File: file.php

package info (click to toggle)
moodle 1.4.4.dfsg.1-3sarge1
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 57,876 kB
  • ctags: 29,496
  • sloc: php: 271,617; sql: 5,084; xml: 702; perl: 638; sh: 403; java: 283; makefile: 42; pascal: 21
file content (87 lines) | stat: -rw-r--r-- 2,646 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
<?PHP //$Id: file.php,v 1.3.4.2 2004/12/16 08:45:55 stronk7 Exp $
    //This file returns the required rss feeds
    //The URL format MUST include:
    //    course: the course id
    //    user:   the user id
    //    name:   the name of the module (forum...)
    //    id:     the id (instance) of the module (forumid...)
    //If the course has a password or it doesn't
    //allow guest access then the user field is 
    //required to see that the user is enrolled
    //in the course, else no check is performed.
    //This allows to limit a bit the rss access
    //to correct users. It isn't unbreakable,
    //obviously, but its the best I've thought!!

    $nomoodlecookie = true;     // Because it interferes with caching
 
    require_once('../config.php');
    require_once('../files/mimetypes.php');
    require_once('rsslib.php');


    $lifetime = 3600;  // Seconds for files to remain in caches - 1 hour

    $relativepath = get_file_argument('file.php');

    if (!$relativepath) {
        not_found();
    }

    // extract relative path components
    $args = explode('/', trim($relativepath, '/'));
    
    if (count($args) < 5) {
        not_found();
    }

    $courseid   = (int)$args[0];
    $userid     = (int)$args[1];
    $modulename = clean_param($args[2], PARAM_FILE);
    $instance   = (int)$args[3];
    $filename   = 'rss.xml';
    
    if (!$course = get_record("course", "id", $courseid)) {
        not_found();
    }
    
    //Check name of module
    $mods = get_list_of_plugins("mod");
    if (!in_array(strtolower($modulename), $mods)) {
        not_found();
    }

    //Get course_module to check it's visible
    if (!$cm = get_coursemodule_from_instance($modulename,$instance,$courseid)) {
        not_found();
    }

    $isstudent = isstudent($courseid,$userid);
    $isteacher = isteacher($courseid,$userid);

    //Check for "security" if !course->guest or course->password
    if ((!$course->guest || $course->password) && (!($isstudent || $isteacher))) {
        not_found();
    }

    //Check for "security" if the course is hidden or the activity is hidden 
    if ((!$course->visible || !$cm->visible) && (!$isteacher)) {
        not_found();
    }

    $pathname = $CFG->dataroot.'/rss/'.$modulename.'/'.$instance.'.xml';

    //Check that file exists
    if (!file_exists($pathname)) {
        not_found();
    }

    //Send it to user!
    send_file($pathname, $filename, $lifetime);

    function not_found() {
        /// error, send some XML with error message
        global $lifetime, $filename;
        send_file(rss_geterrorxmlfile(), $filename, $lifetime, false, true);
    }
?>