File: quizfile.php

package info (click to toggle)
moodle 1.4.4.dfsg.1-3sarge1
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 57,876 kB
  • ctags: 29,496
  • sloc: php: 271,617; sql: 5,084; xml: 702; perl: 638; sh: 403; java: 283; makefile: 42; pascal: 21
file content (129 lines) | stat: -rw-r--r-- 4,823 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
 
<?PHP // $Id: quizfile.php,v 1.4.2.2 2004/12/12 07:08:09 moodler Exp $
      // This function fetches files from the data directory
      // Syntax:   quizfile.php/quiz id/question id/dir/.../dir/filename.ext
      // It is supposed to be used by the quiz module only

    require_once("../../config.php");
    require_once("../../files/mimetypes.php");
    require_once("lib.php");

    $lifetime = 86400;

    if (isset($file)) {     // workaround for situations where / syntax doesn't work
        $pathinfo = $file;
    } else {
        $pathinfo = get_slash_arguments("file.php");
    }

    if (!$pathinfo) {
        error("No file parameters!");
    }

    /////////////////////////////////////
    // Extract info from $pathinfo
    /////////////////////////////////////

    $idreg = '[0-9]+';
    if (!ereg("^/?($idreg)/($idreg)/((.+/)?([^/]+))$",
              $pathinfo,
              $regs) ) {
        error("File parameters are badly formated");
    }
    if (! ($quiz = get_record('quiz', 'id', $regs[1]))) {
        error("No valid quiz supplied");
    }
    if (! ($question = get_record('quiz_questions', 'id', $regs[2]))) {
        error("No valid question supplied");
    }
    if (! ($relativefilepath = $regs[3])) {
        error("No valid file path supplied");
    }
    if (! ($filename = $regs[5])) {
        error("No valid file name supplied");
    }
    if (detect_munged_arguments($relativefilepath)) {
        error("Errors in the supplied file path");
    }

    //////////////////////////////////////////
    // Info from $pathinfo is now extracted!
    // Now check the user's persmissions on this quiz...
    //////////////////////////////////////////

    if (! ($course = get_record("course", "id", $quiz->course))) {
        error("Supplied quiz $quiz->name does not belong to a valid course");
    }

    require_login($course->id);

    // For now, let's not worry about this.  The following check causes 
    // problems sometimes when reviewing a quiz
    //if (!isteacher($course->id)
    //    and !quiz_get_user_attempt_unfinished($quiz->id, $USER->id)
    //    and ! ($quiz->review  &&  time() > $quiz->timeclose)
    //        || !quiz_get_user_attempts($quiz->id, $USER->id) )
    //{
    //    error("Logged-in user is not allowed to view this quiz");
    //}

    ///////////////////////////////////////////////////
    // The logged-in user has the right to view material on this quiz!
    // Now verify the consistency between $quiz, $question, its category and $relativepathname
    ///////////////////////////////////////////////////

    // For now, let's not worry about this.  The following check doesn't 
    // work for randomly selected questions and it gets complicated
    //if (!in_array($question->id, explode(',', $quiz->questions), FALSE)) {
    //    error("Specified question is not on the specified quiz");
    //}

    if (! ($questioncategory = get_record('quiz_categories', 'id',
                                          $question->category)))
    {
        error("Question category is not valid");
    }

    // Have the question check whether it uses this file or not
    if (!$QUIZ_QTYPES[$question->qtype]->uses_quizfile($question,
                                                       $relativefilepath)) {
        error("The specified file path is not on the specified question");
    }


    ///////////////////////////////////////////
    // All security stuff is now taken care of.
    // Specified file can now be returned...
    //////////////////////////////////////////

    $pathname = "$CFG->dataroot/$questioncategory->course/$relativefilepath";
    // $filename has already been extracted


    /////////////////////////////////////////////////////////////////
    // The remaining code is identical to the final lines of file.php
    // If you ask me - this stuff should be separated into a separate
    // function for conviency.
    // That function would find itself very in comfortable in the 
    // file mimetypes.php
    //////////////////////////////////

    $mimetype = mimeinfo("type", $filename);

    if (file_exists($pathname)) {
        $lastmodified = filemtime($pathname);

        header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT");
        header("Expires: " . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT");
        header("Cache-control: max_age = $lifetime"); // a day
        header("Pragma: ");
        header("Content-disposition: inline; filename=$filename");
        header("Content-length: ".filesize($pathname));
        header("Content-type: $mimetype");
        readfile("$pathname");
    } else {
        error("Sorry, but the file you are looking for was not found (".clean_text($pathname).")", 
              "course/view.php?id=$courseid");
    }

    exit;
?>