Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixes to prevent teachers using loginas to enter other courses as tha…

…t student
  • Loading branch information...
commit cb909d74cac11dd534663cfb53afeaf83525ad8a 1 parent 34fdf5b
moodler authored
Showing with 8 additions and 1 deletion.
  1. +1 −0  lang/en/moodle.php
  2. +7 −1 lib/moodlelib.php
View
1  lang/en/moodle.php
@@ -433,6 +433,7 @@
$string['startsignup'] = "Start now by creating a new account!";
$string['status'] = "Status";
$string['stringsnotset'] = "The following strings are not defined in \$a";
+$string['studentnotallowed'] = "Sorry, but you can not enter this course as '\$a'";
$string['success'] = "Success";
$string['summary'] = "Summary";
$string['summaryof'] = "Summary of \$a";
View
8 lib/moodlelib.php
@@ -1138,7 +1138,13 @@ function require_login($courseid=0) {
// Next, check if the user can be in a particular course
if ($courseid) {
if ($USER->student[$courseid] || $USER->teacher[$courseid] || $USER->admin) {
- if (!isset($USER->realuser)) { // Don't update if this isn't a realuser
+ if (isset($USER->realuser)) { // Make sure the REAL person can also access this course
+ if (!isteacher($courseid, $USER->realuser)) {
+ print_header();
+ notice(get_string("studentnotallowed", "", "$USER->firstname $USER->lastname"));
+ }
+
+ } else { // just update their last login time
update_user_in_db();
}
if (!$USER->email) { // User logged in, but has not set up profile!

0 comments on commit cb909d7

Please sign in to comment.
Something went wrong with that request. Please try again.