[moodle.git] / rss / file.php

<?PHP
    //This file returns the required rss feeds
    //The URL format MUST include:
    //    context: the context id
    //    user:   the user id
    //    name:   the name of the module (forum...)
    //    id:     the id (instance) of the module (forumid...)
    //If the course has a password or it doesn't
    //allow guest access then the user field is
    //required to see that the user is enrolled
    //in the course, else no check is performed.
    //This allows to limit a bit the rss access
    //to correct users. It isn't unbreakable,
    //obviously, but its the best I've thought!!

// disable moodle specific debug messages and any errors in output
define('NO_DEBUG_DISPLAY', true);//comment this out to see any error messages during RSS generation

// session not used here
if (!defined('NO_MOODLE_COOKIES')) { define('NO_MOODLE_COOKIES', true); }
if (!defined('USER_KEY_LOGIN')) { define('USER_KEY_LOGIN', true); }

require_once('../config.php');
require_once($CFG->libdir.'/filelib.php');
require_once($CFG->libdir.'/rsslib.php');

//Check RSS feeds are enabled
if (empty($CFG->enablerssfeeds)) {
    debugging('DISABLED (admin variables)');
    rss_not_found();
}

$lifetime = 3600;  // Seconds for files to remain in caches - 1 hour
$filename   = 'rss.xml';

// this is a big one big hack - NO_MOODLE_COOKIES is not compatible with capabilities MDL-7243
// it should be replaced once we get to codes in urls

$relativepath = get_file_argument();
if (!$relativepath) {
    rss_not_found();
}

// extract relative path components
$args = explode('/', trim($relativepath, '/'));
if (count($args) < 5) {
    rss_not_found();
}

$contextid   = (int)$args[0];
$token  = $args[1];
$modulename = clean_param($args[2], PARAM_FILE);
$instance   = $args[3];

$userid = rss_get_userid_from_token($token);
if (!$userid) {
    rss_not_authenticated();
}
$user = get_complete_user_data('id', $userid);
session_set_user($user);

$context = get_context_instance_by_id($contextid);
if (!$context) {
    rss_not_found();
}
$PAGE->set_context($context);

$coursecontext = get_course_context($context);
$course = $DB->get_record('course', array('id' => $coursecontext->instanceid), '*', MUST_EXIST);

$isblog = ($modulename == 'blog');
if ($isblog) {
   $blogid   = (int)$args[4];  // could be groupid / courseid  / userid  depending on $instance
   if ($args[5] != 'rss.xml') {
       $tagid = (int)$args[5];
   } else {
       $tagid = 0;
   }
} else {
    $instance = (int)$instance;  // we know it's an id number
}

//Check name of module
if (!$isblog) {
    $mods = get_plugin_list('mod');
    $mods = array_keys($mods);
    if (!in_array(strtolower($modulename), $mods)) {
        rss_not_found();
    }
    //Get course_module to check it's visible
    if (!$cm = get_coursemodule_from_instance($modulename,$instance)) {
        rss_not_found();
    }
    $modcontext = get_context_instance(CONTEXT_MODULE, $cm->id);
    //will $modcontext always be the same object as $context?
    $isuser = has_capability('moodle/course:participate', $modcontext);
} else {
    $isuser = has_capability('moodle/course:participate', $coursecontext);
}

//Check if course allows guests
if ($course->id != SITEID) {
    if ((!$course->guest || $course->password) && (!$isuser)) {
        rss_not_found();
    }
}

//Check for "security" if the course is hidden or the activity is hidden
if (!$isblog and (!$course->visible || !$cm->visible) && (!has_capability('moodle/course:viewhiddenactivities', $context))) {
    rss_not_found();
}

$pathname = null;
//Work out the filename of the cached RSS file
if ($isblog) {
    require_once($CFG->dirroot.'/blog/rsslib.php');
    $pathname = blog_generate_rss_feed($instance, $blogid, $tagid);
} else {
    $functionname = $cm->modname.'_rss_get_feed';
    require_once($CFG->dirroot."/mod/{$cm->modname}/rsslib.php");
    if(function_exists($functionname)) {
        $pathname = $functionname($context, $cm, $instance, $args);
    }
}

//Check that file exists
if (empty($pathname) || !file_exists($pathname)) {
    rss_not_found();
}

//rss_update_token_last_access($USER->id);

//Send it to user!
send_file($pathname, $filename, $lifetime);

function rss_not_found() {
    /// error, send some XML with error message
    global $lifetime, $filename;
    send_file(rss_geterrorxmlfile(), $filename, $lifetime, false, true);
}

function rss_not_authenticated() {
    global $lifetime, $filename;
    send_file(rss_geterrorxmlfile('rsserrorauth'), $filename, $lifetime, false, true);
}
Commit	Line	Data
2e9b772f	1	<?PHP
8adcb49f	2	//This file returns the required rss feeds
8adcb49f	3	//The URL format MUST include:
fcce139a	4	// context: the context id
e7f927a0	5	// user: the user id
	6	// name: the name of the module (forum...)
	7	// id: the id (instance) of the module (forumid...)
8adcb49f	8	//If the course has a password or it doesn't
7fe0ce4e	9	//allow guest access then the user field is
8adcb49f	10	//required to see that the user is enrolled
	11	//in the course, else no check is performed.
	12	//This allows to limit a bit the rss access
	13	//to correct users. It isn't unbreakable,
	14	//obviously, but its the best I've thought!!
	15
2e9b772f	16	// disable moodle specific debug messages and any errors in output
fcce139a AD	17	define('NO_DEBUG_DISPLAY', true);//comment this out to see any error messages during RSS generation
	18
	19	// session not used here
	20	if (!defined('NO_MOODLE_COOKIES')) { define('NO_MOODLE_COOKIES', true); }
	21	if (!defined('USER_KEY_LOGIN')) { define('USER_KEY_LOGIN', true); }
	22
	23	require_once('../config.php');
	24	require_once($CFG->libdir.'/filelib.php');
	25	require_once($CFG->libdir.'/rsslib.php');
	26
	27	//Check RSS feeds are enabled
	28	if (empty($CFG->enablerssfeeds)) {
	29	debugging('DISABLED (admin variables)');
	30	rss_not_found();
	31	}
	32
	33	$lifetime = 3600; // Seconds for files to remain in caches - 1 hour
	34	$filename = 'rss.xml';
	35
	36	// this is a big one big hack - NO_MOODLE_COOKIES is not compatible with capabilities MDL-7243
	37	// it should be replaced once we get to codes in urls
	38
	39	$relativepath = get_file_argument();
	40	if (!$relativepath) {
	41	rss_not_found();
	42	}
	43
	44	// extract relative path components
	45	$args = explode('/', trim($relativepath, '/'));
	46	if (count($args) < 5) {
	47	rss_not_found();
	48	}
	49
	50	$contextid = (int)$args[0];
	51	$token = $args[1];
	52	$modulename = clean_param($args[2], PARAM_FILE);
	53	$instance = $args[3];
	54
	55	$userid = rss_get_userid_from_token($token);
	56	if (!$userid) {
	57	rss_not_authenticated();
	58	}
	59	$user = get_complete_user_data('id', $userid);
	60	session_set_user($user);
	61
	62	$context = get_context_instance_by_id($contextid);
	63	if (!$context) {
	64	rss_not_found();
	65	}
	66	$PAGE->set_context($context);
	67
	68	$coursecontext = get_course_context($context);
	69	$course = $DB->get_record('course', array('id' => $coursecontext->instanceid), '*', MUST_EXIST);
	70
	71	$isblog = ($modulename == 'blog');
	72	if ($isblog) {
	73	$blogid = (int)$args[4]; // could be groupid / courseid / userid depending on $instance
	74	if ($args[5] != 'rss.xml') {
	75	$tagid = (int)$args[5];
	76	} else {
	77	$tagid = 0;
	78	}
	79	} else {
	80	$instance = (int)$instance; // we know it's an id number
81	}
82
83	//Check name of module
84	if (!$isblog) {
85	$mods = get_plugin_list('mod');
86	$mods = array_keys($mods);
87	if (!in_array(strtolower($modulename), $mods)) {
66c52fdf	88	rss_not_found();
8adcb49f	89	}
fcce139a AD	90	//Get course_module to check it's visible
fcce139a AD	91	if (!$cm = get_coursemodule_from_instance($modulename,$instance)) {
66c52fdf	92	rss_not_found();
8adcb49f	93	}
fcce139a AD	94	$modcontext = get_context_instance(CONTEXT_MODULE, $cm->id);
	95	//will $modcontext always be the same object as $context?
	96	$isuser = has_capability('moodle/course:participate', $modcontext);
	97	} else {
	98	$isuser = has_capability('moodle/course:participate', $coursecontext);
	99	}
	100
	101	//Check if course allows guests
	102	if ($course->id != SITEID) {
	103	if ((!$course->guest \|\| $course->password) && (!$isuser)) {
66c52fdf	104	rss_not_found();
8adcb49f	105	}
fcce139a AD	106	}
	107
	108	//Check for "security" if the course is hidden or the activity is hidden
	109	if (!$isblog and (!$course->visible \|\| !$cm->visible) && (!has_capability('moodle/course:viewhiddenactivities', $context))) {
	110	rss_not_found();
	111	}
	112
	113	$pathname = null;
	114	//Work out the filename of the cached RSS file
	115	if ($isblog) {
	116	require_once($CFG->dirroot.'/blog/rsslib.php');
	117	$pathname = blog_generate_rss_feed($instance, $blogid, $tagid);
	118	} else {
	119	$functionname = $cm->modname.'_rss_get_feed';
	120	require_once($CFG->dirroot."/mod/{$cm->modname}/rsslib.php");
	121	if(function_exists($functionname)) {
	122	$pathname = $functionname($context, $cm, $instance, $args);
8adcb49f	123	}
fcce139a	124	}
6f5e0852	125
fcce139a AD	126	//Check that file exists
	127	if (empty($pathname) \|\| !file_exists($pathname)) {
	128	rss_not_found();
	129	}
8adcb49f	130
fcce139a	131	//rss_update_token_last_access($USER->id);
6619a7f4	132
fcce139a AD	133	//Send it to user!
fcce139a AD	134	send_file($pathname, $filename, $lifetime);
8adcb49f	135
fcce139a AD	136	function rss_not_found() {
	137	/// error, send some XML with error message
	138	global $lifetime, $filename;
	139	send_file(rss_geterrorxmlfile(), $filename, $lifetime, false, true);
	140	}
e7f927a0	141
fcce139a AD	142	function rss_not_authenticated() {
	143	global $lifetime, $filename;
	144	send_file(rss_geterrorxmlfile('rsserrorauth'), $filename, $lifetime, false, true);
	145	}
2e9b772f	146