MDL-47950 course: Adding sesskey confirmation when duplicating activities
[moodle.git] / course / mod.php
CommitLineData
d9cb06dc 1<?php
2
3// This file is part of Moodle - http://moodle.org/
4//
5// Moodle is free software: you can redistribute it and/or modify
6// it under the terms of the GNU General Public License as published by
7// the Free Software Foundation, either version 3 of the License, or
8// (at your option) any later version.
9//
10// Moodle is distributed in the hope that it will be useful,
11// but WITHOUT ANY WARRANTY; without even the implied warranty of
12// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13// GNU General Public License for more details.
14//
15// You should have received a copy of the GNU General Public License
16// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
17
18/**
19 * Moves, adds, updates, duplicates or deletes modules in a course
20 *
21 * @copyright 1999 Martin Dougiamas http://dougiamas.com
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 * @package course
24 */
25
26require("../config.php");
27require_once("lib.php");
28
923451c5 29$sectionreturn = optional_param('sr', null, PARAM_INT);
d9cb06dc 30$add = optional_param('add', '', PARAM_ALPHA);
31$type = optional_param('type', '', PARAM_ALPHA);
32$indent = optional_param('indent', 0, PARAM_INT);
33$update = optional_param('update', 0, PARAM_INT);
fa820563 34$duplicate = optional_param('duplicate', 0, PARAM_INT);
d9cb06dc 35$hide = optional_param('hide', 0, PARAM_INT);
36$show = optional_param('show', 0, PARAM_INT);
37$copy = optional_param('copy', 0, PARAM_INT);
38$moveto = optional_param('moveto', 0, PARAM_INT);
39$movetosection = optional_param('movetosection', 0, PARAM_INT);
40$delete = optional_param('delete', 0, PARAM_INT);
41$course = optional_param('course', 0, PARAM_INT);
42$groupmode = optional_param('groupmode', -1, PARAM_INT);
43$cancelcopy = optional_param('cancelcopy', 0, PARAM_BOOL);
44$confirm = optional_param('confirm', 0, PARAM_BOOL);
45
46// This page should always redirect
a6855934 47$url = new moodle_url('/course/mod.php');
7f093351 48foreach (compact('indent','update','hide','show','copy','moveto','movetosection','delete','course','cancelcopy','confirm') as $key=>$value) {
49 if ($value !== 0) {
50 $url->param($key, $value);
51 }
52}
923451c5 53$url->param('sr', $sectionreturn);
7f093351 54if ($add !== '') {
55 $url->param('add', $add);
56}
57if ($type !== '') {
58 $url->param('type', $type);
59}
60if ($groupmode !== '') {
61 $url->param('groupmode', $groupmode);
62}
63$PAGE->set_url($url);
d9cb06dc 64
af189935
PS
65require_login();
66
d9cb06dc 67//check if we are adding / editing a module that has new forms using formslib
68if (!empty($add)) {
69 $id = required_param('id', PARAM_INT);
70 $section = required_param('section', PARAM_INT);
71 $type = optional_param('type', '', PARAM_ALPHA);
72 $returntomod = optional_param('return', 0, PARAM_BOOL);
73
a41b1d96 74 redirect("$CFG->wwwroot/course/modedit.php?add=$add&type=$type&course=$id&section=$section&return=$returntomod&sr=$sectionreturn");
d9cb06dc 75
76} else if (!empty($update)) {
af189935 77 $cm = get_coursemodule_from_id('', $update, 0, true, MUST_EXIST);
d9cb06dc 78 $returntomod = optional_param('return', 0, PARAM_BOOL);
a41b1d96 79 redirect("$CFG->wwwroot/course/modedit.php?update=$update&return=$returntomod&sr=$sectionreturn");
1adf55c5 80
f31d5641 81} else if (!empty($duplicate) and confirm_sesskey()) {
60df6787
S
82 $cm = get_coursemodule_from_id('', $duplicate, 0, true, MUST_EXIST);
83 $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
fa820563 84
af189935 85 require_login($course, false, $cm);
9a5e297b 86 $modcontext = context_module::instance($cm->id);
60df6787 87 require_capability('moodle/course:manageactivities', $modcontext);
fa820563 88
60df6787
S
89 // Duplicate the module.
90 $newcm = duplicate_module($course, $cm);
91 redirect(course_get_url($course, $cm->sectionnum, array('sr' => $sectionreturn)));
fa820563 92
d9cb06dc 93} else if (!empty($delete)) {
af189935 94 $cm = get_coursemodule_from_id('', $delete, 0, true, MUST_EXIST);
74df2951 95 $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
41b94a40 96
af189935 97 require_login($course, false, $cm);
9a5e297b 98 $modcontext = context_module::instance($cm->id);
af189935 99 require_capability('moodle/course:manageactivities', $modcontext);
264867fd 100
923451c5 101 $return = course_get_url($course, $cm->sectionnum, array('sr' => $sectionreturn));
caa65d9b 102
d9cb06dc 103 if (!$confirm or !confirm_sesskey()) {
104 $fullmodulename = get_string('modulename', $cm->modname);
3ba70534 105
76055f5d 106 $optionsyes = array('confirm'=>1, 'delete'=>$cm->id, 'sesskey'=>sesskey(), 'sr' => $sectionreturn);
3ba70534 107
d9cb06dc 108 $strdeletecheck = get_string('deletecheck', '', $fullmodulename);
109 $strdeletecheckfull = get_string('deletecheckfull', '', "$fullmodulename '$cm->name'");
3ba70534 110
d9cb06dc 111 $PAGE->set_pagetype('mod-' . $cm->modname . '-delete');
112 $PAGE->set_title($strdeletecheck);
b36781d7 113 $PAGE->set_heading($course->fullname);
d9cb06dc 114 $PAGE->navbar->add($strdeletecheck);
3ba70534 115
a347aee3 116 echo $OUTPUT->header();
d9cb06dc 117 echo $OUTPUT->box_start('noticebox');
dc6896ef 118 $formcontinue = new single_button(new moodle_url("$CFG->wwwroot/course/mod.php", $optionsyes), get_string('yes'));
76055f5d 119 $formcancel = new single_button($return, get_string('no'), 'get');
d9cb06dc 120 echo $OUTPUT->confirm($strdeletecheckfull, $formcontinue, $formcancel);
121 echo $OUTPUT->box_end();
122 echo $OUTPUT->footer();
3ba70534 123
d9cb06dc 124 exit;
125 }
caa65d9b 126
a347aee3
MN
127 // Delete the module.
128 course_delete_module($cm->id);
caa65d9b 129
d9cb06dc 130 redirect($return);
131}
d897cae4 132
d9cb06dc 133
134if ((!empty($movetosection) or !empty($moveto)) and confirm_sesskey()) {
af189935 135 $cm = get_coursemodule_from_id('', $USER->activitycopy, 0, true, MUST_EXIST);
74df2951 136 $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
af189935
PS
137
138 require_login($course, false, $cm);
9a5e297b
AA
139 $coursecontext = context_course::instance($course->id);
140 $modcontext = context_module::instance($cm->id);
af189935 141 require_capability('moodle/course:manageactivities', $modcontext);
f9903ed0 142
d9cb06dc 143 if (!empty($movetosection)) {
144 if (!$section = $DB->get_record('course_sections', array('id'=>$movetosection, 'course'=>$cm->course))) {
145 print_error('sectionnotexist');
146 }
147 $beforecm = NULL;
a10464d6 148
d9cb06dc 149 } else { // normal moveto
150 if (!$beforecm = get_coursemodule_from_id('', $moveto, $cm->course, true)) {
3ba70534 151 print_error('invalidcoursemodule');
152 }
d9cb06dc 153 if (!$section = $DB->get_record('course_sections', array('id'=>$beforecm->section, 'course'=>$cm->course))) {
154 print_error('sectionnotexist');
7977cffd 155 }
d9cb06dc 156 }
7977cffd 157
d9cb06dc 158 if (!ismoving($section->course)) {
159 print_error('needcopy', '', "view.php?id=$section->course");
160 }
7977cffd 161
d9cb06dc 162 moveto_module($cm, $section, $beforecm);
7977cffd 163
76055f5d 164 $sectionreturn = $USER->activitycopysectionreturn;
d9cb06dc 165 unset($USER->activitycopy);
166 unset($USER->activitycopycourse);
167 unset($USER->activitycopyname);
76055f5d 168 unset($USER->activitycopysectionreturn);
7977cffd 169
923451c5 170 redirect(course_get_url($course, $section->section, array('sr' => $sectionreturn)));
7977cffd 171
d9cb06dc 172} else if (!empty($indent) and confirm_sesskey()) {
173 $id = required_param('id', PARAM_INT);
aac94fd0 174
af189935 175 $cm = get_coursemodule_from_id('', $id, 0, true, MUST_EXIST);
74df2951 176 $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
af189935
PS
177
178 require_login($course, false, $cm);
9a5e297b
AA
179 $coursecontext = context_course::instance($course->id);
180 $modcontext = context_module::instance($cm->id);
af189935 181 require_capability('moodle/course:manageactivities', $modcontext);
bdc04ca9 182
d9cb06dc 183 $cm->indent += $indent;
aac94fd0 184
d9cb06dc 185 if ($cm->indent < 0) {
186 $cm->indent = 0;
187 }
aac94fd0 188
d9cb06dc 189 $DB->set_field('course_modules', 'indent', $cm->indent, array('id'=>$cm->id));
aac94fd0 190
d9cb06dc 191 rebuild_course_cache($cm->course);
82bd6a5e 192
923451c5 193 redirect(course_get_url($course, $cm->sectionnum, array('sr' => $sectionreturn)));
aac94fd0 194
d9cb06dc 195} else if (!empty($hide) and confirm_sesskey()) {
af189935 196 $cm = get_coursemodule_from_id('', $hide, 0, true, MUST_EXIST);
74df2951 197 $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
522f608d 198
af189935 199 require_login($course, false, $cm);
9a5e297b
AA
200 $coursecontext = context_course::instance($course->id);
201 $modcontext = context_module::instance($cm->id);
af189935 202 require_capability('moodle/course:activityvisibility', $modcontext);
a10464d6 203
d9cb06dc 204 set_coursemodule_visible($cm->id, 0);
9e533215 205 \core\event\course_module_updated::create_from_cm($cm, $modcontext)->trigger();
923451c5 206 redirect(course_get_url($course, $cm->sectionnum, array('sr' => $sectionreturn)));
1acfbce5 207
d9cb06dc 208} else if (!empty($show) and confirm_sesskey()) {
af189935 209 $cm = get_coursemodule_from_id('', $show, 0, true, MUST_EXIST);
74df2951 210 $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
1acfbce5 211
af189935 212 require_login($course, false, $cm);
9a5e297b
AA
213 $coursecontext = context_course::instance($course->id);
214 $modcontext = context_module::instance($cm->id);
af189935 215 require_capability('moodle/course:activityvisibility', $modcontext);
522f608d 216
af189935 217 $section = $DB->get_record('course_sections', array('id'=>$cm->section), '*', MUST_EXIST);
5867bfb5 218
af189935 219 $module = $DB->get_record('modules', array('id'=>$cm->module), '*', MUST_EXIST);
5867bfb5 220
d9cb06dc 221 if ($module->visible and ($section->visible or (SITEID == $cm->course))) {
222 set_coursemodule_visible($cm->id, 1);
9e533215 223 \core\event\course_module_updated::create_from_cm($cm, $modcontext)->trigger();
d9cb06dc 224 }
f9903ed0 225
923451c5 226 redirect(course_get_url($course, $section->section, array('sr' => $sectionreturn)));
3d575e6f 227
d9cb06dc 228} else if ($groupmode > -1 and confirm_sesskey()) {
229 $id = required_param('id', PARAM_INT);
3d575e6f 230
af189935 231 $cm = get_coursemodule_from_id('', $id, 0, true, MUST_EXIST);
74df2951 232 $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
af189935
PS
233
234 require_login($course, false, $cm);
9a5e297b
AA
235 $coursecontext = context_course::instance($course->id);
236 $modcontext = context_module::instance($cm->id);
af189935 237 require_capability('moodle/course:manageactivities', $modcontext);
a10464d6 238
d9cb06dc 239 set_coursemodule_groupmode($cm->id, $groupmode);
9e533215 240 \core\event\course_module_updated::create_from_cm($cm, $modcontext)->trigger();
923451c5 241 redirect(course_get_url($course, $cm->sectionnum, array('sr' => $sectionreturn)));
f9903ed0 242
d9cb06dc 243} else if (!empty($copy) and confirm_sesskey()) { // value = course module
af189935 244 $cm = get_coursemodule_from_id('', $copy, 0, true, MUST_EXIST);
74df2951 245 $course = $DB->get_record('course', array('id' => $cm->course), '*', MUST_EXIST);
7977cffd 246
af189935 247 require_login($course, false, $cm);
9a5e297b
AA
248 $coursecontext = context_course::instance($course->id);
249 $modcontext = context_module::instance($cm->id);
af189935 250 require_capability('moodle/course:manageactivities', $modcontext);
7977cffd 251
af189935 252 $section = $DB->get_record('course_sections', array('id'=>$cm->section), '*', MUST_EXIST);
7977cffd 253
76055f5d
FM
254 $USER->activitycopy = $copy;
255 $USER->activitycopycourse = $cm->course;
256 $USER->activitycopyname = $cm->name;
257 $USER->activitycopysectionreturn = $sectionreturn;
7977cffd 258
923451c5 259 redirect(course_get_url($course, $section->section, array('sr' => $sectionreturn)));
7977cffd 260
d9cb06dc 261} else if (!empty($cancelcopy) and confirm_sesskey()) { // value = course module
7977cffd 262
d9cb06dc 263 $courseid = $USER->activitycopycourse;
74df2951 264 $course = $DB->get_record('course', array('id' => $courseid), '*', MUST_EXIST);
7977cffd 265
923451c5
MG
266 $cm = get_coursemodule_from_id('', $USER->activitycopy, 0, true, IGNORE_MISSING);
267 $sectionreturn = $USER->activitycopysectionreturn;
d9cb06dc 268 unset($USER->activitycopy);
269 unset($USER->activitycopycourse);
270 unset($USER->activitycopyname);
923451c5
MG
271 unset($USER->activitycopysectionreturn);
272 redirect(course_get_url($course, $cm->sectionnum, array('sr' => $sectionreturn)));
d9cb06dc 273} else {
274 print_error('unknowaction');
275}