MDL-27542 calendar export: fixed the following:

1. changing auth token to use user id instead of username
2. add fall back checking for old url
3. remove yui functionality to generate calendar url
4. add missing variable
5. fixed usercontext instance

calendar/export.php

@@ -59,6 +59,7 @@
 $day  = optional_param('cal_d', 0, PARAM_INT);
 $mon  = optional_param('cal_m', 0, PARAM_INT);
 $yr   = optional_param('cal_y', 0, PARAM_INT);
+$generateurl = optional_param('generateurl', 0, PARAM_BOOL);
 
 if ($courseid != SITEID && !empty($courseid)) {
     $course = $DB->get_record('course', array('id' => $courseid));
@@ -93,6 +94,7 @@
 $calendar->prepare_for_view($course, $courses);
 
 $pagetitle = get_string('export', 'calendar');
+$now = usergetdate(time());
 
 // Print title and header
 if ($issite) {
@@ -122,18 +124,28 @@
         if (isset($CFG->calendar_weekend)) {
             $weekend = intval($CFG->calendar_weekend);
         }
-        $username = $USER->username;
-        $authtoken = sha1($USER->username . $USER->password . $CFG->calendar_exportsalt);
+
+        $authtoken = sha1($USER->id . $USER->password . $CFG->calendar_exportsalt);
         // Let's populate some vars to let "common tasks" be somewhat smart...
         // If today it's weekend, give the "next week" option
         $allownextweek  = $weekend & (1 << $now['wday']);
         // If it's the last week of the month, give the "next month" option
         $allownextmonth = calendar_days_in_month($now['mon'], $now['year']) - $now['mday'] < 7;
         // If today it's weekend but tomorrow it isn't, do NOT give the "this week" option
         $allowthisweek  = !(($weekend & (1 << $now['wday'])) && !($weekend & (1 << (($now['wday'] + 1) % 7))));
-        echo $renderer->basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $username, $authtoken);
+        echo $renderer->basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $USER->id, $authtoken);
         break;
 }
 
+if (!empty($generateurl)) {
+    $params['userid']      = optional_param('userid', 0, PARAM_INT);
+    $params['authtoken']   = optional_param('authtoken', '', PARAM_ALPHANUM);
+    $params['preset_what'] = optional_param('preset_what', 'all', PARAM_ALPHA);
+    $params['preset_time'] = optional_param('preset_time', 'weeknow', PARAM_ALPHA);
+
+    $link = new moodle_url('/calendar/export_execute.php', $params);
+    print html_writer::tag('div', get_string('calendarurl', 'calendar', $link->out()), array('class' => 'generalbox calendarurl'));
+}
+
 echo $renderer->complete_layout();
 echo $OUTPUT->footer();

calendar/export_execute.php

@@ -5,21 +5,29 @@
 require_once($CFG->dirroot.'/calendar/lib.php');
 require_once($CFG->libdir.'/bennu/bennu.inc.php');
 
-$username = required_param('username', PARAM_TEXT);
+$userid = optional_param('userid', 0, PARAM_INT);
+$username = optional_param('username', '', PARAM_TEXT);
 $authtoken = required_param('authtoken', PARAM_ALPHANUM);
+$generateurl = optional_param('generateurl', '', PARAM_TEXT);
 
 if (empty($CFG->enablecalendarexport)) {
     die('no export');
 }
 
 //Fetch user information
-if (!$user = $DB->get_record('user', array('username' => $username), 'id,password')) {
-   //No such user
+$checkuserid = !empty($userid) && $user = $DB->get_record('user', array('id' => $userid), 'id,password');
+//allowing for fallback check of old url - MDL-27542
+$checkusername = !empty($username) && $user = $DB->get_record('user', array('username' => $username), 'id,password');
+if (!$checkuserid && !$checkusername) {
+    //No such user
     die('Invalid authentication');
 }
 
 //Check authentication token
-if ($authtoken != sha1($username . $user->password . $CFG->calendar_exportsalt)) {
+$authuserid = !empty($userid) && $authtoken == sha1($userid . $user->password . $CFG->calendar_exportsalt);
+//allowing for fallback check of old url - MDL-27542
+$authusername = !empty($username) && $authtoken == sha1($username . $user->password . $CFG->calendar_exportsalt);
+if (!$authuserid && !$authusername) {
     die('Invalid authentication');
 }
 
@@ -31,6 +39,20 @@
 $allowed_what = array('all', 'courses');
 $allowed_time = array('weeknow', 'weeknext', 'monthnow', 'monthnext', 'recentupcoming');
 
+if (!empty($generateurl)) {
+    $authtoken = sha1($user->id . $user->password . $CFG->calendar_exportsalt);
+    $params = array();
+    $params['preset_what'] = $what;
+    $params['preset_time'] = $time;
+    $params['userid'] = $userid;
+    $params['authtoken'] = $authtoken;
+    $params['generateurl'] = true;
+
+    $link = new moodle_url('/calendar/export.php', $params);
+    redirect($link->out());
+    die;
+}
+
 if(!empty($what) && !empty($time)) {
     if(in_array($what, $allowed_what) && in_array($time, $allowed_time)) {
         $courses = enrol_get_users_courses($user->id, true, 'id, visible, shortname');

calendar/lib.php

@@ -1806,7 +1806,7 @@ protected function calculate_context(stdClass $data) {
             $group = $DB->get_record('groups', array('id'=>$data->groupid));
             $context = get_context_instance(CONTEXT_COURSE, $group->courseid);
         } else if (isset($data->userid) && $data->userid > 0 && $data->userid == $USER->id) {
-            $context =  get_context_instance(CONTEXT_USER);
+            $context =  get_context_instance(CONTEXT_USER, $data->userid);
         } else if (isset($data->userid) && $data->userid > 0 && $data->userid != $USER->id &&
                    isset($data->instance) && $data->instance > 0) {
             $cm = get_coursemodule_from_instance($data->modulename, $data->instance, 0, false, MUST_EXIST);

calendar/renderer.php

@@ -34,11 +34,11 @@ class core_calendar_renderer extends plugin_renderer_base {
      * @param bool $allowthisweek
      * @param bool $allownextweek
      * @param bool $allownextmonth
-     * @param string $username
+     * @param int $userid
      * @param string $authtoken
      * @return string
      */
-    public function basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $username, $authtoken) {
+    public function basic_export_form($allowthisweek, $allownextweek, $allownextmonth, $userid, $authtoken) {
 
         $output  = html_writer::tag('div', get_string('export', 'calendar'), array('class'=>'header'));
         $output .= html_writer::start_tag('fieldset');
@@ -86,10 +86,10 @@ public function basic_export_form($allowthisweek, $allownextweek, $allownextmont
         $output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'cal_d', 'value'=>''));
         $output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'cal_m', 'value'=>''));
         $output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'cal_y', 'value'=>''));
-        $output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'username', 'value'=>$username));
+        $output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'userid', 'value'=>$userid));
         $output .= html_writer::empty_tag('input', array('type'=>'hidden', 'name'=>'authtoken', 'value'=>$authtoken));
 
-        $output .= html_writer::empty_tag('input', array('type'=>'button', 'id'=>'generateurl', 'value'=>get_string('generateurlbutton', 'calendar')));
+        $output .= html_writer::empty_tag('input', array('type'=>'submit', 'name' => 'generateurl', 'id'=>'generateurl', 'value'=>get_string('generateurlbutton', 'calendar')));
         $output .= html_writer::empty_tag('input', array('type'=>'submit', 'value'=>get_string('exportbutton', 'calendar')));
 
         $output .= html_writer::end_tag('div');
@@ -102,8 +102,6 @@ public function basic_export_form($allowthisweek, $allownextweek, $allownextmont
         $output .= html_writer::tag('div', '', array('id'=>'url', 'style'=>'overflow:scroll;width:650px;'));
         $output .= html_writer::end_tag('div');
 
-        $this->page->requires->yui_module('moodle-calendar-eventmanager', 'M.core_calendar.init_basic_export', array($allowthisweek, $allownextweek, $allownextmonth, $username, $authtoken));
-
         return $output;
     }
 

calendar/view.php

@@ -150,8 +150,8 @@
 if (!empty($CFG->enablecalendarexport)) {
     echo $OUTPUT->single_button(new moodle_url('export.php', array('course'=>$courseid)), get_string('exportcalendar', 'calendar'));
     if (isloggedin()) {
-        $authtoken = sha1($USER->username . $USER->password . $CFG->calendar_exportsalt);
-        $link = new moodle_url('/calendar/export_execute.php', array('preset_what'=>'all', 'preset_time'=>'recentupcoming', 'username'=>$USER->username, 'authtoken'=>$authtoken));
+        $authtoken = sha1($USER->id . $USER->password . $CFG->calendar_exportsalt);
+        $link = new moodle_url('/calendar/export_execute.php', array('preset_what'=>'all', 'preset_time'=>'recentupcoming', 'userid' => $USER->id, 'authtoken'=>$authtoken));
         $icon = html_writer::empty_tag('img', array('src'=>$OUTPUT->pix_url('i/ical'), 'height'=>'14', 'width'=>'36', 'alt'=>get_string('ical', 'calendar'), 'title'=>get_string('quickdownloadcalendar', 'calendar')));
         echo html_writer::tag('a', $icon, array('href'=>$link));
     }

calendar/yui/eventmanager/eventmanager.js

@@ -120,26 +120,6 @@ YUI.add('moodle-calendar-eventmanager', function(Y) {
     var EVENTMANAGER = {
         add_event : function(config) {
             new EVENT(config);
-        },
-        init_basic_export : function(allowthisweek, allownextweek, allownextmonth, username, authtoken) {
-            var params = {
-                preset_what : (Y.one('#pw_course').get('checked'))?'courses':'all',
-                preset_time : 'recentupcoming',
-                username : username,
-                authtoken : authtoken
-
-            }
-            if (allowthisweek && Y.one('#pt_wknow').get('checked')) {
-                params.presettime = 'weeknow';
-            } else if (allownextweek && Y.one('#pt_wknext').get('checked')) {
-                params.presettime = 'weeknext';
-            } else if (allownextmonth && Y.one('#pt_monnext').get('checked')) {
-                params.presettime = 'monthnext';
-            } else if (Y.one('#pt_monnow').get('checked')) {
-                params.presettime = 'monthnow';
-            }
-            Y.one('#url').setContent(M.cfg.wwwroot+'/calendar/export_execute.php?'+build_querystring(params));
-            Y.one('#urlbox').setStyle('display', 'block');
         }
     }
 

lang/en/calendar.php

@@ -28,6 +28,7 @@
 $string['calendar'] = 'Calendar';
 $string['calendarheading'] = '{$a} Calendar';
 $string['calendarpreferences'] = 'Calendar preferences';
+$string['calendarurl'] = 'Calendar URL: {$a}';
 $string['clickhide'] = 'click to hide';
 $string['clickshow'] = 'click to show';
 $string['commontasks'] = 'Options';