c062fee6 |
1 | <?php //$Id$ |
8adcb49f |
2 | //This file returns the required rss feeds |
3 | //The URL format MUST include: |
4 | // course: the course id |
5 | // user: the user id |
6 | // name: the name of the module (forum...) |
c0f778a2 |
7 | // id: the id (instance) of the module (forumid...) |
8adcb49f |
8 | //If the course has a password or it doesn't |
9 | //allow guest access then the user field is |
10 | //required to see that the user is enrolled |
11 | //in the course, else no check is performed. |
12 | //This allows to limit a bit the rss access |
13 | //to correct users. It isn't unbreakable, |
14 | //obviously, but its the best I've thought!! |
15 | |
16 | require_once("../config.php"); |
17 | require_once("$CFG->dirroot/files/mimetypes.php"); |
18 | |
19 | $allowed = true; |
20 | $error = false; |
21 | |
22 | if (empty($CFG->filelifetime)) { |
23 | $CFG->filelifetime = 86400; /// Seconds for files to remain in caches |
24 | } |
25 | |
26 | if (isset($file)) { // workaround for situations where / syntax doesn't work |
27 | $pathinfo = $file; |
28 | } else { |
29 | $pathinfo = get_slash_arguments("file.php"); |
30 | } |
31 | |
32 | if (!$pathinfo) { |
33 | $error = true; |
34 | } |
35 | |
36 | $pathinfo = urldecode($pathinfo); |
37 | |
38 | if (! $args = parse_slash_arguments($pathinfo)) { |
39 | $error = true; |
40 | } |
41 | |
42 | $numargs = count($args); |
43 | if ($numargs < 5 or empty($args[1])) { |
44 | $error = true; |
45 | } |
46 | |
47 | $courseid = (integer)$args[0]; |
c0f778a2 |
48 | $userid = (integer)$args[1]; |
49 | $modulename = $args[2]; |
50 | $instance = (integer)$args[3]; |
51 | |
c062fee6 |
52 | //Check name of module |
53 | $mods = get_list_of_plugins("mod"); |
54 | if (!in_array(strtolower($modulename), $mods)) { |
55 | error("This module doesn't exist!"); |
56 | } |
57 | |
8adcb49f |
58 | if (! $course = get_record("course", "id", $courseid)) { |
59 | $error = true; |
60 | } |
61 | |
c0f778a2 |
62 | //Get course_module to check it's visible |
63 | if (! $cm = get_coursemodule_from_instance($modulename,$instance,$courseid)) { |
64 | $error = true; |
65 | } |
66 | $cmvisible = $cm->visible; |
67 | |
68 | $isstudent = isstudent($courseid,$userid); |
69 | $isteacher = isteacher($courseid,$userid); |
70 | |
8adcb49f |
71 | //Check for "security" if !course->guest or course->password |
72 | if (!$course->guest || $course->password) { |
c0f778a2 |
73 | $allowed = ($isstudent || $isteacher); |
74 | } |
75 | |
76 | //Check for "security" if the course is hidden or the activity is hidden |
77 | if ($allowed && (!$course->visible || !$cmvisible)) { |
78 | $allowed = $isteacher; |
8adcb49f |
79 | } |
80 | |
c0f778a2 |
81 | $pathname = $CFG->dataroot."/rss/".$modulename."/".$instance.".xml"; |
8adcb49f |
82 | $filename = $args[$numargs-1]; |
83 | |
84 | //If the file exists and its allowed for me, download it! |
85 | if (file_exists($pathname) && $allowed && !$error) { |
86 | $lastmodified = filemtime($pathname); |
87 | $mimetype = mimeinfo("type", $filename); |
88 | |
89 | header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT"); |
90 | header("Expires: " . gmdate("D, d M Y H:i:s", time() + $CFG->filelifetime) . " GMT"); |
91 | header("Cache-control: max_age = $CFG->filelifetime"); |
92 | header("Pragma: "); |
93 | header("Content-disposition: inline; filename=$filename"); |
94 | |
95 | header("Content-length: ".filesize($pathname)); |
96 | header("Content-type: $mimetype"); |
97 | readfile($pathname); |
98 | } |
99 | |
100 | ?> |