Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

6869 lines (5835 sloc) 223.154 kb
<?php // $Id$
///////////////////////////////////////////////////////////////////////////
// //
// NOTICE OF COPYRIGHT //
// //
// Moodle - Modular Object-Oriented Dynamic Learning Environment //
// http://moodle.org //
// //
// Copyright (C) 1999-2004 Martin Dougiamas http://dougiamas.com //
// //
// This program is free software; you can redistribute it and/or modify //
// it under the terms of the GNU General Public License as published by //
// the Free Software Foundation; either version 2 of the License, or //
// (at your option) any later version. //
// //
// This program is distributed in the hope that it will be useful, //
// but WITHOUT ANY WARRANTY; without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
// GNU General Public License for more details: //
// //
// http://www.gnu.org/copyleft/gpl.html //
// //
///////////////////////////////////////////////////////////////////////////
/**
* moodlelib.php - Moodle main library
*
* Main library file of miscellaneous general-purpose Moodle functions.
* Other main libraries:
* - weblib.php - functions that produce web output
* - datalib.php - functions that access the database
* @author Martin Dougiamas
* @version $Id$
* @license http://www.gnu.org/copyleft/gpl.html GNU Public License
* @package moodlecore
*/
/// CONSTANTS (Encased in phpdoc proper comments)/////////////////////////
/**
* Used by some scripts to check they are being called by Moodle
*/
define('MOODLE_INTERNAL', true);
/**
* No groups used?
*/
define('NOGROUPS', 0);
/**
* Groups used?
*/
define('SEPARATEGROUPS', 1);
/**
* Groups visible?
*/
define('VISIBLEGROUPS', 2);
/// Date and time constants ///
/**
* Time constant - the number of seconds in a week
*/
define('WEEKSECS', 604800);
/**
* Time constant - the number of seconds in a day
*/
define('DAYSECS', 86400);
/**
* Time constant - the number of seconds in an hour
*/
define('HOURSECS', 3600);
/**
* Time constant - the number of seconds in a minute
*/
define('MINSECS', 60);
/**
* Time constant - the number of minutes in a day
*/
define('DAYMINS', 1440);
/**
* Time constant - the number of minutes in an hour
*/
define('HOURMINS', 60);
/// Parameter constants - every call to optional_param(), required_param() ///
/// or clean_param() should have a specified type of parameter. //////////////
/**
* PARAM_RAW specifies a parameter that is not cleaned/processed in any way;
* originally was 0, but changed because we need to detect unknown
* parameter types and swiched order in clean_param().
*/
define('PARAM_RAW', 666);
/**
* PARAM_CLEAN - obsoleted, please try to use more specific type of parameter.
* It was one of the first types, that is why it is abused so much ;-)
*/
define('PARAM_CLEAN', 0x0001);
/**
* PARAM_INT - integers only, use when expecting only numbers.
*/
define('PARAM_INT', 0x0002);
/**
* PARAM_INTEGER - an alias for PARAM_INT
*/
define('PARAM_INTEGER', 0x0002);
/**
* PARAM_ALPHA - contains only english letters.
*/
define('PARAM_ALPHA', 0x0004);
/**
* PARAM_ACTION - an alias for PARAM_ALPHA, use for various actions in formas and urls
* @TODO: should we alias it to PARAM_ALPHANUM ?
*/
define('PARAM_ACTION', 0x0004);
/**
* PARAM_FORMAT - an alias for PARAM_ALPHA, use for names of plugins, formats, etc.
* @TODO: should we alias it to PARAM_ALPHANUM ?
*/
define('PARAM_FORMAT', 0x0004);
/**
* PARAM_NOTAGS - all html tags are stripped from the text. Do not abuse this type.
*/
define('PARAM_NOTAGS', 0x0008);
/**
* PARAM_MULTILANG - alias of PARAM_TEXT.
*/
define('PARAM_MULTILANG', 0x0009);
/**
* PARAM_TEXT - general plain text compatible with multilang filter, no other html tags.
*/
define('PARAM_TEXT', 0x0009);
/**
* PARAM_FILE - safe file name, all dangerous chars are stripped, protects against XSS, SQL injections and directory traversals
*/
define('PARAM_FILE', 0x0010);
/**
* PARAM_PATH - safe relative path name, all dangerous chars are stripped, protects against XSS, SQL injections and directory traversals
* note: the leading slash is not removed, window drive letter is not allowed
*/
define('PARAM_PATH', 0x0020);
/**
* PARAM_HOST - expected fully qualified domain name (FQDN) or an IPv4 dotted quad (IP address)
*/
define('PARAM_HOST', 0x0040);
/**
* PARAM_URL - expected properly formatted URL.
*/
define('PARAM_URL', 0x0080);
/**
* PARAM_LOCALURL - expected properly formatted URL as well as one that refers to the local server itself. (NOT orthogonal to the others! Implies PARAM_URL!)
*/
define('PARAM_LOCALURL', 0x0180);
/**
* PARAM_CLEANFILE - safe file name, all dangerous and regional chars are removed,
* use when you want to store a new file submitted by students
*/
define('PARAM_CLEANFILE',0x0200);
/**
* PARAM_ALPHANUM - expected numbers and letters only.
*/
define('PARAM_ALPHANUM', 0x0400);
/**
* PARAM_BOOL - converts input into 0 or 1, use for switches in forms and urls.
*/
define('PARAM_BOOL', 0x0800);
/**
* PARAM_CLEANHTML - cleans submitted HTML code and removes slashes
* note: do not forget to addslashes() before storing into database!
*/
define('PARAM_CLEANHTML',0x1000);
/**
* PARAM_ALPHAEXT the same contents as PARAM_ALPHA plus the chars in quotes: "/-_" allowed,
* suitable for include() and require()
* @TODO: should we rename this function to PARAM_SAFEDIRS??
*/
define('PARAM_ALPHAEXT', 0x2000);
/**
* PARAM_SAFEDIR - safe directory name, suitable for include() and require()
*/
define('PARAM_SAFEDIR', 0x4000);
/**
* PARAM_SEQUENCE - expects a sequence of numbers like 8 to 1,5,6,4,6,8,9. Numbers and comma only.
*/
define('PARAM_SEQUENCE', 0x8000);
/// Page types ///
/**
* PAGE_COURSE_VIEW is a definition of a page type. For more information on the page class see moodle/lib/pagelib.php.
*/
define('PAGE_COURSE_VIEW', 'course-view');
/// Debug levels ///
/** no warnings at all */
define ('DEBUG_NONE', 0);
/** E_ERROR | E_PARSE */
define ('DEBUG_MINIMAL', 5);
/** E_ERROR | E_PARSE | E_WARNING | E_NOTICE */
define ('DEBUG_NORMAL', 15);
/** E_ALL without E_STRICT and E_RECOVERABLE_ERROR for now */
define ('DEBUG_ALL', 2047);
/** DEBUG_ALL with extra Moodle debug messages - (DEBUG_ALL | 32768) */
define ('DEBUG_DEVELOPER', 34815);
/// PARAMETER HANDLING ////////////////////////////////////////////////////
/**
* Returns a particular value for the named variable, taken from
* POST or GET. If the parameter doesn't exist then an error is
* thrown because we require this variable.
*
* This function should be used to initialise all required values
* in a script that are based on parameters. Usually it will be
* used like this:
* $id = required_param('id');
*
* @param string $parname the name of the page parameter we want
* @param int $type expected type of parameter
* @return mixed
*/
function required_param($parname, $type=PARAM_CLEAN) {
// detect_unchecked_vars addition
global $CFG;
if (!empty($CFG->detect_unchecked_vars)) {
global $UNCHECKED_VARS;
unset ($UNCHECKED_VARS->vars[$parname]);
}
if (isset($_POST[$parname])) { // POST has precedence
$param = $_POST[$parname];
} else if (isset($_GET[$parname])) {
$param = $_GET[$parname];
} else {
error('A required parameter ('.$parname.') was missing');
}
return clean_param($param, $type);
}
/**
* Returns a particular value for the named variable, taken from
* POST or GET, otherwise returning a given default.
*
* This function should be used to initialise all optional values
* in a script that are based on parameters. Usually it will be
* used like this:
* $name = optional_param('name', 'Fred');
*
* @param string $parname the name of the page parameter we want
* @param mixed $default the default value to return if nothing is found
* @param int $type expected type of parameter
* @return mixed
*/
function optional_param($parname, $default=NULL, $type=PARAM_CLEAN) {
// detect_unchecked_vars addition
global $CFG;
if (!empty($CFG->detect_unchecked_vars)) {
global $UNCHECKED_VARS;
unset ($UNCHECKED_VARS->vars[$parname]);
}
if (isset($_POST[$parname])) { // POST has precedence
$param = $_POST[$parname];
} else if (isset($_GET[$parname])) {
$param = $_GET[$parname];
} else {
return $default;
}
return clean_param($param, $type);
}
/**
* Used by {@link optional_param()} and {@link required_param()} to
* clean the variables and/or cast to specific types, based on
* an options field.
* <code>
* $course->format = clean_param($course->format, PARAM_ALPHA);
* $selectedgrade_item = clean_param($selectedgrade_item, PARAM_CLEAN);
* </code>
*
* @uses $CFG
* @uses PARAM_CLEAN
* @uses PARAM_INT
* @uses PARAM_INTEGER
* @uses PARAM_ALPHA
* @uses PARAM_ALPHANUM
* @uses PARAM_NOTAGS
* @uses PARAM_ALPHAEXT
* @uses PARAM_BOOL
* @uses PARAM_SAFEDIR
* @uses PARAM_CLEANFILE
* @uses PARAM_FILE
* @uses PARAM_PATH
* @uses PARAM_HOST
* @uses PARAM_URL
* @uses PARAM_LOCALURL
* @uses PARAM_CLEANHTML
* @uses PARAM_SEQUENCE
* @param mixed $param the variable we are cleaning
* @param int $type expected format of param after cleaning.
* @return mixed
*/
function clean_param($param, $type) {
global $CFG;
if (is_array($param)) { // Let's loop
$newparam = array();
foreach ($param as $key => $value) {
$newparam[$key] = clean_param($value, $type);
}
return $newparam;
}
switch ($type) {
case PARAM_RAW: // no cleaning at all
return $param;
case PARAM_CLEAN: // General HTML cleaning, try to use more specific type if possible
if (is_numeric($param)) {
return $param;
}
$param = stripslashes($param); // Needed for kses to work fine
$param = clean_text($param); // Sweep for scripts, etc
return addslashes($param); // Restore original request parameter slashes
case PARAM_CLEANHTML: // prepare html fragment for display, do not store it into db!!
$param = stripslashes($param); // Remove any slashes
$param = clean_text($param); // Sweep for scripts, etc
return trim($param);
case PARAM_INT:
return (int)$param; // Convert to integer
case PARAM_ALPHA: // Remove everything not a-z
return eregi_replace('[^a-zA-Z]', '', $param);
case PARAM_ALPHANUM: // Remove everything not a-zA-Z0-9
return eregi_replace('[^A-Za-z0-9]', '', $param);
case PARAM_ALPHAEXT: // Remove everything not a-zA-Z/_-
return eregi_replace('[^a-zA-Z/_-]', '', $param);
case PARAM_SEQUENCE: // Remove everything not 0-9,
return eregi_replace('[^0-9,]', '', $param);
case PARAM_BOOL: // Convert to 1 or 0
$tempstr = strtolower($param);
if ($tempstr == 'on' or $tempstr == 'yes' ) {
$param = 1;
} else if ($tempstr == 'off' or $tempstr == 'no') {
$param = 0;
} else {
$param = empty($param) ? 0 : 1;
}
return $param;
case PARAM_NOTAGS: // Strip all tags
return strip_tags($param);
case PARAM_TEXT: // leave only tags needed for multilang
return clean_param(strip_tags($param, '<lang><span>'), PARAM_CLEAN);
case PARAM_SAFEDIR: // Remove everything not a-zA-Z0-9_-
return eregi_replace('[^a-zA-Z0-9_-]', '', $param);
case PARAM_CLEANFILE: // allow only safe characters
return clean_filename($param);
case PARAM_FILE: // Strip all suspicious characters from filename
$param = ereg_replace('[[:cntrl:]]|[<>"`\|\':\\/]', '', $param);
$param = ereg_replace('\.\.+', '', $param);
if($param == '.') {
$param = '';
}
return $param;
case PARAM_PATH: // Strip all suspicious characters from file path
$param = str_replace('\\\'', '\'', $param);
$param = str_replace('\\"', '"', $param);
$param = str_replace('\\', '/', $param);
$param = ereg_replace('[[:cntrl:]]|[<>"`\|\':]', '', $param);
$param = ereg_replace('\.\.+', '', $param);
$param = ereg_replace('//+', '/', $param);
return ereg_replace('/(\./)+', '/', $param);
case PARAM_HOST: // allow FQDN or IPv4 dotted quad
$param = preg_replace('/[^\.\d\w-]/','', $param ); // only allowed chars
// match ipv4 dotted quad
if (preg_match('/(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/',$param, $match)){
// confirm values are ok
if ( $match[0] > 255
|| $match[1] > 255
|| $match[3] > 255
|| $match[4] > 255 ) {
// hmmm, what kind of dotted quad is this?
$param = '';
}
} elseif ( preg_match('/^[\w\d\.-]+$/', $param) // dots, hyphens, numbers
&& !preg_match('/^[\.-]/', $param) // no leading dots/hyphens
&& !preg_match('/[\.-]$/', $param) // no trailing dots/hyphens
) {
// all is ok - $param is respected
} else {
// all is not ok...
$param='';
}
return $param;
case PARAM_URL: // allow safe ftp, http, mailto urls
include_once($CFG->dirroot . '/lib/validateurlsyntax.php');
if (!empty($param) && validateUrlSyntax($param, 's?H?S?F?E?u-P-a?I?p?f?q?r?')) {
// all is ok, param is respected
} else {
$param =''; // not really ok
}
return $param;
case PARAM_LOCALURL: // allow http absolute, root relative and relative URLs within wwwroot
$param = clean_param($param, PARAM_URL);
if (!empty($param)) {
if (preg_match(':^/:', $param)) {
// root-relative, ok!
} elseif (preg_match('/^'.preg_quote($CFG->wwwroot, '/').'/i',$param)) {
// absolute, and matches our wwwroot
} else {
// relative - let's make sure there are no tricks
if (validateUrlSyntax($param, 's-u-P-a-p-f+q?r?')) {
// looks ok.
} else {
$param = '';
}
}
}
return $param;
default: // throw error, switched parameters in optional_param or another serious problem
error("Unknown parameter type: $type");
}
}
/**
* Set a key in global configuration
*
* Set a key/value pair in both this session's {@link $CFG} global variable
* and in the 'config' database table for future sessions.
*
* Can also be used to update keys for plugin-scoped configs in config_plugin table.
* In that case it doesn't affect $CFG.
*
* @param string $name the key to set
* @param string $value the value to set (without magic quotes)
* @param string $plugin (optional) the plugin scope
* @uses $CFG
* @return bool
*/
function set_config($name, $value, $plugin=NULL) {
/// No need for get_config because they are usually always available in $CFG
global $CFG;
if (empty($plugin)) {
$CFG->$name = $value; // So it's defined for this invocation at least
if (get_field('config', 'name', 'name', $name)) {
return set_field('config', 'value', addslashes($value), 'name', $name);
} else {
$config = new object();
$config->name = $name;
$config->value = addslashes($value);
return insert_record('config', $config);
}
} else { // plugin scope
if ($id = get_field('config_plugins', 'id', 'name', $name, 'plugin', $plugin)) {
return set_field('config_plugins', 'value', addslashes($value), 'id', $id);
} else {
$config = new object();
$config->plugin = addslashes($plugin);
$config->name = $name;
$config->value = $value;
return insert_record('config_plugins', $config);
}
}
}
/**
* Get configuration values from the global config table
* or the config_plugins table.
*
* If called with no parameters it will do the right thing
* generating $CFG safely from the database without overwriting
* existing values.
*
* @param string $plugin
* @param string $name
* @uses $CFG
* @return hash-like object or single value
*
*/
function get_config($plugin=NULL, $name=NULL) {
global $CFG;
if (!empty($name)) { // the user is asking for a specific value
if (!empty($plugin)) {
return get_record('config_plugins', 'plugin' , $plugin, 'name', $name);
} else {
return get_record('config', 'name', $name);
}
}
// the user is after a recordset
if (!empty($plugin)) {
if ($configs=get_records('config_plugins', 'plugin', $plugin, '', 'name,value')) {
$configs = (array)$configs;
$localcfg = array();
foreach ($configs as $config) {
$localcfg[$config->name] = $config->value;
}
return (object)$localcfg;
} else {
return false;
}
} else {
// this was originally in setup.php
if ($configs = get_records('config')) {
$localcfg = (array)$CFG;
foreach ($configs as $config) {
if (!isset($localcfg[$config->name])) {
$localcfg[$config->name] = $config->value;
} else {
if ($localcfg[$config->name] != $config->value ) {
// complain if the DB has a different
// value than config.php does
error_log("\$CFG->{$config->name} in config.php ({$localcfg[$config->name]}) overrides database setting ({$config->value})");
}
}
}
$localcfg = (object)$localcfg;
return $localcfg;
} else {
// preserve $CFG if DB returns nothing or error
return $CFG;
}
}
}
/**
* Removes a key from global configuration
*
* @param string $name the key to set
* @param string $plugin (optional) the plugin scope
* @uses $CFG
* @return bool
*/
function unset_config($name, $plugin=NULL) {
global $CFG;
unset($CFG->$name);
if (empty($plugin)) {
return delete_records('config', 'name', $name);
} else {
return delete_records('config_plugins', 'name', $name, 'plugin', $plugin);
}
}
/**
* Refresh current $USER session global variable with all their current preferences.
* @uses $USER
*/
function reload_user_preferences() {
global $USER;
if(empty($USER) || empty($USER->id)) {
return false;
}
unset($USER->preference);
if ($preferences = get_records('user_preferences', 'userid', $USER->id)) {
foreach ($preferences as $preference) {
$USER->preference[$preference->name] = $preference->value;
}
} else {
//return empty preference array to hold new values
$USER->preference = array();
}
}
/**
* Sets a preference for the current user
* Optionally, can set a preference for a different user object
* @uses $USER
* @todo Add a better description and include usage examples. Add inline links to $USER and user functions in above line.
* @param string $name The key to set as preference for the specified user
* @param string $value The value to set forthe $name key in the specified user's record
* @param int $userid A moodle user ID
* @return bool
*/
function set_user_preference($name, $value, $otheruser=NULL) {
global $USER;
if (empty($otheruser)){
if (!empty($USER) && !empty($USER->id)) {
$userid = $USER->id;
} else {
return false;
}
} else {
$userid = $otheruser;
}
if (empty($name)) {
return false;
}
if ($preference = get_record('user_preferences', 'userid', $userid, 'name', $name)) {
if (set_field('user_preferences', 'value', $value, 'id', $preference->id)) {
if (empty($otheruser) and !empty($USER)) {
$USER->preference[$name] = $value;
}
return true;
} else {
return false;
}
} else {
$preference->userid = $userid;
$preference->name = $name;
$preference->value = (string)$value;
if (insert_record('user_preferences', $preference)) {
if (empty($otheruser) and !empty($USER)) {
$USER->preference[$name] = $value;
}
return true;
} else {
return false;
}
}
}
/**
* Unsets a preference completely by deleting it from the database
* Optionally, can set a preference for a different user id
* @uses $USER
* @param string $name The key to unset as preference for the specified user
* @param int $userid A moodle user ID
* @return bool
*/
function unset_user_preference($name, $userid=NULL) {
global $USER;
if (empty($userid)){
if(!empty($USER) && !empty($USER->id)) {
$userid = $USER->id;
}
else {
return false;
}
}
//Delete the preference from $USER
if (isset($USER->preference[$name])) {
unset($USER->preference[$name]);
}
//Then from DB
return delete_records('user_preferences', 'userid', $userid, 'name', $name);
}
/**
* Sets a whole array of preferences for the current user
* @param array $prefarray An array of key/value pairs to be set
* @param int $userid A moodle user ID
* @return bool
*/
function set_user_preferences($prefarray, $userid=NULL) {
global $USER;
if (!is_array($prefarray) or empty($prefarray)) {
return false;
}
if (empty($userid)){
if (!empty($USER) && !empty($USER->id)) {
$userid = NULL; // Continue with the current user below
} else {
return false; // No-one to set!
}
}
$return = true;
foreach ($prefarray as $name => $value) {
// The order is important; if the test for return is done first, then
// if one function call fails all the remaining ones will be "optimized away"
$return = set_user_preference($name, $value, $userid) and $return;
}
return $return;
}
/**
* If no arguments are supplied this function will return
* all of the current user preferences as an array.
* If a name is specified then this function
* attempts to return that particular preference value. If
* none is found, then the optional value $default is returned,
* otherwise NULL.
* @param string $name Name of the key to use in finding a preference value
* @param string $default Value to be returned if the $name key is not set in the user preferences
* @param int $userid A moodle user ID
* @uses $USER
* @return string
*/
function get_user_preferences($name=NULL, $default=NULL, $userid=NULL) {
global $USER;
if (empty($userid)) { // assume current user
if (empty($USER->preference)) {
return $default; // Default value (or NULL)
}
if (empty($name)) {
return $USER->preference; // Whole array
}
if (!isset($USER->preference[$name])) {
return $default; // Default value (or NULL)
}
return $USER->preference[$name]; // The single value
} else {
$preference = get_records_menu('user_preferences', 'userid', $userid, 'name', 'name,value');
if (empty($name)) {
return $preference;
}
if (!isset($preference[$name])) {
return $default; // Default value (or NULL)
}
return $preference[$name]; // The single value
}
}
/// FUNCTIONS FOR HANDLING TIME ////////////////////////////////////////////
/**
* Given date parts in user time produce a GMT timestamp.
*
* @param int $year The year part to create timestamp of
* @param int $month The month part to create timestamp of
* @param int $day The day part to create timestamp of
* @param int $hour The hour part to create timestamp of
* @param int $minute The minute part to create timestamp of
* @param int $second The second part to create timestamp of
* @param float $timezone ?
* @param bool $applydst ?
* @return int timestamp
* @todo Finish documenting this function
*/
function make_timestamp($year, $month=1, $day=1, $hour=0, $minute=0, $second=0, $timezone=99, $applydst=true) {
$timezone = get_user_timezone_offset($timezone);
if (abs($timezone) > 13) {
$time = mktime((int)$hour, (int)$minute, (int)$second, (int)$month, (int)$day, (int)$year);
} else {
$time = gmmktime((int)$hour, (int)$minute, (int)$second, (int)$month, (int)$day, (int)$year);
$time = usertime($time, $timezone);
if($applydst) {
$time -= dst_offset_on($time);
}
}
return $time;
}
/**
* Given an amount of time in seconds, returns string
* formatted nicely as months, days, hours etc as needed
*
* @uses MINSECS
* @uses HOURSECS
* @uses DAYSECS
* @param int $totalsecs ?
* @param array $str ?
* @return string
* @todo Finish documenting this function
*/
function format_time($totalsecs, $str=NULL) {
$totalsecs = abs($totalsecs);
if (!$str) { // Create the str structure the slow way
$str->day = get_string('day');
$str->days = get_string('days');
$str->hour = get_string('hour');
$str->hours = get_string('hours');
$str->min = get_string('min');
$str->mins = get_string('mins');
$str->sec = get_string('sec');
$str->secs = get_string('secs');
}
$days = floor($totalsecs/DAYSECS);
$remainder = $totalsecs - ($days*DAYSECS);
$hours = floor($remainder/HOURSECS);
$remainder = $remainder - ($hours*HOURSECS);
$mins = floor($remainder/MINSECS);
$secs = $remainder - ($mins*MINSECS);
$ss = ($secs == 1) ? $str->sec : $str->secs;
$sm = ($mins == 1) ? $str->min : $str->mins;
$sh = ($hours == 1) ? $str->hour : $str->hours;
$sd = ($days == 1) ? $str->day : $str->days;
$odays = '';
$ohours = '';
$omins = '';
$osecs = '';
if ($days) $odays = $days .' '. $sd;
if ($hours) $ohours = $hours .' '. $sh;
if ($mins) $omins = $mins .' '. $sm;
if ($secs) $osecs = $secs .' '. $ss;
if ($days) return $odays .' '. $ohours;
if ($hours) return $ohours .' '. $omins;
if ($mins) return $omins .' '. $osecs;
if ($secs) return $osecs;
return get_string('now');
}
/**
* Returns a formatted string that represents a date in user time
* <b>WARNING: note that the format is for strftime(), not date().</b>
* Because of a bug in most Windows time libraries, we can't use
* the nicer %e, so we have to use %d which has leading zeroes.
* A lot of the fuss in the function is just getting rid of these leading
* zeroes as efficiently as possible.
*
* If parameter fixday = true (default), then take off leading
* zero from %d, else mantain it.
*
* @uses HOURSECS
* @param int $date timestamp in GMT
* @param string $format strftime format
* @param float $timezone
* @param bool $fixday If true (default) then the leading
* zero from %d is removed. If false then the leading zero is mantained.
* @return string
*/
function userdate($date, $format='', $timezone=99, $fixday = true) {
global $CFG;
static $strftimedaydatetime;
if ($format == '') {
if (empty($strftimedaydatetime)) {
$strftimedaydatetime = get_string('strftimedaydatetime');
}
$format = $strftimedaydatetime;
}
if (!empty($CFG->nofixday)) { // Config.php can force %d not to be fixed.
$fixday = false;
} else if ($fixday) {
$formatnoday = str_replace('%d', 'DD', $format);
$fixday = ($formatnoday != $format);
}
$date += dst_offset_on($date);
$timezone = get_user_timezone_offset($timezone);
if (abs($timezone) > 13) { /// Server time
if ($fixday) {
$datestring = strftime($formatnoday, $date);
$daystring = str_replace(' 0', '', strftime(' %d', $date));
$datestring = str_replace('DD', $daystring, $datestring);
} else {
$datestring = strftime($format, $date);
}
} else {
$date += (int)($timezone * 3600);
if ($fixday) {
$datestring = gmstrftime($formatnoday, $date);
$daystring = str_replace(' 0', '', gmstrftime(' %d', $date));
$datestring = str_replace('DD', $daystring, $datestring);
} else {
$datestring = gmstrftime($format, $date);
}
}
/// If we are running under Windows and unicode is enabled, try to convert the datestring
/// to current_charset() (because it's impossible to specify UTF-8 to fetch locale info in Win32)
if (!empty($CFG->unicodedb) && $CFG->ostype == 'WINDOWS') {
if ($localewincharset = get_string('localewincharset')) {
$textlib = textlib_get_instance();
$datestring = $textlib->convert($datestring, $localewincharset, current_charset());
}
}
return $datestring;
}
/**
* Given a $time timestamp in GMT (seconds since epoch),
* returns an array that represents the date in user time
*
* @uses HOURSECS
* @param int $time Timestamp in GMT
* @param float $timezone ?
* @return array An array that represents the date in user time
* @todo Finish documenting this function
*/
function usergetdate($time, $timezone=99) {
$timezone = get_user_timezone_offset($timezone);
if (abs($timezone) > 13) { // Server time
return getdate($time);
}
// There is no gmgetdate so we use gmdate instead
$time += dst_offset_on($time);
$time += intval((float)$timezone * HOURSECS);
$datestring = gmstrftime('%S_%M_%H_%d_%m_%Y_%w_%j_%A_%B', $time);
list(
$getdate['seconds'],
$getdate['minutes'],
$getdate['hours'],
$getdate['mday'],
$getdate['mon'],
$getdate['year'],
$getdate['wday'],
$getdate['yday'],
$getdate['weekday'],
$getdate['month']
) = explode('_', $datestring);
return $getdate;
}
/**
* Given a GMT timestamp (seconds since epoch), offsets it by
* the timezone. eg 3pm in India is 3pm GMT - 7 * 3600 seconds
*
* @uses HOURSECS
* @param int $date Timestamp in GMT
* @param float $timezone
* @return int
*/
function usertime($date, $timezone=99) {
$timezone = get_user_timezone_offset($timezone);
if (abs($timezone) > 13) {
return $date;
}
return $date - (int)($timezone * HOURSECS);
}
/**
* Given a time, return the GMT timestamp of the most recent midnight
* for the current user.
*
* @param int $date Timestamp in GMT
* @param float $timezone ?
* @return ?
*/
function usergetmidnight($date, $timezone=99) {
$timezone = get_user_timezone_offset($timezone);
$userdate = usergetdate($date, $timezone);
// Time of midnight of this user's day, in GMT
return make_timestamp($userdate['year'], $userdate['mon'], $userdate['mday'], 0, 0, 0, $timezone);
}
/**
* Returns a string that prints the user's timezone
*
* @param float $timezone The user's timezone
* @return string
*/
function usertimezone($timezone=99) {
$tz = get_user_timezone($timezone);
if (!is_float($tz)) {
return $tz;
}
if(abs($tz) > 13) { // Server time
return get_string('serverlocaltime');
}
if($tz == intval($tz)) {
// Don't show .0 for whole hours
$tz = intval($tz);
}
if($tz == 0) {
return 'GMT';
}
else if($tz > 0) {
return 'GMT+'.$tz;
}
else {
return 'GMT'.$tz;
}
}
/**
* Returns a float which represents the user's timezone difference from GMT in hours
* Checks various settings and picks the most dominant of those which have a value
*
* @uses $CFG
* @uses $USER
* @param float $tz If this value is provided and not equal to 99, it will be returned as is and no other settings will be checked
* @return int
*/
function get_user_timezone_offset($tz = 99) {
global $USER, $CFG;
$tz = get_user_timezone($tz);
if (is_float($tz)) {
return $tz;
} else {
$tzrecord = get_timezone_record($tz);
if (empty($tzrecord)) {
return 99.0;
}
return (float)$tzrecord->gmtoff / HOURMINS;
}
}
/**
* Returns a float or a string which denotes the user's timezone
* A float value means that a simple offset from GMT is used, while a string (it will be the name of a timezone in the database)
* means that for this timezone there are also DST rules to be taken into account
* Checks various settings and picks the most dominant of those which have a value
*
* @uses $USER
* @uses $CFG
* @param float $tz If this value is provided and not equal to 99, it will be returned as is and no other settings will be checked
* @return mixed
*/
function get_user_timezone($tz = 99) {
global $USER, $CFG;
$timezones = array(
$tz,
isset($CFG->forcetimezone) ? $CFG->forcetimezone : 99,
isset($USER->timezone) ? $USER->timezone : 99,
isset($CFG->timezone) ? $CFG->timezone : 99,
);
$tz = 99;
while(($tz == '' || $tz == 99) && $next = each($timezones)) {
$tz = $next['value'];
}
return is_numeric($tz) ? (float) $tz : $tz;
}
/**
* ?
*
* @uses $CFG
* @uses $db
* @param string $timezonename ?
* @return object
*/
function get_timezone_record($timezonename) {
global $CFG, $db;
static $cache = NULL;
if ($cache === NULL) {
$cache = array();
}
if (isset($cache[$timezonename])) {
return $cache[$timezonename];
}
return $cache[$timezonename] = get_record_sql('SELECT * FROM '.$CFG->prefix.'timezone
WHERE name = '.$db->qstr($timezonename).' ORDER BY year DESC', true);
}
/**
* ?
*
* @uses $CFG
* @uses $USER
* @param ? $fromyear ?
* @param ? $to_year ?
* @return bool
*/
function calculate_user_dst_table($from_year = NULL, $to_year = NULL) {
global $CFG, $SESSION;
$usertz = get_user_timezone();
if (is_float($usertz)) {
// Trivial timezone, no DST
return false;
}
if (!empty($SESSION->dst_offsettz) && $SESSION->dst_offsettz != $usertz) {
// We have precalculated values, but the user's effective TZ has changed in the meantime, so reset
unset($SESSION->dst_offsets);
unset($SESSION->dst_range);
}
if (!empty($SESSION->dst_offsets) && empty($from_year) && empty($to_year)) {
// Repeat calls which do not request specific year ranges stop here, we have already calculated the table
// This will be the return path most of the time, pretty light computationally
return true;
}
// Reaching here means we either need to extend our table or create it from scratch
// Remember which TZ we calculated these changes for
$SESSION->dst_offsettz = $usertz;
if(empty($SESSION->dst_offsets)) {
// If we 're creating from scratch, put the two guard elements in there
$SESSION->dst_offsets = array(1 => NULL, 0 => NULL);
}
if(empty($SESSION->dst_range)) {
// If creating from scratch
$from = max((empty($from_year) ? intval(date('Y')) - 3 : $from_year), 1971);
$to = min((empty($to_year) ? intval(date('Y')) + 3 : $to_year), 2035);
// Fill in the array with the extra years we need to process
$yearstoprocess = array();
for($i = $from; $i <= $to; ++$i) {
$yearstoprocess[] = $i;
}
// Take note of which years we have processed for future calls
$SESSION->dst_range = array($from, $to);
}
else {
// If needing to extend the table, do the same
$yearstoprocess = array();
$from = max((empty($from_year) ? $SESSION->dst_range[0] : $from_year), 1971);
$to = min((empty($to_year) ? $SESSION->dst_range[1] : $to_year), 2035);
if($from < $SESSION->dst_range[0]) {
// Take note of which years we need to process and then note that we have processed them for future calls
for($i = $from; $i < $SESSION->dst_range[0]; ++$i) {
$yearstoprocess[] = $i;
}
$SESSION->dst_range[0] = $from;
}
if($to > $SESSION->dst_range[1]) {
// Take note of which years we need to process and then note that we have processed them for future calls
for($i = $SESSION->dst_range[1] + 1; $i <= $to; ++$i) {
$yearstoprocess[] = $i;
}
$SESSION->dst_range[1] = $to;
}
}
if(empty($yearstoprocess)) {
// This means that there was a call requesting a SMALLER range than we have already calculated
return true;
}
// From now on, we know that the array has at least the two guard elements, and $yearstoprocess has the years we need
// Also, the array is sorted in descending timestamp order!
// Get DB data
$presetrecords = get_records('timezone', 'name', $usertz, 'year DESC', 'year, gmtoff, dstoff, dst_month, dst_startday, dst_weekday, dst_skipweeks, dst_time, std_month, std_startday, std_weekday, std_skipweeks, std_time');
if(empty($presetrecords)) {
return false;
}
// Remove ending guard (first element of the array)
reset($SESSION->dst_offsets);
unset($SESSION->dst_offsets[key($SESSION->dst_offsets)]);
// Add all required change timestamps
foreach($yearstoprocess as $y) {
// Find the record which is in effect for the year $y
foreach($presetrecords as $year => $preset) {
if($year <= $y) {
break;
}
}
$changes = dst_changes_for_year($y, $preset);
if($changes === NULL) {
continue;
}
if($changes['dst'] != 0) {
$SESSION->dst_offsets[$changes['dst']] = $preset->dstoff * MINSECS;
}
if($changes['std'] != 0) {
$SESSION->dst_offsets[$changes['std']] = 0;
}
}
// Put in a guard element at the top
$maxtimestamp = max(array_keys($SESSION->dst_offsets));
$SESSION->dst_offsets[($maxtimestamp + DAYSECS)] = NULL; // DAYSECS is arbitrary, any "small" number will do
// Sort again
krsort($SESSION->dst_offsets);
return true;
}
function dst_changes_for_year($year, $timezone) {
if($timezone->dst_startday == 0 && $timezone->dst_weekday == 0 && $timezone->std_startday == 0 && $timezone->std_weekday == 0) {
return NULL;
}
$monthdaydst = find_day_in_month($timezone->dst_startday, $timezone->dst_weekday, $timezone->dst_month, $year);
$monthdaystd = find_day_in_month($timezone->std_startday, $timezone->std_weekday, $timezone->std_month, $year);
list($dst_hour, $dst_min) = explode(':', $timezone->dst_time);
list($std_hour, $std_min) = explode(':', $timezone->std_time);
$timedst = make_timestamp($year, $timezone->dst_month, $monthdaydst, 0, 0, 0, 99, false);
$timestd = make_timestamp($year, $timezone->std_month, $monthdaystd, 0, 0, 0, 99, false);
// Instead of putting hour and minute in make_timestamp(), we add them afterwards.
// This has the advantage of being able to have negative values for hour, i.e. for timezones
// where GMT time would be in the PREVIOUS day than the local one on which DST changes.
$timedst += $dst_hour * HOURSECS + $dst_min * MINSECS;
$timestd += $std_hour * HOURSECS + $std_min * MINSECS;
return array('dst' => $timedst, 0 => $timedst, 'std' => $timestd, 1 => $timestd);
}
// $time must NOT be compensated at all, it has to be a pure timestamp
function dst_offset_on($time) {
global $SESSION;
if(!calculate_user_dst_table() || empty($SESSION->dst_offsets)) {
return 0;
}
reset($SESSION->dst_offsets);
while(list($from, $offset) = each($SESSION->dst_offsets)) {
if($from <= $time) {
break;
}
}
// This is the normal return path
if($offset !== NULL) {
return $offset;
}
// Reaching this point means we haven't calculated far enough, do it now:
// Calculate extra DST changes if needed and recurse. The recursion always
// moves toward the stopping condition, so will always end.
if($from == 0) {
// We need a year smaller than $SESSION->dst_range[0]
if($SESSION->dst_range[0] == 1971) {
return 0;
}
calculate_user_dst_table($SESSION->dst_range[0] - 5, NULL);
return dst_offset_on($time);
}
else {
// We need a year larger than $SESSION->dst_range[1]
if($SESSION->dst_range[1] == 2035) {
return 0;
}
calculate_user_dst_table(NULL, $SESSION->dst_range[1] + 5);
return dst_offset_on($time);
}
}
function find_day_in_month($startday, $weekday, $month, $year) {
$daysinmonth = days_in_month($month, $year);
if($weekday == -1) {
// Don't care about weekday, so return:
// abs($startday) if $startday != -1
// $daysinmonth otherwise
return ($startday == -1) ? $daysinmonth : abs($startday);
}
// From now on we 're looking for a specific weekday
// Give "end of month" its actual value, since we know it
if($startday == -1) {
$startday = -1 * $daysinmonth;
}
// Starting from day $startday, the sign is the direction
if($startday < 1) {
$startday = abs($startday);
$lastmonthweekday = strftime('%w', mktime(12, 0, 0, $month, $daysinmonth, $year, 0));
// This is the last such weekday of the month
$lastinmonth = $daysinmonth + $weekday - $lastmonthweekday;
if($lastinmonth > $daysinmonth) {
$lastinmonth -= 7;
}
// Find the first such weekday <= $startday
while($lastinmonth > $startday) {
$lastinmonth -= 7;
}
return $lastinmonth;
}
else {
$indexweekday = strftime('%w', mktime(12, 0, 0, $month, $startday, $year, 0));
$diff = $weekday - $indexweekday;
if($diff < 0) {
$diff += 7;
}
// This is the first such weekday of the month equal to or after $startday
$firstfromindex = $startday + $diff;
return $firstfromindex;
}
}
/**
* Calculate the number of days in a given month
*
* @param int $month The month whose day count is sought
* @param int $year The year of the month whose day count is sought
* @return int
*/
function days_in_month($month, $year) {
return intval(date('t', mktime(12, 0, 0, $month, 1, $year, 0)));
}
/**
* Calculate the position in the week of a specific calendar day
*
* @param int $day The day of the date whose position in the week is sought
* @param int $month The month of the date whose position in the week is sought
* @param int $year The year of the date whose position in the week is sought
* @return int
*/
function dayofweek($day, $month, $year) {
// I wonder if this is any different from
// strftime('%w', mktime(12, 0, 0, $month, $daysinmonth, $year, 0));
return intval(date('w', mktime(12, 0, 0, $month, $day, $year, 0)));
}
/// USER AUTHENTICATION AND LOGIN ////////////////////////////////////////
/**
* Makes sure that $USER->sesskey exists, if $USER itself exists. It sets a new sesskey
* if one does not already exist, but does not overwrite existing sesskeys. Returns the
* sesskey string if $USER exists, or boolean false if not.
*
* @uses $USER
* @return string
*/
function sesskey() {
global $USER;
if(!isset($USER)) {
return false;
}
if (empty($USER->sesskey)) {
$USER->sesskey = random_string(10);
}
return $USER->sesskey;
}
/**
* For security purposes, this function will check that the currently
* given sesskey (passed as a parameter to the script or this function)
* matches that of the current user.
*
* @param string $sesskey optionally provided sesskey
* @return bool
*/
function confirm_sesskey($sesskey=NULL) {
global $USER;
if (!empty($USER->ignoresesskey) || !empty($CFG->ignoresesskey)) {
return true;
}
if (empty($sesskey)) {
$sesskey = required_param('sesskey', PARAM_RAW); // Check script parameters
}
if (!isset($USER->sesskey)) {
return false;
}
return ($USER->sesskey === $sesskey);
}
/**
* Setup all global $CFG course variables, set locale and also themes
* This function can be used on pages that do not require login instead of require_login()
*
* @param mixed $courseorid id of the course or course object
*/
function course_setup($courseorid=0) {
global $COURSE, $CFG, $SITE, $USER;
/// Redefine global $COURSE if needed
if (empty($courseorid)) {
// no change in global $COURSE - for backwards compatibiltiy
// if require_rogin() used after require_login($courseid);
} else if (is_object($courseorid)) {
$COURSE = clone($courseorid);
} else {
global $course; // used here only to prevent repeated fetching from DB - may be removed later
if (!empty($course->id) and $course->id == SITEID) {
$COURSE = clone($SITE);
} else if (!empty($course->id) and $course->id == $courseorid) {
$COURSE = clone($course);
} else {
if (!$COURSE = get_record('course', 'id', $courseorid)) {
error('Invalid course ID');
}
}
}
/// set locale and themes
moodle_setlocale();
theme_setup();
}
/**
* This function checks that the current user is logged in and has the
* required privileges
*
* This function checks that the current user is logged in, and optionally
* whether they are allowed to be in a particular course and view a particular
* course module.
* If they are not logged in, then it redirects them to the site login unless
* $autologinguest is set and {@link $CFG}->autologinguests is set to 1 in which
* case they are automatically logged in as guests.
* If $courseid is given and the user is not enrolled in that course then the
* user is redirected to the course enrolment page.
* If $cm is given and the coursemodule is hidden and the user is not a teacher
* in the course then the user is redirected to the course home page.
*
* @uses $CFG
* @uses $SESSION
* @uses $USER
* @uses $FULLME
* @uses SITEID
* @uses $COURSE
* @uses $MoodleSession
* @param int $courseid id of the course
* @param bool $autologinguest
* @param object $cm course module object
*/
function require_login($courseid=0, $autologinguest=true, $cm=null) {
global $CFG, $SESSION, $USER, $COURSE, $FULLME, $MoodleSession;
/// Redefine global $COURSE if we can
global $course; // We use the global hack once here so it doesn't need to be used again
if (is_object($course) and !empty($course->id) and ($courseid == 0 || $course->id == $courseid)) {
$COURSE = clone($course);
} else if ($courseid) {
$COURSE = get_record('course', 'id', $courseid);
}
if (!empty($COURSE->lang)) {
$CFG->courselang = $COURSE->lang;
moodle_setlocale();
}
/// If the user is not even logged in yet then make sure they are
if (! (isset($USER->loggedin) and $USER->confirmed and ($USER->site == $CFG->wwwroot)) ) {
$SESSION->wantsurl = $FULLME;
if (!empty($_SERVER['HTTP_REFERER'])) {
$SESSION->fromurl = $_SERVER['HTTP_REFERER'];
}
$USER = NULL;
if ($autologinguest && !empty($CFG->autologinguests) and
$courseid and ($courseid == SITEID or get_field('course','guest','id',$courseid)) ) {
$loginguest = '?loginguest=true';
} else {
$loginguest = '';
}
if (empty($CFG->loginhttps)) {
redirect($CFG->wwwroot .'/login/index.php'. $loginguest);
} else {
$wwwroot = str_replace('http:','https:', $CFG->wwwroot);
redirect($wwwroot .'/login/index.php'. $loginguest);
}
exit;
}
/// check whether the user should be changing password
if (!empty($USER->preference['auth_forcepasswordchange'])){
if (is_internal_auth() || $CFG->{'auth_'.$USER->auth.'_stdchangepassword'}){
$SESSION->wantsurl = $FULLME;
redirect($CFG->wwwroot .'/login/change_password.php');
} elseif($CFG->changepassword) {
redirect($CFG->changepassword);
} else {
error('You cannot proceed without changing your password.
However there is no available page for changing it.
Please contact your Moodle Administrator.');
}
}
/// Check that the user account is properly set up
if (user_not_fully_set_up($USER)) {
$SESSION->wantsurl = $FULLME;
redirect($CFG->wwwroot .'/user/edit.php?id='. $USER->id .'&amp;course='. SITEID);
}
/// Make sure current IP matches the one for this session (if required)
if (!empty($CFG->tracksessionip)) {
if ($USER->sessionIP != md5(getremoteaddr())) {
error(get_string('sessionipnomatch', 'error'));
}
}
/// Make sure the USER has a sesskey set up. Used for checking script parameters.
sesskey();
// Check that the user has agreed to a site policy if there is one
if (!empty($CFG->sitepolicy)) {
if (!$USER->policyagreed) {
$SESSION->wantsurl = $FULLME;
redirect($CFG->wwwroot .'/user/policy.php');
}
}
/// If the site is currently under maintenance, then print a message
if (!has_capability('moodle/site:config',get_context_instance(CONTEXT_SYSTEM, SITEID))) {
if (file_exists($CFG->dataroot.'/'.SITEID.'/maintenance.html')) {
print_maintenance_message();
exit;
}
}
/// Next, check if the user can be in a particular course
if ($courseid) {
/// Sanity check on the courseid
if ($courseid == $COURSE->id) { /// Pretty much always true but let's be sure
$course = $COURSE;
} else if (! $course = get_record('course', 'id', $courseid)) {
error('That course doesn\'t exist');
}
/// We can eliminate hidden site activities straight away
if ($course->id == SITEID) {
if (!empty($cm) && !$cm->visible and !has_capability('moodle/course:viewhiddenactivities',
get_context_instance(CONTEXT_SYSTEM, SITEID))) {
redirect($CFG->wwwroot, get_string('activityiscurrentlyhidden'));
}
return;
}
/// If the whole course is hidden from us then we can stop now
if (!$context = get_context_instance(CONTEXT_COURSE, $course->id)) {
print_error('nocontext');
}
if (empty($USER->switchrole[$context->id]) &&
!($course->visible && course_parent_visible($course)) &&
!has_capability('moodle/course:viewhiddencourses', get_context_instance(CONTEXT_COURSE, $course->id)) ){
print_header_simple();
notice(get_string('coursehidden'), $CFG->wwwroot .'/');
}
/// Non-guests who don't currently have access, check if they can be allowed in as a guest
if ($USER->username != 'guest' and !has_capability('moodle/course:view', $context)) {
if ($course->guest == 1) {
// Temporarily assign them guest role for this context,
// if it fails user is asked to enrol
load_guest_role($context);
}
}
/// If the user is a guest then treat them according to the course policy about guests
if (has_capability('moodle/legacy:guest', $context, NULL, false)) {
switch ($course->guest) { /// Check course policy about guest access
case 1: /// Guests always allowed
if (!has_capability('moodle/course:view', $context)) { // Prohibited by capability
print_header_simple();
notice(get_string('guestsnotallowed', '', $course->fullname), "$CFG->wwwroot/login/index.php");
}
if (!empty($cm) and !$cm->visible) { // Not allowed to see module, send to course page
redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course,
get_string('activityiscurrentlyhidden'));
}
return; // User is allowed to see this course
break;
case 2: /// Guests allowed with key
if (!empty($USER->enrolkey[$course->id])) { // Set by enrol/manual/enrol.php
return true;
}
// otherwise drop through to logic below (--> enrol.php)
break;
default: /// Guests not allowed
print_header_simple('', '', get_string('loggedinasguest'));
if (empty($USER->switchrole[$context->id])) { // Normal guest
notice(get_string('guestsnotallowed', '', $course->fullname), "$CFG->wwwroot/login/index.php");
} else {
notify(get_string('guestsnotallowed', '', $course->fullname));
echo '<div class="notifyproblem">'.switchroles_form($course->id).'</div>';
print_footer($course);
exit;
}
break;
}
/// For non-guests, check if they have course view access
} else if (has_capability('moodle/course:view', $context)) {
if (!empty($USER->realuser)) { // Make sure the REAL person can also access this course
if (!has_capability('moodle/course:view', $context, $USER->realuser)) {
print_header_simple();
notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/');
}
}
/// Make sure they can read this activity too, if specified
if (!empty($cm) and !$cm->visible and !has_capability('moodle/course:viewhiddenactivities', $context)) {
redirect($CFG->wwwroot.'/course/view.php?id='.$cm->course, get_string('activityiscurrentlyhidden'));
}
return; // User is allowed to see this course
}
/// Currently not enrolled in the course, so see if they want to enrol
$SESSION->wantsurl = $FULLME;
redirect($CFG->wwwroot .'/course/enrol.php?id='. $courseid);
die;
}
}
/**
* This function just makes sure a user is logged out.
*
* @uses $CFG
* @uses $USER
*/
function require_logout() {
global $USER, $CFG;
if (isset($USER) and isset($USER->id)) {
add_to_log(SITEID, "user", "logout", "view.php?id=$USER->id&course=".SITEID, $USER->id, 0, $USER->id);
if ($USER->auth == 'cas' && !empty($CFG->cas_enabled)) {
require($CFG->dirroot.'/auth/cas/logout.php');
}
}
if (ini_get_bool("register_globals") and check_php_version("4.3.0")) {
// This method is just to try to avoid silly warnings from PHP 4.3.0
session_unregister("USER");
session_unregister("SESSION");
}
setcookie('MoodleSessionTest'.$CFG->sessioncookie, '', time() - 3600, $CFG->sessioncookiepath);
unset($_SESSION['USER']);
unset($_SESSION['SESSION']);
unset($SESSION);
unset($USER);
}
/**
* This is a weaker version of {@link require_login()} which only requires login
* when called from within a course rather than the site page, unless
* the forcelogin option is turned on.
*
* @uses $CFG
* @param object $course The course object in question
* @param bool $autologinguest Allow autologin guests if that is wanted
* @param object $cm Course activity module if known
*/
function require_course_login($course, $autologinguest=true, $cm=null) {
global $CFG;
if (!empty($CFG->forcelogin)) {
require_login();
}
if ($course->id != SITEID) {
require_login($course->id, $autologinguest, $cm);
}
}
/**
* Modify the user table by setting the currently logged in user's
* last login to now.
*
* @uses $USER
* @return bool
*/
function update_user_login_times() {
global $USER;
$USER->lastlogin = $user->lastlogin = $USER->currentlogin;
$USER->currentlogin = $user->lastaccess = $user->currentlogin = time();
$user->id = $USER->id;
return update_record('user', $user);
}
/**
* Determines if a user has completed setting up their account.
*
* @param user $user A {@link $USER} object to test for the existance of a valid name and email
* @return bool
*/
function user_not_fully_set_up($user) {
return ($user->username != 'guest' and (empty($user->firstname) or empty($user->lastname) or empty($user->email) or over_bounce_threshold($user)));
}
function over_bounce_threshold($user) {
global $CFG;
if (empty($CFG->handlebounces)) {
return false;
}
// set sensible defaults
if (empty($CFG->minbounces)) {
$CFG->minbounces = 10;
}
if (empty($CFG->bounceratio)) {
$CFG->bounceratio = .20;
}
$bouncecount = 0;
$sendcount = 0;
if ($bounce = get_record('user_preferences','userid',$user->id,'name','email_bounce_count')) {
$bouncecount = $bounce->value;
}
if ($send = get_record('user_preferences','userid',$user->id,'name','email_send_count')) {
$sendcount = $send->value;
}
return ($bouncecount >= $CFG->minbounces && $bouncecount/$sendcount >= $CFG->bounceratio);
}
/**
* @param $user - object containing an id
* @param $reset - will reset the count to 0
*/
function set_send_count($user,$reset=false) {
if ($pref = get_record('user_preferences','userid',$user->id,'name','email_send_count')) {
$pref->value = (!empty($reset)) ? 0 : $pref->value+1;
update_record('user_preferences',$pref);
}
else if (!empty($reset)) { // if it's not there and we're resetting, don't bother.
// make a new one
$pref->name = 'email_send_count';
$pref->value = 1;
$pref->userid = $user->id;
insert_record('user_preferences',$pref, false);
}
}
/**
* @param $user - object containing an id
* @param $reset - will reset the count to 0
*/
function set_bounce_count($user,$reset=false) {
if ($pref = get_record('user_preferences','userid',$user->id,'name','email_bounce_count')) {
$pref->value = (!empty($reset)) ? 0 : $pref->value+1;
update_record('user_preferences',$pref);
}
else if (!empty($reset)) { // if it's not there and we're resetting, don't bother.
// make a new one
$pref->name = 'email_bounce_count';
$pref->value = 1;
$pref->userid = $user->id;
insert_record('user_preferences',$pref, false);
}
}
/**
* Keeps track of login attempts
*
* @uses $SESSION
*/
function update_login_count() {
global $SESSION;
$max_logins = 10;
if (empty($SESSION->logincount)) {
$SESSION->logincount = 1;
} else {
$SESSION->logincount++;
}
if ($SESSION->logincount > $max_logins) {
unset($SESSION->wantsurl);
error(get_string('errortoomanylogins'));
}
}
/**
* Resets login attempts
*
* @uses $SESSION
*/
function reset_login_count() {
global $SESSION;
$SESSION->logincount = 0;
}
function sync_metacourses() {
global $CFG;
if (!$courses = get_records('course', 'metacourse', 1)) {
return;
}
foreach ($courses as $course) {
sync_metacourse($course);
}
}
/**
* Goes through all enrolment records for the courses inside the metacourse and sync with them.
*/
function sync_metacourse($course) {
global $CFG;
$status = true;
if (!is_object($course)) {
if (!$course = get_record('course', 'id', $course)) {
return false; // invalid course id
}
}
if (empty($course->metacourse)) {
return false; // can not sync normal course or not $course object
}
$context = get_context_instance(CONTEXT_COURSE, $course->id); // SITEID can not be a metacourse
if (!$roles = get_records('role')) {
return false; // hmm, there should be always at least one role
}
// always keep metacourse managers
if ($users = get_users_by_capability($context, 'moodle/course:managemetacourse')) {
$managers = array_keys($users);
} else {
$managers = array();
}
// find all role users in child courses + build list of current metacourse assignments
$in_childs = array();
foreach ($roles as $role) {
if ($users = get_role_users($role->id, $context, false)) {
$current[$role->id] = array_keys($users);
} else {
$current[$role->id] = array();
}
$in_childs[$role->id] = array(); //initialze array
}
if ($children = get_records('course_meta', 'parent_course', $course->id)) {
foreach ($children as $child) {
$ch_context = get_context_instance(CONTEXT_COURSE, $child->child_course);
foreach ($roles as $role) {
if ($users = get_role_users($role->id, $ch_context, false)) {
$users = array_keys($users);
$in_childs[$role->id] = array_merge($in_childs[$role->id], $users);
}
}
}
}
foreach ($roles as $role) {
//clean up the duplicates from cuncurrent assignments in child courses
$in_childs[$role->id] = array_unique($in_childs[$role->id]);
//make a list of all potentially affected users
}
foreach ($roles as $role) {
foreach ($current[$role->id] as $userid) {
if (in_array($userid, $in_childs[$role->id])) {
// ok - no need to change anything
unset($in_childs[$role->id][array_search($userid, $in_childs[$role->id])]);
} else {
// unassign if not metacourse manager
if (!in_array($userid, $managers)) {
//echo "unassigning uid: $userid from role: $role->id in context: $context->id <br>\n";
role_unassign($role->id, $userid, 0, $context->id);
}
}
}
// now assign roles to those left in $in_childs
foreach ($in_childs[$role->id] as $userid) {
//echo " assigning uid: $userid from role: $role->id in context: $context->id <br>\n";
role_assign($role->id, $userid, 0, $context->id);
}
}
// TODO: finish timeend and timestart
// maybe we could rely on cron job to do the cleaning from time to time
return true;
}
/**
* Adds a record to the metacourse table and calls sync_metacoures
*/
function add_to_metacourse ($metacourseid, $courseid) {
if (!$metacourse = get_record("course","id",$metacourseid)) {
return false;
}
if (!$course = get_record("course","id",$courseid)) {
return false;
}
if (!$record = get_record("course_meta","parent_course",$metacourseid,"child_course",$courseid)) {
$rec->parent_course = $metacourseid;
$rec->child_course = $courseid;
if (!insert_record('course_meta',$rec)) {
return false;
}
return sync_metacourse($metacourseid);
}
return true;
}
/**
* Removes the record from the metacourse table and calls sync_metacourse
*/
function remove_from_metacourse($metacourseid, $courseid) {
if (delete_records('course_meta','parent_course',$metacourseid,'child_course',$courseid)) {
return sync_metacourse($metacourseid);
}
return false;
}
/**
* Determines if a user is currently logged in
*
* @uses $USER
* @return bool
*/
function isloggedin() {
global $USER;
return (!empty($USER->id));
}
/**
* Determines if the currently logged in user is in editing mode
*
* @uses $USER
* @param int $courseid The id of the course being tested
* @param user $user A {@link $USER} object. If null then the currently logged in user is used.
* @return bool
*/
function isediting($courseid, $user=NULL) {
global $USER;
if (!$user) {
$user = $USER;
}
if (empty($user->editing)) {
return false;
}
return ($user->editing and has_capability('moodle/course:manageactivities', get_context_instance(CONTEXT_COURSE, $courseid)));
}
/**
* Determines if the logged in user is currently moving an activity
*
* @uses $USER
* @param int $courseid The id of the course being tested
* @return bool
*/
function ismoving($courseid) {
global $USER;
if (!empty($USER->activitycopy)) {
return ($USER->activitycopycourse == $courseid);
}
return false;
}
/**
* Given an object containing firstname and lastname
* values, this function returns a string with the
* full name of the person.
* The result may depend on system settings
* or language. 'override' will force both names
* to be used even if system settings specify one.
*
* @uses $CFG
* @uses $SESSION
* @param object $user A {@link $USER} object to get full name of
* @param bool $override If true then the name will be first name followed by last name rather than adhering to fullnamedisplay setting.
*/
function fullname($user, $override=false) {
global $CFG, $SESSION;
if (!isset($user->firstname) and !isset($user->lastname)) {
return '';
}
if (!$override) {
if (!empty($CFG->forcefirstname)) {
$user->firstname = $CFG->forcefirstname;
}
if (!empty($CFG->forcelastname)) {
$user->lastname = $CFG->forcelastname;
}
}
if (!empty($SESSION->fullnamedisplay)) {
$CFG->fullnamedisplay = $SESSION->fullnamedisplay;
}
if ($CFG->fullnamedisplay == 'firstname lastname') {
return $user->firstname .' '. $user->lastname;
} else if ($CFG->fullnamedisplay == 'lastname firstname') {
return $user->lastname .' '. $user->firstname;
} else if ($CFG->fullnamedisplay == 'firstname') {
if ($override) {
return get_string('fullnamedisplay', '', $user);
} else {
return $user->firstname;
}
}
return get_string('fullnamedisplay', '', $user);
}
/**
* Sets a moodle cookie with an encrypted string
*
* @uses $CFG
* @uses DAYSECS
* @uses HOURSECS
* @param string $thing The string to encrypt and place in a cookie
*/
function set_moodle_cookie($thing) {
global $CFG;
if ($thing == 'guest') { // Ignore guest account
return;
}
$cookiename = 'MOODLEID_'.$CFG->sessioncookie;
$days = 60;
$seconds = DAYSECS*$days;
setCookie($cookiename, '', time() - HOURSECS, '/');
setCookie($cookiename, rc4encrypt($thing), time()+$seconds, '/');
}
/**
* Gets a moodle cookie with an encrypted string
*
* @uses $CFG
* @return string
*/
function get_moodle_cookie() {
global $CFG;
$cookiename = 'MOODLEID_'.$CFG->sessioncookie;
if (empty($_COOKIE[$cookiename])) {
return '';
} else {
$thing = rc4decrypt($_COOKIE[$cookiename]);
return ($thing == 'guest') ? '': $thing; // Ignore guest account
}
}
/**
* Returns true if an internal authentication method is being used.
* if method not specified then, global default is assumed
*
* @uses $CFG
* @param string $auth Form of authentication required
* @return bool
* @todo Outline auth types and provide code example
*/
function is_internal_auth($auth='') {
/// Returns true if an internal authentication method is being used.
/// If auth not specified then global default is assumed
global $CFG;
if (empty($auth)) {
$auth = $CFG->auth;
}
return ($auth == "email" || $auth == "none" || $auth == "manual");
}
/**
* Returns an array of user fields
*
* @uses $CFG
* @uses $db
* @return array User field/column names
*/
function get_user_fieldnames() {
global $CFG, $db;
$fieldarray = $db->MetaColumnNames($CFG->prefix.'user');
unset($fieldarray['ID']);
return $fieldarray;
}
/**
* Creates a bare-bones user record
*
* @uses $CFG
* @param string $username New user's username to add to record
* @param string $password New user's password to add to record
* @param string $auth Form of authentication required
* @return object A {@link $USER} object
* @todo Outline auth types and provide code example
*/
function create_user_record($username, $password, $auth='') {
global $CFG;
//just in case check text case
$username = trim(moodle_strtolower($username));
if (function_exists('auth_get_userinfo')) {
if ($newinfo = auth_get_userinfo($username)) {
$newinfo = truncate_userinfo($newinfo);
foreach ($newinfo as $key => $value){
$newuser->$key = addslashes(stripslashes($value)); // Just in case
}
}
}
if (!empty($newuser->email)) {
if (email_is_not_allowed($newuser->email)) {
unset($newuser->email);
}
}
$newuser->auth = (empty($auth)) ? $CFG->auth : $auth;
$newuser->username = $username;
update_internal_user_password($newuser, $password, false);
// fix for MDL-8480
// user CFG lang for user if $newuser->lang is empty
// or $user->lang is not an installed language
$sitelangs = array_keys(get_list_of_languages());
if (empty($newuser->lang) || !in_array($newuser->lang, $sitelangs)) {
$newuser -> lang = $CFG->lang;
}
$newuser->confirmed = 1;
$newuser->lastip = getremoteaddr();
$newuser->timemodified = time();
if (insert_record('user', $newuser)) {
$user = get_complete_user_data('username', $newuser->username);
if($CFG->{'auth_'.$newuser->auth.'_forcechangepassword'}){
set_user_preference('auth_forcepasswordchange', 1, $user->id);
}
return $user;
}
return false;
}
/**
* Will update a local user record from an external source
*
* @uses $CFG
* @param string $username New user's username to add to record
* @return user A {@link $USER} object
*/
function update_user_record($username) {
global $CFG;
if (function_exists('auth_get_userinfo')) {
$username = trim(moodle_strtolower($username)); /// just in case check text case
$oldinfo = get_record('user', 'username', $username, '','','','', 'username, auth');
$authconfig = get_config('auth/' . $oldinfo->auth);
if ($newinfo = auth_get_userinfo($username)) {
$newinfo = truncate_userinfo($newinfo);
foreach ($newinfo as $key => $value){
$confkey = 'field_updatelocal_' . $key;
if (!empty($authconfig->$confkey) && $authconfig->$confkey === 'onlogin') {
$value = addslashes(stripslashes($value)); // Just in case
set_field('user', $key, $value, 'username', $username)
|| error_log("Error updating $key for $username");
}
}
}
}
return get_complete_user_data('username', $username);
}
function truncate_userinfo($info) {
/// will truncate userinfo as it comes from auth_get_userinfo (from external auth)
/// which may have large fields
// define the limits
$limit = array(
'username' => 100,
'idnumber' => 64,
'firstname' => 100,
'lastname' => 100,
'email' => 100,
'icq' => 15,
'phone1' => 20,
'phone2' => 20,
'institution' => 40,
'department' => 30,
'address' => 70,
'city' => 20,
'country' => 2,
'url' => 255,
);
// apply where needed
foreach (array_keys($info) as $key) {
if (!empty($limit[$key])) {
$info[$key] = trim(substr($info[$key],0, $limit[$key]));
}
}
return $info;
}
/**
* Retrieve the guest user object
*
* @uses $CFG
* @return user A {@link $USER} object
*/
function guest_user() {
global $CFG;
if ($newuser = get_record('user', 'username', 'guest')) {
$newuser->loggedin = true;
$newuser->confirmed = 1;
$newuser->site = $CFG->wwwroot;
$newuser->lang = $CFG->lang;
$newuser->lastip = getremoteaddr();
}
return $newuser;
}
/**
* Given a username and password, this function looks them
* up using the currently selected authentication mechanism,
* and if the authentication is successful, it returns a
* valid $user object from the 'user' table.
*
* Uses auth_ functions from the currently active auth module
*
* @uses $CFG
* @param string $username User's username
* @param string $password User's password
* @return user|flase A {@link $USER} object or false if error
*/
function authenticate_user_login($username, $password) {
global $CFG;
// First try to find the user in the database
if (!$user = get_complete_user_data('username', $username)) {
$user->id = 0; // Not a user
$user->auth = $CFG->auth;
}
// Sort out the authentication method we are using.
if (empty($CFG->auth)) {
$CFG->auth = 'manual'; // Default authentication module
}
if (empty($user->auth)) { // For some reason it isn't set yet
if (!empty($user->id) && (isadmin($user->id) || isguest($user->id))) {
$auth = 'manual'; // Always assume these guys are internal
} else {
$auth = $CFG->auth; // Normal users default to site method
}
// update user record from external DB
if ($user->auth != 'manual' && $user->auth != 'email') {
$user = update_user_record($username);
}
} else {
$auth = $user->auth;
}
if (detect_munged_arguments($auth, 0)) { // For safety on the next require
return false;
}
if (!file_exists($CFG->dirroot .'/auth/'. $auth .'/lib.php')) {
$auth = 'manual'; // Can't find auth module, default to internal
}
require_once($CFG->dirroot .'/auth/'. $auth .'/lib.php');
if (auth_user_login($username, $password)) { // Successful authentication
if ($user->id) { // User already exists in database
if (empty($user->auth)) { // For some reason auth isn't set yet
set_field('user', 'auth', $auth, 'username', $username);
}
update_internal_user_password($user, $password);
if (!is_internal_auth()) { // update user record from external DB
$user = update_user_record($username);
}
} else {
$user = create_user_record($username, $password, $auth);
}
// fix for MDL-6928
if (function_exists('auth_iscreator')) {
$sitecontext = get_context_instance(CONTEXT_SYSTEM);
if ($creatorroles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) {
$creatorrole = array_shift($creatorroles); // We can only use one, let's use the first one
// Check if the user is a creator
if (auth_iscreator($username)) { // Following calls will not create duplicates
role_assign($creatorrole->id, $user->id, 0, $sitecontext->id, 0, 0, 0, $auth);
} else {
role_unassign($creatorrole->id, $user->id, 0, $sitecontext->id);
}
}
}
/// Log in to a second system if necessary
if (!empty($CFG->sso)) {
include_once($CFG->dirroot .'/sso/'. $CFG->sso .'/lib.php');
if (function_exists('sso_user_login')) {
if (!sso_user_login($username, $password)) { // Perform the signon process
notify('Second sign-on failed');
}
}
}
return $user;
} else {
add_to_log(0, 'login', 'error', 'index.php', $username);
error_log('[client '.$_SERVER['REMOTE_ADDR']."] $CFG->wwwroot Failed Login: $username ".$_SERVER['HTTP_USER_AGENT']);
return false;
}
}
/**
* Compare password against hash stored in internal user table.
* If necessary it also updates the stored hash to new format.
*
* @param object user
* @param string plain text password
* @return bool is password valid?
*/
function validate_internal_user_password(&$user, $password) {
global $CFG;
if (!isset($CFG->passwordsaltmain)) {
$CFG->passwordsaltmain = '';
}
$validated = false;
if (!empty($CFG->unicodedb)) {
$textlib = textlib_get_instance();
$convpassword = $textlib->convert($password, 'UTF-8', get_string('oldcharset'));
} else {
$convpassword = $password; //no conversion yet
}
if ($user->password == md5($password.$CFG->passwordsaltmain) or $user->password == md5($password)
or $user->password == md5($convpassword.$CFG->passwordsaltmain) or $user->password == md5($convpassword)) {
$validated = true;
} else {
for ($i=1; $i<=20; $i++) { //20 alternative salts should be enough, right?
$alt = 'passwordsaltalt'.$i;
if (!empty($CFG->$alt)) {
if ($user->password == md5($password.$CFG->$alt) or $user->password == md5($convpassword.$CFG->$alt)) {
$validated = true;
break;
}
}
}
}
if ($validated) {
// force update of password hash using latest main password salt and encoding if needed
update_internal_user_password($user, $password);
}
return $validated;
}
/**
* Calculate hashed value from password using current hash mechanism.
*
* @param string password
* @return string password hash
*/
function hash_internal_user_password($password) {
global $CFG;
if (isset($CFG->passwordsaltmain)) {
return md5($password.$CFG->passwordsaltmain);
} else {
return md5($password);
}
}
/**
* Update pssword hash in user object.
*
* @param object user
* @param string plain text password
* @param bool store changes also in db, default true
* @return true if hash changed
*/
function update_internal_user_password(&$user, $password, $storeindb=true) {
global $CFG;
if (!empty($CFG->{$user->auth.'_preventpassindb'})) {
$hashedpassword = 'not cached';
} else {
$hashedpassword = hash_internal_user_password($password);
}
if ($user->password != $hashedpassword) {
if ($storeindb) {
if (!set_field('user', 'password', $hashedpassword, 'username', $user->username)) {
return false;
}
}
$user->password = $hashedpassword;
}
return true;
}
/**
* Get a complete user record, which includes all the info
* in the user record
* Intended for setting as $USER session variable
*
* @uses $CFG
* @uses SITEID
* @param string $field The user field to be checked for a given value.
* @param string $value The value to match for $field.
* @return user A {@link $USER} object.
*/
function get_complete_user_data($field, $value) {
global $CFG;
if (!$field || !$value) {
return false;
}
/// Get all the basic user data
if (! $user = get_record_select('user', $field .' = \''. $value .'\' AND deleted <> \'1\'')) {
return false;
}
/// Get various settings and preferences
if ($displays = get_records('course_display', 'userid', $user->id)) {
foreach ($displays as $display) {
$user->display[$display->course] = $display->display;
}
}
if ($preferences = get_records('user_preferences', 'userid', $user->id)) {
foreach ($preferences as $preference) {
$user->preference[$preference->name] = $preference->value;
}
}
if ($lastaccesses = get_records('user_lastaccess', 'userid', $user->id)) {
foreach ($lastaccesses as $lastaccess) {
$user->lastcourseaccess[$lastaccess->courseid] = $lastaccess->timeaccess;
}
}
if ($groups = get_records('groups_members', 'userid', $user->id)) {
foreach ($groups as $groupmember) {
$courseid = get_field('groups', 'courseid', 'id', $groupmember->groupid);
//change this to 2D array so we can put multiple groups in a course
$user->groupmember[$courseid][] = $groupmember->groupid;
}
}
/// Rewrite some variables if necessary
if (!empty($user->description)) {
$user->description = true; // No need to cart all of it around
}
if ($user->username == 'guest') {
$user->lang = $CFG->lang; // Guest language always same as site
$user->firstname = get_string('guestuser'); // Name always in current language
$user->lastname = ' ';
}
$user->loggedin = true;
$user->site = $CFG->wwwroot; // for added security, store the site in the session
$user->sesskey = random_string(10);
$user->sessionIP = md5(getremoteaddr()); // Store the current IP in the session
return $user;
}
/*
* When logging in, this function is run to set certain preferences
* for the current SESSION
*/
function set_login_session_preferences() {
global $SESSION, $CFG;
$SESSION->justloggedin = true;
unset($SESSION->lang);
// Restore the calendar filters, if saved
if (intval(get_user_preferences('calendar_persistflt', 0))) {
include_once($CFG->dirroot.'/calendar/lib.php');
calendar_set_filters_status(get_user_preferences('calendav_savedflt', 0xff));
}
}
/**
* Delete a course, including all related data from the database,
* and any associated files from the moodledata folder.
*
* @param int $courseid The id of the course to delete.
* @param bool $showfeedback Whether to display notifications of each action the function performs.
* @return bool true if all the removals succeeded. false if there were any failures. If this
* method returns false, some of the removals will probably have succeeded, and others
* failed, but you have no way of knowing which.
*/
function delete_course($courseid, $showfeedback = true) {
global $CFG;
$result = true;
if (!remove_course_contents($courseid, $showfeedback)) {
if ($showfeedback) {
notify("An error occurred while deleting some of the course contents.");
}
$result = false;
}
if (!delete_records("course", "id", $courseid)) {
if ($showfeedback) {
notify("An error occurred while deleting the main course record.");
}
$result = false;
}
if (!delete_records('context', 'contextlevel', CONTEXT_COURSE, 'instanceid', $courseid)) {
if ($showfeedback) {
notify("An error occurred while deleting the main context record.");
}
$result = false;
}
if (!fulldelete($CFG->dataroot.'/'.$courseid)) {
if ($showfeedback) {
notify("An error occurred while deleting the course files.");
}
$result = false;
}
return $result;
}
/**
* Clear a course out completely, deleting all content
* but don't delete the course itself
*
* @uses $CFG
* @param int $courseid The id of the course that is being deleted
* @param bool $showfeedback Whether to display notifications of each action the function performs.
* @return bool true if all the removals succeeded. false if there were any failures. If this
* method returns false, some of the removals will probably have succeeded, and others
* failed, but you have no way of knowing which.
*/
function remove_course_contents($courseid, $showfeedback=true) {
global $CFG;
$result = true;
if (! $course = get_record('course', 'id', $courseid)) {
error('Course ID was incorrect (can\'t find it)');
}
$strdeleted = get_string('deleted');
/// First delete every instance of every module
if ($allmods = get_records('modules') ) {
foreach ($allmods as $mod) {
$modname = $mod->name;
$modfile = $CFG->dirroot .'/mod/'. $modname .'/lib.php';
$moddelete = $modname .'_delete_instance'; // Delete everything connected to an instance
$moddeletecourse = $modname .'_delete_course'; // Delete other stray stuff (uncommon)
$count=0;
if (file_exists($modfile)) {
include_once($modfile);
if (function_exists($moddelete)) {
if ($instances = get_records($modname, 'course', $course->id)) {
foreach ($instances as $instance) {
if ($cm = get_coursemodule_from_instance($modname, $instance->id, $course->id)) {
delete_context(CONTEXT_MODULE, $cm->id);
}
if ($moddelete($instance->id)) {
$count++;
} else {
notify('Could not delete '. $modname .' instance '. $instance->id .' ('. format_string($instance->name) .')');
$result = false;
}
}
}
} else {
notify('Function '. $moddelete() .'doesn\'t exist!');
$result = false;
}
if (function_exists($moddeletecourse)) {
$moddeletecourse($course, $showfeedback);
}
}
if ($showfeedback) {
notify($strdeleted .' '. $count .' x '. $modname);
}
}
} else {
error('No modules are installed!');
}
/// Give local code a chance to delete its references to this course.
require_once('locallib.php');
notify_local_delete_course($courseid, $showfeedback);
/// Delete course blocks
if ($blocks = get_records_sql("SELECT *
FROM {$CFG->prefix}block_instance
WHERE pagetype = '".PAGE_COURSE_VIEW."'
AND pageid = $course->id")) {
if (delete_records('block_instance', 'pagetype', PAGE_COURSE_VIEW, 'pageid', $course->id)) {
if ($showfeedback) {
notify($strdeleted .' block_instance');
}
require_once($CFG->libdir.'/blocklib.php');
foreach ($blocks as $block) { /// Delete any associated contexts for this block
// Block instances are rarely created. Since the block instance is gone from the above delete
// statement, calling delete_context() will generate a warning as get_context_instance could
// no longer create the context as the block is already gone.
if (record_exists('context', 'contextlevel', CONTEXT_BLOCK, 'instanceid', $block->id)) {
delete_context(CONTEXT_BLOCK, $block->id);
}
// fix for MDL-7164
// Get the block object and call instance_delete()
if (!$record = blocks_get_record($block->blockid)) {
$result = false;
continue;
}
if (!$obj = block_instance($record->name, $block)) {
$result = false;
continue;
}
// Return value ignored, in core mods this does not do anything, but just in case
// third party blocks might have stuff to clean up
// we execute this anyway
$obj->instance_delete();
}
} else {
$result = false;
}
}
/// Delete any groups
if ($groups = get_records('groups', 'courseid', $course->id)) {
if (delete_records('groups', 'courseid', $course->id)) {
if ($showfeedback) {
notify($strdeleted .' groups');
}
foreach ($groups as $group) {
if (delete_records('groups_members', 'groupid', $group->id)) {
if ($showfeedback) {
notify($strdeleted .' groups_members');
}
} else {
$result = false;
}
/// Delete any associated context for this group
delete_context(CONTEXT_GROUP, $group->id);
}
} else {
$result = false;
}
}
/// Delete all related records in other tables that may have a courseid
/// This array stores the tables that need to be cleared, as
/// table_name => column_name that contains the course id.
$tablestoclear = array(
'event' => 'courseid', // Delete events
'log' => 'course', // Delete logs
'course_sections' => 'course', // Delete any course stuff
'course_modules' => 'course',
'grade_category' => 'courseid', // Delete gradebook stuff
'grade_exceptions' => 'courseid',
'grade_item' => 'courseid',
'grade_letter' => 'courseid',
'grade_preferences' => 'courseid',
'backup_courses' => 'courseid', // Delete scheduled backup stuff
'backup_log' => 'courseid'
);
foreach ($tablestoclear as $table => $col) {
if (delete_records($table, $col, $course->id)) {
if ($showfeedback) {
notify($strdeleted . ' ' . $table);
}
} else {
$result = false;
}
}
/// Clean up metacourse stuff
if ($course->metacourse) {
delete_records("course_meta","parent_course",$course->id);
sync_metacourse($course->id); // have to do it here so the enrolments get nuked. sync_metacourses won't find it without the id.
if ($showfeedback) {
notify("$strdeleted course_meta");
}
} else {
if ($parents = get_records("course_meta","child_course",$course->id)) {
foreach ($parents as $parent) {
remove_from_metacourse($parent->parent_course,$parent->child_course); // this will do the unenrolments as well.
}
if ($showfeedback) {
notify("$strdeleted course_meta");
}
}
}
/// Delete questions and question categories
include_once($CFG->libdir.'/questionlib.php');
question_delete_course($course, $showfeedback);
/// Delete all roles and overiddes in the course context (but keep the course context)
if ($courseid != SITEID) {
delete_context(CONTEXT_COURSE, $course->id);
}
// fix for MDL-9016
// clear the cache because the course context is deleted, and
// we don't want to write assignment, overrides and context_rel table
// with this old context id!
get_context_instance('clearcache');
return $result;
}
/**
* This function will empty a course of USER data as much as
/// possible. It will retain the activities and the structure
/// of the course.
*
* @uses $USER
* @uses $SESSION
* @uses $CFG
* @param object $data an object containing all the boolean settings and courseid
* @param bool $showfeedback if false then do it all silently
* @return bool
* @todo Finish documenting this function
*/
function reset_course_userdata($data, $showfeedback=true) {
global $CFG, $USER, $SESSION;
$result = true;
$strdeleted = get_string('deleted');
// Look in every instance of every module for data to delete
if ($allmods = get_records('modules') ) {
foreach ($allmods as $mod) {
$modname = $mod->name;
$modfile = $CFG->dirroot .'/mod/'. $modname .'/lib.php';
$moddeleteuserdata = $modname .'_delete_userdata'; // Function to delete user data
if (file_exists($modfile)) {
@include_once($modfile);
if (function_exists($moddeleteuserdata)) {
$moddeleteuserdata($data, $showfeedback);
}
}
}
} else {
error('No modules are installed!');
}
// Delete other stuff
$coursecontext = get_context_instance(CONTEXT_COURSE, $data->courseid);
if (!empty($data->reset_students) or !empty($data->reset_teachers)) {
$teachers = array_keys(get_users_by_capability($coursecontext, 'moodle/course:update'));
$participants = array_keys(get_users_by_capability($coursecontext, 'moodle/course:view'));
$students = array_diff($participants, $teachers);
if (!empty($data->reset_students)) {
foreach ($students as $studentid) {
role_unassign(0, $studentid, 0, $coursecontext->id);
}
if ($showfeedback) {
notify($strdeleted .' '.get_string('students'), 'notifysuccess');
}
/// Delete group members (but keep the groups)
if ($groups = get_records('groups', 'courseid', $data->courseid)) {
foreach ($groups as $group) {
if (delete_records('groups_members', 'groupid', $group->id)) {
if ($showfeedback) {
notify($strdeleted .' groups_members', 'notifysuccess');
}
} else {
$result = false;
}
}
}
}
if (!empty($data->reset_teachers)) {
foreach ($teachers as $teacherid) {
role_unassign(0, $teacherid, 0, $coursecontext->id);
}
if ($showfeedback) {
notify($strdeleted .' '.get_string('teachers'), 'notifysuccess');
}
}
}
if (!empty($data->reset_groups)) {
if ($groups = get_records('groups', 'courseid', $data->courseid)) {
foreach ($groups as $group) {
if (delete_records('groups', 'id', $group->id)) {
if ($showfeedback) {
notify($strdeleted .' groups', 'notifysuccess');
}
} else {
$result = false;
}
}
}
}
if (!empty($data->reset_events)) {
if (delete_records('event', 'courseid', $data->courseid)) {
if ($showfeedback) {
notify($strdeleted .' event', 'notifysuccess');
}
} else {
$result = false;
}
}
if (!empty($data->reset_logs)) {
if (delete_records('log', 'course', $data->courseid)) {
if ($showfeedback) {
notify($strdeleted .' log', 'notifysuccess');
}
} else {
$result = false;
}
}
// deletes all role assignments, and local override, these have no courseid in table and needs separate process
$context = get_context_instance(CONTEXT_COURSE, $data->courseid);
delete_records('role_capabilities', 'contextid', $context->id);
return $result;
}
/// GROUPS /////////////////////////////////////////////////////////
/**
* Determines if the user a member of the given group
*
* @uses $USER
* @param int $groupid The group to check the membership of
* @param int $userid The user to check against the group
* @return bool
*/
function ismember($groupid, $userid=0) {
global $USER;
if (!$groupid) { // No point doing further checks
return false;
}
//if groupid is supplied in array format
if (!$userid) {
if (empty($USER->groupmember)) {
return false;
}
//changed too for multiple groups
foreach ($USER->groupmember as $courseid => $mgroupid) {
//need to loop one more time...
if (is_array($mgroupid)) {
foreach ($mgroupid as $index => $mygroupid) {
if ($mygroupid == $groupid) {
return true;
}
}
} else if ($mgroupid == $groupid) {
return true;
}
}
return false;
}
if (is_array($groupid)){
foreach ($groupid as $index => $val){
if (record_exists('groups_members', 'groupid', $val, 'userid', $userid)){
return true;
}
}
}
else {
return record_exists('groups_members', 'groupid', $groupid, 'userid', $userid);
}
return false;
//else group id is in single format
//return record_exists('groups_members', 'groupid', $groupid, 'userid', $userid);
}
/**
* Add a user to a group, return true upon success or if user already a group member
*
* @param int $groupid The group id to add user to
* @param int $userid The user id to add to the group
* @return bool
*/
function add_user_to_group ($groupid, $userid) {
if (ismember($groupid, $userid)) return true;
$record->groupid = $groupid;
$record->userid = $userid;
$record->timeadded = time();
return (insert_record('groups_members', $record) !== false);
}
/**
* Get the group ID of the current user in the given course
*
* @uses $USER
* @param int $courseid The course being examined - relates to id field in 'course' table.
* @return int
*/
function mygroupid($courseid) {
global $USER;
if (empty($USER->groupmember[$courseid])) {
return 0;
} else {
//this is an array of ids >.<
return $USER->groupmember[$courseid];
}
}
/**
* For a given course, and possibly course module, determine
* what the current default groupmode is:
* NOGROUPS, SEPARATEGROUPS or VISIBLEGROUPS
*
* @param course $course A {@link $COURSE} object
* @param object $cm A course module object
* @return int A group mode (NOGROUPS, SEPARATEGROUPS or VISIBLEGROUPS)
*/
function groupmode($course, $cm=null) {
if ($cm and !$course->groupmodeforce) {
return $cm->groupmode;
}
return $course->groupmode;
}
/**
* Sets the current group in the session variable
*
* @uses $SESSION
* @param int $courseid The course being examined - relates to id field in 'course' table.
* @param int $groupid The group being examined.
* @return int Current group id which was set by this function
*/
function set_current_group($courseid, $groupid) {
global $SESSION;
return $SESSION->currentgroup[$courseid] = $groupid;
}
/**
* Gets the current group for the current user as an id or an object
*
* @uses $USER
* @uses $SESSION
* @param int $courseid The course being examined - relates to id field in 'course' table.
* @param bool $full If true, the return value is a full record object. If false, just the id of the record.
*/
function get_current_group($courseid, $full=false) {
global $SESSION, $USER;
if (!isset($SESSION->currentgroup[$courseid])) {
if (empty($USER->groupmember[$courseid]) or has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $courseid))) {
return 0;
} else {
//trying to add a hack >.<, always first select the first one in list
$SESSION->currentgroup[$courseid] = $USER->groupmember[$courseid][0];
}
}
if ($full) {
return get_record('groups', 'id', $SESSION->currentgroup[$courseid]);
} else {
return $SESSION->currentgroup[$courseid];
}
}
/**
* A combination function to make it easier for modules
* to set up groups.
*
* It will use a given "groupid" parameter and try to use
* that to reset the current group for the user.
*
* @uses VISIBLEGROUPS
* @param course $course A {@link $COURSE} object
* @param int $groupmode Either NOGROUPS, SEPARATEGROUPS or VISIBLEGROUPS
* @param int $groupid Will try to use this optional parameter to
* reset the current group for the user
* @return int|false Returns the current group id or false if error.
*/
function get_and_set_current_group($course, $groupmode, $groupid=-1) {
if (!$groupmode) { // Groups don't even apply
return false;
}
$currentgroupid = get_current_group($course->id);
if ($groupid < 0) { // No change was specified
return $currentgroupid;
}
if ($groupid) { // Try to change the current group to this groupid
if ($group = get_record('groups', 'id', $groupid, 'courseid', $course->id)) { // Exists
if (has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id))) { // Sets current default group
$currentgroupid = set_current_group($course->id, $group->id);
} else if ($groupmode == VISIBLEGROUPS) {
// All groups are visible
//if (ismember($group->id)){
$currentgroupid = set_current_group($course->id, $group->id);//set this since he might post
/*)}else {
$currentgroupid = $group->id;*/
} else if ($groupmode == SEPARATEGROUPS) { // student in separate groups switching
if (ismember($group->id)){//check if is a member
$currentgroupid = set_current_group($course->id, $group->id); //might need to set_current_group?
}
else {
echo ($group->id);
notify('you do not belong to this group!',error);
}
}
}
} else { // When groupid = 0 it means show ALL groups
// this is changed, non editting teacher needs access to group 0 as well, for viewing work in visible groups (need to set current group for multiple pages)
if (has_capability('moodle/site:accessallgroups', get_context_instance(CONTEXT_COURSE, $course->id))) { // Sets current default group
$currentgroupid = set_current_group($course->id, 0);
} else if ($groupmode == VISIBLEGROUPS) { // All groups are visible
$currentgroupid = 0;
}
}
return $currentgroupid;
}
/**
* A big combination function to make it easier for modules
* to set up groups.
*