MDL-33791 Portfolio: Fixed security issue with passing file paths.
[moodle.git] / mod / chat / report.php
CommitLineData
eb588b22 1<?php
22a4491a 2
3/// This page prints reports and info about chats
4
516121bd 5 require_once('../../config.php');
6 require_once('lib.php');
7
8 $id = required_param('id', PARAM_INT);
9 $start = optional_param('start', 0, PARAM_INT); // Start of period
10 $end = optional_param('end', 0, PARAM_INT); // End of period
11 $deletesession = optional_param('deletesession', 0, PARAM_BOOL);
12 $confirmdelete = optional_param('confirmdelete', 0, PARAM_BOOL);
23677956 13 $show_all = optional_param('show_all', 0, PARAM_BOOL);
516121bd 14
a6855934 15 $url = new moodle_url('/mod/chat/report.php', array('id'=>$id));
eb588b22 16 if ($start !== 0) {
17 $url->param('start', $start);
18 }
19 if ($end !== 0) {
20 $url->param('end', $end);
21 }
22 if ($deletesession !== 0) {
23 $url->param('deletesession', $deletesession);
24 }
25 if ($confirmdelete !== 0) {
26 $url->param('confirmdelete', $confirmdelete);
27 }
28 $PAGE->set_url($url);
29
f9d5371b 30 if (! $cm = get_coursemodule_from_id('chat', $id)) {
2f52a088 31 print_error('invalidcoursemodule');
84a2fdd7 32 }
d3bf6f92 33 if (! $chat = $DB->get_record('chat', array('id'=>$cm->instance))) {
2f52a088 34 print_error('invalidcoursemodule');
22a4491a 35 }
d3bf6f92 36 if (! $course = $DB->get_record('course', array('id'=>$chat->course))) {
2f52a088 37 print_error('coursemisconf');
22a4491a 38 }
22a4491a 39
6536217c 40 $context = context_module::instance($cm->id);
6abbf02d 41 $PAGE->set_context($context);
4ff8dccc 42 $PAGE->set_heading($course->fullname);
6abbf02d 43
cdbea7ee 44 require_login($course, false, $cm);
22a4491a 45
708c2e04
DC
46 if (empty($chat->studentlogs) && !has_capability('mod/chat:readlog', $context)) {
47 notice(get_string('nopermissiontoseethechatlog', 'chat'));
48 }
49
516121bd 50 add_to_log($course->id, 'chat', 'report', "report.php?id=$cm->id", $chat->id, $cm->id);
22a4491a 51
516121bd 52 $strchats = get_string('modulenameplural', 'chat');
53 $strchat = get_string('modulename', 'chat');
54 $strchatreport = get_string('chatreport', 'chat');
55 $strseesession = get_string('seesession', 'chat');
56 $strdeletesession = get_string('deletesession', 'chat');
27ac57c0 57
01e38388 58 $navlinks = array();
6089d5a0 59
6708a1f5
SH
60 $canexportsess = has_capability('mod/chat:exportsession', $context);
61
2defdcd7 62/// Print a session if one has been specified
a669b1f5 63
27ac57c0 64 if ($start and $end and !$confirmdelete) { // Show a full transcript
296b589e 65 $PAGE->navbar->add($strchatreport);
66 $PAGE->set_title(format_string($chat->name).": $strchatreport");
67 echo $OUTPUT->header();
516121bd 68
69 /// Check to see if groups are being used here
a12e11c1 70 $groupmode = groups_get_activity_groupmode($cm);
71 $currentgroup = groups_get_activity_group($cm, true);
f1035deb 72 groups_print_activity_menu($cm, $CFG->wwwroot . "/mod/chat/report.php?id=$cm->id");
a12e11c1 73
d3bf6f92 74 $params = array('currentgroup'=>$currentgroup, 'chatid'=>$chat->id, 'start'=>$start, 'end'=>$end);
516121bd 75
f1644b99 76 // If the user is allocated to a group, only show messages from people
77 // in the same group, or no group
3b27b0fe 78 if ($currentgroup) {
f1644b99 79 $groupselect = " AND (groupid = :currentgroup OR groupid = 0)";
b46792fe 80 } else {
81 $groupselect = "";
b46792fe 82 }
83
0468976c 84 if ($deletesession and has_capability('mod/chat:deletelog', $context)) {
af7bad79 85 echo $OUTPUT->confirm(get_string('deletesessionsure', 'chat'),
86 "report.php?id=$cm->id&deletesession=1&confirmdelete=1&start=$start&end=$end",
84a2fdd7 87 "report.php?id=$cm->id");
27ac57c0 88 }
89
6089d5a0 90 if (!$messages = $DB->get_records_select('chat_messages', "chatid = :chatid AND timestamp >= :start AND timestamp <= :end $groupselect", $params, "timestamp ASC")) {
b2dc6880 91 echo $OUTPUT->heading(get_string('nomessages', 'chat'));
a669b1f5 92
93 } else {
d3981e38 94 echo '<p class="boxaligncenter">'.userdate($start).' --> '. userdate($end).'</p>';
a669b1f5 95
29cd201f 96 echo $OUTPUT->box_start('center');
29ea0080 97 $participates = array();
a669b1f5 98 foreach ($messages as $message) { // We are walking FORWARDS through messages
29ea0080
DC
99 if (!isset($participates[$message->userid])) {
100 $participates[$message->userid] = true;
101 }
516121bd 102 $formatmessage = chat_format_message($message, $course->id, $USER);
78c98892 103 if (isset($formatmessage->html)) {
104 echo $formatmessage->html;
105 }
a669b1f5 106 }
6708a1f5
SH
107 $participatedcap = array_key_exists($USER->id, $participates) && has_capability('mod/chat:exportparticipatedsession', $context);
108 if (!empty($CFG->enableportfolios) && ($canexportsess || $participatedcap)) {
29ea0080
DC
109 require_once($CFG->libdir . '/portfoliolib.php');
110 $buttonoptions = array(
111 'id' => $cm->id,
112 'start' => $start,
113 'end' => $end,
114 );
115 $button = new portfolio_add_button();
37743241 116 $button->set_callback_options('chat_portfolio_caller', $buttonoptions, 'mod_chat');
29ea0080
DC
117 $button->render();
118 }
29cd201f 119 echo $OUTPUT->box_end();
a669b1f5 120 }
121
0468976c 122 if (!$deletesession or !has_capability('mod/chat:deletelog', $context)) {
29cd201f 123 echo $OUTPUT->continue_button("report.php?id=$cm->id");
27ac57c0 124 }
125
d8772689 126 echo $OUTPUT->footer();
a669b1f5 127 exit;
128 }
129
130
131/// Print the Sessions display
296b589e 132 $PAGE->navbar->add($strchatreport);
133 $PAGE->set_title(format_string($chat->name).": $strchatreport");
134 echo $OUTPUT->header();
22a4491a 135
b2dc6880 136 echo $OUTPUT->heading(format_string($chat->name).': '.get_string('sessions', 'chat'));
a43b2498 137
22a4491a 138
84a2fdd7 139/// Check to see if groups are being used here
a12e11c1 140 if ($groupmode = groups_get_activity_groupmode($cm)) { // Groups are being used
141 $currentgroup = groups_get_activity_group($cm, true);
f1035deb 142 groups_print_activity_menu($cm, $CFG->wwwroot . "/mod/chat/report.php?id=$cm->id");
84a2fdd7 143 } else {
144 $currentgroup = false;
145 }
146
d3bf6f92 147 $params = array('currentgroup'=>$currentgroup, 'chatid'=>$chat->id, 'start'=>$start, 'end'=>$end);
148
f1644b99 149 // If the user is allocated to a group, only show discussions with people in
150 // the same group, or no group
1604a0fc 151 if (!empty($currentgroup)) {
f1644b99 152 $groupselect = " AND (groupid = :currentgroup OR groupid = 0)";
84a2fdd7 153 } else {
154 $groupselect = "";
84a2fdd7 155 }
22a4491a 156
27ac57c0 157/// Delete a session if one has been specified
158
0468976c 159 if ($deletesession and has_capability('mod/chat:deletelog', $context) and $confirmdelete and $start and $end and confirm_sesskey()) {
d3bf6f92 160 $DB->delete_records_select('chat_messages', "chatid = :chatid AND timestamp >= :start AND
161 timestamp <= :end $groupselect", $params);
516121bd 162 $strdeleted = get_string('deleted');
29cd201f 163 echo $OUTPUT->notification("$strdeleted: ".userdate($start).' --> '. userdate($end));
27ac57c0 164 unset($deletesession);
165 }
166
167
168/// Get the messages
27ac57c0 169 if (empty($messages)) { /// May have already got them above
d3bf6f92 170 if (!$messages = $DB->get_records_select('chat_messages', "chatid = :chatid $groupselect", $params, "timestamp DESC")) {
b2dc6880 171 echo $OUTPUT->heading(get_string('nomessages', 'chat'));
d8772689 172 echo $OUTPUT->footer();
27ac57c0 173 exit;
174 }
22a4491a 175 }
176
23677956
DC
177 if ($show_all) {
178 echo $OUTPUT->heading(get_string('listing_all_sessions', 'chat') .
179 '&nbsp;<a href="report.php?id='.$cm->id.'&amp;show_all=0">' .
180 get_string('list_complete_sessions', 'chat') . '</a>');
181 }
182
27ac57c0 183/// Show all the sessions
a669b1f5 184
23677956
DC
185 $sessiongap = 5 * 60; // 5 minutes silence means a new session
186 $sessionend = 0;
187 $sessionstart = 0;
188 $sessionusers = array();
189 $lasttime = 0;
190 $complete_sessions = 0;
22a4491a 191
68c3b077 192 $messagesleft = count($messages);
193
a669b1f5 194 foreach ($messages as $message) { // We are walking BACKWARDS through the messages
68c3b077 195
196 $messagesleft --; // Countdown
197
9df9138a 198 if (!$lasttime) {
199 $lasttime = $message->timestamp;
22a4491a 200 }
9df9138a 201 if (!$sessionend) {
202 $sessionend = $message->timestamp;
22a4491a 203 }
68c3b077 204 if ((($lasttime - $message->timestamp) < $sessiongap) and $messagesleft) { // Same session
a669b1f5 205 if ($message->userid and !$message->system) { // Remember user and count messages
206 if (empty($sessionusers[$message->userid])) {
207 $sessionusers[$message->userid] = 1;
208 } else {
209 $sessionusers[$message->userid] ++;
210 }
9df9138a 211 }
516121bd 212 } else {
9df9138a 213 $sessionstart = $lasttime;
22a4491a 214
23677956
DC
215 $is_complete = ($sessionend - $sessionstart > 60 and count($sessionusers) > 1);
216 if ($show_all or $is_complete) {
22a4491a 217
516121bd 218 echo '<p align="center">'.userdate($sessionstart).' --> '. userdate($sessionend).'</p>';
22a4491a 219
29cd201f 220 echo $OUTPUT->box_start();
22a4491a 221
a669b1f5 222 arsort($sessionusers);
223 foreach ($sessionusers as $sessionuser => $usermessagecount) {
d3bf6f92 224 if ($user = $DB->get_record('user', array('id'=>$sessionuser))) {
812dbaf7 225 $OUTPUT->user_picture($user, array('courseid'=>$course->id));
0468976c 226 echo '&nbsp;'.fullname($user, true); // XXX TODO use capability instead of true
319ea041 227 echo "&nbsp;($usermessagecount)<br />";
9df9138a 228 }
229 }
230
516121bd 231 echo '<p align="right">';
232 echo "<a href=\"report.php?id=$cm->id&amp;start=$sessionstart&amp;end=$sessionend\">$strseesession</a>";
6708a1f5
SH
233 $participatedcap = (array_key_exists($USER->id, $sessionusers) && has_capability('mod/chat:exportparticipatedsession', $context));
234 if (!empty($CFG->enableportfolios) && ($canexportsess || $participatedcap)) {
47cfd331 235 require_once($CFG->libdir . '/portfoliolib.php');
0d06b6fd 236 $buttonoptions = array(
47cfd331 237 'id' => $cm->id,
238 'start' => $sessionstart,
239 'end' => $sessionend,
240 );
0d06b6fd 241 $button = new portfolio_add_button();
37743241 242 $button->set_callback_options('chat_portfolio_caller', $buttonoptions, 'mod_chat');
9e23487a
ARN
243 $portfoliobutton = $button->to_html(PORTFOLIO_ADD_TEXT_LINK);
244 if (!empty($portfoliobutton)) {
245 echo '<br />' . $portfoliobutton;
246 }
47cfd331 247 }
0468976c 248 if (has_capability('mod/chat:deletelog', $context)) {
516121bd 249 echo "<br /><a href=\"report.php?id=$cm->id&amp;start=$sessionstart&amp;end=$sessionend&amp;deletesession=1\">$strdeletesession</a>";
27ac57c0 250 }
516121bd 251 echo '</p>';
29cd201f 252 echo $OUTPUT->box_end();
9df9138a 253 }
23677956
DC
254 if ($is_complete) {
255 $complete_sessions++;
256 }
22a4491a 257
9df9138a 258 $sessionend = $message->timestamp;
22a4491a 259 $sessionusers = array();
a669b1f5 260 $sessionusers[$message->userid] = 1;
22a4491a 261 }
9df9138a 262 $lasttime = $message->timestamp;
22a4491a 263 }
264
6708a1f5 265 if (!empty($CFG->enableportfolios) && $canexportsess) {
47cfd331 266 require_once($CFG->libdir . '/portfoliolib.php');
0d06b6fd 267 $button = new portfolio_add_button();
37743241 268 $button->set_callback_options('chat_portfolio_caller', array('id' => $cm->id), 'mod_chat');
0d06b6fd 269 $button->render(null, get_string('addalltoportfolio', 'portfolio'));
47cfd331 270 }
271
272
23677956 273 if (!$show_all and $complete_sessions == 0) {
2f67a9b3 274 echo $OUTPUT->heading(get_string('no_complete_sessions_found', 'chat') .
23677956
DC
275 '&nbsp;<a href="report.php?id='.$cm->id.'&amp;show_all=1">' .
276 get_string('list_all_sessions', 'chat') .
277 '</a>');
278 }
279
22a4491a 280/// Finish the page
d8772689 281 echo $OUTPUT->footer();