[moodle.git] / rss / file.php

<?PHP //$Id
    //This file returns the required rss feeds
    //The URL format MUST include:
    //    course: the course id
    //    user: the user id
    //    name: the name of the module (forum...)
    //    id: the id of the module (forumid...)
    //If the course has a password or it doesn't
    //allow guest access then the user field is 
    //required to see that the user is enrolled
    //in the course, else no check is performed.
    //This allows to limit a bit the rss access
    //to correct users. It isn't unbreakable,
    //obviously, but its the best I've thought!!

    require_once("../config.php");
    require_once("$CFG->dirroot/files/mimetypes.php");

    $allowed = true;
    $error = false;

    if (empty($CFG->filelifetime)) {
        $CFG->filelifetime = 86400;     /// Seconds for files to remain in caches
    }

    if (isset($file)) {     // workaround for situations where / syntax doesn't work
        $pathinfo = $file;
    } else {
        $pathinfo = get_slash_arguments("file.php");
    }

    if (!$pathinfo) {
        $error = true;
    }

    $pathinfo = urldecode($pathinfo);

    if (! $args = parse_slash_arguments($pathinfo)) {
        $error = true;
    }

    $numargs = count($args);
    if ($numargs < 5 or empty($args[1])) {
        $error = true;
    }

    $courseid = (integer)$args[0];
    if (! $course = get_record("course", "id", $courseid)) {
        $error = true;
    }

    //Check for "security" if !course->guest or course->password
    if (!$course->guest || $course->password) {
        $allowed = (isstudent($course->id,$args[1]) || isteacher($course->id,$args[1])); 
    }

    $pathname = $CFG->dataroot."/rss/".$args[2]."/".$args[3].".xml";
    $filename = $args[$numargs-1];

    //If the file exists and its allowed for me, download it!
    if (file_exists($pathname) && $allowed && !$error) {
        $lastmodified = filemtime($pathname);
        $mimetype = mimeinfo("type", $filename);
    
        header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT");
        header("Expires: " . gmdate("D, d M Y H:i:s", time() + $CFG->filelifetime) . " GMT");
        header("Cache-control: max_age = $CFG->filelifetime");
        header("Pragma: ");
        header("Content-disposition: inline; filename=$filename");
    
        header("Content-length: ".filesize($pathname));
        header("Content-type: $mimetype");
        readfile($pathname);
    }

?>
Commit	Line	Data
8adcb49f	1	<?PHP //$Id
	2	//This file returns the required rss feeds
	3	//The URL format MUST include:
	4	// course: the course id
	5	// user: the user id
	6	// name: the name of the module (forum...)
	7	// id: the id of the module (forumid...)
	8	//If the course has a password or it doesn't
	9	//allow guest access then the user field is
	10	//required to see that the user is enrolled
	11	//in the course, else no check is performed.
	12	//This allows to limit a bit the rss access
	13	//to correct users. It isn't unbreakable,
	14	//obviously, but its the best I've thought!!
	15
	16	require_once("../config.php");
	17	require_once("$CFG->dirroot/files/mimetypes.php");
	18
	19	$allowed = true;
	20	$error = false;
	21
	22	if (empty($CFG->filelifetime)) {
	23	$CFG->filelifetime = 86400; /// Seconds for files to remain in caches
	24	}
	25
	26	if (isset($file)) { // workaround for situations where / syntax doesn't work
	27	$pathinfo = $file;
	28	} else {
	29	$pathinfo = get_slash_arguments("file.php");
	30	}
	31
	32	if (!$pathinfo) {
	33	$error = true;
	34	}
	35
	36	$pathinfo = urldecode($pathinfo);
	37
	38	if (! $args = parse_slash_arguments($pathinfo)) {
	39	$error = true;
	40	}
	41
	42	$numargs = count($args);
	43	if ($numargs < 5 or empty($args[1])) {
	44	$error = true;
	45	}
	46
	47	$courseid = (integer)$args[0];
	48	if (! $course = get_record("course", "id", $courseid)) {
	49	$error = true;
	50	}
	51
	52	//Check for "security" if !course->guest or course->password
	53	if (!$course->guest \|\| $course->password) {
	54	$allowed = (isstudent($course->id,$args[1]) \|\| isteacher($course->id,$args[1]));
	55	}
	56
	57	$pathname = $CFG->dataroot."/rss/".$args[2]."/".$args[3].".xml";
	58	$filename = $args[$numargs-1];
	59
	60	//If the file exists and its allowed for me, download it!
	61	if (file_exists($pathname) && $allowed && !$error) {
	62	$lastmodified = filemtime($pathname);
	63	$mimetype = mimeinfo("type", $filename);
	64
65	header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT");
66	header("Expires: " . gmdate("D, d M Y H:i:s", time() + $CFG->filelifetime) . " GMT");
67	header("Cache-control: max_age = $CFG->filelifetime");
68	header("Pragma: ");
69	header("Content-disposition: inline; filename=$filename");
70
71	header("Content-length: ".filesize($pathname));
72	header("Content-type: $mimetype");
73	readfile($pathname);
74	}
75
76	?>