_filter('tags');
if ($post_navigation == 'same_tag' && !empty($tag)) {
// Tag is set and post navigation should go through the same tag, set navigation target param
$MainList->nav_target = $tag;
}
} elseif (array_diff($active_filters, array('ymdhms', 'week', 'posts', 'page')) == array()) {
// This is an archive page
// echo 'archive page';
$disp_detail = 'posts-date';
$seo_page_type = 'Date archive page';
if ($Blog->get_setting('canonical_archive_urls') && $redir == 'yes' || $Blog->get_setting('relcanonical_archive_urls')) {
// Check if the URL was canonical:
$canonical_url = $Blog->gen_archive_url(substr($m, 0, 4), substr($m, 4, 2), substr($m, 6, 2), $w, '&', $MainList->get_active_filter('page'));
if (!is_same_url($ReqURL, $canonical_url)) {
if ($Blog->get_setting('canonical_archive_urls') && $redir == 'yes') {
// REDIRECT TO THE CANONICAL URL:
header_redirect($canonical_url, true);
} else {
// Use rel="canoncial":
add_headline('<link rel="canonical" href="' . $canonical_url . '" />');
}
}
}
if ($Blog->get_setting('archive_noindex')) {
// We prefer robots not to index archive pages:
$robots_index = false;
}
} else {
// Other filtered pages:
// pre_dump( $active_filters );
$disp_detail = 'posts-filtered';
$seo_page_type = 'Other filtered page';
if ($Blog->get_setting('filtered_noindex')) {
// We prefer robots not to index other filtered pages:
$robots_index = false;
}
}
} elseif ($Blog->get_setting('front_disp') == 'posts') {
// This is the default blog page only if the 'front_disp' is set to 'posts'
$disp_detail = 'posts-default';
$seo_page_type = 'Default page';
if ($Blog->get_setting('default_noindex')) {
// We prefer robots not to index archive pages:
$robots_index = false;
}
}
break;
case 'search':
$seo_page_type = 'Search page';
if ($Blog->get_setting('filtered_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
// SPECIAL FEATURE PAGES:
// SPECIAL FEATURE PAGES:
case 'feedback-popup':
$seo_page_type = 'Comment popup';
if ($Blog->get_setting($disp . '_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
case 'arcdir':
$seo_page_type = 'Date archive directory';
if ($Blog->get_setting($disp . '_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
case 'catdir':
$seo_page_type = 'Category directory';
if ($Blog->get_setting($disp . '_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
case 'msgform':
global $disp;
// get expected message form type
$msg_type = param('msg_type', 'string', '');
// initialize
$recipient_User = NULL;
$Comment = NULL;
$allow_msgform = NULL;
// get possible params
$recipient_id = param('recipient_id', 'integer', 0, true);
$comment_id = param('comment_id', 'integer', 0, true);
$post_id = param('post_id', 'integer', 0, true);
$subject = param('subject', 'string', '');
// try to init recipient_User
if (!empty($recipient_id)) {
$UserCache =& get_UserCache();
$recipient_User =& $UserCache->get_by_ID($recipient_id);
} elseif (!empty($comment_id)) {
// comment id is set, try to get comment author user
$CommentCache =& get_CommentCache();
$Comment = $CommentCache->get_by_ID($comment_id, false);
if ($Comment = $CommentCache->get_by_ID($comment_id, false)) {
$recipient_User =& $Comment->get_author_User();
if (empty($recipient_User) && $Comment->allow_msgform && is_email($Comment->get_author_email())) {
// set allow message form to email because comment author (not registered) accepts email
$allow_msgform = 'email';
param('recipient_address', 'string', $Comment->get_author_email());
param('recipient_name', 'string', $Comment->get_author_name());
}
}
} else {
// Recipient was not defined, try set the blog owner as recipient
global $Blog;
if (empty($Blog)) {
// Blog is not set, this is an invalid request
debug_die('Invalid send message request!');
}
$recipient_User = $Blog->get_owner_User();
}
if ($recipient_User) {
// recipient User is set
// get_msgform_possibility returns NULL (false), only if there is no messaging option between current_User and recipient user
$allow_msgform = $recipient_User->get_msgform_possibility();
if ($msg_type == 'email' && $recipient_User->get_msgform_possibility(NULL, 'email') != 'email') {
// User doesn't want to receive email messages, Restrict if this was requested by wrong url:
$msg_type = '';
}
if ($allow_msgform == 'login') {
// user must login first to be able to send a message to this User
$disp = 'login';
param('action', 'string', 'req_login');
// override redirect to param
param('redirect_to', 'url', regenerate_url(), true, true);
if (($msg_Blog =& get_setting_Blog('msg_blog_ID')) && $Blog->ID != $msg_Blog->ID) {
// Redirect to special blog for messaging actions if it is defined in general settings
header_redirect(url_add_param($msg_Blog->get('msgformurl', array('glue' => '&')), 'redirect_to=' . rawurlencode($redirect_to), '&'));
}
$Messages->add(T_('You must log in before you can contact this user'));
} elseif ($allow_msgform == 'PM' && check_user_status('can_be_validated')) {
// user is not activated
if ($recipient_User->accepts_email()) {
// recipient User accepts email allow to send email
$allow_msgform = 'email';
$msg_type = 'email';
$activateinfo_link = 'href="' . get_activate_info_url(NULL, '&') . '"';
$Messages->add(sprintf(T_('You must activate your account before you can send a private message to %s. However you can send them an email if you\'d like. <a %s>More info »</a>'), $recipient_User->get('login'), $activateinfo_link), 'warning');
} else {
// Redirect to the activate info page for not activated users
$Messages->add(T_('You must activate your account before you can contact a user. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
} elseif ($msg_type == 'PM' && $allow_msgform == 'email') {
// only email is allowed but user expect private message form
if (!empty($current_User) && $recipient_id == $current_User->ID) {
$Messages->add(T_('You cannot send a private message to yourself. However you can send yourself an email if you\'d like.'), 'warning');
} else {
$Messages->add(sprintf(T_('You cannot send a private message to %s. However you can send them an email if you\'d like.'), $recipient_User->get('login')), 'warning');
}
} elseif ($msg_type != 'email' && $allow_msgform == 'PM') {
// private message form should be displayed, change display to create new individual thread with the given recipient user
// check if creating new PM is allowed
if (check_create_thread_limit(true)) {
// thread limit reached
header_redirect();
// exited here
}
global $edited_Thread, $edited_Message, $recipients_selected;
// Load classes
load_class('messaging/model/_thread.class.php', 'Thread');
load_class('messaging/model/_message.class.php', 'Message');
// Set global variable to auto define the FB autocomplete plugin field
$recipients_selected = array(array('id' => $recipient_User->ID, 'title' => $recipient_User->login));
init_tokeninput_js('blog');
$disp = 'threads';
$edited_Thread = new Thread();
$edited_Message = new Message();
$edited_Message->Thread =& $edited_Thread;
$edited_Thread->recipients = $recipient_User->login;
param('action', 'string', 'new', true);
param('thrdtype', 'string', 'individual', true);
}
if ($allow_msgform == 'email') {
// set recippient user param
set_param('recipient_id', $recipient_User->ID);
}
}
if ($allow_msgform == NULL) {
// should be Prevented by UI
if (!empty($recipient_User)) {
$Messages->add(sprintf(T_('The user "%s" does not want to be contacted through the message form.'), $recipient_User->get('login')), 'error');
} elseif (!empty($Comment)) {
$Messages->add(T_('This commentator does not want to get contacted through the message form.'), 'error');
}
$blogurl = $Blog->gen_blogurl();
// If it was a front page request or the front page is set to 'msgform' then we must not redirect to the front page because it is forbidden for the current User
$redirect_to = is_front_page() || $Blog->get_setting('front_disp') == 'msgform' ? url_add_param($blogurl, 'disp=403', '&') : $blogurl;
header_redirect($redirect_to, 302);
// exited here
}
if ($allow_msgform == 'PM' || $allow_msgform == 'email') {
// Some message form is available
// Get the suggested subject for the email:
if (empty($subject)) {
// no subject provided by param:
global $DB;
if (!empty($comment_id)) {
// fp>TODO there should be NO SQL in this file. Make a $ItemCache->get_by_comment_ID().
$row = $DB->get_row('
SELECT post_title
FROM T_items__item, T_comments
WHERE comment_ID = ' . $DB->quote($comment_id) . '
AND post_ID = comment_item_ID');
if ($row) {
$subject = T_('Re:') . ' ' . sprintf(T_('Comment on %s'), $row->post_title);
}
}
if (empty($subject) && !empty($post_id)) {
// fp>TODO there should be NO SQL in this file. Use $ItemCache->get_by_ID.
$row = $DB->get_row('
SELECT post_title
FROM T_items__item
WHERE post_ID = ' . $post_id);
if ($row) {
$subject = T_('Re:') . ' ' . $row->post_title;
}
}
}
if ($allow_msgform == 'PM' && isset($edited_Thread)) {
$edited_Thread->title = $subject;
} else {
param('subject', 'string', $subject, true);
}
}
if (($msg_Blog =& get_setting_Blog('msg_blog_ID')) && $Blog->ID != $msg_Blog->ID) {
// Redirect to special blog for messaging actions if it is defined in general settings
header_redirect($msg_Blog->get('msgformurl', array('glue' => '&')));
}
$seo_page_type = 'Contact form';
if ($Blog->get_setting($disp . '_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
case 'messages':
case 'contacts':
case 'threads':
switch ($disp) {
case 'messages':
// Actions ONLY for disp=messages
// fp> The correct place to get thrd_ID is here, because we want it in redirect_to in case we need to ask for login.
$thrd_ID = param('thrd_ID', 'integer', '', true);
if (!is_logged_in()) {
// Redirect to the login page for anonymous users
$Messages->add(T_('You must log in to read your messages.'));
header_redirect(get_login_url('cannot see messages'), 302);
// will have exited
}
// check if user status allow to view messages
if (!$current_User->check_status('can_view_messages')) {
// user status does not allow to view messages
if ($current_User->check_status('can_be_validated')) {
// user is logged in but his/her account is not activate yet
$Messages->add(T_('You must activate your account before you can read & send messages. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
$Messages->add('You are not allowed to view Messages!');
header_redirect($Blog->gen_blogurl(), 302);
// will have exited
}
// check if user permissions allow to view messages
if (!$current_User->check_perm('perm_messaging', 'reply')) {
// Redirect to the blog url for users without messaging permission
$Messages->add('You are not allowed to view Messages!');
header_redirect($Blog->gen_blogurl(), 302);
// will have exited
}
if (!empty($thrd_ID)) {
// if this thread exists and current user is part of this thread update status because won't be any unread messages on this conversation
// we need to mark this early to make sure the unread message count will be correct in the evobar
mark_as_read_by_user($thrd_ID, $current_User->ID);
}
if (($unsaved_message_params = get_message_params_from_session()) !== NULL) {
// set Message and Thread saved params from Session
global $edited_Message, $action;
load_class('messaging/model/_message.class.php', 'Message');
$edited_Message = new Message();
$edited_Message->text = $unsaved_message_params['message'];
$edited_Message->original_text = $unsaved_message_params['message_original'];
$edited_Message->set_renderers($unsaved_message_params['renderers']);
$edited_Message->thread_ID = $thrd_ID;
$action = $unsaved_message_params['action'];
}
break;
case 'contacts':
// Actions ONLY for disp=contacts
if (!is_logged_in()) {
// Redirect to the login page for anonymous users
$Messages->add(T_('You must log in to manage your contacts.'));
header_redirect(get_login_url('cannot see contacts'), 302);
// will have exited
}
if (!$current_User->check_status('can_view_contacts')) {
// user is logged in, but his status doesn't allow to view contacts
if ($current_User->check_status('can_be_validated')) {
// user is logged in but his/her account was not activated yet
// Redirect to the account activation page
$Messages->add(T_('You must activate your account before you can manage your contacts. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
// Redirect to the blog url for users without messaging permission
$Messages->add('You are not allowed to view Contacts!');
$blogurl = $Blog->gen_blogurl();
// If it was a front page request or the front page is set to display 'contacts' then we must not redirect to the front page because it is forbidden for the current User
$redirect_to = is_front_page() || $Blog->get_setting('front_disp') == 'contacts' ? url_add_param($blogurl, 'disp=403', '&') : $blogurl;
header_redirect($redirect_to, 302);
}
if (has_cross_country_restriction('any') && empty($current_User->ctry_ID)) {
// User may browse/contact other users only from the same country
$Messages->add(T_('Please specify your country before attempting to contact other users.'));
header_redirect(get_user_profile_url());
}
// Get action parameter from request:
$action = param_action();
if (!$current_User->check_perm('perm_messaging', 'reply')) {
// Redirect to the blog url for users without messaging permission
$Messages->add('You are not allowed to view Contacts!');
$blogurl = $Blog->gen_blogurl();
// If it was a front page request or the front page is set to display 'contacts' then we must not redirect to the front page because it is forbidden for the current User
$redirect_to = is_front_page() || $Blog->get_setting('front_disp') == 'contacts' ? url_add_param($blogurl, 'disp=403', '&') : $blogurl;
header_redirect($redirect_to, 302);
// will have exited
}
switch ($action) {
case 'add_user':
// Add user to contacts list
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('messaging_contacts');
$user_ID = param('user_ID', 'integer', 0);
if ($user_ID > 0) {
// Add user to contacts
if (create_contacts_user($user_ID)) {
// Add user to the group
$group_ID = param('group_ID', 'string', '');
if ($result = create_contacts_group_users($group_ID, $user_ID, 'group_ID_combo')) {
// User has been added to the group
$Messages->add(sprintf(T_('User has been added to the «%s» group.'), $result['group_name']), 'success');
} else {
// User has been added ONLY to the contacts list
$Messages->add('User has been added to your contacts.', 'success');
}
}
header_redirect($Blog->get('userurl', array('url_suffix' => 'user_ID=' . $user_ID, 'glue' => '&')));
}
break;
case 'unblock':
// Unblock user
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('messaging_contacts');
$user_ID = param('user_ID', 'integer', 0);
if ($user_ID > 0) {
set_contact_blocked($user_ID, 0);
$Messages->add(T_('Contact was unblocked.'), 'success');
}
break;
case 'remove_user':
// Remove user from contacts group
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('messaging_contacts');
$view = param('view', 'string', 'profile');
$user_ID = param('user_ID', 'integer', 0);
$group_ID = param('group_ID', 'integer', 0);
if ($user_ID > 0 && $group_ID > 0) {
// Remove user from selected group
if (remove_contacts_group_user($group_ID, $user_ID)) {
// User has been removed from the group
if ($view == 'contacts') {
// Redirect to the contacts list
header_redirect($Blog->get('contactsurl', array('glue' => '&')));
} else {
// Redirect to the user profile page
header_redirect($Blog->get('userurl', array('url_suffix' => 'user_ID=' . $user_ID, 'glue' => '&')));
}
}
}
break;
case 'add_group':
// Add users to the group
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('messaging_contacts');
$group = param('group', 'string', '');
$users = param('users', 'string', '');
if ($result = create_contacts_group_users($group, $users)) {
// Users have been added to the group
$Messages->add(sprintf(T_('%d contacts have been added to the «%s» group.'), $result['count_users'], $result['group_name']), 'success');
$redirect_to = $Blog->get('contactsurl', array('glue' => '&'));
$item_ID = param('item_ID', 'integer', 0);
if ($item_ID > 0) {
$redirect_to = url_add_param($redirect_to, 'item_ID=' . $item_ID, '&');
}
header_redirect($redirect_to);
}
break;
case 'rename_group':
// Rename the group
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('messaging_contacts');
$group_ID = param('group_ID', 'integer', true);
if (rename_contacts_group($group_ID)) {
$item_ID = param('item_ID', 'integer', 0);
$redirect_to = url_add_param($Blog->get('contactsurl', array('glue' => '&')), 'g=' . $group_ID, '&');
if ($item_ID > 0) {
$redirect_to = url_add_param($redirect_to, 'item_ID=' . $item_ID, '&');
}
$Messages->add(T_('The group has been renamed.'), 'success');
header_redirect($redirect_to);
}
break;
case 'delete_group':
// Delete the group
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('messaging_contacts');
$group_ID = param('group_ID', 'integer', true);
if (delete_contacts_group($group_ID)) {
$item_ID = param('item_ID', 'integer', 0);
$redirect_to = $Blog->get('contactsurl', array('glue' => '&'));
if ($item_ID > 0) {
$redirect_to = url_add_param($redirect_to, 'item_ID=' . $item_ID, '&');
}
$Messages->add(T_('The group has been deleted.'), 'success');
header_redirect($redirect_to);
}
break;
}
modules_call_method('switch_contacts_actions', array('action' => $action));
break;
case 'threads':
// Actions ONLY for disp=threads
if (!is_logged_in()) {
// Redirect to the login page for anonymous users
$Messages->add(T_('You must log in to read your messages.'));
header_redirect(get_login_url('cannot see messages'), 302);
// will have exited
}
if (!$current_User->check_status('can_view_threads')) {
// user status does not allow to view threads
if ($current_User->check_status('can_be_validated')) {
// user is logged in but his/her account is not activate yet
$Messages->add(T_('You must activate your account before you can read & send messages. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
$Messages->add('You are not allowed to view Messages!');
$blogurl = $Blog->gen_blogurl();
// If it was a front page request or the front page is set to display 'threads' then we must not redirect to the front page because it is forbidden for the current User
$redirect_to = is_front_page() || $Blog->get_setting('front_disp') == 'threads' ? url_add_param($blogurl, 'disp=404', '&') : $blogurl;
header_redirect($redirect_to, 302);
// will have exited
}
if (!$current_User->check_perm('perm_messaging', 'reply')) {
// Redirect to the blog url for users without messaging permission
$Messages->add('You are not allowed to view Messages!');
$blogurl = $Blog->gen_blogurl();
// If it was a front page request or the front page is set to display 'threads' then we must not redirect to the front page because it is forbidden for the current User
$redirect_to = is_front_page() || $Blog->get_setting('front_disp') == 'threads' ? url_add_param($blogurl, 'disp=403', '&') : $blogurl;
header_redirect($redirect_to, 302);
// will have exited
}
$action = param('action', 'string', 'view');
if ($action == 'new') {
// Before new message form is displayed ...
if (has_cross_country_restriction('contact') && empty($current_User->ctry_ID)) {
// Cross country contact restriction is enabled, but user country is not set yet
$Messages->add(T_('Please specify your country before attempting to contact other users.'));
header_redirect(get_user_profile_url());
} elseif (check_create_thread_limit(true)) {
// don't allow to create new thread, because the new thread limit was already reached
set_param('action', 'view');
}
}
// Load classes
load_class('messaging/model/_thread.class.php', 'Thread');
load_class('messaging/model/_message.class.php', 'Message');
// Get action parameter from request:
$action = param_action('view');
switch ($action) {
case 'new':
// Check permission:
$current_User->check_perm('perm_messaging', 'reply', true);
global $edited_Thread, $edited_Message;
$edited_Thread = new Thread();
$edited_Message = new Message();
$edited_Message->Thread =& $edited_Thread;
modules_call_method('update_new_thread', array('Thread' => &$edited_Thread));
if (($unsaved_message_params = get_message_params_from_session()) !== NULL) {
// set Message and Thread saved params from Session
$edited_Message->text = $unsaved_message_params['message'];
$edited_Message->original_text = $unsaved_message_params['message_original'];
$edited_Message->set_renderers($unsaved_message_params['renderers']);
$edited_Thread->title = $unsaved_message_params['subject'];
$edited_Thread->recipients = $unsaved_message_params['thrd_recipients'];
$edited_Message->Thread = $edited_Thread;
global $thrd_recipients_array, $thrdtype, $action, $creating_success;
$thrd_recipients_array = $unsaved_message_params['thrd_recipients_array'];
$thrdtype = $unsaved_message_params['thrdtype'];
$action = $unsaved_message_params['action'];
$creating_success = !empty($unsaved_message_params['creating_success']) ? $unsaved_message_params['creating_success'] : false;
} else {
if (empty($edited_Thread->recipients)) {
$edited_Thread->recipients = param('thrd_recipients', 'string', '');
}
if (empty($edited_Thread->title)) {
$edited_Thread->title = param('subject', 'string', '');
}
}
break;
default:
// Check permission:
$current_User->check_perm('perm_messaging', 'reply', true);
break;
}
break;
}
// Actions for disp = messages, contacts, threads:
if (($msg_Blog =& get_setting_Blog('msg_blog_ID')) && $Blog->ID != $msg_Blog->ID) {
// Redirect to special blog for messaging actions if it is defined in general settings
$blog_url_params = array('glue' => '&');
if (!empty($thrd_ID)) {
// Don't forget the important param on redirect
$blog_url_params['url_suffix'] = 'thrd_ID=' . $thrd_ID;
}
header_redirect($msg_Blog->get($disp . 'url', $blog_url_params));
}
// just in case some robot would be logged in:
$seo_page_type = 'Messaging module';
$robots_index = false;
// Display messages depending on user email status
display_user_email_status_message();
break;
case 'login':
global $Plugins, $transmit_hashed_password;
if (is_logged_in()) {
// User is already logged in
if ($current_User->check_status('can_be_validated')) {
// account is not active yet, redirect to the account activation page
$Messages->add(T_('You are logged in but your account is not activated. You will find instructions about activating your account below:'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
// User is already logged in, redirect to "redirect_to" page
$Messages->add(T_('You are already logged in.'), 'note');
$redirect_to = param('redirect_to', 'url', NULL);
if (empty($redirect_to)) {
// If empty redirect to referer page
$redirect_to = '';
}
header_redirect($redirect_to, 302);
// will have exited
}
if (($login_Blog =& get_setting_Blog('login_blog_ID')) && $Blog->ID != $login_Blog->ID) {
// Redirect to special blog for login/register actions if it is defined in general settings
header_redirect($login_Blog->get('loginurl', array('glue' => '&')));
}
$seo_page_type = 'Login form';
$robots_index = false;
break;
case 'register':
if (is_logged_in()) {
// If user is logged in the register form should not be displayed. In this case redirect to the blog home page.
$Messages->add(T_('You are already logged in.'), 'note');
header_redirect($Blog->gen_blogurl(), false);
}
if (($login_Blog =& get_setting_Blog('login_blog_ID')) && $Blog->ID != $login_Blog->ID) {
// Redirect to special blog for login/register actions if it is defined in general settings
header_redirect($login_Blog->get('registerurl', array('glue' => '&')));
}
$seo_page_type = 'Register form';
$robots_index = false;
// Check invitation code if it exists and registration is enabled
global $display_invitation;
$display_invitation = check_invitation_code();
break;
case 'lostpassword':
if (is_logged_in()) {
// If user is logged in the lost password form should not be displayed. In this case redirect to the blog home page.
$Messages->add(T_('You are already logged in.'), 'note');
header_redirect($Blog->gen_blogurl(), false);
}
if (($login_Blog =& get_setting_Blog('login_blog_ID')) && $Blog->ID != $login_Blog->ID) {
// Redirect to special blog for login/register actions if it is defined in general settings
header_redirect($login_Blog->get('lostpasswordurl', array('glue' => '&')));
}
$seo_page_type = 'Lost password form';
$robots_index = false;
break;
case 'activateinfo':
if (!is_logged_in()) {
// Redirect to the login page for anonymous users
$Messages->add(T_('You must log in before you can activate your account.'));
header_redirect(get_login_url('cannot see messages'), 302);
// will have exited
}
if (!$current_User->check_status('can_be_validated')) {
// don't display activateinfo screen
$after_email_validation = $Settings->get('after_email_validation');
if ($after_email_validation == 'return_to_original') {
// we want to return to original page after account activation
// check if Session 'validatemail.redirect_to' param is still set
$redirect_to = $Session->get('core.validatemail.redirect_to');
if (empty($redirect_to)) {
// Session param is empty try to get general redirect_to param
$redirect_to = param('redirect_to', 'url', '');
} else {
// cleanup validateemail.redirect_to param from session
$Session->delete('core.validatemail.redirect_to');
}
} else {
// go to after email validation url which is set in the user general settings form
$redirect_to = $after_email_validation;
}
if (empty($redirect_to) || preg_match('#disp=activateinfo#', $redirect_to)) {
// redirect_to is pointing to the activate info display or is empty
// redirect to referer page
$redirect_to = '';
}
if ($current_User->check_status('is_validated')) {
$Messages->add(T_('Your account has already been activated.'));
}
header_redirect($redirect_to, 302);
// will have exited
}
if (($login_Blog =& get_setting_Blog('login_blog_ID')) && $Blog->ID != $login_Blog->ID) {
// Redirect to special blog for login/register actions if it is defined in general settings
header_redirect($login_Blog->get('activateinfourl', array('glue' => '&')));
}
break;
case 'profile':
case 'avatar':
$action = param_action();
if ($action == 'crop' && is_logged_in()) {
// Check data for crop action:
global $current_User, $cropped_File;
$file_ID = param('file_ID', 'integer');
if (!($cropped_File = $current_User->get_File_by_ID($file_ID, $error_code))) {
// Current user cannot crop this file
set_param('action', '');
}
}
case 'pwdchange':
case 'userprefs':
case 'subs':
$seo_page_type = 'Special feature page';
if ($Blog->get_setting('special_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
// Display messages depending on user email status
display_user_email_status_message();
break;
case 'users':
if (!is_logged_in() && !$Settings->get('allow_anonymous_user_list')) {
// Redirect to the login page if not logged in and allow anonymous user setting is OFF
$Messages->add(T_('You must log in to view the user directory.'));
header_redirect(get_login_url('cannot see user'), 302);
// will have exited
}
if (is_logged_in() && !check_user_status('can_view_users')) {
// user status doesn't permit to view users list
if (check_user_status('can_be_validated')) {
// user is logged in but his/her account is not active yet
// Redirect to the account activation page
$Messages->add(T_('You must activate your account before you can view the user directory. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
// set where to redirect
$error_redirect_to = empty($Blog) ? $baseurl : $Blog->gen_blogurl();
$Messages->add(T_('Your account status currently does not permit to view the user directory.'));
header_redirect($error_redirect_to, 302);
// will have exited
}
if (has_cross_country_restriction('users', 'list') && empty($current_User->ctry_ID)) {
// User may browse other users only from the same country
$Messages->add(T_('Please specify your country before attempting to contact other users.'));
header_redirect(get_user_profile_url());
}
$seo_page_type = 'Users list';
$robots_index = false;
break;
case 'user':
// get user_ID because we want it in redirect_to in case we need to ask for login.
$user_ID = param('user_ID', 'integer', '', true);
// set where to redirect in case of error
$error_redirect_to = empty($Blog) ? $baseurl : $Blog->gen_blogurl();
if (!is_logged_in()) {
// Redirect to the login page if not logged in and allow anonymous user setting is OFF
$user_available_by_group_level = true;
if (!empty($user_ID)) {
$UserCache =& get_UserCache();
if ($User =& $UserCache->get_by_ID($user_ID, false)) {
// If user exists we can check if the anonymous users have an access to view the user by group level limitation
$User->get_Group();
$user_available_by_group_level = $User->Group->level >= $Settings->get('allow_anonymous_user_level_min') && $User->Group->level <= $Settings->get('allow_anonymous_user_level_max');
}
}
if (!$Settings->get('allow_anonymous_user_profiles') || !$user_available_by_group_level || empty($user_ID)) {
// If this user is not available for anonymous users
$Messages->add(T_('You must log in to view this user profile.'));
header_redirect(get_login_url('cannot see user'), 302);
// will have exited
}
}
if (is_logged_in() && !check_user_status('can_view_user', $user_ID)) {
// user is logged in, but his/her status doesn't permit to view user profile
if (check_user_status('can_be_validated')) {
// user is logged in but his/her account is not active yet
// Redirect to the account activation page
$Messages->add(T_('You must activate your account before you can view this user profile. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
$Messages->add(T_('Your account status currently does not permit to view this user profile.'));
header_redirect($error_redirect_to, 302);
// will have exited
}
if (!empty($user_ID)) {
$UserCache =& get_UserCache();
$User =& $UserCache->get_by_ID($user_ID, false);
if (empty($User)) {
$Messages->add(T_('The requested user does not exist!'));
header_redirect($error_redirect_to);
// will have exited
}
if ($User->check_status('is_closed')) {
$Messages->add(T_('The requested user account is closed!'));
header_redirect($error_redirect_to);
// will have exited
}
if (has_cross_country_restriction('any')) {
if (empty($current_User->ctry_ID)) {
// Current User country is not set
$Messages->add(T_('Please specify your country before attempting to contact other users.'));
header_redirect(get_user_profile_url());
// will have exited
}
if (has_cross_country_restriction('users', 'profile') && $current_User->ctry_ID !== $User->ctry_ID) {
// Current user country is different then edited user country and cross country user browsing is not enabled.
$Messages->add(T_('You don\'t have permission to view this user profile.'));
header_redirect(url_add_param($error_redirect_to, 'disp=403', '&'));
// will have exited
}
}
}
// Initialize users list from session cache in order to display prev/next links:
// It is used to navigate between users
load_class('users/model/_userlist.class.php', 'UserList');
global $UserList;
$UserList = new UserList();
$UserList->memorize = false;
$UserList->load_from_Request();
$seo_page_type = 'User display';
break;
case 'edit':
global $current_User, $post_ID;
// Post ID, go from $_GET when we edit a post from Front-office
// or from $_POST when we switch from Back-office
$post_ID = param('p', 'integer', empty($post_ID) ? 0 : $post_ID, true);
if (!is_logged_in()) {
// Redirect to the login page if not logged in and allow anonymous user setting is OFF
$redirect_to = url_add_param($Blog->gen_blogurl(), 'disp=edit');
$Messages->add(T_('You must log in to create & edit posts.'));
header_redirect(get_login_url('cannot edit posts', $redirect_to), 302);
// will have exited
}
if (!$current_User->check_status('can_edit_post')) {
if ($current_User->check_status('can_be_validated')) {
// user is logged in but his/her account was not activated yet
// Redirect to the account activation page
$Messages->add(T_('You must activate your account before you can create & edit posts. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
// Redirect to the blog url for users without messaging permission
$Messages->add(T_('You are not allowed to create & edit posts!'));
header_redirect($Blog->gen_blogurl(), 302);
}
// user logged in and the account was activated
check_item_perm_edit($post_ID);
if (!blog_has_cats($Blog->ID)) {
// No categories are in this blog
$error_message = T_('Since this blog has no categories, you cannot post into it.');
if ($current_User->check_perm('blog_cats', 'edit', false, $Blog->ID)) {
// If current user has a permission to create a category
global $admin_url;
$error_message .= ' ' . sprintf(T_('You must <a %s>create categories</a> first.'), 'href="' . $admin_url . '?ctrl=chapters&blog=' . $Blog->ID . '"');
}
$Messages->add($error_message, 'error');
header_redirect($Blog->gen_blogurl(), 302);
}
// Prepare the 'In-skin editing':
init_inskin_editing();
break;
case 'edit_comment':
global $current_User, $edited_Comment, $comment_Item, $Item, $comment_title, $comment_content, $display_params;
// comment ID
$comment_ID = param('c', 'integer', 0, true);
if (!is_logged_in()) {
// Redirect to the login page if not logged in and allow anonymous user setting is OFF
$redirect_to = url_add_param($Blog->gen_blogurl(), 'disp=edit_comment');
$Messages->add(T_('You must log in to edit comments.'));
header_redirect(get_login_url('cannot edit comments', $redirect_to), 302);
// will have exited
}
if (!$current_User->check_status('can_edit_comment')) {
if ($current_User->check_status('can_be_validated')) {
// user is logged in but his/her account was not activated yet
// Redirect to the account activation page
$Messages->add(T_('You must activate your account before you can edit comments. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
// Redirect to the blog url for users without messaging permission
$Messages->add('You are not allowed to edit comments!');
header_redirect($Blog->gen_blogurl(), 302);
}
if (empty($comment_ID)) {
// Can't edit a not exisiting comment
$Messages->add('Invalid comment edit URL!');
global $disp;
$disp = 404;
break;
}
$CommentCache =& get_CommentCache();
$edited_Comment = $CommentCache->get_by_ID($comment_ID);
$comment_Item = $edited_Comment->get_Item();
if (!$current_User->check_perm('comment!CURSTATUS', 'edit', false, $edited_Comment)) {
// If User has no permission to edit comments with this comment status:
$Messages->add('You are not allowed to edit the previously selected comment!');
header_redirect($Blog->gen_blogurl(), 302);
}
$comment_title = '';
$comment_content = htmlspecialchars_decode($edited_Comment->content);
// Format content for editing, if we were not already in editing...
$Plugins_admin =& get_Plugins_admin();
$comment_Item->load_Blog();
$params = array('object_type' => 'Comment', 'object_Blog' => &$comment_Item->Blog);
$Plugins_admin->unfilter_contents($comment_title, $comment_content, $edited_Comment->get_renderers_validated(), $params);
$Item = $comment_Item;
$display_params = array();
break;
case 'useritems':
case 'usercomments':
global $display_params, $viewed_User;
// get user_ID because we want it in redirect_to in case we need to ask for login.
$user_ID = param('user_ID', 'integer', true, true);
if (empty($user_ID)) {
bad_request_die(sprintf(T_('Parameter «%s» is required!'), 'user_ID'));
}
// set where to redirect in case of error
$error_redirect_to = empty($Blog) ? $baseurl : $Blog->gen_blogurl();
if (!is_logged_in()) {
// Redirect to the login page if not logged in and allow anonymous user setting is OFF
$Messages->add(T_('You must log in to view this user profile.'));
header_redirect(get_login_url('cannot see user'), 302);
// will have exited
}
if (is_logged_in() && !check_user_status('can_view_user', $user_ID)) {
// user is logged in, but his/her status doesn't permit to view user profile
if (check_user_status('can_be_validated')) {
// user is logged in but his/her account is not active yet
// Redirect to the account activation page
$Messages->add(T_('You must activate your account before you can view this user profile. <b>See below:</b>'));
header_redirect(get_activate_info_url(), 302);
// will have exited
}
$Messages->add(T_('Your account status currently does not permit to view this user profile.'));
header_redirect($error_redirect_to, 302);
// will have exited
}
if (!empty($user_ID)) {
$UserCache =& get_UserCache();
$viewed_User = $UserCache->get_by_ID($user_ID, false);
if (empty($viewed_User)) {
$Messages->add(T_('The requested user does not exist!'));
header_redirect($error_redirect_to);
// will have exited
}
if ($viewed_User->check_status('is_closed')) {
$Messages->add(T_('The requested user account is closed!'));
header_redirect($error_redirect_to);
// will have exited
}
}
$display_params = !empty($Skin) ? $Skin->get_template('Results') : NULL;
if ($disp == 'useritems') {
// Init items list
global $user_ItemList;
$useritems_Blog = NULL;
$user_ItemList = new ItemList2($useritems_Blog, NULL, NULL, NULL, 'ItemCache', 'useritems_');
$user_ItemList->load_from_Request();
$user_ItemList->set_filters(array('authors' => $user_ID), true, true);
$user_ItemList->query();
} else {
// Init comments list
global $user_CommentList;
$user_CommentList = new CommentList2(NULL, NULL, 'CommentCache', 'usercmts_');
$user_CommentList->load_from_Request();
$user_CommentList->set_filters(array('author_IDs' => $user_ID), true, true);
$user_CommentList->query();
}
break;
case 'comments':
if (!$Blog->get_setting('comments_latest')) {
// If latest comments page is disabled - Display 404 page with error message
$Messages->add(T_('This feature is disabled.'), 'error');
global $disp;
$disp = '404';
}
break;
case 'closeaccount':
global $current_User;
if (!$Settings->get('account_close_enabled') || is_logged_in() && $current_User->check_perm('users', 'edit', false) || !is_logged_in() && !$Session->get('account_closing_success')) {
// If an account closing page is disabled - Display 404 page with error message
// Don't allow admins close own accounts from front office
// Don't display this message for not logged in users, except of one case to display a bye message after account closing
global $disp;
$disp = '404';
} elseif ($Session->get('account_closing_success')) {
// User has closed the account
global $account_closing_success;
$account_closing_success = $Session->get('account_closing_success');
// Unset this temp session var to don't display the message twice
$Session->delete('account_closing_success');
if (is_logged_in()) {
// log out current User
logout();
}
}
break;
case 'tags':
$seo_page_type = 'Tags';
if ($Blog->get_setting($disp . '_noindex')) {
// We prefer robots not to index these pages:
$robots_index = false;
}
break;
}
$Debuglog->add('skin_init: $disp=' . $disp . ' / $disp_detail=' . $disp_detail . ' / $seo_page_type=' . $seo_page_type, 'skins');
// Make this switch block special only for 404 page
switch ($disp) {
case '404':
// We have a 404 unresolved content error
// How do we want do deal with it?
skin_404_header();
// This MAY or MAY not have exited -- will exit on 30x redirect, otherwise will return here.
// Just in case some dumb robot needs extra directives on this:
$robots_index = false;
break;
}
global $Hit, $check_browser_version;
if ($check_browser_version && $Hit->get_browser_version() > 0 && $Hit->is_IE(9, '<')) {
// Display info message if browser IE < 9 version and it is allowed by config var:
global $debug;
$Messages->add(T_('Your web browser is too old. For this site to work correctly, we recommend you use a more recent browser.'), 'note');
if ($debug) {
$Messages->add('User Agent: ' . $Hit->get_user_agent(), 'note');
}
}
// dummy var for backward compatibility with versions < 2.4.1 -- prevents "Undefined variable"
global $global_Cache, $credit_links;
$credit_links = $global_Cache->get('creds');
$Timer->pause('skin_init');
// Check if user is logged in with a not active account, and display an error message if required
check_allow_disp($disp);
// initialize Blog enabled widgets, before displaying anything
init_blog_widgets($Blog->ID);
// Initialize displaying....
$Timer->start('Skin:display_init');
$Skin->display_init();
$Timer->pause('Skin:display_init');
// Send default headers:
// See comments inside of this function:
headers_content_mightcache('text/html');
// In most situations, you do NOT want to cache dynamic content!
// Never allow Messages to be cached!
if ($Messages->count() && !empty($PageCache)) {
// Abort PageCache collect
$PageCache->abort_collect();
}
}
/**
* Returns posts made by the selected user in the requested courses.
*
* This method can be used to return all of the posts made by the requested user
* within the given courses.
* For each course the access of the current user and requested user is checked
* and then for each post access to the post and forum is checked as well.
*
* This function is safe to use with usercapabilities.
*
* @global moodle_database $DB
* @param stdClass $user The user whose posts we want to get
* @param array $courses The courses to search
* @param bool $musthaveaccess If set to true errors will be thrown if the user
* cannot access one or more of the courses to search
* @param bool $discussionsonly If set to true only discussion starting posts
* will be returned.
* @param int $limitfrom The offset of records to return
* @param int $limitnum The number of records to return
* @return stdClass An object the following properties
* ->totalcount: the total number of posts made by the requested user
* that the current user can see.
* ->courses: An array of courses the current user can see that the
* requested user has posted in.
* ->forums: An array of forums relating to the posts returned in the
* property below.
* ->posts: An array containing the posts to show for this request.
*/
function forum_get_posts_by_user($user, array $courses, $musthaveaccess = false, $discussionsonly = false, $limitfrom = 0, $limitnum = 50) {
global $DB, $USER, $CFG;
$return = new stdClass;
$return->totalcount = 0; // The total number of posts that the current user is able to view
$return->courses = array(); // The courses the current user can access
$return->forums = array(); // The forums that the current user can access that contain posts
$return->posts = array(); // The posts to display
// First up a small sanity check. If there are no courses to check we can
// return immediately, there is obviously nothing to search.
if (empty($courses)) {
return $return;
}
// A couple of quick setups
$isloggedin = isloggedin();
$isguestuser = $isloggedin && isguestuser();
$iscurrentuser = $isloggedin && $USER->id == $user->id;
// Checkout whether or not the current user has capabilities over the requested
// user and if so they have the capabilities required to view the requested
// users content.
$usercontext = context_user::instance($user->id, MUST_EXIST);
$hascapsonuser = !$iscurrentuser && $DB->record_exists('role_assignments', array('userid' => $USER->id, 'contextid' => $usercontext->id));
$hascapsonuser = $hascapsonuser && has_all_capabilities(array('moodle/user:viewdetails', 'moodle/user:readuserposts'), $usercontext);
// Before we actually search each course we need to check the user's access to the
// course. If the user doesn't have the appropraite access then we either throw an
// error if a particular course was requested or we just skip over the course.
foreach ($courses as $course) {
$coursecontext = context_course::instance($course->id, MUST_EXIST);
if ($iscurrentuser || $hascapsonuser) {
// If it is the current user, or the current user has capabilities to the
// requested user then all we need to do is check the requested users
// current access to the course.
// Note: There is no need to check group access or anything of the like
// as either the current user is the requested user, or has granted
// capabilities on the requested user. Either way they can see what the
// requested user posted, although its VERY unlikely in the `parent` situation
// that the current user will be able to view the posts in context.
if (!is_viewing($coursecontext, $user) && !is_enrolled($coursecontext, $user)) {
// Need to have full access to a course to see the rest of own info
if ($musthaveaccess) {
print_error('errorenrolmentrequired', 'forum');
}
continue;
}
} else {
// Check whether the current user is enrolled or has access to view the course
// if they don't we immediately have a problem.
if (!can_access_course($course)) {
if ($musthaveaccess) {
print_error('errorenrolmentrequired', 'forum');
}
continue;
}
// Check whether the requested user is enrolled or has access to view the course
// if they don't we immediately have a problem.
if (!can_access_course($course, $user)) {
if ($musthaveaccess) {
print_error('notenrolled', 'forum');
}
continue;
}
// If groups are in use and enforced throughout the course then make sure
// we can meet in at least one course level group.
// Note that we check if either the current user or the requested user have
// the capability to access all groups. This is because with that capability
// a user in group A could post in the group B forum. Grrrr.
if (groups_get_course_groupmode($course) == SEPARATEGROUPS && $course->groupmodeforce
&& !has_capability('moodle/site:accessallgroups', $coursecontext) && !has_capability('moodle/site:accessallgroups', $coursecontext, $user->id)) {
// If its the guest user to bad... the guest user cannot access groups
if (!$isloggedin or $isguestuser) {
// do not use require_login() here because we might have already used require_login($course)
if ($musthaveaccess) {
redirect(get_login_url());
}
continue;
}
// Get the groups of the current user
$mygroups = array_keys(groups_get_all_groups($course->id, $USER->id, $course->defaultgroupingid, 'g.id, g.name'));
// Get the groups the requested user is a member of
$usergroups = array_keys(groups_get_all_groups($course->id, $user->id, $course->defaultgroupingid, 'g.id, g.name'));
// Check whether they are members of the same group. If they are great.
$intersect = array_intersect($mygroups, $usergroups);
if (empty($intersect)) {
// But they're not... if it was a specific course throw an error otherwise
// just skip this course so that it is not searched.
if ($musthaveaccess) {
print_error("groupnotamember", '', $CFG->wwwroot."/course/view.php?id=$course->id");
}
continue;
}
}
}
// Woo hoo we got this far which means the current user can search this
// this course for the requested user. Although this is only the course accessibility
// handling that is complete, the forum accessibility tests are yet to come.
$return->courses[$course->id] = $course;
}
// No longer beed $courses array - lose it not it may be big
unset($courses);
// Make sure that we have some courses to search
if (empty($return->courses)) {
// If we don't have any courses to search then the reality is that the current
// user doesn't have access to any courses is which the requested user has posted.
// Although we do know at this point that the requested user has posts.
if ($musthaveaccess) {
print_error('permissiondenied');
} else {
return $return;
}
}
// Next step: Collect all of the forums that we will want to search.
// It is important to note that this step isn't actually about searching, it is
// about determining which forums we can search by testing accessibility.
$forums = forum_get_forums_user_posted_in($user, array_keys($return->courses), $discussionsonly);
// Will be used to build the where conditions for the search
$forumsearchwhere = array();
// Will be used to store the where condition params for the search
$forumsearchparams = array();
// Will record forums where the user can freely access everything
$forumsearchfullaccess = array();
// DB caching friendly
$now = round(time(), -2);
// For each course to search we want to find the forums the user has posted in
// and providing the current user can access the forum create a search condition
// for the forum to get the requested users posts.
foreach ($return->courses as $course) {
// Now we need to get the forums
$modinfo = get_fast_modinfo($course);
if (empty($modinfo->instances['forum'])) {
// hmmm, no forums? well at least its easy... skip!
continue;
}
// Iterate
foreach ($modinfo->get_instances_of('forum') as $forumid => $cm) {
if (!$cm->uservisible or !isset($forums[$forumid])) {
continue;
}
// Get the forum in question
$forum = $forums[$forumid];
// This is needed for functionality later on in the forum code....
$forum->cm = $cm;
// Check that either the current user can view the forum, or that the
// current user has capabilities over the requested user and the requested
// user can view the discussion
if (!has_capability('mod/forum:viewdiscussion', $cm->context) && !($hascapsonuser && has_capability('mod/forum:viewdiscussion', $cm->context, $user->id))) {
continue;
}
// This will contain forum specific where clauses
$forumsearchselect = array();
if (!$iscurrentuser && !$hascapsonuser) {
// Make sure we check group access
if (groups_get_activity_groupmode($cm, $course) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $cm->context)) {
$groups = $modinfo->get_groups($cm->groupingid);
$groups[] = -1;
list($groupid_sql, $groupid_params) = $DB->get_in_or_equal($groups, SQL_PARAMS_NAMED, 'grps'.$forumid.'_');
$forumsearchparams = array_merge($forumsearchparams, $groupid_params);
$forumsearchselect[] = "d.groupid $groupid_sql";
}
// hidden timed discussions
if (!empty($CFG->forum_enabletimedposts) && !has_capability('mod/forum:viewhiddentimedposts', $cm->context)) {
$forumsearchselect[] = "(d.userid = :userid{$forumid} OR (d.timestart < :timestart{$forumid} AND (d.timeend = 0 OR d.timeend > :timeend{$forumid})))";
$forumsearchparams['userid'.$forumid] = $user->id;
$forumsearchparams['timestart'.$forumid] = $now;
$forumsearchparams['timeend'.$forumid] = $now;
}
// qanda access
if ($forum->type == 'qanda' && !has_capability('mod/forum:viewqandawithoutposting', $cm->context)) {
// We need to check whether the user has posted in the qanda forum.
$discussionspostedin = forum_discussions_user_has_posted_in($forum->id, $user->id);
if (!empty($discussionspostedin)) {
$forumonlydiscussions = array(); // Holds discussion ids for the discussions the user is allowed to see in this forum.
foreach ($discussionspostedin as $d) {
$forumonlydiscussions[] = $d->id;
}
list($discussionid_sql, $discussionid_params) = $DB->get_in_or_equal($forumonlydiscussions, SQL_PARAMS_NAMED, 'qanda'.$forumid.'_');
$forumsearchparams = array_merge($forumsearchparams, $discussionid_params);
$forumsearchselect[] = "(d.id $discussionid_sql OR p.parent = 0)";
} else {
$forumsearchselect[] = "p.parent = 0";
}
}
if (count($forumsearchselect) > 0) {
$forumsearchwhere[] = "(d.forum = :forum{$forumid} AND ".implode(" AND ", $forumsearchselect).")";
$forumsearchparams['forum'.$forumid] = $forumid;
} else {
$forumsearchfullaccess[] = $forumid;
}
} else {
// The current user/parent can see all of their own posts
$forumsearchfullaccess[] = $forumid;
}
}
}
// If we dont have any search conditions, and we don't have any forums where
// the user has full access then we just return the default.
if (empty($forumsearchwhere) && empty($forumsearchfullaccess)) {
return $return;
}
// Prepare a where condition for the full access forums.
if (count($forumsearchfullaccess) > 0) {
list($fullidsql, $fullidparams) = $DB->get_in_or_equal($forumsearchfullaccess, SQL_PARAMS_NAMED, 'fula');
$forumsearchparams = array_merge($forumsearchparams, $fullidparams);
$forumsearchwhere[] = "(d.forum $fullidsql)";
}
// Prepare SQL to both count and search.
// We alias user.id to useridx because we forum_posts already has a userid field and not aliasing this would break
// oracle and mssql.
$userfields = user_picture::fields('u', null, 'useridx');
$countsql = 'SELECT COUNT(*) ';
$selectsql = 'SELECT p.*, d.forum, d.name AS discussionname, '.$userfields.' ';
$wheresql = implode(" OR ", $forumsearchwhere);
if ($discussionsonly) {
if ($wheresql == '') {
$wheresql = 'p.parent = 0';
} else {
$wheresql = 'p.parent = 0 AND ('.$wheresql.')';
}
}
$sql = "FROM {forum_posts} p
JOIN {forum_discussions} d ON d.id = p.discussion
JOIN {user} u ON u.id = p.userid
WHERE ($wheresql)
AND p.userid = :userid ";
$orderby = "ORDER BY p.modified DESC";
$forumsearchparams['userid'] = $user->id;
// Set the total number posts made by the requested user that the current user can see
$return->totalcount = $DB->count_records_sql($countsql.$sql, $forumsearchparams);
// Set the collection of posts that has been requested
$return->posts = $DB->get_records_sql($selectsql.$sql.$orderby, $forumsearchparams, $limitfrom, $limitnum);
// We need to build an array of forums for which posts will be displayed.
// We do this here to save the caller needing to retrieve them themselves before
// printing these forums posts. Given we have the forums already there is
// practically no overhead here.
foreach ($return->posts as $post) {
if (!array_key_exists($post->forum, $return->forums)) {
$return->forums[$post->forum] = $forums[$post->forum];
}
}
return $return;
}
/**
* This function checks that the current user is logged in and has the
* required privileges
*
* This function checks that the current user is logged in, and optionally
* whether they are allowed to be in a particular course and view a particular
* course module.
* If they are not logged in, then it redirects them to the site login unless
* $autologinguest is set and {@link $CFG}->autologinguests is set to 1 in which
* case they are automatically logged in as guests.
* If $courseid is given and the user is not enrolled in that course then the
* user is redirected to the course enrolment page.
* If $cm is given and the course module is hidden and the user is not a teacher
* in the course then the user is redirected to the course home page.
*
* When $cm parameter specified, this function sets page layout to 'module'.
* You need to change it manually later if some other layout needed.
*
* @package core_access
* @category access
*
* @param mixed $courseorid id of the course or course object
* @param bool $autologinguest default true
* @param object $cm course module object
* @param bool $setwantsurltome Define if we want to set $SESSION->wantsurl, defaults to
* true. Used to avoid (=false) some scripts (file.php...) to set that variable,
* in order to keep redirects working properly. MDL-14495
* @param bool $preventredirect set to true in scripts that can not redirect (CLI, rss feeds, etc.), throws exceptions
* @return mixed Void, exit, and die depending on path
* @throws coding_exception
* @throws require_login_exception
*/
function require_login($courseorid = null, $autologinguest = true, $cm = null, $setwantsurltome = true, $preventredirect = false)
{
global $CFG, $SESSION, $USER, $PAGE, $SITE, $DB, $OUTPUT;
// Must not redirect when byteserving already started.
if (!empty($_SERVER['HTTP_RANGE'])) {
$preventredirect = true;
}
if (AJAX_SCRIPT) {
// We cannot redirect for AJAX scripts either.
$preventredirect = true;
}
// Setup global $COURSE, themes, language and locale.
if (!empty($courseorid)) {
if (is_object($courseorid)) {
$course = $courseorid;
} else {
if ($courseorid == SITEID) {
$course = clone $SITE;
} else {
$course = $DB->get_record('course', array('id' => $courseorid), '*', MUST_EXIST);
}
}
if ($cm) {
if ($cm->course != $course->id) {
throw new coding_exception('course and cm parameters in require_login() call do not match!!');
}
// Make sure we have a $cm from get_fast_modinfo as this contains activity access details.
if (!$cm instanceof cm_info) {
// Note: nearly all pages call get_fast_modinfo anyway and it does not make any
// db queries so this is not really a performance concern, however it is obviously
// better if you use get_fast_modinfo to get the cm before calling this.
$modinfo = get_fast_modinfo($course);
$cm = $modinfo->get_cm($cm->id);
}
}
} else {
// Do not touch global $COURSE via $PAGE->set_course(),
// the reasons is we need to be able to call require_login() at any time!!
$course = $SITE;
if ($cm) {
throw new coding_exception('cm parameter in require_login() requires valid course parameter!');
}
}
// If this is an AJAX request and $setwantsurltome is true then we need to override it and set it to false.
// Otherwise the AJAX request URL will be set to $SESSION->wantsurl and events such as self enrolment in the future
// risk leading the user back to the AJAX request URL.
if ($setwantsurltome && defined('AJAX_SCRIPT') && AJAX_SCRIPT) {
$setwantsurltome = false;
}
// Redirect to the login page if session has expired, only with dbsessions enabled (MDL-35029) to maintain current behaviour.
if ((!isloggedin() or isguestuser()) && !empty($SESSION->has_timed_out) && !empty($CFG->dbsessions)) {
if ($preventredirect) {
throw new require_login_session_timeout_exception();
} else {
if ($setwantsurltome) {
$SESSION->wantsurl = qualified_me();
}
redirect(get_login_url());
}
}
// If the user is not even logged in yet then make sure they are.
if (!isloggedin()) {
if ($autologinguest and !empty($CFG->guestloginbutton) and !empty($CFG->autologinguests)) {
if (!($guest = get_complete_user_data('id', $CFG->siteguest))) {
// Misconfigured site guest, just redirect to login page.
redirect(get_login_url());
exit;
// Never reached.
}
$lang = isset($SESSION->lang) ? $SESSION->lang : $CFG->lang;
complete_user_login($guest);
$USER->autologinguest = true;
$SESSION->lang = $lang;
} else {
// NOTE: $USER->site check was obsoleted by session test cookie, $USER->confirmed test is in login/index.php.
if ($preventredirect) {
throw new require_login_exception('You are not logged in');
}
if ($setwantsurltome) {
$SESSION->wantsurl = qualified_me();
}
$referer = get_local_referer(false);
if (!empty($referer)) {
$SESSION->fromurl = $referer;
}
// Give auth plugins an opportunity to authenticate or redirect to an external login page
$authsequence = get_enabled_auth_plugins(true);
// auths, in sequence
foreach ($authsequence as $authname) {
$authplugin = get_auth_plugin($authname);
$authplugin->pre_loginpage_hook();
if (isloggedin()) {
break;
}
}
// If we're still not logged in then go to the login page
if (!isloggedin()) {
redirect(get_login_url());
exit;
// Never reached.
}
}
}
// Loginas as redirection if needed.
if ($course->id != SITEID and \core\session\manager::is_loggedinas()) {
if ($USER->loginascontext->contextlevel == CONTEXT_COURSE) {
if ($USER->loginascontext->instanceid != $course->id) {
print_error('loginasonecourse', '', $CFG->wwwroot . '/course/view.php?id=' . $USER->loginascontext->instanceid);
}
}
}
// Check whether the user should be changing password (but only if it is REALLY them).
if (get_user_preferences('auth_forcepasswordchange') && !\core\session\manager::is_loggedinas()) {
$userauth = get_auth_plugin($USER->auth);
if ($userauth->can_change_password() and !$preventredirect) {
if ($setwantsurltome) {
$SESSION->wantsurl = qualified_me();
}
if ($changeurl = $userauth->change_password_url()) {
// Use plugin custom url.
redirect($changeurl);
} else {
// Use moodle internal method.
if (empty($CFG->loginhttps)) {
redirect($CFG->wwwroot . '/login/change_password.php');
} else {
$wwwroot = str_replace('http:', 'https:', $CFG->wwwroot);
redirect($wwwroot . '/login/change_password.php');
}
}
} else {
if ($userauth->can_change_password()) {
throw new moodle_exception('forcepasswordchangenotice');
} else {
throw new moodle_exception('nopasswordchangeforced', 'auth');
}
}
}
// Check that the user account is properly set up. If we can't redirect to
// edit their profile, perform just the lax check. It will allow them to
// use filepicker on the profile edit page.
if ($preventredirect) {
$usernotfullysetup = user_not_fully_set_up($USER, false);
} else {
$usernotfullysetup = user_not_fully_set_up($USER, true);
}
if ($usernotfullysetup) {
if ($preventredirect) {
throw new moodle_exception('usernotfullysetup');
}
if ($setwantsurltome) {
$SESSION->wantsurl = qualified_me();
}
redirect($CFG->wwwroot . '/user/edit.php?id=' . $USER->id . '&course=' . SITEID);
}
// Make sure the USER has a sesskey set up. Used for CSRF protection.
sesskey();
// Do not bother admins with any formalities.
if (is_siteadmin()) {
// Set the global $COURSE.
if ($cm) {
$PAGE->set_cm($cm, $course);
$PAGE->set_pagelayout('incourse');
} else {
if (!empty($courseorid)) {
$PAGE->set_course($course);
}
}
// Set accesstime or the user will appear offline which messes up messaging.
user_accesstime_log($course->id);
return;
}
// Check that the user has agreed to a site policy if there is one - do not test in case of admins.
if (!$USER->policyagreed and !is_siteadmin()) {
if (!empty($CFG->sitepolicy) and !isguestuser()) {
if ($preventredirect) {
throw new moodle_exception('sitepolicynotagreed', 'error', '', $CFG->sitepolicy);
}
if ($setwantsurltome) {
$SESSION->wantsurl = qualified_me();
}
redirect($CFG->wwwroot . '/user/policy.php');
} else {
if (!empty($CFG->sitepolicyguest) and isguestuser()) {
if ($preventredirect) {
throw new moodle_exception('sitepolicynotagreed', 'error', '', $CFG->sitepolicyguest);
}
if ($setwantsurltome) {
$SESSION->wantsurl = qualified_me();
}
redirect($CFG->wwwroot . '/user/policy.php');
}
}
}
// Fetch the system context, the course context, and prefetch its child contexts.
$sysctx = context_system::instance();
$coursecontext = context_course::instance($course->id, MUST_EXIST);
if ($cm) {
$cmcontext = context_module::instance($cm->id, MUST_EXIST);
} else {
$cmcontext = null;
}
// If the site is currently under maintenance, then print a message.
if (!empty($CFG->maintenance_enabled) and !has_capability('moodle/site:maintenanceaccess', $sysctx)) {
if ($preventredirect) {
throw new require_login_exception('Maintenance in progress');
}
$PAGE->set_context(null);
print_maintenance_message();
}
// Make sure the course itself is not hidden.
if ($course->id == SITEID) {
// Frontpage can not be hidden.
} else {
if (is_role_switched($course->id)) {
// When switching roles ignore the hidden flag - user had to be in course to do the switch.
} else {
if (!$course->visible and !has_capability('moodle/course:viewhiddencourses', $coursecontext)) {
// Originally there was also test of parent category visibility, BUT is was very slow in complex queries
// involving "my courses" now it is also possible to simply hide all courses user is not enrolled in :-).
if ($preventredirect) {
throw new require_login_exception('Course is hidden');
}
$PAGE->set_context(null);
// We need to override the navigation URL as the course won't have been added to the navigation and thus
// the navigation will mess up when trying to find it.
navigation_node::override_active_url(new moodle_url('/'));
notice(get_string('coursehidden'), $CFG->wwwroot . '/');
}
}
}
// Is the user enrolled?
if ($course->id == SITEID) {
// Everybody is enrolled on the frontpage.
} else {
if (\core\session\manager::is_loggedinas()) {
// Make sure the REAL person can access this course first.
$realuser = \core\session\manager::get_realuser();
if (!is_enrolled($coursecontext, $realuser->id, '', true) and !is_viewing($coursecontext, $realuser->id) and !is_siteadmin($realuser->id)) {
if ($preventredirect) {
throw new require_login_exception('Invalid course login-as access');
}
$PAGE->set_context(null);
echo $OUTPUT->header();
notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot . '/');
}
}
$access = false;
if (is_role_switched($course->id)) {
// Ok, user had to be inside this course before the switch.
$access = true;
} else {
if (is_viewing($coursecontext, $USER)) {
// Ok, no need to mess with enrol.
$access = true;
} else {
if (isset($USER->enrol['enrolled'][$course->id])) {
if ($USER->enrol['enrolled'][$course->id] > time()) {
$access = true;
if (isset($USER->enrol['tempguest'][$course->id])) {
unset($USER->enrol['tempguest'][$course->id]);
remove_temp_course_roles($coursecontext);
}
} else {
// Expired.
unset($USER->enrol['enrolled'][$course->id]);
}
}
if (isset($USER->enrol['tempguest'][$course->id])) {
if ($USER->enrol['tempguest'][$course->id] == 0) {
$access = true;
} else {
if ($USER->enrol['tempguest'][$course->id] > time()) {
$access = true;
} else {
// Expired.
unset($USER->enrol['tempguest'][$course->id]);
remove_temp_course_roles($coursecontext);
}
}
}
if (!$access) {
// Cache not ok.
$until = enrol_get_enrolment_end($coursecontext->instanceid, $USER->id);
if ($until !== false) {
// Active participants may always access, a timestamp in the future, 0 (always) or false.
if ($until == 0) {
$until = ENROL_MAX_TIMESTAMP;
}
$USER->enrol['enrolled'][$course->id] = $until;
$access = true;
} else {
$params = array('courseid' => $course->id, 'status' => ENROL_INSTANCE_ENABLED);
$instances = $DB->get_records('enrol', $params, 'sortorder, id ASC');
$enrols = enrol_get_plugins(true);
// First ask all enabled enrol instances in course if they want to auto enrol user.
foreach ($instances as $instance) {
if (!isset($enrols[$instance->enrol])) {
continue;
}
// Get a duration for the enrolment, a timestamp in the future, 0 (always) or false.
$until = $enrols[$instance->enrol]->try_autoenrol($instance);
if ($until !== false) {
if ($until == 0) {
$until = ENROL_MAX_TIMESTAMP;
}
$USER->enrol['enrolled'][$course->id] = $until;
$access = true;
break;
}
}
// If not enrolled yet try to gain temporary guest access.
if (!$access) {
foreach ($instances as $instance) {
if (!isset($enrols[$instance->enrol])) {
continue;
}
// Get a duration for the guest access, a timestamp in the future or false.
$until = $enrols[$instance->enrol]->try_guestaccess($instance);
if ($until !== false and $until > time()) {
$USER->enrol['tempguest'][$course->id] = $until;
$access = true;
break;
}
}
}
}
}
}
}
if (!$access) {
if ($preventredirect) {
throw new require_login_exception('Not enrolled');
}
if ($setwantsurltome) {
$SESSION->wantsurl = qualified_me();
}
redirect($CFG->wwwroot . '/enrol/index.php?id=' . $course->id);
}
}
// Check visibility of activity to current user; includes visible flag, conditional availability, etc.
if ($cm && !$cm->uservisible) {
if ($preventredirect) {
throw new require_login_exception('Activity is hidden');
}
if ($course->id != SITEID) {
$url = new moodle_url('/course/view.php', array('id' => $course->id));
} else {
$url = new moodle_url('/');
}
redirect($url, get_string('activityiscurrentlyhidden'));
}
// Set the global $COURSE.
if ($cm) {
$PAGE->set_cm($cm, $course);
$PAGE->set_pagelayout('incourse');
} else {
if (!empty($courseorid)) {
$PAGE->set_course($course);
}
}
// Finally access granted, update lastaccess times.
user_accesstime_log($course->id);
}
/**
* Checks if user can self enrol.
*
* @param stdClass $instance enrolment instance
* @param bool $checkuserenrolment if true will check if user enrolment is inactive.
* used by navigation to improve performance.
* @return bool|string true if successful, else error message or false.
*/
public function can_self_enrol(stdClass $instance, $checkuserenrolment = true)
{
global $CFG, $DB, $OUTPUT, $USER;
if ($checkuserenrolment) {
if (isguestuser()) {
// Can not enrol guest.
return get_string('noguestaccess', 'enrol') . $OUTPUT->continue_button(get_login_url());
}
// Check if user is already enroled.
if ($DB->get_record('user_enrolments', array('userid' => $USER->id, 'enrolid' => $instance->id))) {
return get_string('canntenrol', 'enrol_self');
}
}
if ($instance->status != ENROL_INSTANCE_ENABLED) {
return get_string('canntenrol', 'enrol_self');
}
if ($instance->enrolstartdate != 0 and $instance->enrolstartdate > time()) {
return get_string('canntenrolearly', 'enrol_self', userdate($instance->enrolstartdate));
}
if ($instance->enrolenddate != 0 and $instance->enrolenddate < time()) {
return get_string('canntenrollate', 'enrol_self', userdate($instance->enrolenddate));
}
if (!$instance->customint6) {
// New enrols not allowed.
return get_string('canntenrol', 'enrol_self');
}
if ($DB->record_exists('user_enrolments', array('userid' => $USER->id, 'enrolid' => $instance->id))) {
return get_string('canntenrol', 'enrol_self');
}
if ($instance->customint3 > 0) {
// Max enrol limit specified.
$count = $DB->count_records('user_enrolments', array('enrolid' => $instance->id));
if ($count >= $instance->customint3) {
// Bad luck, no more self enrolments here.
return get_string('maxenrolledreached', 'enrol_self');
}
}
if ($instance->customint5) {
require_once "{$CFG->dirroot}/cohort/lib.php";
if (!cohort_is_member($instance->customint5, $USER->id)) {
$cohort = $DB->get_record('cohort', array('id' => $instance->customint5));
if (!$cohort) {
return null;
}
$a = format_string($cohort->name, true, array('context' => context::instance_by_id($cohort->contextid)));
return markdown_to_html(get_string('cohortnonmemberinfo', 'enrol_self', $a));
}
}
return true;
}
/**
* Return the standard string that says whether you are logged in (and switched
* roles/logged in as another user).
*
* @return string HTML fragment.
*/
public function login_info()
{
global $USER, $CFG, $DB, $SESSION;
if (during_initial_install()) {
return '';
}
$loginpage = (string) $this->page->url === get_login_url();
$course = $this->page->course;
if (session_is_loggedinas()) {
$realuser = session_get_realuser();
$fullname = fullname($realuser, true);
$realuserinfo = " [<a href=\"{$CFG->wwwroot}/course/loginas.php?id={$course->id}&sesskey=" . sesskey() . "\">{$fullname}</a>] ";
} else {
$realuserinfo = '';
}
$loginurl = get_login_url();
if (empty($course->id)) {
// $course->id is not defined during installation
return '';
} else {
if (isloggedin()) {
$context = get_context_instance(CONTEXT_COURSE, $course->id);
$fullname = fullname($USER, true);
// Since Moodle 2.0 this link always goes to the public profile page (not the course profile page)
$username = "******"{$CFG->wwwroot}/user/profile.php?id={$USER->id}\">{$fullname}</a>";
if (is_mnet_remote_user($USER) and $idprovider = $DB->get_record('mnet_host', array('id' => $USER->mnethostid))) {
$username .= " from <a href=\"{$idprovider->wwwroot}\">{$idprovider->name}</a>";
}
if (isguestuser()) {
$loggedinas = $realuserinfo . get_string('loggedinasguest');
if (!$loginpage) {
$loggedinas .= " (<a href=\"{$loginurl}\">" . get_string('login') . '</a>)';
}
} else {
if (is_role_switched($course->id)) {
// Has switched roles
$rolename = '';
if ($role = $DB->get_record('role', array('id' => $USER->access['rsw'][$context->path]))) {
$rolename = ': ' . format_string($role->name);
}
$loggedinas = get_string('loggedinas', 'moodle', $username) . $rolename . " (<a href=\"{$CFG->wwwroot}/course/view.php?id={$course->id}&switchrole=0&sesskey=" . sesskey() . "\">" . get_string('switchrolereturn') . '</a>)';
} else {
$loggedinas = $realuserinfo . get_string('loggedinas', 'moodle', $username) . ' ' . " (<a href=\"{$CFG->wwwroot}/login/logout.php?sesskey=" . sesskey() . "\">" . get_string('logout') . '</a>)';
}
}
} else {
$loggedinas = get_string('loggedinnot', 'moodle');
if (!$loginpage) {
$loggedinas .= " (<a href=\"{$loginurl}\">" . get_string('login') . '</a>)';
}
}
}
$loggedinas = '<div class="logininfo">' . $loggedinas . '</div>';
if (isset($SESSION->justloggedin)) {
unset($SESSION->justloggedin);
if (!empty($CFG->displayloginfailures)) {
if (!isguestuser()) {
if ($count = count_login_failures($CFG->displayloginfailures, $USER->username, $USER->lastlogin)) {
$loggedinas .= ' <div class="loginfailures">';
if (empty($count->accounts)) {
$loggedinas .= get_string('failedloginattempts', '', $count);
} else {
$loggedinas .= get_string('failedloginattemptsall', '', $count);
}
if (file_exists("{$CFG->dirroot}/report/log/index.php") and has_capability('report/log:view', get_context_instance(CONTEXT_SYSTEM))) {
$loggedinas .= ' (<a href="' . $CFG->wwwroot . '/report/log/index.php' . '?chooselog=1&id=1&modid=site_errors">' . get_string('logs') . '</a>)';
}
$loggedinas .= '</div>';
}
}
}
}
return $loggedinas;
}
$returnto = optional_param('returnto', null, PARAM_ALPHA);
// Code determining where to return to after save.
$cancelemailchange = optional_param('cancelemailchange', 0, PARAM_INT);
// Course id (defaults to Site).
$PAGE->set_url('/user/edit.php', array('course' => $course, 'id' => $userid));
if (!($course = $DB->get_record('course', array('id' => $course)))) {
print_error('invalidcourseid');
}
if ($course->id != SITEID) {
require_login($course);
} else {
if (!isloggedin()) {
if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = $CFG->httpswwwroot . '/user/edit.php';
}
redirect(get_login_url());
} else {
$PAGE->set_context(context_system::instance());
}
}
// Guest can not edit.
if (isguestuser()) {
print_error('guestnoeditprofile');
}
// The user profile we are editing.
if (!($user = $DB->get_record('user', array('id' => $userid)))) {
print_error('invaliduserid');
}
// Guest can not be edited.
if (isguestuser($user)) {
print_error('guestnoeditprofile');
/**
* Construct a user menu, returning HTML that can be echoed out by a
* layout file.
*
* @param stdClass $user A user object, usually $USER.
* @param bool $withlinks true if a dropdown should be built.
* @return string HTML fragment.
*/
public function user_menu($user = null, $withlinks = null) {
global $USER, $CFG;
require_once($CFG->dirroot . '/user/lib.php');
if (is_null($user)) {
$user = $USER;
}
// Note: this behaviour is intended to match that of core_renderer::login_info,
// but should not be considered to be good practice; layout options are
// intended to be theme-specific. Please don't copy this snippet anywhere else.
if (is_null($withlinks)) {
$withlinks = empty($this->page->layout_options['nologinlinks']);
}
// Add a class for when $withlinks is false.
$usermenuclasses = 'usermenu';
if (!$withlinks) {
$usermenuclasses .= ' withoutlinks';
}
$returnstr = "";
// If during initial install, return the empty return string.
if (during_initial_install()) {
return $returnstr;
}
$loginpage = $this->is_login_page();
$loginurl = get_login_url();
// If not logged in, show the typical not-logged-in string.
if (!isloggedin()) {
$returnstr = get_string('loggedinnot', 'moodle');
if (!$loginpage) {
$returnstr .= " (<a href=\"$loginurl\">" . get_string('login') . '</a>)';
}
return html_writer::div(
html_writer::span(
$returnstr,
'login'
),
$usermenuclasses
);
}
// If logged in as a guest user, show a string to that effect.
if (isguestuser()) {
$returnstr = get_string('loggedinasguest');
if (!$loginpage && $withlinks) {
$returnstr .= " (<a href=\"$loginurl\">".get_string('login').'</a>)';
}
return html_writer::div(
html_writer::span(
$returnstr,
'login'
),
$usermenuclasses
);
}
// Get some navigation opts.
$opts = user_get_user_navigation_info($user, $this->page);
$avatarclasses = "avatars";
$avatarcontents = html_writer::span($opts->metadata['useravatar'], 'avatar current');
$usertextcontents = $opts->metadata['userfullname'];
// Other user.
if (!empty($opts->metadata['asotheruser'])) {
$avatarcontents .= html_writer::span(
$opts->metadata['realuseravatar'],
'avatar realuser'
);
$usertextcontents = $opts->metadata['realuserfullname'];
$usertextcontents .= html_writer::tag(
'span',
get_string(
'loggedinas',
'moodle',
html_writer::span(
$opts->metadata['userfullname'],
'value'
)
),
array('class' => 'meta viewingas')
);
}
// Role.
if (!empty($opts->metadata['asotherrole'])) {
$role = core_text::strtolower(preg_replace('#[ ]+#', '-', trim($opts->metadata['rolename'])));
$usertextcontents .= html_writer::span(
$opts->metadata['rolename'],
'meta role role-' . $role
);
}
// User login failures.
if (!empty($opts->metadata['userloginfail'])) {
$usertextcontents .= html_writer::span(
$opts->metadata['userloginfail'],
'meta loginfailures'
);
}
// MNet.
if (!empty($opts->metadata['asmnetuser'])) {
$mnet = strtolower(preg_replace('#[ ]+#', '-', trim($opts->metadata['mnetidprovidername'])));
$usertextcontents .= html_writer::span(
$opts->metadata['mnetidprovidername'],
'meta mnet mnet-' . $mnet
);
}
$returnstr .= html_writer::span(
html_writer::span($usertextcontents, 'usertext') .
html_writer::span($avatarcontents, $avatarclasses),
'userbutton'
);
// Create a divider (well, a filler).
$divider = new action_menu_filler();
$divider->primary = false;
$am = new action_menu();
$am->initialise_js($this->page);
$am->set_menu_trigger(
$returnstr
);
$am->set_alignment(action_menu::TR, action_menu::BR);
$am->set_nowrap_on_items();
if ($withlinks) {
$navitemcount = count($opts->navitems);
$idx = 0;
foreach ($opts->navitems as $key => $value) {
switch ($value->itemtype) {
case 'divider':
// If the nav item is a divider, add one and skip link processing.
$am->add($divider);
break;
case 'invalid':
// Silently skip invalid entries (should we post a notification?).
break;
case 'link':
// Process this as a link item.
$pix = null;
if (isset($value->pix) && !empty($value->pix)) {
$pix = new pix_icon($value->pix, $value->title, null, array('class' => 'iconsmall'));
} else if (isset($value->imgsrc) && !empty($value->imgsrc)) {
$value->title = html_writer::img(
$value->imgsrc,
$value->title,
array('class' => 'iconsmall')
) . $value->title;
}
$al = new action_menu_link_secondary(
$value->url,
$pix,
$value->title,
array('class' => 'icon')
);
$am->add($al);
break;
}
$idx++;
// Add dividers after the first item and before the last item.
if ($idx == 1 || $idx == $navitemcount - 1) {
$am->add($divider);
}
}
}
return html_writer::div(
$this->render($am),
$usermenuclasses
);
}
